Gimpel PCLint

PC-lint and FlexeLint are powerful static analysis tools that will check your C/C++ source code and find bugs, glitches, inconsistencies, non-portable constructs, redundant code, and much more. It looks across multiple modules, and so, enjoys a perspective your compiler does not have.

What's New in PC-lint/FlexeLint Version 9.00?

Static Variable Tracking
We now incorporate variables of static storage duration in our value tracking. These include not only variables that are nominally static, as local to a function and local to a module, but also external variables.

Thread Analysis

We examine multi-threaded programs for correct mutex locking and report on variables shared by multiple threads that are used outside of critical sections.

Pre-compiled Headers

can dramatically reduce the time spent in processing multiple modules.

Dimensional Analysis

We now support, through the strong type mechanism, the classical dimensional analysis that engineers and physicists have traditionally employed in verifying equations. A ’type’ can now be a ratio or product of other types and the compound types are checked for consistency across assignment boundaries.

Stack Usage

We can report on the overall stack requirements of any program whose function calls are non-recursive and deterministic (i.e. calls not made through function pointers). This is very useful for embedded systems development where the amount of stack required can be mission critical. A complete detailed report of stack usage for each function is available as well.

The deprecate option

allows the programmer to deprecate particular symbols in any of the following categories: function, keyword, macro and variable.

Message Enhancement and Control
  • You may now enhance any message parameterized by Symbol so that the symbol’s type is also given.
  • You may suppress any message parameterized by Symbol on the basis of the type of the symbol.
  • You can suppress messages parameterized by String on the basis of that string.
  • You may activate a message for a particular Symbol (or set of symbols) that is otherwise inhibited.
  • You may suppress a message while calling a particular function, while calling library functions and while invoking library macros.
Thread Analysis

Enhanced MISRA checking includes the detection of recursion, support for the MISRA 2 ’underlying type’ concept, determination of side effects for functions and MISRA C++ support.

Source-echo mode

enables you to specify that lint messages appear embedded within the context of the original source code.

html support

provides that output can appear in the html format, suitable for a browser and handsomely color coded.

Program Info

A comprehensive collection of information about your program is optionally provided yielding information on files, types, symbols and macros for simple viewing or in a manner absorbable by a database or spreadsheet. This information can be used for many purposes, including naming-style conventions.

Macro Scavenging

This feature turns PC-lint/FlexeLint into a seeker of built-in macros supported by a compiler and lying about within compiler header files. This is perfect for the unknown compiler with long and forgotten macros ready to trip up a third party processor such as PC-lint/FlexeLint.

New semantics have been added to the -sem option:
  • Initializer indicates the member function can be relied upon to initialize all the members.
  • Cleanup indicates that the function is expected to free or zero all pointer members.
  • inout(i) indicates that the ith parameter will read as well as write to its (indirect) argument.
  • pod(i) indicates that the ith argument requires a pointer to a POD ( Plain Old Datatype).
  • Pure can be used to indicate that the function is a pure function.
  • A number of new semantic flags support multi-threading analysis: thread, thread_lock, thread_unlock, and thread_protected and many others.
New Messages -- Version 9.0 has some 146 new messages. Some of the more prominent of these are as follows:
html support

Read-Write Analysis -- Ever wonder whether each assigned value to a (local) variable actually has a chance of being used before another value is assigned to the variable or before exiting the program? We now detect this condition

for clause Scrutiny

for clauses are now subject to intense scrutiny. We complain if the variable tested in the 2nd expression is not the same as the variable modified in the third or the variable initialized in the first. We warn if the testing direction (2nd expression) seems inconsistent with the increment direction (3rd expression), or if the expression tested is inconsistent with the expression incremented, or if the loop index variable is modified in the body of the loop.

Pre-determined Predicates

We can detect in a variety of circumstances that the value of a predicate is pre-determined to be true or false.


come under careful examination. Within string or character constants we look for the psuedo-hex character \0xFF , decimal characters following an octal escape sequence, or the embedded nul. We also look for numeric constants that have different types depending on language dialect.


We report on compile-time zero’s being added, multiplied, ORed, etc. to expressions and on deducable zero’s added, multiplied, etc. Our order-of-evaluation checking has been extended to include the case of functions modifying objects and the suspicious looking: p ? a : b = 1 . We also look for non 0/1 assignments to boolean typed objects. We issue warnings about unusual sizeof arguments.

const qualification

We now report on global or static variables that could be made const and global or static pointers that could be declared as pointing to const.

Unusual Declarations

We report on the following declaration int a:5;
as its meaning is not defined by the standard. We also look for assignment operators that do not return a reference to a const ref.

Initializer Functions

A new feature of Version 9 is the notion of an initializer. See the initializer semantic. Message 1565 warns when an initializer fails to carry out its mission and message 1566 points out when an initializer may be needed. There are similar considerations for the cleanup semantic.

