Download
Linux
Windows 95/NT
Source
Documentation
User's Guide
HTML Online
Publications
Release Notes
Samples
Other Sources
What's New
Links
Mailing Lists
Bugs
Credits
|
Last update: 18 April 1998 - What's New
LCLint Home Page
LCLint Version 2.4b is now available.
LCLint is a tool for statically checking C programs. With minimal
effort, LCLint can be used as a better lint. If additional effort is
invested adding annotations
to programs, LCLint can perform stronger checks than can be done by any
standard lint.
LCLint does many of the traditional lint checks including unused declarations, type inconsistencies, use-before-definition,
ignored return values,
execution paths with no return,
likely infinite
loops, and fall-through
cases. Our main focus, however, is on more powerful checks that are
made possible by additional information given in source code
annotations. Annotations are stylized comments that document certain
assumptions about functions, variables, parameters, and types. They may
be used to indicate where the representation of a user-defined type is
hidden, to limit where a global variable may be used or modified, to
constrain what a function implementation may do to its parameters, and
to express checked assumptions about variables, types, structure fields,
function parameters, and function results. In addition to the checks
specifically enabled by annotations, many of the traditional lint checks
are improved by exploiting this additional information.
Some problems detected by LCLint include:
- Violations of information hiding. A user-defined type can be declared
as abstract, and a message is reported where code inappropriately
depends on the representation of the type.
- Inconsistent modification of caller-visible state. Functions can be
annotated with information on what caller-visible state may be modified
by the function, and an error is reported if the modifications produced
by the function contradict its declaration.
- Inconsistent use of global variables. Information on what global and
file scope variables a function may use can be added to function
declarations, and a message is reported if the implementation of the
function uses other global variables or does not uses every global
variable listed in its declaration.
- Memory management errors. Instances where storage that has been
deallocated is used, or where storage is not deallocated (memory leaks).
- Dangerous data sharing or unexpected aliasing. Parameters to a
function share storage in a way that may lead to undefined or undesired
behavior, or a reference to storage within the representation of an
abstract type is created.
- Using possibly undefined storage or returning storage that is not
completely defined (except as documented).
- Dereferencing a possibly null pointer.
- Dangerous macro implementations or invocations.
- Violations of customizable naming conventions.
- Program behavior that is undefined because it depends on order of
evaluation, likely infinite
loops, incomplete logic,
statements with no effect, ignored return values, unused declarations, and exceeding certain standard limits.
LCLint checking can be customized to select what classes of errors are
reported using command line flags
and stylized comments in the code.
David
Evans
Software Devices and Systems
evs@sds.lcs.mit.edu
|