This file contains the text of the FlexeLint/PC-lint error messages. It
is to be used in conjunction with licensed FlexeLint/PC-lint software.
Copyright (C) 1985-2008 Gimpel Software, All rights reserved
Gimpel Software * 3207 Hogarth Lane * Collegeville, PA 19426
Phone (610) 584-4261 * FAX (610) 584-4266 * www.gimpel.com
19. MESSAGES
19.1 Syntax Errors
19.2 Internal Errors
19.3 Fatal Errors
19.4 Warning Messages
19.5 Informational Messages
19.6 Elective Notes
19.7 C++ Syntax Errors
19.8 Additional Internal Errors
19.9 C++ Warning Messages
19.10 C++ Informational Messages
19.11 C++ Elective Notes
Most error messages have an associated error number. By looking up the
number in the list below you can obtain additional information about the
cause of the error. This information is also available from a
self-extracting executable msg.exe, found on the PC-lint
distribution diskette, which produces the machine-readable ASCII file
msg.txt. For FlexeLint users, the file msg.txt can be found on
the FlexeLint Supplementary diskette.
Messages numbered 1000 and higher pertain generally to C++. This is
summarized in the table below.
After a possible 1000 is subtracted off, the remainder lies in the range
0-999. Remainders in the range 1-199 are syntax errors, 200-299 are PC-lint/FlexeLint
internal errors and should never occur, 300-399 are fatal errors usually
brought about by exceeding some limit, 400-699 are warning messages that
indicate that something is likely to be wrong with the program being
examined. Remainders in the range 700-899 designate informational messages.
These may be errors but they also may represent legitimate programming
practices depending upon personal programming style. Remainders in the
range 900-999 are called "Elective Notes". They are not automatically
output. You may examine the list to see if you wish to be alerted to
any of them.
C C++ Warning Level
Syntax Errors 1 - 199 1001 - 1199 1
Internal Errors 200 - 299 1200 - 1299 0
Fatal Errors 300 - 399 0
Warnings 400 - 699 1400 - 1699 2
Informational 700 - 899 1700 - 1899 3
Elective Notes 900 - 999 1900 - 1999 4
Glossary
A few of the terms used in the commentary below are:
argument The actual argument of a function as opposed to a dummy (or
formal) parameter of a function (see parameter).
arithmetic Any of the integral types (see below) plus float, double, and
long double.
Boolean In general, the word Boolean refers to quantities that can be
either true or false. An expression is said to be Boolean
(perhaps it would be better to say 'definitely Boolean') if it
is of the form: operand op operand where op is a relational (>
>= < <=), an equality operator (== !=), logical And (&&) or
logical Or (||). A context is said to require a Boolean if it
is used in an if or while clause or if it is the 2nd
expression of a for clause or if it is an argument to one of
the operators: && or ||. An expression needn't be definitely
Boolean to be acceptable in a context that requires a Boolean.
Any integer or pointer is acceptable.
declaration Gives properties about an object or function (as opposed to
a definition).
definition That which allocates space for an object or function (as
opposed to a declaration) and which may also indicate
properties about the object. There should be only one
definition for an object but there may be many declarations.
integral A type that has properties similar to integers. These include
char, short, int, and long and the unsigned variations of any
of these.
scalar Any of the arithmetic types plus pointers.
lvalue Is an expression that can be used on the Left hand side of an
assignment operator (=). Some contexts require lvalues such
as autoincrement (++) and autodecrement (--).
macro An abbreviation defined by a #define statement. It may or may
not have arguments.
member Elements of a struct and of a union are called members.
module That which is compiled by a compiler in a single independent
compilation. It typically includes all the text of a .c (or a
.cpp or .cxx, etc.) file plus any text within any #include
file(s).
parameter A formal parameter of a function as opposed to an actual
argument (see argument).
Message Parameters
Some of the messages are parameterized with one or more of the following
italicized names:
Char Some character
Context Specifies one of several contexts in which an assignment can
be made. Can be one of:
o assignment -- refers to an explicit assignment operator.
o return -- refers to the implied assignment of a return
statement. The type of the expression is converted implicitly
to the type of the function.
o initialization -- refers to the assignment implied by an
initialization statement.
o arg. no.... -- refers to the implied assignment of an argument
in the presence of a prototype. The type of the expression is
implicitly converted to the type within a prototype.
o arg. 'this' -- refers to the implied argument of a member
function call.
FileName A filename. Messages containing this parameter can be
suppressed with the -efile( ... ) option.
Integer Some integer
Invocation A function call with argument types. To suppress a message
containing an Invocation you need the complete call, not just
the function name. For example, the call f(1) could result
in Error 1024 parameterized by 'f(int)'. To suppress this
message you could use -esym(1024,f(int)). You could also use
wild cards as in -esym(1024,f*).
Kind A list of control structures.
Location A line number followed optionally by a filename (if different
from the current) and/or a module name if different from the
current.
Name A string, usually an identifier, that can be suppressed with a
-esym but not with -elibsym.
String A sequence of characters identified further in the message
description.
Symbol The name of a user identifier referring to a C or C++ object
such as variable, function, structure, etc. Messages
containing this parameter can be suppressed with the -esym(
... ) option. For C++, if Symbol is the name of a function
the full function signature (including parameters) is given.
Error suppression with -esym does not require (nor want) the
parameters.
Type A type or a top type base is provided. A top type base is one
of pointer, function, array, struct, union, or enum.
TypeDiff Specifies the way in which one type differs from another.
Because of type qualification, function prototypes, and type
compounding, it may not be obvious how two types differ.
Also, see the -etd option to inhibit errors based on type
differences. TypeDiff can be one or more of:
o basic -- The two types differ in some fundamental way such as
double versus int.
o count – Two function types differ in the number of arguments.
o ellipsis – Two function types differ in that one is
prototyped using an ellipsis and the other is not prototyped.
See Section 15.8 Plain Vanilla Functions.
o incomplete – At least one of the types is only partially
specified such as an array without a dimension or a function
without a prototype.
o nominal – The types are nominally different but are otherwise
the same. For example, int versus long where these are the
same size or double versus long double where these are the
same size. The two types are either both integral or both
float or are functions that return types or have arguments
that differ nominally. If long is the same size as int then
unsigned long will differ from int both as nominal and as
signed/unsigned. If not the same size, then the difference is
precision.
o origin – The types are not actually different but have
different origins. For example a struct is defined in two
separate modules rather than in one header file. If for some
reason you want to do this then use the option -etd(origin).
o precision – Two arithmetic types differ in their precision
such as int vs. long where these are different sizes.
o promotion – Two function types differ in that one is
prototyped with a char, short or float type and the other is
not prototyped.
o ptrs to… – Pointers point to different types, some TypeDiff
code follows.
o ptrs to incompatible types – Pointers point to types which in
turn differ in precision, count, size, ellipsis or promotion.
o qualification – Qualifiers such as const, volatile, etc. are
inconsistent.
o signed/unsigned – The types differ in that one is a signed
integral type and the other is unsigned of the same size, or
they are both functions that return types that differ in this
way, or they are both pointers to types that differ in this
way.
o size – Two arrays differ in array dimension.
o strong – two types differ in that one is strong and the other
is not the same strong type.
o void/nonvoid – The two types differ in that one is void and
the other is not or, more frequently, they are both functions
returning types that differ in this respect or pointers to
types that differ in this respect.
o int/enum– One type is an enum and the other is an int.
o Type = Type – The two types in an assignment of some kind
differ in some basic way and no more information is available.
o Type vs. Type – The two types differ in some basic way and no
more information is available.
19.1 C Syntax Errors
1 Unclosed Comment (Location) -- End of file was reached with an
open comment still unclosed. The Location of the open comment is
shown.
2 Unclosed Quote -- An end of line was reached and a matching
quote character (single or double) to an earlier quote character
on the same line was not found.
3 #else without a #if -- A #else was encountered not in the scope
of a #if, #ifdef or #ifndef.
4 Too many #if levels -- An internal limit was reached on the
level of nesting of #if statements (including #ifdef and
#ifndef).
5 Too many #endif's -- A #endif was encountered not in the scope
of a #if or #ifdef or #ifndef.
6 Stack Overflow -- One of the built-in non-extendable stacks has
been overextended. The possibilities are too many nested #if
statements, #includes statements (including all recursive
#include statements), static blocks (bounded by braces) or
#define replacements.
7 Unable to open include file: FileName -- FileName is the name of
the include file which could not be opened.
8 Unclosed #if (Location) -- A #if (or #ifdef or #ifndef) was
encountered without a corresponding #endif. Location is the
location of the #if.
9 Too many #else's in #if (Location) -- A given #if contained a
#else which in turn was followed by either another #else or a
#elif. The error message gives the line of the #if statement
that started the conditional that contained the aberration.
10 Expecting 'String' -- String is the expected token. The
expected token could not be found. This is commonly given when
certain reserved words are not recognized.
int __interrupt f();
will receive an Expecting ‘;’ message at the f because it thinks
you just declared __interrupt. The cure is to establish a new
reserved word with +rw(__interrupt). Also, make sure you are
using the correct compiler options file.
11 Excessive Size -- The filename specified on a #include line had
a length that exceeded FILENAME_MAX characters.
12 Need < or " -- After a #include is detected and after macro
substitution is performed, a file specification of the form
or "filename" is expected.
13 Bad type -- A type adjective such as long, unsigned, etc. cannot
be applied to the type which follows.
14 Symbol 'Symbol' previously defined (Location) -- The named
object has been defined a second time. The location of the
previous definition is provided. If this is a tentative
definition (no initializer) then the message can be suppressed
with the +fmd flag.
15 Symbol 'Symbol' redeclared (TypeDiff) (Location) -- The named
symbol has been previously declared or defined in some other
module (location given) with a type different from the type given
by the declaration at the current location. The parameter
TypeDiff provides further information on how the types differ.
16 Unrecognized name -- A # directive is not followed by a
recognizable word. If this is not an error, use the +ppw option.
17 Unrecognized name -- A non-parameter is being declared where
only parameters should be.
18 Symbol 'Symbol' redeclared (TypeDiff) conflicts with Location --
A symbol is being redeclared. The parameter TypeDiff provides
further information on how the types differ. Location is the
location of the previous definition.
19 Useless Declaration -- A type appeared by itself without an
associated variable, and the type was not a struct and not a
union and not an enum. A double semi-colon can cause this as in:
int x;;
20 Illegal use of = -- A function declaration was followed by an =
sign.
21 Expected { -- An initializer for an indefinite size array must
begin with a left brace.
22 Illegal operator -- A unary operator was found following an
operand and the operator is not a post operator.
23 Expected colon -- A ? operator was encountered but this was not
followed by a : as was expected.
24 Expected an expression, found 'String' -- An operator was found
at the start of an expression but it was not a unary operator.
25 Illegal constant -- Too many characters were encountered in a
character constant (a constant bounded by ' marks).
26 Expected an expression, found 'String' -- An expression was not
found where one was expected. The unexpected token is placed in
the message.
27 Illegal character (0xhh) -- An illegal character was found in
the source code. The hex code is provided in the message. A
blank is assumed. If you are using strange characters in
identifier names you will get this message for which you may use
the -ident option.
