Static Code Analysis - PC-Lint
May 25th 2018
In order to improve my firmware I decided to start looking at static code analysis tools. PC-Lint came recommended to me and so I thought I would give it try and share my results here.
First off PC-Lint is relatively cheap at $389, so I figured if it found me a few bugs it would be worth it. So after purchasing I found out that it has very limited support for C++, which was a huge disappointment. Additionally I found out that it is no longer under development and has had no bug fixes in over 2 years. So I figured this meant it was either stable or going to have problems. Guess which one I discovered....
One thing you should know about all the static analysis tools is that they all are difficult to setup and use. That is you would think that the tool would be as easy as replacing compiler and linker with the executable of the static analysis tool, however this is not the case and most require you to create countless configuration and include files. PC-Lint is no different, and as such it is very frustrating and time consuming to try to get set up and working.
I don't know about you, but these days I usually have a long, long list of include directories for my projects. I often curse that I can not use wild cards in the include directory list for eclipse. Setting up the include directories for PC-Lint is even more of a pain. I could not get PC-Lint to use the environmental variable for include directories as such I ending up using absolute paths, so if you project moves directories you are stuck modifying paths. After spending hours trying to set up the include directories I finally just wrote a program to create the files for me. Basically I wrote an executable which I replace the GCC compiler command with and from the command line options I generate the PC-Lint configuration files.
After getting this working I quickly started to run into problems. Static defined arrays were failing for example. After searching the web I found out this was a known bug in PC-Lint from over 2 years ago and so I contacted support and found out it has not and will not be fixed. I also found other bugs where PC-Lint was flagging errors where it was saying typedef's structures were not defined. So I emailed tech support and then painfully found out that unless you send them working examples they will do little to help you. So I had to copy all my code into a new directory copy all the compiler includes and all external dependencies and make them a special build to demonstrate the bug. After doing this the response was "Yes this is known bug, you will have to turn off the -strong option for MISRA to make it work." Tech support further told me that if they did a new firmware release they would remove the strong option from the firmware.
1. If my problem was a "known bug" did it I have to work so hard to demonstrate them?
2. If they would remove the option from a future build of software, why would they not remove it from the configuration file in the software they ship today?
3. Why did I have to work so hard to generate debug information for them? Could the software not have a "-support" option which generates a directory with everything they need to replicate the build?
4. If this was a "know bug" why can I not search a list of known bugs so that I do not need to contact tech support?
As you can quickly see the list of questions keep coming back to the same conclusion, the company has not planned on problems. This is normal as companies mature and grow, but it indicates Gimple is not mature to to level where they know they will have bugs and problems.
For myself knowing what I know today would I have purchased PC-Lint? No, I would not! Knowing what I know today would I consider purchasing their new product FlexLint? No as I that the problems above are not product related but company related.
More importantly knowing what I know now should I continue with PC-Lint? This is a tough one, after all now I have invested a lot into the software, more time than money. However the fact is, if I would not have purchased software in the past why would I use it in the future. Additionally it is dead software, no bug fixes or updates now or in the future so my efforts in learning how to use it will be (and has been) a wast of time.
Do not let the reasonable price of PC-Lint convince you to purchase it, it is dead software and your efforts to learn it will be wasted.