Trao đổi với tôi

http://www.buidao.com

3/21/10

[Programming] Mặc định PC Lint: phần mềm phát hiện lỗi trước khi Test

Every programmer, no matter how great he is, makes mistakes sometime or the other while coding. Although every compiler tries its best to put across every possible error during compilation,many mistakes skip the wrath of compiler. Some are seemingly very innocent and very tough to be caught even during code review, sometimes even get through the cycle of testing. The real face of these mistakes show up always on the customer side by crashing the system.

Consider the following example:

int multiply(int m, int n)
{
int result = 0;
result = m * n;
return result;
}

void func()
{
int m = 32767;
int n = 32767;
int result = 0;
result = multiply( m, n );
}


In this example, if you notice, the result always overrun the maximum value of an integer (int being of 16 bits). Now, for any compiler, this code seems to be perfect. But if you lint this code, the lint tool will definitely raise a warning about this potential bug. This bug if overlooked, can cause havoc in any system in crucial scenarios.

Similarly, there are many more example like these which can be caught while linting the code. Quite a few significant but obvious problems like buffer overrun, array index out of bounds, uninitialized variables causing junk in junk out can be caught using any of the good lint tools. This process of linting makes the code safe, secure and strong enough to withstand any kind of malicious input injections or buffer overrun attacks. Ofcourse, the complex scenarios can get skipped by some of the tools but still, it definitely is a better steo to catch the bug early. Quite a few tools are available in the market but i’ll recommend a tools can PC-Lint(Windows)/FlexLint(Linux). This tool is pretty good as it catches almost every obvious flaw which gets skipped by the developers or code reviewers eyes. It follows the guidelines given in MISRA (Motor Industry Software Reliability Assocation)standard and strictly adhers to that.

These linting tools generally have their properietary algorithms but in general, they all follow the same approach of static analysis of source code. Following are examples of some of the problems which these tools are capable of finding during the lint process.

  • Accidental assignment (= compared with ==)
  • Bad pointer arithmetic
  • Accidental booleans
  • Bad use of macros
  • Use of undefined external methods (ST20 compiler assumes int func(void))
  • Uninitialised variables
  • Unsafe array usage
  • Signed/unsigned data type mix-ups
  • Bad use of casts
  • Memory leaks (over-use of CMM and API heap). Too much reliance on dynamic memory allocation.
  • Linting your code during development is very important as it can make your code much safer. It definitely does add to the build time and it might take few extra seconds to get the final object file, but isn’t it worth the hassle if you are saved from deadly bugs?

    Link: http://www.safercode.com/blog/2009/03/23/lint-your-code-find-probable-mistakes-much-before-testing.html#more-37

    TQN: http://www.mediafire.com/?ngwzwzfgmwm
    Nó không có GUI, chỉ command line thôi. Cố add nó vào IDE của VS.
    Down về rồi tự đọc help mà dùng nhé, đừng có hỏi phải dùng làm sao. Tha cho em, em ghét hỏi vậy lắm


    Reflink: http://forums.congdongcviet.com/showthread.php?p=121620#post121620