28 Redefinition of symbol 'Symbol' Location -- The identifier
preceding a colon was previously declared at the Location given
as not being a label.
30 Expected a constant -- A constant was expected but not obtained.
This could be following a case keyword, an array dimension, bit
field length, enumeration value, #if expression, etc.
31 Redefinition of symbol 'Symbol' conflicts with Location -- A
data object or function previously defined in this module is
being redefined.
32 Field size (member 'Symbol') should not be zero -- The length of
a field was given as non-positive, (0 or negative).
33 Illegal constant -- A constant was badly formed as when an octal
constant contains one of the digits 8 or 9.
34 Non-constant initializer -- A non-constant initializer was found
for a static data item.
35 Initializer has side-effects -- An initializer with side effects
was found for a static data item.
36 Redefining the storage class of symbol 'Symbol' conflicts with
Location -- An object's storage class is being changed.
37 Value of enumerator 'Symbol' inconsistent (conflicts with
Location) -- An enumerator was inconsistently valued.
38 Offset of symbol 'Symbol' inconsistent (Location) -- A member of
a class or struct appears in a different position (offset from
the start of the structure) than an earlier declaration. This
could be caused by array dimensions changing from one module to
another.
39 Redefinition of symbol 'Symbol' conflicts with Location -- A
struct or union is being redefined.
40 Undeclared identifier 'Name' -- Within an expression, an
identifier was encountered that had not previously been declared
and was not followed by a left parenthesis. Name is the name of
the identifier.
41 Redefinition of symbol 'Symbol' -- A parameter of either a
function or a macro is being repeated.
42 Expected a statement -- A statement was expected but a token was
encountered that could not possibly begin a statement.
43 Vacuous type for variable 'Symbol' -- A vacuous type was found
such as the void type in a context that expected substance.
44 Need a switch -- A case or default statement occurred outside a
switch.
45 Bad use of register -- A variable is declared as a register but
its type is inconsistent with it being a register (such as a
function).
46 Field type should be int -- Bit fields in a structure should be
typed unsigned or int. If your compiler allows other kinds of
objects, such as char, then simply suppress this message.
47 Bad type -- Unary minus requires an arithmetic operand.
48 Bad type -- Unary * or the left hand side of the ptr (->)
operator requires a pointer operand.
49 Expected a type -- Only types are allowed within prototypes. A
prototype is a function declaration with a sequence of types
within parentheses. The processor is at a state where it has
detected at least one type within parentheses and so is expecting
more types or a closing right parenthesis.
50 Attempted to take the address of a non-lvalue -- Unary &
operator requires an lvalue (a value suitable for placement on
the left hand side of an assignment operator).
51 Expected integral type -- Unary ~ expects an integral type
(signed or unsigned char, short, int, or long).
52 Expected an lvalue -- autodecrement (--) and autoincrement (++)
operators require an lvalue (a value suitable for placement on
the left hand side of an assignment operator). Remember that
casts do not normally produce lvalues. Thus
++(char *)p;
is illegal according to the ANSI standard. This construct is
allowed by some compilers and is allowed if you use the +fpc
option (Pointer Casts are lvalues).
53 Expected a scalar -- Autodecrement (--) and autoincrement (++)
operators may only be applied to scalars (arithmetics and
pointers) or to objects for which these operators have been
defined.
54 Division by 0 -- The constant 0 was used on the right hand side
of the division operator (/) or the remainder operator (%).
55 Bad type -- The context requires a scalar, function, array, or
struct (unless -fsa).
56 Bad type -- Add/subtract operator requires scalar types and
pointers may not be added to pointers.
57 Bad type -- Bit operators ( &, | and ^ ) require integral
arguments.
58 Bad type -- Bad arguments were given to a relational operator;
these always require two scalars and pointers can't be compared
with integers (unless constant 0).
59 Bad type -- The amount by which an item can be shifted must be
integral.
60 Bad type -- The value to be shifted must be integral.
61 Bad type -- The context requires a Boolean. Booleans must be
some form of arithmetic or pointer.
62 Incompatible types (TypeDiff) for operator ':' -- The 2nd and
3rd arguments to ? : must be compatible types.
63 Expected an lvalue -- Assignment expects its first operand to be
an lvalue. Please note that a cast removes the lvaluedness of an
expression.
64 Type mismatch (Context) (TypeDiff) -- There was a mismatch in
types across an assignment (or implied assignment, see Context).
TypeDiff specifies the type difference.
65 Expected a member name -- After a dot (.) or pointer (->)
operator a member name should appear.
66 Bad type -- A void type was employed where it is not permitted.
If a void type is placed in a prototype then it must be the only
type within a prototype. (See error number 49.)
67 Can't cast from Type to Type -- Attempt to cast a non-scalar to
an integral.
68 Can't cast from Type to Type -- Attempt to cast a non-arithmetic
to a float.
69 Can't cast from Type to Type -- Bad conversion involving
incompatible structures or a structure and some other object.
70 Can't cast from Type to Type -- Attempt to cast to a pointer
from an unusual type (non-integral).
71 Can't cast from Type to Type -- Attempt to cast to a type that
does not allow conversions.
72 Bad option 'String' -- Was not able to interpret an option. The
option is given in String.
73 Bad left operand -- The cursor is positioned at or just beyond
either an -> or a . operator. These operators expect an
expression primary on their left. Please enclose any complex
expression in this position within parentheses.
74 Address of Register -- An attempt was made to apply the address
(&) operator to a variable whose storage class was given as
register.
75 Too late to change sizes (option 'String') -- The size option
was given after all or part of a module was processed. Make sure
that any option to reset sizes of objects be done at the
beginning of the first module processed or on the command line
before any module is processed.
76 can't open file String -- String is the name of the file. The
named file could not be opened for output. The file was destined
to become a PC-lint/FlexeLint object module.
77 Address of bit-field cannot be taken -- The address of a
bit-field cannot be taken. The rules of C only allow for taking
the address of a whole byte (a whole char).
78 Symbol 'Symbol' typedef'ed at Location used in expression -- The
named symbol was defined in a typedef statement and is therefore
considered a type. It was subsequently found in a context where
an expression was expected.
79 Bad type for % operator -- The % operator should be used with
some form of integer.
80 this use of ellipsis is not strictly ANSI -- The ellipsis should
be used in a prototype only after a sequence of types not after a
sequence of identifiers. Some compilers support this extension.
If you want to use this feature suppress this message.
81 struct/union not permitted in equality comparison -- Two
struct's or union's are being compared with one of == or !=.
This is not permitted by the ANSI standard. If your compiler
supports this, suppress this message.
82 return ; illegal with void function -- The ANSI standard
does not allow an expression form of the return statement with a
void function. If you are trying to cast to void as in return
(void)f(); and your compiler allows it, suppress this message.
83 Incompatible pointer types with subtraction -- Two pointers
being subtracted have indirect types which differ. You can get
PC-lint/FlexeLint to ignore slight differences in the pointers by
employing one or more of the -ep... options
84 sizeof object is zero or object is undefined -- A sizeof
returned a 0 value. This could happen if the object were
undefined or incompletely defined. Make sure a complete
definition of the object is in scope when you use sizeof.
85 Array 'Symbol' has dimension 0 -- An array (named Symbol) was
declared without a dimension in a context that required a
non-zero dimension.
86 Structure 'Symbol' has no data elements -- A structure was
declared (in a C module) that had no data members. Though legal
in C++ this is not legal C.
87 Expression too complicated for #ifdef or #ifndef -- By the rules
of C there should be only a single identifier following a #ifdef
or a #ifndef. You may also supply a validly constructed C (or
C++) comment.
88 Symbol 'Symbol' is an array of empty elements -- An array was
declared (in a C module) whose elements were each of 0 length.
Though legal in C++ this is not permitted C.
89 Argument or option too long ('String') -- The length of an
option (shown in String) exceeds an internal limit. Please try
to decompose the option into something smaller. At this writing
the limit is 610 characters.
90 Option 'String' is only appropriate within a lint comment -- The
indicated option is not appropriate at the command or the .lnt
level. For example if -unreachable is given on the command line
you will get this message.
91 Line exceeds Integer characters (use +linebuf) -- A line read
from one of the input files is longer than anticipated. By
default the line buffer size is 600 characters. Each time you
use the +linebuf option you can double this size. The size can
be doubled ad infinitum.
92 Negative array dimension or bit field length (Integer) -- A
negative array dimension or bit field length is not permitted.
93 New-line is not permitted within string arguments to macros -- A
macro invocation contains a string that is split across more than
one line. For example:
A( "Hello
World" );
will trigger this message. Some compilers accept this construct
and you can suppress this message with -e93 if this is your
current practice. But it is more portable to place the string
constant on one line. Thus
A( "Hello World" );
would be better.
95 Expected a macro parameter but instead found 'Name' -- The #
operator (or the non-standard extension to the # operator spelled
#@) was found within a macro definition but was not immediately
followed by a parameter of the macro as is required by the
standards. Name identifies the token immediately to the right of
the operator.
96 Unmatched left brace for String on Location -- The purpose of
this message is to report the location of a left curly brace that
is unmatched by a right curly brace. Such an unmatched left
curly can be far removed from the point at which the unbalance
was detected (often the end of the compilation unit). Providing
the location of the left curly can be extremely helpful in
determining the source of the imbalance.
98 Recovery Error (String) -- A recovery error is issued when an
inconsistent state was found while attempting to recover from a
syntactic error. The String provided in the message serves as a
clue to this inconsistent state. Since the presumptive cause of
the error is an earlier error, priority should be placed on
resolving the original error. This "Recovery Error" is meant
only to provide additional information on the state of the
parser.
101 Expected an identifier -- While processing a function
declarator, a parameter specifier was encountered that was not an
identifier, whereas a prior parameter was specified as an
identifier. This is mixing old-style function declarations with
the new-style and is not permitted. For example
void f(n,int m)
will elicit this message.
102 Illegal parameter specification -- Within a function declarator,
a parameter must be specified as either an identifier or as a
type followed by a declarator.
103 Unexpected declaration -- After a prototype, only a comma,
semi-colon, right parenthesis or a left brace may occur. This
error could occur if you have omitted a terminating character
after a declaration or if you are mixing old-style parameter
declarations with new-style prototypes.
104 Conflicting types -- Two consecutive conflicting types were
found such as int followed by double. Remove one of the types!
105 Conflicting modifiers -- Two consecutive conflicting modifiers
were found such as far followed by near. Remove one of the
modifiers!
106 Illegal constant -- A string constant was found within a
preprocessor expression as in
#if ABC == "abc"
Such expressions should be integral expressions.
107 Label 'Symbol' (Location) not defined -- The Symbol at the given
Location appeared in a goto but there was no corresponding label.
108 Invalid context -- A continue or break statement was encountered
without an appropriate surrounding context such as a for, while,
or do loop or, for the break statement only, a surrounding switch
statement.
109 The combination 'short long' is not standard, 'long' is assumed
-- Some compilers support the non-standard sequence short long.
