QP/C  6.9.3
Real-Time Embedded Framework
PC-Lint-Plus

The QP/C distribution contains a "port" to PC-Lint-Plus static analysis tool from Gimpel Software, which is a static analysis tool for C and C++ with one of the longest track records and best value of the money in the industry. The "PC-Lint-Plus port" allows you to statically analyze the QP/C source code and facilitates static analysis of your application code based on QP/C.

The QP/C "port" to PC-Lint-Plus is located in the directory qpc/ports/lint-plus and includes also lint configuration files, as well as an example of "linting" application code in the directory qpc/examples/arm-cm/dpp_ek-tm4c123gxl/lint-plus. The following listing describes the most important files in these three directories.

qpc\ - QP/C installation directory
+-ports/ - QP/C ports directory
| +-lint-plus/ - QP/C "port" to PC-Lint-Plus
| | +-16bit/ - QP/C++ "port" to 16-bit CPUs
| | | +-cpu.lnt - Lint options for a 16-bit CPU
| | | +-stdint.h - Standard exact-width integers for a 16-bit CPU
| | +-32bit/ - QP/C++ "port" to 32-bit CPUs
| | | +-cpu.lnt - Lint options for a 32-bit CPU
| | | +-stdint.h - Standard exact-width integers for a 32-bit CPU
| | +-qk/ - QP/C port with the QK kernel
| | +-qv/ - QP/C port with the QV kernel
| | +-qxk/ - QP/C port with the QXK kernel
| | +-au-ds.lnt - Dan Saks recommendations
| | +-au-misra3.lnt - MISRA-C:2012 compliance checks
| | +-au-misra3-amd1.lnt - MISRA-C:2012-Amendment-1 additional checks
| | +-qpc.lnt - PC-Lint-Plus options for QP/C applications
| | +-std.lnt - Standard PC-Lint-Plus settings recommended by Quantum Leaps
| | +-lin.bat - Batch file to invoke PC-Lint-Plus to run analysis of QP/C code
| | +-options.lnt - PC/Lint-Plus options for "linting" QP/C source code
| | +-lint_qf.log - PC/Lint-Plus output for the QEP/QF components of QP/C
| | +-lint_qs.log - PC/Lint-Plus output for the QS component of QP/C
| | +-lint_qv.log - PC/Lint-Plus output for the QV component of QP/C
| | +-lint_qk.log - PC/Lint-Plus output for the QK component of QP/C
| | +-lint_qxk.log - PC/Lint-Plus output for the QXK component of QP/C
| | +-qep_port.h - QEP component "port" to a "generic C compiler"
| | +-stdbool.h - Standard Boolean type and constants for a "generic C compiler"
|
+-examples\ - QP/C examples directory (application)
| +-arm-cm\ - QP/C examples for ARM Cortex-M
| | +-dpp_ek-tm4c123gxl\ - DPP example on the EK-TM4C123GLX board
| | | +-lint-plus\ - directory for linting the application
| | | | +-lin.bat - Batch to run PC-Lint-Plus analysis of application code
| | | | +-options.lnt - PC-Lint-Plus options for "linting" of application code

Linting the QP/C Source Code

The directory qpc/ports/lint-plus (see listing above) contains also the lin.bat batch file for "linting" the QP/C source code. The lin.bat batch file invokes PC-Lint-Plus and generates the lint output files. As shown in the listing above, the lint output is collected into four text files lint_qf.log, lint_qs.log, lint_qk.log, lint_qv.log, and lint_qs.log, for QEP/QF, QK, QV, QXK and QS components of the QP/C framework, respectively.

Note
In order to execute the lin.bat file on your system, you might need to adjust the symbol PCLP_DIR at the top of the batch file, to the PC-Lint-Plus installation directory on your computer.
Remarks
The lin.bat batch file invoked without any command-line options checks the QP/C code in the Q_SPY build configuration with software tracing enabled. However, by the nature of software tracing, the Q_SPY configuration transgresses many more MISRA-C rules than the standard configuration. However, the Q_SPY configuration is never used for production code, so the MISRA-C compliance of the QP/C framework should not be judged by the deviations that happen only in the Q_SPY configuration.

According to the PC-Lint-Plus guidelines, the lin.bat uses two option files: the qpc.lnt configuration file discussed before and the options.lnt configuration file that covers all deviations from the MISRA-C rules within the QP/C source code. These deviations are intentionally localized to QP/C code and are independent from your application-level code. In other words, a MISRA-C deviation present in the QP/C code does not mean that such deviation is somehow allowed or its detection is somehow suppressed in the application-level code. This is because the the options.lnt configuration file for internals of QP/C is not used to "lint" the application-level code.

Linting QP/C Application Code

The QP/C baseline code contains an example of MISRA-C compliance checking with PC-Lint-Plus: the DPP example for the EK-TM4C123GLX Cortex-M4F board, located in the directory qpc/examples/arm-cm/dpp_ek-tm4c123gxl/lint-plus. The PC-Lint-Plus analysis is very simple and requires invoking the lin.bat file.

