Hi,
Is there any free code analysis tool that could be integrated with CodeWarrior 10.4 for MCU? I've seen around several tools of this type, but all are way too expensive.
Victor
Solved! Go to Solution.
Yes, this is correct: Linticator is not free and requires PC-lint with is not free neither.
In my view PC-lint is still one of the best-in-class static analysis tools.
How to use it without Linticator: Linting without a plugin | MCU on Eclipse
The Eclipse built-in is very basic (better than nothing). I have seen other (free) tools for gcc/ARM, but honestly I had no time to look into this.
Maybe somebody else can share his experience?
these thread from Erich Styger should help:
http://mcuoneclipse.com/2013/01/06/free-static-code-analysis-with-eclipse/
Sorry, one more detail, Linticator is not free and, curiously, requires you to previously install PC-Lint, which is not free either. Support for Linticator is only granted for six months after purchase, which is not a so good point.
As another payed alternative QA-C (from Programming Research) seems to be option to take into account as it can also integrate in Eclipse and CodeWarrior.
Yes, this is correct: Linticator is not free and requires PC-lint with is not free neither.
In my view PC-lint is still one of the best-in-class static analysis tools.
How to use it without Linticator: Linting without a plugin | MCU on Eclipse
The Eclipse built-in is very basic (better than nothing). I have seen other (free) tools for gcc/ARM, but honestly I had no time to look into this.
Maybe somebody else can share his experience?
Some times I go and see the PC-Lint on-line interactive demo to check small portions of code. Thanks for the link, I think it's a well presented and easy to follow how-to.
Hi Zhang,
Yes, I was already aware of that analyzer included in the CW IDE, in fact I'm using it sometimes. But in my opinion the results from that tool are not yet reliable. For example, see the picture below, in one hand the tool reports as a bug something that (probably) is not exactly a bug but (perhaps) a bad programming practice. In the other hand, it does not recognize one severe security flaw (buffer overrun) in the function InitMyData().
The function named MyFunction() does have a return statement, but the tool reports the function as not having a return statement. The function InitMyData() is writing to one location out of bounds (2 bytes out).
This two isses are correctly detected by some other tools like FlexeLint, which only reports as a bug the out of bounds access in function InitMyData() and reports these two messages:
Warning 416: Likely creation of out-of-bounds pointer (2 beyond end of data) by operator '['
Warning 415: Likely access of out-of-bounds pointer (2 beyond end of data) by operator '['
Victor