This message reports, as an error, that this sequence is being
used. If you are required to use the construct then simply
suppress this message. As the message indicates, that type will
be presumed to be long.
110 Attempt to assign to void -- An attempt was made to assign a
value to an object designated (possibly through a pointer) as
void.
111 Assignment to const object -- An object declared as const was
assigned a value. This could arise via indirection. For
example, if p is a pointer to a const int then assigning to *p
will raise this error.
113 Inconsistent enum declaration -- The sequence of members within
an enum (or their values) is inconsistent with that of another
enum (usually in some other module) having the same name.
114 Inconsistent structure declaration for tag 'Symbol' -- The
sequence of members within a structure (or union) is inconsistent
with another structure (usually in some other module) having the
same name.
115 Struct/union not defined -- A reference to a structure or a
union was made that required a definition and there is no
definition in scope. For example, a reference to p->a where p is
a pointer to a struct that had not yet been defined in the
current module.
116 Inappropriate storage class -- A storage class other than
register was given in a section of code that is dedicated to
declaring parameters. The section is that part of a function
preceding the first left brace.
117 Inappropriate storage class -- A storage class was provided
outside any function that indicated either auto or register.
Such storage classes are appropriate only within functions.
118 Too few arguments for prototype -- The number of arguments
provided for a function was less than the number indicated by a
prototype in scope.
119 Too many arguments for prototype -- The number of arguments
provided for a function was greater than the number indicated by
a prototype in scope.
120 Initialization without braces of dataless type 'Symbol' -- There
was an attempt to initialize a nested object (e.g., an array
element) without braces. Additionally, that object type
possesses no data members.
class A { public: void f(); };
class B { public: A a; int k; } ;
A a[4] = { {}, {}, {}, {} }; // OK
B b = { , 34 }; // Error 120
121 Attempting to initialize an object of undefined type 'Symbol' --
The initialization of an object was attempted where that object
type has no visible definition. For example:
class Undefined u = { 5 };
122 Digit (Char) too large for radix -- The indicated character was
found in a constant beginning with zero. For example, 08 is
accepted by some compilers to represent 8 but it should be 010 or
plain 8.
123 Macro 'Symbol' defined with arguments at Location this is just a
warning -- The name of a macro defined with arguments was
subsequently used without a following '('. This is legal but may
be an oversight. It is not uncommon to suppress this message
(with -e123), because some compilers allow, for example, the
macro max() to coexist with a variable max.
124 Pointer to void not allowed -- A pointer to void was used in a
context that does not permit void. This includes subtraction,
addition and the relationals (> >= < <=).
125 Too many storage class specifiers -- More than one storage class
specifier (static, extern, typedef, register or auto) was found.
Only one is permitted.
126 Inconsistent structure definition 'Symbol' -- The named
structure (or union or enum) was inconsistently defined across
modules. The inconsistency was recognized while processing a
lint object module. Line number information was not available
with this message. Alter the structures so that the member
information is consistent.
127 Illegal constant -- An empty character constant ('') was found.
128 Pointer to function not allowed -- A pointer to a function was
found in an arithmetic context such as subtraction, addition, or
one of the relationals (> >= < <=).
129 declaration expected, identifier 'Symbol' ignored -- In a
context in which a declaration was expected an identifier was
found. Moreover, the identifier was not followed by '(' or a '['
130 Expected integral type -- The expression in a switch statement
must be some variation of an int (possibly long or unsigned) or
an enum.
131 syntax error in call of macro 'Symbol' at location Location --
This message is issued when a macro with arguments (function-like
macro) is invoked and an incorrect number of arguments is
provided. Location is the location of the start of the macro
call. This can be useful because an errant macro call can extend
over many lines.
132 Expected function definition -- A function declaration with
identifiers between parentheses is the start of an old-style
function definition (K&R style). This is normally followed by
optional declarations and a left brace to signal the start of the
function body. Either replace the identifier(s) with type(s) or
complete the function with a function body.
133 Too many initializers for aggregate 'Symbol' -- In a
brace-enclosed initializer, there are more items than there are
elements of the aggregate.
134 Missing initializer -- An initializer was expected but only a
comma was present.
135 comma assumed in initializer -- A comma was missing between two
initializers. For example:
int a[2][2] = { { 1, 2 } { 3, 4 } };
is missing a comma after the first right brace (}).
136 Illegal macro name -- The ANSI standard restricts the use of
certain names as macros. defined is on the restricted list.
137 constant 'Symbol' used twice within switch -- The indicated
constant was used twice as a case within a switch statement.
Currently only enumerated types are checked for repeated
occurrence.
138 Can't add parent 'Symbol' to strong type String; creates loop --
An attempt was made to add a strong type parent to a typedef
type. The attempt is either explicit (with the -strong option)
or implicit with the use of a typedef to a known strong type.
This attempt would have caused a loop in the strong parent
relationship. Such loops are simply not tolerated.
139 Can't take sizeof function -- There is an attempt to take the
sizeof a function.
140 Type appears after modifier -- Microsoft modifiers such as far,
_near, __huge, _pascal, etc. etc. modify the declarator to its
immediate right. It therefore should not appear before the type.
For example, you should write int pascal f(void); rather than
pascal int f(void);. Note that const and volatile differ from
the Microsoft modifiers. They may appear before or after the
type. After reporting the error an attempt is made to process
the modifiers as the programmer probably intended.
141 The following option has too many elements: 'String' -- The
indicated option (given by 'String') is too big. It most likely
consists of an itemized list that has too many items. You should
decompose the large option into two or more smaller options that
in sum are equivalent to the one large option.
143 Erroneous option: String -- An option contained information that
was inconsistent with itself or with an earlier option. The
String provided in the message explains more fully what the
problem is.
144 Non-existent return value for symbol 'Symbol', compare with
Location -- An attempt was made to use a non-existent return
value of the named function (identified by Symbol). It was
previously decided that the function did not return a value or
was declared with void.
145 Type expected before operator, void assumed -- In a context in
which a type is expected no type is found. Rather, an operator
'*' or '&' was encountered. The keyword void was assumed to have
preceded this operator.
146 Assuming a binary constant -- A constant of the form 0b... was
encountered. This was taken to be a binary constant. For
example, 0b100 represents the value 4. If your compiler supports
binary constants you may suppress this message.
147 sizeof takes just one argument -- An expression of the form
sizeof(a,b) was detected. A second argument is non standard and
has been used by some compilers to denote an option to the sizeof
operator. If your compiler has a use for the second argument
then suppress this message.
148 member 'Symbol' previously declared at Location -- The indicated
member was previously declared within the same structure or
union. Although a redeclaration of a function may appear benign
it is just not permitted by the rules of the language. One of the
declarations should be removed.
149 C++ construct 'String' found in C code -- An illegal construct
was found in C code. It looked as though it might be suitable
for C++. The quoted string identifies the construct further.
150 Token 'String' unexpected String -- An unexpected token was
encountered. The action taken, if any, is identified by the
second message parameter.
151 Token 'Name' inconsistent with abstract type -- In a context in
which an abstract type is allowed such as within a cast or after
a sizeof, and after starting to parse the abstract type, an
identifier was found. For example:
x = (int y) z;
152 Lob base file 'file name' missing -- The indicated file has been
specified as the base of lob production via the option
-lobbase(). On output, this message is given if the lob base is
missing. The situation is correctable by simply producing the
missing lob output. This will not be a problem given the
appropriate dependencies in the make file. On input, the most
likely cause of this message is an out-of-date base file. A hash
code within the lob file being read, did not match a similar code
already embedded within the base. The input lob file should be
considered in error and should be regenerated.
153 Could not create temporary file -- This message is produced when
generating a lob output file based upon some lob base file. When
the lob file is produced, it is first written to a temporary.
The temporary is generated by the C library function tmpnam().
154 Could not evaluate type 'String', int assumed -- String in the
message is the second argument to either a printf_code option or
a scanf_code option. When used, it was to be evaluated as a
type. Unfortunately the type could not be identified.
155 Ignoring { }'ed sequence within an expression, 0 assumed -- Some
compilers support what looks like a compound statement as a C/C++
expression. For example to define the absolute value of an
integer which guarantees that it will be read only once you may
use:
#define abs(a) { int b = a; b >= 0 ? b : -b; }
The last expression in the list is the result. To syntactically
support the construct without running amuck we recognize the
sequence and issue this message. If you want to use the facility
just suppress the message.
156 Braced initializer for scalar type 'Name' -- An example of an
initializer that will draw this complaint is as follows.
int s[] = { { 1 } };
After the compiler has seen the first curly it is expecting to
see a number (or other numeric expression). Compilers that
strictly adhere to the ISO C and C++ Standards will flag this as
ill-formed code.
Note that it is legal (but somewhat arcane) to employ a left
curly at the top-level when initializing an object of scalar
type. For example, the following is well-formed:
int i = { 0 }; // OK; initialize scalar i with 0.
char *t = { "bar" }; // OK; initialize scalar t with a pointer to
// a statically allocated array.
Also note: as the example above implies, this message can apply
to pointers to arrays of char; it does not apply to arrays.
157 No data may follow an incomplete array -- An incomplete array is
allowed within a struct of a C99 or C++ program but no data is
allowed to appear after this array. For example:
struct A { int x; int a[]; int b; };
This diagnostic is issued when the ‘b’ is seen.
158 Assignment to variable 'Symbol' (Location) increases capability
-- An assignment has been made to a variable that increases
capability. A typical capability increase is to remove const
protection as in the following example:
int *p;
const int *q;
p = q; // Error 158
If a capability increase is seen in situations other than an
assignment or if the variable is not available, Warning 605 is
Please see the description of that message for further
information concerning capability increase. See also
Informational messages 1776 and 1778 in Section 13.8 C++
Informational Messages.
159 enum following a type is non-standard -- Normally two different
types are not permitted within the same type specification; this
will ordinarily result in Error 104. However, some compilers
support 'sized' enumerations wherein a scalar type can precede
the enum keyword. E.g.
char enum color { red, green, blue };
When the second type is an enum we do not issue a 104 but emit
Error 159 instead. By suppressing this message (with -e159) such
constructs will be supported.
160 The sequence '( {' is non standard and is taken to introduce a
GNU statement expression -- Lint encountered the sequence '( {'
in a context where an expression (possibly a sub-expression) is
expected.
int n = ({ // Error 160 here
int y = foo ();
int z;
if (y > 0)
z = y;
else z = - y;
z; })
// Now n has the last value of z.
The primary intention of this message is to alert the user to the
non-standard nature of this construct. The typical response is
to suppress the message and go on. But a few caveats are in
order.
Programmers who intend to work only with C code with the GNU
extensions may safely disable this diagnostic but C++ users
should think twice. This is partly for the reasons given in
GCC’s documentation (see the section entitled “Statements and
Declarations in Expressions”) and partly because the meaning of
‘( {’ will change in G++ when its maintainers implement
Initializer Lists (a new core language feature that is expected
to appear in the 2010 version of the ISO C++ Standard).
161 Repeated use of parameter 'Symbol' in parameter list -- The name
of a function parameter was repeated. For example:
void f( int n, int m, int n ) {}
will cause this message to be issued. Names of parameters for a
given function must all be different.
