March 19, 2019

What Is Lint Code? And What Is Linting and Why Is Linting Important?

Static Analysis
Coding Best Practices

By

Everyone knows that programming errors are bad. Some errors cause glitches that frustrate users. Others compromise the safety and security of a critical system. No matter what type of program you’re developing, avoiding these errors is important. That’s why many development teams rely on linting.

Read along or jump ahead to the section that interests you the most:

🔎 Easily Find and Fix COding errors with Static Analysis

What Is Linting?

Linting is the automated checking of your source code for programmatic and stylistic errors. This is done by using a lint tool (otherwise known as linter). A lint tool is a basic static code analyzer.

The term linting originally comes from a Unix utility for C. There are many code linters available for various programming languages today.

Why Is Linting Important?

Linting is important to reduce errors and improve the overall quality of your code. Using lint tools can help you accelerate development and reduce costs by finding errors earlier.

📕 Related Resource: Software Quality Guide

How do Lint Code Tools Work?

Here’s how lint tools are typically fit into the development process.

  1. Write the code.
  2. Compile it.
  3. Analyze it with the linter.
  4. Review the bugs identified by the tool.
  5. Make changes to the code to resolve the bugs.
  6. Link modules once the code is clean.
  7. Analyze them with the linter.
  8. Do manual code reviews.

Lint programming is a type of automated check. It should happen early in development, before code reviews and testing. That’s because automated code checks make the code review and test processes more efficient. And they free your developers to focus on the right things.

📕 Related Content: Learn how SAST tools safeguard against software vulnerabilities.

When to Use Lint Software

Lint software can deliver great benefits in development. However, lint programming might be better suited to some teams than others.

When You Use Interpreted Programming Languages

This can depend on your programming language. Some languages are better suited for code linting than others.

Take Python and JavaScript. These are interpreted languages, and they lack a compiling phase. So, using lint software is effective for ensuring consistent coding style and resolving basic coding errors in these cases.

But, when it comes to compiled languages, such as C and C++, using lint software might not be enough. C and C++ are complex and may require more advanced code analysis.

When You Use Standard Rules

A linter is great for identifying errors when you use standard rules. Remember, a linter analyzes your code for stylistic and programming errors against the rules it knows.

If part of your code breaks the standard rules, this can pose a problem. Of course, you can avoid this by overriding the defaults and adjusting/disabling rules for particular files.

When Your Needs Are Basic

Lint tools are great for basic analysis. But if you need more sophisticated analysis and metrics — such as cyclomatic complexity — a lint tool may not be enough.

Linting Programming Tools vs Static Analysis Tools

Lint tools fall into the static analysis category. They’re typically the most basic form of static analysis tool.

Static analysis tools are any tools that analyze source code without the need to run it.

What are the benefits of static analysis? The best static analyzers offer speed, depth, and accuracy in your development process. 

📕 Related Content: What Is Static Analysis.

More advanced static analysis tools deeply analyze both code execution and data flow for faults that may lead to a field failure.

The most advanced tools will also link information across multiple translation units. You can even use cross-module analysis to determine higher-level problems.

Here’s how basic lint tools compare to advanced static analysis tools.

Basic Lint Tools

Lint tools are the most basic form of static analysis. Using lint tools can be helpful for identifying common errors, such as:

  • Indexing beyond arrays.
  • Dereferencing null pointers.
  • (Potentially) dangerous data type combinations.
  • Unreachable code.
  • Non-portable constructs.

Pros/Cons

Here are some key pros and cons to code linting.

Pro: Lint checks many things, including syntax errors and structural problems.

Con: Lint can produce as many errors and warnings as there are lines of source code. This leads to high false positive and false negative rates.

Pro: Lint checks against best practice and code style guideline violations.

Con: Lint programming identifies violations of best practices. But it doesn’t teach people best coding practices. Developers can use Lint to improve their code, but they might not be able to replicate the best practice.

Pro: Lint is inexpensive.

Con: You get what you pay for. Lint is inexpensive, but it can rack up costs in developer productivity.

Examples

There are many types of lint tools available, based on your programming language. These include PC-Lint, Pylint, and JSLint.

Advanced Static Analysis Tools

Advanced static analysis tools typically deliver:

  • Pattern-based simulation.
  • Quality and complexity metrics.
  • Best practice recommendations for developers.
  • Support for multiple safety and security-focused coding standards.
  • Out-of-the-box certification for use in the development of safety-critical applications.

Pros/Cons

Here are some key pros and cons to using advanced static analysis tools.

Pro: Advanced static analyzers prevent programming errors earlier.

Con: You’ll need to get developers on board with running a static analyzer before committing their code to a build.

Pro: Advanced static analyzers offer specialized support for each language.

Con: This means that most tools are dedicated to a particular coding language — especially C or C++. It’s becoming more common for some teams to work in C/C++, while other teams at their organization work in a language like Java.

Pro: Advanced static analyzers can provide code review capabilities and improve collaboration among developers.

Con: Many teams may already have a separate code review tool in place.

Additional pros: Advanced static analyzers come with more pros than cons. 

They:

  • Deliver low false positive and false negative rates.
  • Offer best practice recommendations for better code.
  • Enforce coding standards and fulfill functional safety requirements.

Example

Perforce static code analyzers — Helix QAC and Klocwork — are an example of advanced static analysis tools. Both solutions identify more programming errors before they become a problem. Helix QAC and Klocwork offer specialized support for C and C++. And they even offer code review capabilities, which makes it easier for developers to collaborate on source code.

▶️ Related Webinar: How to Improve Software Quality With Static Code Analysis

Go Beyond Lint Code Checking

Lint code checking is great for identifying violations of standard rules — especially in Python and JavaScript. But if you’re using a compiled language or developing complex embedded systems, a linter won’t give you everything you need.

Helix QAC and Klocwork do it all.

Perforce static code analyzers check code for those critical coding violations. Both come with a web dashboard, where you can easily monitor and report on trends and quality metrics over time. Plus, the dashboard serves as a platform for collaboration among developers. And you can even integrate Helix QAC with a version control system, such as Helix Core.

See for yourself how Perforce static code analyzers make it easy to go beyond lint code checking. Request your free static analyzer trial today.

➡️ Static Analysis Free Trial

richard-bellairs

Richard Bellairs

Product Marketing Manager, Perforce

Richard Bellairs has 20+ years of experience across a wide range of industries. He held electronics and software engineering positions in the manufacturing, defense, and test and measurement industries in the nineties and early noughties before moving to product management and product marketing. He now champions Perforce’s market-leading code quality management solution. Richard holds a bachelor’s degree in electronic engineering from the University of Sheffield and a professional diploma in marketing from the Chartered Institute of Marketing (CIM).