Include Guards

Headers are examined to determine whether they contain standard include guards.

Pointer and Reference Anomalies

New messages that involve the ever dangerous pointer and the innocent appearing reference are as follows. We look for

  • pointers to auto being assigned to a member of the current class
  • pointers to non-POD class being passed to POD-seeking functions such as memcpy
  • string constants assigned to initialize non-const char pointers
  • an uninitialized reference used to initialize another reference
  • a reference member not appearing in a mem-initializer
  • returning the address of a reference parameter
  • passing the address of a reference parameter into the caller’s address space
  • assigning the address of a reference parameter to a static variable.
Unreferenced (but constructed) class variables

Ever try to find all those unreferenced CString’s? We didn’t complain in the past because technically speaking, they were referenced by their own constructor. Such variables now get a new Info message so they can be picked out and eliminated.

After more than a year of Beta testing, we are happy to announce the release of PC-lint Plus 1.0. Licensing of PC-lint Plus will be based on a Team License. To obtain a quote, please contact with your company information, a brief overview of how you will be using PC-lint Plus, and the total number of Developers (as defined in the license agreement) who will be working on the C/C++ source code of the projects that will be analyzed by PC-lint Plus

A 30-day evaluation license for PC-lint Plus is now available. To request an evaluation license, please contact with your company information and specify the platform(s) on which you would like to evaluate PC-lint Plus (Windows 7/8/10, Mac OS, and Linux). See evaluation license agreement for terms.

What is PC-lint Plus?

PC-lint Plus is a rewrite of PC-lint from the ground up. It combines the clang framework with Gimpel Software's 30+ years of static analysis experience to provide a product that supports the latest C and C++ standards and implements the leading edge analysis technology that Gimpel Software is known for. While PC-lint Plus is a new offering from Gimpel Software, it is largely backward compatible with PC-lint /FlexeLint. In particular, most of the same options and messages are supported by PC-lint Plus, indirect files work the same way, and flagship features such as Value Tracking, User-defined Function Semantics, and Strong Types are all available and many features have been significantly enhanced.

What’s New in PC-lint Plus

PC-lint Plus includes many new messages, features, and enhancements. The highlights include:

Modern C++ Support :

PC-lint Plus fully supports C++11 and C++14 and most of the soon-to-be published C++17 Standard by leveraging clang to perform the lexing and parsing for C and C++ source code. Clang updates are regularly merged into PC-lint Plus ensuring prompt support for the newest language features. As a result, PC-lint Plus supports the latest compilers, including current versions of GCC and clang as well as Visual Studio 2015.

Improved Value Tracking :

Value tracking now stores ranges of values instead of just individual values which allows PC-lint Plus to gain further insight into your code when the exact values are unknown but they may be bounded by conditional logic. Structure members and floating point values are also now tracked. Data and function pointers can participate in value tracking which allows PC-lint Plus to provide more effective analysis and a better understanding of aliased values and functions.

Parallel Analysis :

PC-lint Plus supports parallel analysis of projects by using separate threads to analyze each source code module, which speeds up the analysis process by making full use of the available hardware.

Streamlined Configuration

A new configuration tool automates the configuration process by extracting information from your compiler and your build process to generate comprehensive and accurate configurations that match the way you build your projects.

Improved MISRA C 2012 Support :

PC-lint Plus further extends existing MISRA C 2012 support with new messages, improved message verbiage that more clearly explains the violation being diagnosed, and underlying type breakdowns that show exactly how the different parts of an expression contributed to the ultimate underlying type of the expression to aid in the understanding of messages related to underlying types.

Enhanced Diagnostics :

Diagnostic facilities have been greatly improved in PC-lint Plus by providing the precise locations of issues encountered, by highlighting the key constructs referenced in the message, and by the introduction of supplemental messages to provide further insight into the conditions that lead to the issuance of the diagnostic.

Messages can now be organized into user-defined named groups for easier manipulation, parameterized suppressions can be localized to a specific code region, messages can be suppressed using regular expressions, and -efile can now be used to suppress messages within specific files.

Improved Function Semantics :

PC-lint Plus provides built-in function semantics for over 200 standard library functions. Custom return semantics defined with the `-sem` option are now verified when the body of the function is available. For example, a semantic that specifies that a function never returns null will result in a diagnostic if the function actually does ever return null. User-defined function semantics can also now be specified for individual function overloads and function templates.

Other features :

In addition to the new features and enhancements described above, PC-lint Plus contains dozens of minor improvements including a built-in help system, deprecation of types and options, improved printf and scanf format string checking with positional parameter support, the ability to save and restore entire option contexts, improved message verbiage for existing messages, and hundreds of new diagnostics (including many dedicated to the use of new C++ language features).