19.2 Internal Errors
2XX Internal Error -- Some inconsistency or contradiction was
discovered in the PC-lint/FlexeLint system. This may or may not
be the result of a user error. This inconsistency should be
brought to the attention of Gimpel Software.
19.3 Fatal Errors
Errors in this category are normally fatal and suppressing the error is
normally impossible. However, those errors marked with an asterisk(*)
can be suppressed and processing will be continued. For example -e306
will allow reprocessing of modules.
301 Stack overflow -- There was a stack overflow while processing
declarations. Approximately 50 nested declarators were found.
For example, if a '/' followed by 50 consecutive '*'s were to
introduce a box-like comment and if the '/' were omitted, then
this message would be produced.
302 Exceeded Available Memory -- Main memory has been exhausted.
303 String too long (try +macros) -- A single #define definition or
macro invocation exceeded an internal limit (of 4096 characters).
As the diagnostic indicates the problem can be corrected with an
option.
304 Corrupt object file, code Integer, symbol=String -- A
PC-lint/FlexeLint object file is apparently corrupted. Please
delete the object module and recreate it using the -oo option.
The special code identifier number as well as a list of symbol
names are optionally suffixed to the message as an aid in
diagnosing the problem by technical support.
305 Unable to open module 'file name' -- file name is the name of
the file. The named module could not be opened for reading.
Perhaps you misspelled the name.
306 Previously encountered module 'FileName' -- FileName is the name
of the module. The named module was previously encountered.
This is probably a user blunder.
307 Can't open indirect file 'FileName' -- FileName is the name of
the indirect file. The named indirect file (ending in .lnt)
could not be opened for reading.
308 Can't write to standard out -- stdout was found to equal NULL.
This is most unusual.
309 #error ... -- The #error directive was encountered. The
ellipsis reflects the original line. Normally processing is
terminated at this point. If you set the fce (continue on
#error) flag, processing will continue.
310 Declaration too long: 'String...' -- A single declaration was
found to be too long for an internal buffer (about 2000
characters). This occurred when attempting to write out the
declaration using the -o... option. The first 30 characters of
the declaration is given in String. Typically this is caused by
a very long struct whose substructures, if any, are untagged.
First identify the declaration that is causing the difficulty.
If a struct or union, assign a tag to any unnamed substructures
or subunion. A typedef can also be used to reduce the size of
such a declaration.
312 Lint Object Module has obsolete or foreign version id: Integer
-- A lint object module was produced with a prior or different
version of PC-lint/FlexeLint. Delete the.lob file and recreate
it using your new version of PC-lint/FlexeLint.
313 Too many files -- The number of files that PC-lint/FlexeLint can
process has exceeded an internal limit. The FlexeLint user may
recompile his system to increase this limit. Look for symbol
FSETLEN in custom.h. Currently, the number of files is limited
to 4096.
314 Previously used .lnt file: FileName -- The indirect file named
was previously encountered. If this was not an accident, you may
suppress this message.
315 Exceeded message limit (see -limit) -- The maximum number of
messages was exceeded. Normally there is no limit unless one is
imposed by the -limit(n) option.
316 Error while writing to file "file name" -- The given file could
not be opened for output.
317 File encoding, String, not currently supported -- Lint detected
a byte order mark at the beginning of a file which indicated the
file is encoded in the given format. As of this writing, the
only formats supported to any extent are ASCII and UTF-8 (for
which Lint presumes ASCII encoding).
321 Declaration stack overflow -- An overflow occurred in the stack
used to contain array, pointer, function or reference modifiers
when processing a declarator.
322 Unable to open include file FileName -- FileName is the name of
the include file which could not be opened. Directory search is
controlled by options: -i +fdi and the INCLUDE environment
variable. This is a suppressible fatal message. If option -e322
is used, Error message 7 will kick in. A diagnostic will be
issued but processing will continue.
323 Token String too long -- In attempting to save a token for later
reuse, a fixed size buffer was exceeded (governed by the size
M_TOKEN).
324 Too many symbols Integer -- Too many symbols were encountered.
An internal limit was reached.
325 Cannot re-open file 'file name' -- In the case of a large number
of nested includes, files in the outer fringe need to be closed
before new ones are opened. These outer files then need to be
re-opened. An error occurred when attempting to re-open such a
file.
326 String 'String ...' too long, exceeds Integer characters -- A
string (first 40 characters provided in the message) exceeds some
internal limit (provided in the message). There is no antidote
to this condition in the form of an option. FlexeLint customers
may recompile with a redefinition of either M_STRING (maximum
string) or M_NAME (maximum name). To override the definition in
custom.h we suggest recompiling with an appropriate -dvar=value
option assuming your compiler supports the option.
328 Bypass header 'Name' follows a different header sequence than in
module 'String' which includes File1 where the current module
includes File2 -- This message is issued when a header is
#include'd that had previously been designated as bypass and it
has been determined that this header follows a different header
include sequence than in some other module. The name of the
other module is given by the second parameter of this message.
In order not to bury the programmer under a ton of header names,
we have made an effort to determine the precise point where the
two modules went their separate ways. The first include file
difference occurred when that other module included the header
identified by File1, whereas the current module was attempting to
include the header identified by File2. Each Filei is a pair of
parameters of the form 'String' (Location) where the location is
the point of the #include.
For example:
Module x.cpp:
#include "alpha.h"
#include "delta.h"
#include "beta.h"
#include "gamma.h"
Module y.cpp:
#include "alpha.h"
#include "beta.h"
#include "gamma.h"
When the include of “beta.h” occurs in module y.cpp (and if
beta.h has been designated as bypass), there will be a Fatal
Error 328 that the header sequence of module ‘x.cpp’ differs from
the current module in that the former module included ‘delta.h’
at a point where the current module included ‘beta.h’.
It was necessary to make this message a fatal error since
attempting to bypass headers that do not follow a consistent
header sequence is an act of folly. It is possible to continue
on after the 328 in hopes of picking up more inconsistencies in
other modules. This can be done using the +fce
(Continue-on-Error) flag.
19.4 C Warning Messages
401 symbol 'Symbol' not previously declared static at Location --
The indicated Symbol declared static was previously declared
without the static storage class. This is technically a
violation of the ANSI standard. Some compilers will accept this
situation without complaint and regard the Symbol as static.
402 static function 'Symbol' (Location) not defined -- The named
Symbol was declared as a static function in the current module
and was referenced but was not defined (in the module).
403 static symbol 'Symbol' has unusual type modifier -- Some type
modifiers such as _export are inconsistent with the static
storage class.
404 struct not completed within file 'FileName' -- A struct (or
union or enum) definition was started within a header file but
was not completed within the same header file.
405 #if not closed off within file 'FileName' -- An #if construct
was begun within a header file (name given) but was not completed
within that header file. Was this intentional?
406 Comment not closed off within file 'FileName' -- A comment was
begun within a header file (name given) but was not completed
within that header file. Was this intentional?
407 Inconsistent use of tag 'Symbol' conflicts with Location -- A
tag specified as a union, struct or enum was respecified as being
one of the other two in the same module. For example:
struct tag *p;
union tag *q;
will elicit this message.
408 Type mismatch with switch expression -- The expression within a
case does not agree exactly with the type within the switch
expression. For example, an enumerated type is matched against
an int.
409 Expecting a pointer or array -- An expression of the form i[...]
was encountered where i is an integral expression. This could be
legitimate depending on the subscript operand. For example, if i
is an int and a is an array then i[a] is legitimate but unusual.
If this is your coding style, suppress this message.
410 size_t not what was expected from fzl and/or fzu, using 'Type'
-- This warning is issued if you had previously attempted to set
the type of sizeof by use of the options +fzl, -fzl, or -fzu, and
a later size_t declaration contradicts the setting. This usually
means you are attempting to lint programs for another system
using header files for your own system. If this is the case we
suggest you create a directory housing header files for that
foreign system, alter size_t within that directory, and lint
using that directory.
411 ptrdiff_t not what was expected from fdl option, using 'Type' --
This warning is issued if you had previously attempted to set the
type of pointer differences by use of the fdl option and a later
ptrdiff_t declaration contradicts the setting. See suggestion in
Error Message 410.
412 Ambiguous format specifier '%X' -- The format specifier %X when
used with one of the scanf family, is ambiguous. With Microsoft
C it means %lx whereas in ANSI C it has the meaning of %x. This
ambiguous format specification has no place in any serious C
program and should be replaced by one of the above.
413 Likely use of null pointer 'Symbol' in [left/right] argument to
operator 'String' Reference -- From information gleaned from
earlier statements, it appears certain that a null pointer (a
pointer whose value is 0) has been used in a context where null
pointers are inappropriate. These include: Unary *, pointer
increment (++) or decrement(--), addition of pointer to numeric,
and subtraction of two pointers. In the case of binary
operators, one of the words 'left' or 'right' is used to
designate which operand is null. Symbol identifies the pointer
variable that may be null.
414 Possible division by 0 -- The second argument to either the
division operator (/) or the modulus operator (%) may be zero.
Information is taken from earlier statements including
assignments, initialization and tests.
415 access of out-of-bounds pointer ('Integer' beyond end of data) by
operator 'String' -- An out-of-bounds pointer was accessed.
String designates the operator. The parameter 'Integer' gives
some idea how far out of bounds the pointer may be. It is
measured in units given by the size of the pointed to object.
The value is relative to the last item of good data and therefore
should always be greater than zero. For example:
int a[10];
a[10] = 0;
results in an overflow message containing the phrase ‘1 beyond
end of data’.
416 creation of out-of-bounds pointer ('Integer' beyond end of data)
by operator 'String' -- An out-of-bounds pointer was created.
See message 415 for a description of the parameters Integer and
String. For example:
int a[10];
...
f( a + 11 );
Here, an illicit pointer value is created and is flagged as such
by PC-lint/FlexeLint. Note that the pointer a+10 is not
considered by PC-lint/FlexeLint to be the creation of an
out-of-bounds pointer. This is because ANSI C explicitly allows
pointing just beyond an array. Access through a+10, however, as
in *(a+10) or the more familiar a[10], would be considered
erroneous but in that case message 415 would be issued.
417 integral constant 'String' has precision Number which is longer
than long long int -- The longest possible integer is by default
8 bytes (see the +fll flag and then the -sll# option). An
integral constant was found to be even larger than such a
quantity. For example: 0xFFFF0000FFFF0000F. String is the token
in error.
418 Passing null pointer to function 'Symbol', Context Reference --
A NULL pointer is being passed to a function identified by
Symbol. The argument in question is given by Context. The
function is either a library function designed not to receive a
NULL pointer or a user function dubbed so via the option
-function.
419 Apparent data overrun for function 'Symbol', argument Integer
exceeds argument Integer -- This message is for data transfer
functions such as memcpy, strcpy, fgets, etc. when the size
indicated by the first cited argument (or arguments) exceeds the
size of the buffer area cited by the second. The message may
also be issued for user functions via the -function option.
