image-blog-qac-linting
January 30, 2024

What Is Linting + When to Use Lint Tools

Static Analysis
Coding Best Practices

By

Everyone knows that software defects should be avoided at all costs. Some errors cause glitches that frustrate users. Others compromise the safety and security of a critical system. No matter what type of program you’re developing, avoiding these defects is important. That’s why many development teams rely on linting.

Read along or jump ahead to the section that interests you the most:

Table of Contents

  1. What Is Linting?
  2. When to Use Lint Software to Lint Code
  3. Linting Programming and Lint Code Tools vs Static Analysis Tools
  4. Go Beyond Lint Code Checking

🔎 Easily Find and Fix COding errors with Static Analysis

Back to top

What Is Linting?

Linting is the automated checking of your source code for programmatic and stylistic errors. This is done by using a lint tool (otherwise known as linter). A lint tool is a basic static code analyzer.

The term linting originally comes from a Unix utility for C. The name itself is rather tongue-and-cheek, as "lint" refers to the lint shed by clothing — similarly, the command that computer scientist Stephen C. Johnson wrote acted like a clothes dryer lint trap in that it caught the excess "fibers" without affecting the whole cloth. In other words, the "lint" in your code is the code that technically works, but could either have a bug or be suboptimal in some other way. 

Following the original lint tool came derivatives like PC-lint Plus. Successor linters and lint-like tools expand upon the original lint tool's capabilities by finding a wider variety of issues than just style and formatting, such as unresolved merge conflicts, deprecated functions, and use of insecure language features. 

There are many code linters available for various programming languages today, which can help maintain code quality. Since the original Lint, lint code tools have evolved over time to provide different types of checks for syntax, coding standards, cyclomatic complexity of code, security checks, and more. 

However, lint tools are still limited to a basic analysis of your code. If you need to take a deeper dive into data-flow analysis, consider using a more advanced static analysis tool. 

What Is Linting and Why Is Linting Code Important?

Linting is important to reduce errors and improve the overall quality of your code. The process of linting, aided by lint tools, can keep source code consistent and improve code review. Using lint tools can help you accelerate development and reduce costs by finding errors earlier.

📕 Related Resource: Software Quality Guide

How Do Lint Tools Work?

Here’s how linting tools are typically fit into the development process.

  1. Write the code.
  2. Compile it.
  3. Analyze it with the linter.
  4. Review the bugs identified by the tool.
  5. Make changes to the code to resolve the bugs.
  6. Link modules once the code is clean.
  7. Analyze them with the linter.
  8. Do manual code reviews.

Lint programming is a type of automated check. It should happen early in development, before code reviews and testing. That’s because automated code checks make the code review and test processes more efficient. And they free your developers to focus on the right things.

📕 Related Content: Learn how SAST tools safeguard against software vulnerabilities.
Back to top

When to Use Lint Software to Lint Code

Linting software can deliver great benefits in development. However, lint programming might be better suited to some teams than others.

When You Use Interpreted Programming Languages

This can depend on your programming language. Some languages are better suited for code linting than others.

Take Python and JavaScript. These are interpreted languages, and they lack a compiling phase. So, using lint software is effective for ensuring consistent coding style and resolving basic coding errors in these cases.

But, when it comes to compiled languages, such as C and C++, using lint software might not be enough. C and C++ are complex and may require more advanced code analysis.

When You Use Standard Rules

A linter is great for identifying errors when you use standard rules. Remember, a linter analyzes your code for stylistic and software defects against the rules it knows.

If part of your code breaks the standard rules, this can pose a problem. Of course, you can avoid this by overriding the defaults and adjusting/disabling rules for particular files.

When Your Needs Are Basic

Lint tools are great for basic analysis. But if you need more sophisticated analysis and metrics — such as cyclomatic complexity — a lint tool may not be enough.

Back to top

Linting Programming and Lint Code Tools vs Static Analysis Tools

Lint tools fall into the static analysis category. They’re typically the most basic form of static analysis tool.

Static analysis tools are any tools that analyze source code without the need to run it.

What are the benefits of static analysis? The best static analyzers offer speed, depth, and accuracy in your development process. 

📕 Related Content: What Is Static Analysis.

More advanced static analysis tools perform deep-dive, data-flow analysis using runtime simulation techniques that are both inter-procedural and inter-translation-unit, allowing them to identify software defects at multiple degrees at scale that could manifest after deployment of the code being analyzed. 

Here’s how basic linters compare to advanced static analysis tools.