Note
In order to execute the lin.bat file on your system, you might need to adjust the symbol PCLP_DIR at the top of the batch file, to the PC-Lint-Plus installation directory on your computer. You

The lint-plus subdirectory contains also the local version of the options.lnt configuration file with the PC-Lint-Plus options specific to linting the application. Here, you might include linting options for your specific compiler, as described in the "PC-Lint-Plus Manual", Chapter 2 "Installation and Configuration".

Structure of PC-Lint-Plus Options for QP/C

PC-Lint-Plus has several places where it reads its currently valid options:

  • From special PC-Lint-Plus option files (usually called *.lnt)
  • From the command line
  • From within the special lint-comments in the source code modules (not recommended)

The QP/C source code and example application code has been "linted" only by means of the first alternative (option files) with possibility of adding options via command line. The third alternative–lint comments–is not used and Quantum Leaps does not recommend this alternative.

Note
The QP/C source code is completely free of lint comments, which are viewed as a contamination of the source code.

The structure of the PC-Lint-Plus option files used for "linting" QP/C follows the Gimpel Software guidelines for configuring PC-Lint-Plus (See Section 2 "Configuration" in the PC-Lint-Plus Manual). The design and grouping of the lint options also reflects the fact that static code analysis of a software framework, such as QP/C, has really two major aspects. First, the source code of the framework itself has to be analyzed. But even more important and helpful to the users of the framework is providing the infrastructure to effectively analyze the application-level code based on the framework. With this in mind, the PC-Lint-Plus options for static analysis of QP/C are divided into two groups, located in directories qpc/include and qpc/ports/lint. These two groups are for analyzing QP/C applications and QP/C source code, respectively.

As shown in the PC-Lint-Plus "port" files description, the directory qpc/include, contains the PC-Lint-Plus options for "linting" the application code along with all platform-independent QP/C header files required by the applications. This collocation of lint options with header files simplifies "linting", because specifying just -iqpc/include include directory to PC-Lint-Plus accomplishes both inclusion of QP/C header files and PC-Lint-Plus options. Note that the qpc/include directory contains all PC-Lint-Plus option files used in "linting" the code, including the standard MISRA-C:2012 au-misr3.lnt option file as well as Dan Saks' recommendations au-ds.lnt, which are copied from the PC-Lint-Plus distribution. This design freezes the lint options for which the compliance has been checked.

The std.lnt option file

According to the Gimpel Software PC-Lint-Plus Configuration Guidelines, the file qpc/include/std.lnt file, contains the top-level options, which Quantum Leaps recommends for all projects. These options include the formatting of the PC-Lint-Plus messages and making two passes to perform better cross-module analysis. However, the most important option is -restore_at_end, which has the effect of surrounding each source file with options -save and -restore. This precaution prevents options from "bleeding" from one file to another.

Top-level option file std.lnt

// message formatting options...
-hF1 // output: a single line
+ffn // use full path names
//-"format=%(\q%f\q %l %C%) %t %n: %m"
//-width(0,0) // do not break lines
-width(120,4) // break lines after 99 characters with 4 characters indent
+flm // make sure no foreign includes change the format
+rw(inline, entry)
-zero(99) // don't stop because of warnings
-passes(2) // make two passes (for better error messages)
-restore_at_end // don't let -e<nn> options bleed to other files
-summary() // produce a summary of all produced messages
// globally supress the following warning:
-e546 // explicitly taking address of function
-e717 // monocarpic do-while used to group statements

The qpc.lnt option file

The most important file for "linting" QP/C applications is the qpc.lnt option file. This file handles all deviations from the MISRA-C:2012 rules, which might arise at the application-level code from the use of the QP/C framework. In other words, the qpc.lnt option file allows completely clean "linting" of the application-level code, as long as the application code does not violate any of the MISRA-C:2012 rules.

At the same time, the qpc.lnt option file has been very carefully designed not to suppress any MISRA-C:2012 rule checking outside the very specific context of the QP/C API. In other words, the qpc.lnt option file still supports 100% of the MISRA-C:2012 rule checks that PC-Lint-Plus is capable of performing.

Remarks
For example, for reasons explained in Section 5.10 of the "QP/C MISRA Compliance Matrix", QP/C extensively uses function-like macros, which deviates from the MISRA-C:2012 advisory Rule 4.9 and which PC-Lint-Plus checks with the warning 9026. However, instead of suppressing this warning globally (with the -e9096 directive), the qpc.lnt option file suppresses warning 9096 only for the specific QP function-like macros that are visible to the application level. So specifically, the qpc.lnt file contains directives -esym(9026, Q_TRAN, Q_SUPER, ...), which suppresses the warning only for the specified macros, but does not disable checking of any other macros in the application-level code.

Next: ARM Cortex-M