420 Apparent access beyond array for function 'Symbol', argument
Integer exceeds Integer Reference -- This message is issued for
several library functions (such as fwrite, memcmp, etc.) wherein
there is an apparent attempt to access more data than exist. For
example, if the length of data specified in the fwrite call
exceeds the size of the data specified. The function is
specified by Symbol and the arguments are identified by argument
number.
421 Caution -- function 'Symbol' is considered dangerous -- This
message is issued (by default) for the built-in function gets.
This function is considered dangerous because there is no
mechanism to ensure that the buffer provided as first argument
will not overflow. A well known computer virus (technically a
worm) was created based on this defect. Through the -function
option, the user may designate other functions as dangerous.
422 Passing to function 'Symbol' a negative value (Integer), Context
Reference -- An integral value that appears to be negative is
being passed to a function that is expecting only positive values
for a particular argument. The message contains the name of the
function (Symbol), the questionable value (Integer) and the
argument number (Context). The function may be a standard
library function designed to accept only positive values such as
malloc or memcpy (third argument), or may have been identified by
the user as such through the -function or -sem options.
The negative integral value may in fact be unsigned. Thus:
void *malloc( unsigned );
void f()
{
int n = -1;
int *p;
p = malloc(n); // Warning 422
p = malloc( (unsigned) n ); // Warning 422
}
will result in the warnings indicated. Note that casting the
expression does not inhibit the warning.
There is a slight difference in behavior on 32-bit systems versus
16-bit systems. If long is the same size as int (as in 32-bit
systems) the warning is issued based upon the sign bit. If long
is larger than an int (as is true on typical 16-bit systems) the
warning is issued if the value was a converted negative as in the
examples above. It is not issued if an unsigned int has the
high-order bit set. This is because it is not unreasonable to
malloc more that 32,176 bytes in a 16-bit system.
423 Creation of memory leak in assignment to variable 'Symbol' -- An
assignment was made to a pointer variable (designated by Symbol)
which appeared to already be holding the address of an allocated
object which had not been freed. The allocation of memory which
is not freed is considered a memory leak.
424 Inappropriate deallocation (Name1) for 'Name2' data. -- This
message indicates that a deallocation (free(), delete, or
delete[]) as specified by String1 is inappropriate for the data
being freed. [12, Item 5]
The kind of data (specified by String2) is one or more of:
malloc, new, new[], static, auto, member, modified or constant.
These have the meanings as described below:
malloc data is data obtained from a call to malloc, calloc or
realloc.
new and new[] data is data derived from calls to new.
static data is either static data within a function or
external data.
auto data is non-static data in a function.
member data is a component of a structure (and hence can’t be
independently freed).
modified data is the result of applying pointer arithmetic to
some other pointer. E.g.
p = malloc(100);
free( p+1 ); // warning
p+1 is considered modified.
constant data is the result of casting a constant to a pointer.
E.g.
int *p = (int *) Ox80002;
free(p); // warning
425 'Message' in processing semantic 'String' at token 'String' --
This warning is issued when a syntax error is encountered while
processing a Semantic option (-sem). The 'Message' depends upon
the error. The first 'String' represents the portion of the
semantic being processed. The second 'String' denotes the token
being scanned when the error is first noticed.
426 Call to function 'Symbol' violates semantic 'String' -- This
Warning message is issued when a user semantic (as defined by
-sem) is violated. 'String' is the subportion of the semantic
that was violated. For example:
//lint -sem( f, 1n > 10 && 2n > 10 )
void f( int, int );
...
f( 2, 20 );
results in the message:
Call to function 'f(int, int)' violates semantic '(1n>10)'
427 // comment terminates in \ -- A one-line comment terminates in
the back-slash escape sequence. This means that the next line
will be absorbed in the comment (by a standards-conforming
compiler -- not all compilers do the absorption, so beware). It
is much safer to end the line with something other than a
back-slash. Simply tacking on a period will do. If you really
intend the next line to be a comment, the line should be started
with its own double slash (//).
428 negative subscript (Integer) in operator 'String' -- A negative
integer was added to an array or to a pointer to an allocated
area (allocated by malloc, operator new, etc.) This message is
not given for pointers whose origin is unknown since a negative
subscript is, in general, legal.
The addition could have occurred as part of a subscript operation
or as part of a pointer arithmetic operation. The operator is
denoted by String. The value of the integer is given by Integer.
429 Custodial pointer 'Symbol' (Location) has not been freed or
returned -- A pointer of auto storage class was allocated
storage which was neither freed nor returned to the caller. This
represents a "memory leak". A pointer is considered custodial if
it uniquely points to the storage area. It is not considered
custodial if it has been copied. Thus:
int *p = new int[20]; // p is a custodial pointer
int *q = p; // p is no longer custodial
p = new int[20]; // p again becomes custodial
q = p + 0; // p remains custodial
Here p does not lose its custodial property by merely
participating in an arithmetic operation.
A pointer can lose its custodial property by passing the pointer
to a function. If the parameter of the function is typed pointer
to const or if the function is a library function, that
assumption is not made. For example
p = malloc(10);
strcpy (p, "hello");
Then p still has custody of storage allocated.
It is possible to indicate via semantic options that a function
will take custody of a pointer.
430 Character '@', taken to specify variable location, is not
standard C/C++ -- Many compilers for embedded systems have a
declaration syntax that specifies a location in place of an
initial value for a variable. For example:
int x @0x2000;
specifies that variable x is actually location 0x2000. This
message is a reminder that this syntax is non-standard (although
quite common). If you are using this syntax on purpose, suppress
this message.
431 Missing identifier for template parameter number Integer -- A
template object parameter (as opposed to a type parameter) was
not provided with an identifier. Was this an oversight?
432 Suspicious argument to malloc -- The following pattern was
detected:
malloc( strlen(e+1) )
where e is some expression. This is suspicious because it
closely resembles the commonly used pattern:
malloc( strlen(e)+1 )
If you really intended to use the first pattern then an
equivalent expression that will not raise this error is:
malloc( strlen(e)-1 )
433 Allocated area not large enough for pointer -- An allocation was
assigned to a pointer whose reach extends beyond the area that
was allocated. This would usually happen only with library
allocation routines such as malloc and calloc. For example:
int *p = malloc(1);
This message is also provided for user-declared allocation
functions. For example, if a user’s own allocation function is
provided with the following semantic:
-sem(ouralloc,@P==malloc(1n))
We would report the same message. Please note that it is
necessary to designate that the returned area is freshly
allocated (ala malloc).
This message is always given in conjunction with the more general
Informational Message 826.
434 White space ignored between back-slash and new-line -- According
to the C and C++ standards, any back-slash followed immediately
by a new-line results in the deletion of both characters. For
example:
#define A \
34
defines A to be 34. If a blank or tab intervenes between the
back-slash and the new-line then according to a strict
interpretation of the standard you have defined A to be a
back-slash. But this blank is invisible to the naked eye and
hence could lead to confusion. Worse, some compilers silently
ignore the white-space and the program becomes non-portable.
You should never deliberately place a blank at the end of a line
and any such blanks should be removed. If you really need to
define a macro with a terminal back-slash you can use a comment
as in:
#define A \ /* commentary */
435 integral constant 'String' has precision Integer, use +fll to
enable long long" -- An integer constant was found that had a
precision that was too large for a long but would fit within a
long long. Yet the +fll flag that enables the long long type was
not set.
Check the sizes that you specified for long (-sl#) and for long
long (-sll#) and make sure they are correct. Turn on +fll if
your compiler supports long long. Otherwise use smaller
constants.
436 Apparent preprocessor directive in invocation of macro 'Symbol'
-- A function like macro was invoked whose arguments extended for
multiple lines which included preprocessor statements. This is
almost certainly an error brought about by a missing right
parenthesis.
By the rules of Standard C the preprocessing directive is
absorbed into the macro argument but then will not subsequently
get executed. For this reason some compilers treat the apparent
preprocessor directive as a directive. This is logical but not
portable. It is therefore best to avoid this construct.
437 Passing struct 'Symbol' to ellipsis -- A struct is being passed
to a function at a parameter position identified by an ellipsis.
For example:
void g()
{
struct A { int a; } x;
void f( int, ... );
f( 1, x );
...
}
This is sufficiently unusual that it is worth pointing out on the
likely hood that this is unintended. The situation becomes more
severe in the case of a Non-POD struct [10]. In this case the
behavior is considered undefined.
438 Last value assigned to variable 'Symbol' not used -- A value had
been assigned to a variable that was not subsequently used. The
message is issued either at a return statement or at the end of a
block when the variable goes out of scope. For example, consider
the following function:
void f( int n )
{
int x = 0, y = 1;
if( n > 0 )
{
int z;
z = x + y;
if( n > z ) { x = 3; return; }
z = 12;
}
}
Here we can report that x was assigned a value that had not been
used by the time the return statement had been encountered. We
also report that the most recently assigned value to z is unused
at the point that z goes out of scope. See message 838 in
Section 13.4 C Informational Messages and flags -fiw and -fiz in
Sections 2.3.6 Initialization-is-considered-a-Write flag (-fiw)
and 2.3.7 Initialization-by-Zero-is-considered-a-Write flag
(-fiz) .
This message is suppressed if the variable’s address is assigned
to a pointer (or, equivalently, the variable is used to directly
initialize a reference to non-const).
440 for clause irregularity: variable 'Symbol' tested in 2nd
expression does not match 'Symbol' modified in 3rd -- A for
clause has a suspicious structure. The loop variable, as
determined by an examination of the 3rd for clause expression,
does not match the variable that is tested in the 2nd for clause
expression. For example:
for( i = 0; i < 10; j++ )
...
would draw this complaint since the ‘i’ of the 2nd expression
does not match the ‘j’ of the third expression.
441 for clause irregularity: loop variable 'Symbol' not found in 2nd
for expression -- The loop variable is determined by an
examination of the 3rd for clause expression. A loop variable
was found (and its name is given in the message) but it did not
appear as one of the accessed symbols of the condition expression
(the 2nd for expression). For example:
for( p = a; *p; j++ )
...
would draw this complaint since the 2nd expression does not
contain the ‘j’ of the third expression.
442 for clause irregularity: testing direction inconsistent with
increment direction -- A for clause was encountered that
appeared to have a parity problem. For example:
for( i = 0; i < 10; i-- )
...
Here the test for i less than 10 seems inconsistent with the 3rd
expression of the for clause which decreases the value of i.
This same message would be given if i were being increased by the
3rd expression and was being tested for being greater than some
value in the 2nd expression.
443 for clause irregularity: variable 'Symbol' initialized in 1st
expression does not match 'Symbol' modified in 3rd -- A for
clause has a suspicious structure. The loop variable, as
determined by an examination of the 3rd for clause expression,
does not match the variable that is initialized in the 1st
expression. For example:
for( ii = 0; i < 10; i++ )
...
would draw this complaint since the ‘ii’ of the 1st expression
does not match the ‘i’ of the third expression.
444 for clause irregularity: pointer 'Symbol' incremented in 3rd
expression is tested for NULL in 2nd expression -- The following
kind of situation has been detected:
for( ... ; p == NULL; p++ )
...
A loop variable being incremented or decremented would not
normally be checked to see if it is NULL. This is more likely a
programmer error.