Basic Linting Tools

Linting tools are the most basic form of static analysis. Using lint tools can be helpful for identifying common errors, such as:

  • Indexing beyond arrays.
  • Dereferencing null pointers.
  • (Potentially) dangerous data type combinations.
  • Unreachable code.
  • Non-portable constructs.

Pros/Cons

Here are some key pros and cons to code linting.

Pro: Lint checks many things, including syntax errors and structural problems.

Con: Lint can produce as many errors and warnings as there are lines of source code. This leads to high false positive and false negative rates.

Pro: Lint checks against best practice and code style guideline violations.

Con: Lint programming identifies violations of best practices. But it doesn’t teach people best coding practices. Developers can use Lint to improve their code, but they might not be able to replicate the best practice.

Pro: Lint is inexpensive.

Con: You get what you pay for. Lint is inexpensive, but it can rack up costs in developer productivity.

Pro: Some linters offer support for coding standards and guidelines such as MISRA®. 

Con: Lint tools cannot find deeper violations of MISRA and other coding standard rules, which can be complex, and therefore can't fully enforce and prove compliance. 

Examples

There are many types of lint tools available, based on your programming language. These include PC-Lint, Pylint, and JSLint.

Advanced Static Analysis Tools

Advanced static analysis tools typically deliver:

  • Pattern-based simulation.
  • Quality and complexity metrics.
  • Best practice recommendations for developers.
  • Support for multiple safety and security-focused coding standards.
  • Out-of-the-box certification for use in the development of safety-critical applications.

Pros/Cons

Here are some key pros and cons to using advanced static analysis tools.

Pro: Advanced static analyzers prevent software defects earlier.

Con: You’ll need to get developers on board with running a static analyzer before committing their code to a build.

Pro: Advanced static analyzers offer specialized support for each language.

Con: This means that most tools are dedicated to a particular coding language — especially C or C++. It’s becoming more common for some teams to work in C/C++, while other teams at their organization work in a language like Java.

Pro: Advanced static analyzers can provide code review capabilities and improve collaboration among developers.

Con: Many teams may already have a separate code review tool in place.

Additional pros: Advanced static analyzers come with more pros than cons. 

They:

  • Deliver low false positive and false negative rates.
  • Offer best practice recommendations for better code.
  • Enforce coding standards and fulfill functional safety requirements.

Example

Perforce static code analyzers — Helix QAC and Klocwork — are an example of advanced static analysis tools. Both solutions identify more software defects before they become a problem. Helix QAC and Klocwork offer specialized support for C and C++. And they even offer code review capabilities, which makes it easier for developers to collaborate on source code.

▶️ Related Webinar: How to Improve Software Quality With Static Code Analysis

In summary, many developers use a combination of these tools to help identify issues long before the software is deployed. Whether you're using lint tools or advanced static analysis tools, linting and static analysis should be used as early in the development pipeline as possible, to ensure that you save time and fix bugs quickly. 

Linting helps ensure the codebase is consistent and maintainable, and is suitable for enforcing best practices across a development team. So, if your needs are basic, linting allows you to catch potential problems early in your CI/CD pipeline without being as resource-intensive as static analysis. 

Advanced static analysis is best for larger projects with complex codebases, where security, performance, reliability, code quality, and compliance are worth the upkeep. Static analysis is more automated and can find issues that linting tools miss as you code, so you spend less time on manual fixes. Static analysis tools not only enforce standards compliance, but they also provide customizable reporting to prove adherence. 

Back to top

Go Beyond Lint Code Checking

Lint code checking is great for identifying violations of standard rules — especially in Python and JavaScript. But if you’re using a compiled language or developing complex embedded systems, a linter won’t give you everything you need.

Helix QAC and Klocwork do it all.

Perforce static code analyzers check code for those critical coding violations. Both come with a web dashboard, where you can easily monitor and report on trends and quality metrics over time. Plus, the dashboard serves as a platform for collaboration among developers. And you can even integrate Helix QAC with a version control system, such as Helix Core.

See for yourself how Perforce static code analyzers make it easy to go beyond lint code checking. Request your free static analyzer trial today.

➡️ Static Analysis Free Trial

Back to top
Gordon Saladino

Gordon Saladino

Solutions Architect, Klocwork

Gordon Saladino has over 40 years of experience in software technology. He has applied his skills and experience to the analysis, design, development, debugging, packaging, and delivery of software products. Currently, he is a Solutions Architect for Klocwork, and provides post-sales technical account management, which includes: planning, guidance, production deployment, custom configuration, custom integration, product tuning, dynamic problem solving, issue citing, training, system health checks, proactive product support, ROI management, and customer relationship management.