1. Overview

• Detect a large number of bugs in typical C programs, without producing an unacceptable number of spurious messages. We are willing to accept the possibility that a few spurious messages are produced as long as it enables significantly more powerful checking and the spurious messages can be suppressed easily.

• Support a programming methodology involving abstract types and clean, documented interfaces in standard C programs.

• Provide a gradual transition for programmers. LCLint can be used like a better standard lint with minimal effort. Adding a few annotations to programs enables significantly better checking. As more effort is put into annotating programs, better checking results. A representational effort/benefit curve for using LCLint is shown in Figure 1 (not available in HTML format). As different checks are turned on and more information is given in code annotations the number of bugs that can be detected increases dramatically.

• Provide enough flexibility so that LCLint can be used effectively with a wide range of coding styles. Especially important is making it easy to use LCLint effectively to maintain and modify legacy code.

• Check programs quickly and with no user interaction. LCLint runs faster than most compilers. Libraries can be used to enable fast checking of a few modules in a large program.

LCLint does many of the traditional lint checks including unused declarations, type inconsistencies, use-before-definition, unreachable code, ignored return values, execution paths with no return, likely infinite loops, and fall-through cases. This document focuses on more powerful checks that are made possible by additional information given in source code annotations. [2] Annotations are stylized comments that document certain assumptions about functions, variables, parameters, and types. They may be used to indicate where the representation of a user-defined type is hidden, to limit where a global variable may be used or modified, to constrain what a function implementation may do to its parameters, and to express checked assumptions about variables, types, structure fields, function parameters, and function results. In addition to the checks specifically enabled by annotations, many of the traditional lint checks are improved by exploiting this additional information.