445 reuse of for loop variable 'Symbol' at 'Location' could cause
chaos -- A for loop nested within another for loop employed the
same loop variable. For example:
for( i = 0; i < 100; i++ )
{
...
for( i = 0; i < n; i++ ) { ... }
}
446 for loop index variable 'Symbol' modified in body of the for loop
-- A for loop with an identifiable loop index variable was
programmed in such a way that the loop body also modifies the
index variable. For example:
for( i = 0; i < 100; i++ )
{
a[i++] = 0;
}
In general it is better to restrict modifications to for loop
index variables to the for clause if at all possible. If this is
not possible, you can prefix the for loop with an appropriate
lint comment such as:
/*lint -e{446} i is modified in the body of the for loop */
447 Extraneous whitespace ignored in include directive for file
'FileName'; opening file 'FileName' -- A named file was found to
contain either leading or trailing whitespace in the #include
directive. While legal, the ISO Standards allow compilers to
define how files are specified or the header is identified,
including the appearance of whitespace characters immediately
after the < or opening " or before the > or closing ". Since
filenames tend not to contain leading or trailing whitespace,
Lint ignores the (apparently) extraneous characters and processes
the directive as though the characters were never given. The use
of a -efile option on either String for this message will cause
Lint to process #include's with whitespace intact.
448 Likely access of pointer pointing Integer bytes past nul
character by operator 'String' -- Accessing past the terminating
nul character is often an indication of a programmer error. For
example:
char buf[20];
strcpy( buf, "a" );
char c = buf[4]; // legal but suspect.
Although buf has 20 characters, after the strcpy, there would be
only two that the programmer would normally be interested in.
449 Pointer variable 'Symbol' previously deallocated -- A pointer
variable (designated in the message) was freed or deleted in an
earlier statement.
451 Header file 'FileName' repeatedly included but does not have a
standard include guard -- The file named in the message has
already been included in the current module. Moreover it has
been determined that this header does not have a standard include
guard. A standard include guard has the form
#ifndef Name
#define Name
...
#endif
with nothing but comments before and after this sequence and
nothing but comments between the #ifndef and the #define Name.
This warning may also be accompanied by a 537 (repeated include
header). Message 537 is often suppressed because if you are
working with include guards, it is not a helpful message.
However, the message 451 should be left on in order to check the
consistency of the include guards themselves.
See also Elective Note 967 in Section 13.5 C Elective Notes.
452 typedef Symbol 'Symbol' redeclared (TypeDiff) conflicts with
Location", -- A typedef symbol is being declared to be a
different type. This can be legal, especially with multiple
modules, but is not good programming practice. It inteferes with
program legibility.
453 Function 'Symbol', previously designated pure, String 'Name' --
A semantic option designated that the named function, Symbol, is
pure (lacking non-local side-effects; see the pure semantic in
Section 4. Semantics ). However, an impurity was detected. Such
impurities include calling a function through a function pointer,
accessing a volatile variable, modifying a static variable or
calling a function whose purity PC-lint/FlexeLint cannot verify.
String describes which of these reasons apply and Name shows the
related variable or function, as appropriate.
Despite the inconsistency reported, the function will continue to
be regarded as pure.
454 A thread mutex has been locked but not unlocked -- A return
point in a function has been reached such that a mutex lock that
had been previously set has not been unlocked. E.g.,
//lint -sem( lock, thread_lock )
void f( int x )
{
lock();
if( x < 0 ) return; // Warning 454
...
455 A thread mutex that had not been locked is being unlocked -- A
call to an unlock() function was made that was not preceded by a
balancing lock(). It is assumed that every mutex lock() function
must be balanced by exactly one unlock() function, no more, no
less. For example:
//lint -sem( lock, thread_lock )
//lint -sem( unlock, thread_unlock )
void f( bool x )
{
lock();
/* something */;
unlock();
/* something else */
unlock(); // Warning 455
}
456 Two execution paths are being combined with different mutex lock
states -- It is the purpose of this message to make absolutely
certain that every lock has a corresponding unlock in the same
unbroken sequence of code in the same function.
Execution paths can be combined at the end of an if statement,
switch statement, or the begining of while, for and do
statements, a label (target of goto), etc. In all these cases we
check to make sure that the mutex lock states are the same. For
example:
//lint -sem( lock, thread_lock )
void f( bool x )
{
if( x ) lock();
// Warning 456 issued here
...
It could be argued that if an unlock() call would appear under
control of the very same bool x in the example above then all
would be well. And if this is your coding style you are free to
turn this message off. But errors in mutex locking have such
horrible programming consequences as to suggest especially strong
measures to assure code correctness. We recommend, for example:
//lint -sem( lock, thread_lock )
//lint -sem( unlock, thread_unlock )
void f( bool x )
{
if( x )
{ lock(); /* something */; unlock(); }
else
{ /* something */ }
}
If the ‘something’ that is being executed is sufficently complex,
then it can be made into a function.
457 Function 'Symbol1' of thread 'Symbol2' has an unprotected write
access to variable 'Symbol3' which is used by function 'Symbol4'
of thread 'Symbol5' -- A variable (Symbol3) was modified by
function (Symbol1) of thread (Symbol2) outside of any recognized
mutex lock. It was also accessed by a function (Symbol3) of a
second thread (Symbol5). The latter access may or may not have
been protected. If unprotected, a second message will be issued
with the roles of Symbol1 and Symbol4 interchanged.
458 Function 'Symbol1' of thread 'Symbol2' has an unprotected read
access to variable 'Symbol3' which is modified by function
'Symbol4' of thread 'Symbol5' -- A variable identified in the
message was accessed (non-modifiing) by a function (Symbol1) of
thread (Symbol2) outside of any recognized mutex lock. It was
also modified by a function (Symbol4) in a second thread
(Symbol5). The modification may or may not have been protected.
If unprotected, Warning 457 will also be issued.
459 Function 'Symbol' whose address was taken has an unprotected
access to variable 'Symbol' -- This message is activated only
when it appears that the program has more than one thread. See
Section 8. Multi-thread Suppport to determine what those
conditions might be.
If a function's address is taken, we presume that we are unable
to determine statically all the locations from which the function
may be called and so we presume that any and all threads can call
this function and so the function needs to have protected access
to every static variable that it might touch.
There are several remedies to such a message. If multiple
threads can indeed access this function, then place a mutex lock
in the function. If there already is a mutex lock and we don’t
recognize it, then set the thread_protected semantic for the
function. If only one thread really accesses this function or if
the access is guaranteed to be benign, then, after making sure
this condition is commented in the code, use the same
thread_protected semantic for the function.
460 Thread 'Symbol' has unprotected call to thread unsafe function
'Symbol' which is also called by thread 'Symbol' -- The second
symbol in the message represents a function that was designated
as being thread_unsafe through the -sem option. It was being
called in an unprotected region of a thread whose root function
is the first symbol in the message. Another thread is also
accessing this function and this thread is identified by the
third parameter of the message.
Calls to thread unsafe functions need to be protected by mutex
locks if they are to be employed by more than one thread.
461 Thread 'Symbol' has unprotected call to function 'Symbol' of
group 'Name' while thread 'Symbol' calls function 'Symbol' of the
same group -- This message is similar to Warning 460 in that a
thread (identified in the message as the first Symbol) is making
a call on a function (the second Symbol) which had been deduced
(through options) as being thread unsafe. Like message 460 there
is another thread that is also doing some calling. In this case
the other thread is not calling the same function as the first
but one which has been placed within the same group (identified
by the third parameter) as the first function. See Section 8.
Multi-thread Support to obtain further information on thread
unsafe function groups and options to determine them.
462 Thread 'Symbol' calling function 'Symbol' is inconsistent with
the 'String' semantic -- The first Symbol in the message
identifies a thread. The second Symbol identifies a function
called directly or indirectly by the thread. The String argument
specifies a semantic that had been attributed to the functon. It
should have one of the following forms:
thread_not
thread_not( list )
thread_only( list )
If the second form is given, it means that the thread appears on
the list. If the 3rd form is given it means that the thread was
not on the list.
464 Buffer argument will be copied into itself -- This is issued
when we encounter a function argument expression used in such a
way that there will be an attempt to copy its contents onto
itself. E.g.
sprintf( s, "%s", s );
501 Expected signed type -- The unary minus operator was applied to
an unsigned type. The resulting value is a positive unsigned
quantity and may not be what was intended.
502 Expected unsigned type -- Unary ~ being a bit operator would
more logically be applied to unsigned quantities rather than
signed quantities.
503 Boolean argument to relational -- Normally a relational would
not have a Boolean as argument. An example of this is a < b < c
which is technically legal but does not produce the same result
as the mathematical expression which it resembles.
504 Unusual shift operation (String) -- Either the quantity being
shifted or the amount by which a quantity is to be shifted was
derived in an unusual way such as with a bit-wise logical
operator, a negation, or with an unparenthesized expression. If
the shift value is a compound expression that is not
parenthesized, parenthesize it.
505 Redundant left argument to comma -- The left argument to the
comma operator had no side effects in its top-most operator and
hence is redundant.
506 Constant value Boolean -- A Boolean, i.e., a quantity found in a
context that requires a Boolean such as an argument to && or ||
or an if() or while() clause or ! was found to be a constant and
hence will evaluate the same way each time.
507 Size incompatibility -- A cast was made to an integral quantity
from a pointer and according to other information given or
implied it would not fit. For example a cast to an unsigned int
was specified and information provided by the options indicate
that a pointer is are larger than an int.
508 extern used with definition -- A function definition was
accompanied with an extern storage class. extern is normally
used with declarations rather than with definitions. At best the
extern is redundant. At worst you may trip up a compiler.
509 extern used with definition -- A data object was defined with a
storage class of extern. This is technically legal in ANSI and
you may want to suppress this message. However, it can easily
trip up a compiler and so the practice is not recommended at this
time.
511 Size incompatibility -- A cast was made from an integral type to
a pointer and the size of the quantity was too large to fit into
the pointer. For example if a long is cast to a pointer and if
options indicate that a long ise larger than a pointer, this
warning would be reported.
512 Symbol 'Symbol' previously used as static (Location) -- The
Symbol name given is a function name that was declared as static
in some other module (the location of that declaration is
provided). The use of a name as static in one module and
external in another module is legal but suspect.
514 Unusual use of a Boolean -- An argument to an arithmetic
operator (+ - / * %) or a bit-wise logical operator (| & ^) was a
Boolean. This can often happen by accident as in:
if( flags & 4 == 0 )
where the ==, having higher precedence than &, is done first (to
the puzzlement of the programmer).
515 Symbol 'Symbol' has arg. count conflict (Integer vs. Integer)
with Location -- An inconsistency was found in the number of
actual arguments provided in a function call and either the
number of formal parameters in its definition or the number of
actual arguments in some other function call. See the +fva
option to selectively suppress this message.
516 Symbol 'Symbol' has arg. type conflict (no. Integer -- TypeDiff)
with Location -- An inconsistency was found in the type of an
actual argument in a function call with either the type of the
corresponding formal parameter in the function definition or the
type of an actual argument in another call to the same function
or with the type specified for the argument in the function's
prototype. The call is not made in the presence of a prototype.
