General
39 results found
-
Bitfield size isn't error checked by Lint
Greetings,
I've been using Lint for the past 5 years and it's been a very useful tool for me. However, today I discovered an error in my C code that wasn't caught by Lint, and it may be useful if it could be flagged. The error is trying to divide a variable in a structure definition into bitfields where the combined size of the bitfields exceeds the size of the underlying variable.For example, my bad code was like this:
typedef struct dummy_struct
{
unisgned char field1: 6,
field2: 6,
field3: 1,
field4: 1;
} DUMMY;So, basically, I was…
4 votes -
Preprocessor output for a specific code section
The "-p run just the Preprocessor" option is very handy, but for me it often generates too much information to pour though when I'm trying to diagnose a specific macro issue.
It would be great if the preprocessor output could be enabled for a section of code, and send the output to a file and/or standard out.
e.g.:
//lint -p+
SOMECOMPLEXMACRO(a,b,c,d,e);
//lint -p-4 votes -
generate a lint-config file to suppress warnings
Automatically generate a lint-config file that suppresses any message as locally as possible. This would be very useful for the implementation of PC lint. It would also make it easier to update to a newer version. Many companies have a quality gate that requires that no warnings are included in the code. E.g. after updating to version 1.4.1, more than 800 warnings were generated in our project, with the same configuration. It would be useful to generate a lint configuration file, so that one can temporarily suppress the warnings when changing versions. One can then plan the solution of the…
3 votes -
3 votes
-
Add Cognitive Complexity as metric
Sonar released in 2017 a new way to calculate the complexity of code. This way of measuring complexity is more practical than cyclomatic complexity, and helps to improve the understandability and readability of code.
3 votes -
Extra initializer/cleanup semantics
It would be nice to specify which members are deleted or uinitialzed:
class X
{
int* i;
int* j;
float* k;
void cleanInts() { delete i;delete j;}
~X(){delete k;cleanInts();}
};in this case -sem(X::cleanInts,cleanup) won't help.
I propose the following semantics:
-sem(X::cleanInts,cleanup(X::i,X::j)) where cleanInts should free X::i and X::j3 votes -
Make the program skip missing files in multi-file config
Make the program skip missing files in multi-file config. Currently it stops on a missing file. This is for generated file that don't exist in the linting build.
3 votes -
[1.3] C99: 9027, 9036 messages are hard to filter out
In the code below, it is very difficult to filter out the messages issued on our boolean type (unsigned8) because the message uses the essential type and we risk filtering out the true unsigned8 variables in this case. We are forced then to dupe PcLint into thinking boolean is actually of type _Bool.
Moreover both messages don't show any symbols for the variables themselves. it would be nice to be able to use esym in such cases for specific enums or booleans, etype would also be great. The more info we have the greater control achieved with egrep too.
Also…
3 votes -
Specify precompiled header -pch .lph output directory
Currently, the xxx.lph precompiled header file is outputted/saved in the same directory as the xxx.h header file, which causes the (often very large) file to be unnecessarily included in source code only backups.
Ideally it would be possible to designate the directory that the .lph precompiled output file is stored in, such as the debug/release build object file directory or a temporary directory.
3 votes -
Further improve value tracking to catch more out-of-bounds errors
This one is straight from the discussion forum (http://www.gimpel.com/Discussion.cfm?ThreadID=5087) and not yet detected in PC-LINT Plus Beta 8c (i assumed because of the additional level of indirection):
void main(void)
{
int array[4];
int index = 0;
for (int loop = 0; loop < 10; ++loop)
{
array[index] = loop;
++index;array[index] = loop; ++index; } array[0] = array[1];}
2 votes -
Enable opt-in assumptions about the initial values of static variables
This condition doesn't seem to be detected by PC-lint Plus:
include <stdint.h>
include <string.h>
typedef struct
{
uint8t one;
uint8t two;
uint8t three[18];
} testt;static testt *mpdef;
static testt *mpabc;void
test (void)
{
// These manipulations should trigger a warning since both pointers are not initialized.
mpdef->one = 1;
mpabc->one = 2;
}1 vote -
to add a new warning to find use of an explicite cast from real to unsigned int.
Although an explicite cast looks like the programmer knew, the intended behaviour may need two casts.
I wanted to "infinitely" accumulate possibly small, possibly negative increments (float i) in a modulo counter consisting of an unsigned integer variable (uint32_t n) and a real variable (float f) for the fractional part.f += i;
n += (uint32t)f; // should read n += (uint32t)(int32t)f;
f -= (int32t)f;worked with several compilers for PC platforms (gcc, lcc32, VS C++) and with TI''s c6000 compiler for an OMAP L138, but the counter failed to decrease with TI's ARM5.1 compiler for…
1 vote -
Ignore -d command line option if empty (-d"")
We are using CMake build system to generate the command-line options and run PC-Lint. The command line options are generated after the configuration stage of CMake and it can happen that the value of a define is not known yet at that stage:
$<$<BOOL:OFF>:BUILD_TESTS>
If BUILD_TESTS is disabled, the command line option will be empty:
-d"$<$<BOOL:OFF>:BUILD_TESTS>" gets converted to:
-d""When you run pclp64 -d"" the following error appears:
--- Module: /projects/alpha/alpha.c (C)
<command line option> 1 error 5469: macro name must be an identifier#define 1My request is to check if -d argument is empty, and if it's…
1 vote -
Default the pure ANSI/ISO C standard functions to -sem(..., pure)
Several messages (e.g. 523 and 9007) deal with potential side-effects. This is great, but the implementation has room for improvement:
if ((s != NULL) && ((strlen(s) > 0U)))
I think it is safe to say that strlen() never has side-effects. But PC-lint Plus doesn't think so and issues message 9007 for the above piece of code.
This issue applies to any function of the standard library. In most cases, e.g. strlen() or isnan() it should be clear whether or not the function has side-effects, most of these functions are implemented re-entrant. Unfortunately, as far I know, the C standard is…
1 vote -
Relaxed parsing of *-e* inhibitions for multiple messages
Compare the parser requirement for separating commas [#...
-ecall(# [# ...], Function [,Function ...])
-emacro(# [# ...], Symbol [,Symbol ...])
-estring(# [# ...], String [,String ...])
-esym(# [# ...], Symbol [,Symbol ...])
-etype(# [# ...], Type [,Type ...])...vs. [,#...
-e(# [,# ...])
--e(# [,# ...])
-e{# [,# ...]}
--e{# [,# ...]}...which in my opinion makes usage a bit more difficult than necessary, as the two groups of inhibitions have slightly different requirements.
While there probably are good reasons for not requiring a separating comma for the first group of inhibitions, the second group could easily get relaxed parsing…
1 vote -
Value tracking simultaneously assumes enums both can and cannot take any value
In the following snippet I've defined a basic assertion macro and an enum, with an external function that returns a value typed by that enum. I wish to verify that the returned value is a valid enumerated value.
Firstly, if we remove both assertions below then there are no warnings generated, despite the fact that an out of bounds access on the
printfis possible.If you add both assertions then the warning described inline occur: a warning on the first assertion claims that the result can be predetermined. If we assume that enums can only take their enumerated values…
1 vote -
Value tracking arrives at incorrect conclusion when incrementing variables in loop conditions
Consider the following program:
#include <stdlib.h> #include <stdint.h> #define MAX_VAL (6) int main() { uint32_t val = 0; do { } while(++val != MAX_VAL); if(MAX_VAL == val) { exit(0); } return 0; }This program is guaranteed to exit before reaching the
return, however lint claims it is guaranteed to never execute the body of the theifstatement:
…info 774: boolean condition for 'if' always evaluates to 'false' (involving variable 'val') supplemental 831: binary operator yields 0 (line 15) supplemental 831: increment yields 1 (line 13) supplemental 831: initialization yields 0 (line 8) supplemental 831: integral conversion yields1 vote -
Variable could be declared as const ref
Similar to message: 953 - Variable 'Symbol' (Location) could be declared as const
I would like to see a message for the following situation:
struct X
{
int i;
};struct Y
{
const X& f();
};int g( Y y)
{
const X x = y.f();
return x.i + 5;
}In this case variable x could be declared as const ref.
When the intialization of a const variable is done with an other const variable or a function returning a const reference this message (or maybe two separete messages) could be issued1 vote -
documentation suggestion: sample function names
The documentation sometimes includes sample function names that can be misread as keywords/parameters, for example:
//lint -sem( push, custodial(1))
"push" is often a keyword, for example:pragma pack(push, 1)
pragma warning(push)
the examples in the guide are great, but sample function names that look like they could be parameters is sometimes confusing for me.
Also, if the sample function names were odd-ball and had mixed case, I think it would be a bit clearer, such as FooBar, MyFunc
1 vote
- Don't see your idea?