See options -ean, -eau, -eas and -eai for selective suppression
of some kinds of type differences. If the conflict involves types
char or short then you may want to consider using the +fxc or
+fxs option.
517 defined not K&R -- The defined function (not a K&R construct)
was employed and the K&R preprocessor flag (+fkp) was set. Either
do not set the flag or do not use defined.
518 Expected '(' -- sizeof type is not strict C. sizeof(type) or
sizeof expression are both permissible.
519 Size incompatibility -- An attempt was made to cast a pointer to
a pointer of unequal size. This could occur for example in a P
model where pointers to functions require 4 bytes whereas
pointers to data require only 2. This error message can be
circumvented by first casting the pointer to an integral quantity
(int or long) before casting to a pointer.
520 Highest operator or function lacks side-effects -- The first
expression of a for clause should either be one of the privileged
operators: assignment, increment, decrement or call to an impure
function or one modifying its argument(s).
521 Highest operator or function lacks side-effects -- The third
expression of a for clause should either be one of the privileged
operators: assignment, increment, decrement or call to an impure
function or one modifying its argument(s).
522 Highest operator or function lacks side-effects -- If a
statement consists only of an expression, it should either be one
of the privileged operators: assignment, increment, decrement or
call to an impure function or one modifying its argument(s). For
example if operator * is the built-in operator, the statement
p++; draws this message but p++; does not. This is because the
highest operator is '' which has no side effects.
The definition of pure and impure functions and function calls
which have side effects are given in the discussion of the pure
semantic in section 4. Semantics
524 Loss of precision (Context) (Type to Type) -- There is a
possible loss of a fraction in converting from a float to an
integral quantity. Use of a cast will suppress this message.
525 Negative indentation from Location -- The current line was found
to be negatively indented (i.e., not indented as much) from the
indicated line. The latter corresponds to a clause introducing a
control structure and statements and other control clauses and
braces within its scope are expected to have no less indentation.
If tabs within your program are other than 8 blanks you should
use the -t option.
526 'Symbol' (Location) not defined -- The named external was
referenced but not defined and did not appear declared in any
library header file nor did it appear in a Library Module. This
message is suppressed for unit checkout (-u option). Please note
that a declaration, even one bearing prototype information is not
a definition. See the glossary at the beginning of this chapter.
If the Symbol is a library symbol, make sure that it is declared
in a header file that you're including. Also make sure that the
header file is regarded by PC-lint/FlexeLint as a Library Header
file. Alternatively, the symbol may be declared in a Library
Module.
527 Unreachable code at token Symbol -- A portion of the program
cannot be reached.
528 Symbol 'Symbol' (Location) not referenced -- The named static
variable or static function was not referenced in the module
after having been declared.
529 Symbol 'Symbol' (Location) not subsequently referenced -- The
named variable was declared but not referenced in a function.
530 Symbol 'Symbol' (Location) not initialized -- An auto variable
was used before it was initialized.
531 Field size too large for 'Symbol' -- The size given for a bit
field of a structure exceeds the size of an int.
532 Return mode of function 'Symbol' inconsistent with Location -- A
declaration (or a definition) of a function implies a different
return mode than a previous statement. (The return mode of a
function has to do with whether the function does, or does not,
return a value). A return mode is determined from a declaration
by seeing if the function returns void or, optionally, by
observing whether an explicit type is given. See the fdr flag
for a further explanation of this. See also the fvr and fvo
flags.
533 function 'Symbol' should (not) return a value (see Location) --
A return statement within a function (or lack of a return at the
end of the function) implies a different return mode than a
previous statement at Location (The return mode of a function has
to do with whether the function does, or does not, return a
value.)
534 Ignoring return value of function 'Symbol' (compare with
Location) -- A function that returns a value is called just for
side effects as, for example, in a statement by itself or the
left-hand side of a comma operator. Try: (void) function(); to
call a function and ignore its return value. See also the fvr,
fvo and fdr flags.
537 Repeated include file 'FileName' -- The file whose inclusion
within a module is being requested has already been included in
this compilation. The file is processed normally even if the
message is given. If it is your standard practice to repeat
included files then simply suppress this message.
538 Excessive size -- The size of an array equals or exceeds 64K
bytes.
539 Did not expect positive indentation from Location -- The current
line was found to be positively indented from a clause that did
not control the line in question. For example:
if( n > 0 )
x = 3;
y = 4;
will result in this warning being issued for y = 4;. The
Location cited will be that of the if clause.
540 Excessive size -- A string initializer required more space than
what was allocated.
541 Excessive size -- The size of a character constant specified
with \xddd or \xhhh equalled or exceeded 2**b where b is the
number of bits in a byte (established by the -sb option). The
default is -sb8.
542 Excessive size for bit field -- An attempt was made to assign a
value into a bit field that appears to be too small. The value
to be assigned is either another bit field larger than the
target, or a numeric value that is simply too large. You may
cast the value to the generic unsigned type to suppress the
error.
You may get this message unexpectedly if the base of the bit
field is an int. For example:
struct { int b : 1 } s;
s.b = 1; /* Warning - - requires 0 or -1 */
The solution in this case is to use ‘unsigned’ rather than ‘int’
in the declaration of b.
544 endif or else not followed by EOL -- The preprocessor directive
#endif should be followed by an end-of-line. Some compilers
specifically allow commentary to follow the #endif. If you are
following that convention simply turn this error message off.
545 Suspicious use of & -- An attempt was made to take the address
of an array name. At one time such an expression was officially
illegal (K&R C [1]), was not consistently implemented, and was,
therefore, suspect. However, the expression is legal in ANSI C
and designates a pointer to an array. For example, given
int a[10];
int (*p) [10];
Then a and &a, as pointers, both represent the same bit pattern,
but whereas a is a pointer to int, &a is a pointer to array 10 of
int. Of the two only &a may be assigned to p without complaint.
If you are using the & operator in this way, we recommend that
you disable this message.
546 Suspicious use of & -- An attempt was made to take the address
of a function name. Since names of functions by themselves are
promoted to address, the use of the & is redundant and could be
erroneous.
547 Redefinition of symbol 'Symbol' conflicts with Location -- The
indicated symbol had previously been defined (vis #define)to some
other value.
548 else expected -- A construct of the form if(e); was found which
was not followed by an else. This is almost certainly an unwanted
semi-colon as it inhibits the if from having any effect.
549 Suspicious cast -- A cast was made from a pointer to some
enumerated type or from an enumerated type to a pointer. This is
probably an error. Check your code and if this is not an error,
then cast the item to an intermediate form (such as an int or a
long) before making the final cast.
550 Symbol 'Symbol' (Location) not accessed -- A variable (local to
some function) was not accessed. This means that the value of a
variable was never used. Perhaps the variable was assigned a
value but was never used. Note that a variable's value is not
considered accessed by autoincrementing or autodecrementing
unless the autoincrement/decrement appears within a larger
expression which uses the resulting value. The same applies to a
construct of the form: var += expression. If an address of a
variable is taken, its value is assumed to be accessed. An array,
struct or union is considered accessed if any portion thereof is
accessed.
551 Symbol 'Symbol' (Location) not accessed -- A variable (declared
static at the module level) was not accessed though the variable
was referenced. See the explanation under message 550 (above)
for a description of "access".
552 Symbol 'Symbol' (Location) not accessed -- An external variable
was not accessed though the variable was referenced. See the
explanation under message 550 above for a description of
"access".
553 Undefined preprocessor variable 'Name', assumed 0 -- The
indicated variable had not previously been defined within a
#define statement and yet it is being used in a preprocessor
condition of the form #if or #elif. Conventionally all variables
in preprocessor expressions should be pre-defined. The value of
the variable is assumed to be 0.
555 #elif not K&R -- The #elif directive was used and the K&R
preprocessor flag (+fkp) was set. Either do not set the flag or
do not use #elif.
556 indented # -- A preprocessor directive appeared indented within
a line and the K&R preprocessor flag (+fkp) was set. Either do
not set the flag or do not indent the #.
557 unrecognized format -- The format string supplied to printf,
fprintf, sprintf, scanf, fscanf, or sscanf was not recognized.
It is neither a standard format nor is it a user-defined format
(see printf_code and scanf_code).
558 Too few arguments for format (Integer missing) -- The number of
arguments supplied to printf, sprintf, fprintf, scanf, fscanf or
sscanf was inconsistent with the number expected as a result of
analyzing the format string.
559 size of argument number Integer inconsistent with format -- The
given argument (to printf, sprintf, or fprintf) was inconsistent
with that which was anticipated as the result of analyzing the
format string. Argument counts begin at 1 and include file,
string and format specifications. For example,
sprintf( buffer, "%f", 371 )
will show an error in argument number 3 because constant 371 is
not floating point.
560 argument no. Integer should be a pointer -- The given argument
(to one of the scanf or printf family of functions) should be a
pointer. For the scanf family, all arguments corresponding to a
format specification should be pointers to areas that are to be
modified (receive the results of scanning). For the printf
family, arguments corresponding to %s or %n also need to be
pointers.
Argument counts begin at 1 and include file, string and format
specifications. For example
scanf( "%f", 3.5 )
will generate the message that argument no. 2 should be a
pointer.
561 (arg. no. Integer) indirect object inconsistent with format --
The given argument (to scanf, sscanf, or fscanf) was a pointer to
an object that was inconsistent with that which was anticipated
as the result of analyzing the format string. Argument counts
begin at 1 and include file, string and format specifications.
For example if n is declared as int then:
scanf( "%c", &n )
will elicit this message for argument number 2.
562 Ellipsis (...) assumed -- Within a function prototype a comma
was immediately followed by a right parenthesis. This is taken
by some compilers to be equivalent to an ellipsis (three dots)
and this is what is assumed by PC-lint/FlexeLint. If your
compiler does not accept the ellipsis but makes this assumption,
then you should suppress this message.
563 Label 'Symbol' (Location) not referenced -- The Symbol at the
cited Location appeared as a label but there was no statement
that referenced this label.
564 variable 'Symbol' depends on order of evaluation -- The named
variable was both modified and accessed in the same expression in
such a way that the result depends on whether the order of
evaluation is left-to-right or right-to-left. One such example
is: n + n++ since there is no guarantee that the first access to
n occurs before the increment of n. Other, more typical cases,
are given in the manual. Volatile variables are also checked for
repeated use in an expression.
565 tag 'Symbol' not previously seen, assumed file-level scope --
The named tag appeared in a prototype or in an inner block and
was not previously seen in an outer (file-level) scope. The ANSI
standard is dubious as to how this tag could link up with any
other tag. For most compilers this is not an error and you can
safely suppress the message. On the other hand, to be strictly
in accord with ANSI C you may place a small stub of a declaration
earlier in the program. For example:
struct name;
is sufficient to reserve a place for name in the symbol table at
the appropriate level.
566 Inconsistent or redundant format char 'Char' -- This message is
given for format specifiers within formats for the printf/scanf
family of functions. The indicated character Char found in a
format specifier was inconsistent or redundant with an earlier
character found in the same format specifier. For example a
format containing "%ls" will yield this error with the character
's' indicated. This is because the length modifier is designed
to be used with integral or float conversions and has no meaning
with the string conversion. Such characters are normally ignored
by compilers.
567 Expected a numeric field before char 'Char' -- This message is
given for format specifiers within formats for the printf/scanf
family of functions. A numeric field or asterisk was expected at
a particular point in the scanning of the format. For example:
%-d requests left justification of a decimal integer within a
format field. But since no field width is given, the request is
meaningless.
568 nonnegative quantity is never less than zero. -- Comparisons of
the form:
u >= 0 0 <= u
u < 0 0 > u
are suspicious if u is an unsigned quantity or a quantity judged
to be never less then 0. See also message 775.
569 Loss of information (Context) (Integer bits to Integer bits) --
An assignment (or implied assignment, see Context) was made from
a constant to an integral variable that is not large enough to
hold the constant. Examples include placing a hex constant whose
bit requirement is such as to require an unsigned int into a
variable typed as int. The number of bits given does not count
the sign bit.
570 Loss of sign (Context) (Type to Type) -- An assignment (or
implied assignment, see Context) is being made from a negative
constant into an unsigned quantity. Casting the constant to
unsigned will remove the diagnostic but is this what you want.
If you are assigning all ones to an unsigned, remember that ~0
represents all ones and is more portable than -1.
571 Suspicious Cast -- Usually this warning is issued for casts of
the form:
(unsigned) ch
where ch is declared as char and char is signed. Although the
cast may appear to prevent sign extension of ch, it does not.
Following the normal promotion rules of C, ch is first converted
to int which extends the sign and only then is the quantity cast
to unsigned. To suppress sign extension you may use:
(unsigned char) ch
Otherwise, if sign extension is what you want and you just want
to suppress the warning in this instance you may use:
(unsigned) (int) ch
Although these examples have been given in terms of casting a
char they will also be given whenever this cast is made upon a
signed quantity whose size is less than the casted type.
Examples include signed bit fields (a possibility in the new
standard), expressions involving char, and expressions involving
short when this type is smaller than int or a direct cast of an
int to an unsigned long (if int’s is smaller than long). This
message is not issued for constants or for expressions involving
bit operations.
572 Excessive shift value (precision Integer shifted right by
Integer) -- A quantity is being shifted to the right whose
precision is equal to or smaller than the shifted value. For
example,
ch >> 10
will elicit this message if ch is typed char and where char is
less than 10 bits wide (the usual case). To suppress the message
you may cast the shifted quantity to a type whose length is at
least the length of the shift value.
573 Signed-unsigned mix with divide -- one of the operands to / or %
was signed and the other unsigned; moreover the signed quantity
could be negative. For example:
u / n
where u is unsigned and n is signed will elicit this message
whereas:
u / 4
will not, even though 4 is nominally an int. It is not a good
idea to mix unsigned quantities with signed quantities in any
case (a 737 will also be issued) but, with division, a negative
value can create havoc. For example, the innocent looking:
n = n / u
will, if n is -2 and u is 2, not assign -1 to n but will assign
some very large value.
To resolve this problem, either cast the integer to unsigned if
you know it can never be less than zero or cast the unsigned to
an integer if you know it can never exceed the maximum integer.
574 Signed-unsigned mix with relational -- The four relational
operators are:
> >= < <=
One of the operands to a relational operator was signed and the
other unsigned; also, the signed quantity could be negative. For
example:
if( u > n ) ...
where u is unsigned and n is signed will elicit this message
whereas:
if( u > 12 ) ...
will not (even though 12 is officially an int it is obvious that
it is not negative). It is not a good idea to mix unsigned
quantities with signed quantities in any case (a 737 will also be
issued) but, with the four relationals, a negative value can
produce obscure results. For example, if the conditional:
if( n < 0 ) ...
is true then the similar appearing:
u = 0;
if( n < u ) ...
is false because the promotion to unsigned makes n very large.
To resolve this problem, either cast the integer to unsigned if
you know it can never be less than zero or cast the unsigned to
an int if you know it can never exceed the maximum int.
575 enumeration constant exceeds range for integers -- For many
compilers the value of an enumeration constant is limited to
those values that can fit within a signed or unsigned int.
577 Mixed memory model (option 'String') -- The indicated option
requested a change to the memory model after part or all of
another module was processed. The memory model option should be
specified before any module is processed. The most common cause
of this error is specifying the memory model after having
specified the standard library. This would be a natural error to
make if the standard library file were specified via a LINT
environment variable.
578 Declaration of symbol 'Symbol' hides symbol 'Symbol' (Location)
-- A local symbol has the identical name as a global symbol ( or
possibly another local symbol). This could be dangerous. Was
this deliberate? It is usually best to rename the local symbol.
579 parameter preceding ellipsis has invalid type -- When an
ellipsis is used, the type preceding the ellipsis should not be a
type that would undergo a default promotion such as char, short
or float. The reason is that many compilers' variable argument
schemes (using stdarg.h) will break down.
580 Redeclaration of function 'Symbol' (hiding Location) causes loss
of prototype -- A declaration of a function within a block hides
a declaration in an outer scope in such a way that the inner
declaration has no prototype and the outer declaration does. A
common misconception is that the resulting declaration is a
composite of both declarations but this is only the case when the
declarations are in the same scope not within nested scopes. If
you don't care about prototypes you may suppress this message.
You will still receive other type-difference warnings.
581 Option 'String' is obsolete and should no longer be used -- This
message is issued whenever we encounter an option that appears to
do more harm than good. 'String' is the option in question.
582 esym (or emacro) name 'String' should not contain '(' -- The
name provided to esym should not contain a (. For example, to
suppress message 534 when calling f(int) use the option
-esym(534,f) even if f is overloaded.
583 Comparing type 'Type' with EOF -- The message is issued when
some form of character is compared against the EOF macro. EOF is
normally defined to be -1. For example:
while( (ch = getchar()) != EOF ) ...
If ch is defined to be an int all is well. If however it is
defined to be some form of char, then trouble might ensue. If ch
is an unsigned char then it can never equal EOF. If ch is a
signed char then you could get a premature termination because
some data character happened to be all ones.
Note that getchar returns an int. The reason it returns an int
and not a char is because it must be capable of returning 257
different values (256 different characters plus EOF, assuming an
8-bit character). Once this value is assigned to a char only 256
values are then possible – a clear loss of information.
584 Trigraph sequence (??Char) detected -- This message is issued
whenever a trigraph sequence is detected and the trigraph
processing has been turned off (with a -ftg). If this is not
within a string (or character) constant then the trigraph
sequence is ignored. This is useful if your compiler does not
process trigraph sequences and you want linting to mirror
compilation. Outside of a string we issue the Warning but we do
translate the sequence since it cannot make syntactic sense in
its raw state.
585 The sequence (??Char) is not a valid Trigraph sequence -- This
warning is issued whenever a pair of '?' characters is seen
within a string (or character) constant but that pair is not
followed by a character which would make the triple a valid
Trigraph sequence. Did the programmer intend this to be a
Trigraph sequence and merely err? Even if no Trigraph were
intended, it can easily be mistaken by the reader of the code to
be a Trigraph. Moreover, what assurances do we have that in the
future the invalid Trigraph might not become a valid Trigraph and
change the meaning of the string? To protect yourself from such
an event you may place a backslash between the '?' characters.
Alternatively you may use concatenation of string constants. For
example:
pattern = "(???) ???-????"; // warning 585
pattern = "(?\?\?) ?\?\?-?\?\?\?"; // no warning
#define Q "?"
pattern = "(" Q Q Q ") " Q Q Q "-" Q Q Q Q // no warning
586 String 'Name' is deprecated. String -- The Name has been
deprecated by some use of the deprecate option. See Section
2.5.7 -deprecate. The first String is one of the allowed
categories of deprecation. The trailing String is part of the
deprecate option and should explain why the facility has been
deprecated.
587 Predicate 'String' can be pre-determined and always evaluates to
String -- The predicate, identified by the first String, (one of
greater than, greater than or equal, less than, less than or
equal, equal, or not equal), cannot possibly be other than what
is indicated by the second String parameter. For example:
unsigned u; ...
if( (u & 0x10) == 0x11 ) ...
would be greeted with the message that ‘==’ always evaluates to
‘False’.
588 Predicate 'String' will always evaluate to String unless an
overflow occurs -- The predicate, identified by the first
String, cannot possibly be other than what is indicated by the
second String parameter unless an overflow occurred. For
example:
unsigned u; ...
if( (u + 2) != 1 ) ...
would be greeted with the message that ‘!=’ always evaluates to
‘True’. See also Message 587.
589 Predicate 'String' will always evaluate to String assuming
standard division semantics -- The predicate, identified by the
first String parameter, cannot possibly be other than what is
indicated by the second String parameter assuming standard signed
integer division semantics. For example:
int n; ...
if( n % 2 == 2 ) ...
would be greeted with the message that ‘==’ always evaluates to
‘False’.
By standard integer division semantics we mean truncation toward
zero so that, for example, -1/4 has quotient 0 and remainder -1
and not quotient -1, remainder 3. Although the current C
standard [4] has endorsed this, the current C++ standard [10]
regards integer division involving negative numbers to be
‘implementation defined’.
See also Message 587.
590 Predicate 'String' will always evaluate to String assuming
standard shift semantics -- The predicate, identified by the
first String parameter, cannot possibly be other than what is
indicated by the second String parameter assuming standard signed
integer shift semantics. For example:
int n; ...
if( (5 << n) < 0 ) ...
would be greeted with the message that the less-than always
evaluates to ‘False’. It is true that if you shift 5 left by 29
bits (or 31 bits) you will have in many cases (probably most
cases) a negative number but this is not guaranteed. According
to the C Standard [4], shifting a positive signed integer (5 in
this case) left by a number of places (n in this case) is only
valid if the type can accomodate 5*(2**n). This is equivalent to
not shifting a one into or through the sign bit.
As another example:
int n; ...
if( (n >> 5) >= 0 ) ...
would always be regarded as true. This is because shifting a
negative number to the right yields results that are
implementation defined.
See also Message 587.
591 Variable 'Symbol' depends on the order of evaluation; it is
used/modified through function 'Symbol' via calls: String" --
The indicated variable (given by the first Symbol) was involved
in an expression that contained a call of a function (given by
the second Symbol) that would use or modify the variable.
Further, the order of evaluation of the two is not determinable.
For example:
extern int n;
void f() { n++; }
int g() { f(); return 1; }
int h() { return n + g(); } // Warning 591
The above code, on the second pass, will elicit the following
warning:
Warning 591: Variable 'n' depends on the order of evaluation;
it is modified through function 'g(void)' via calls: g() => f()
If the function g() is called and then n is added, you will
obtain a different result than if n were first evaluated and then
the call made.
The programmer should generally rewrite these expressions so that
the compiler is constrained to use the intended order. For
example if the programmer wanted to use the n prior to the call
on g() it can alter h() to the following:
int h()
{ int k = n; return k + g(); }
This analysis requires two passes; the first pass builds the
necessary call trees.
592 Non-literal format specifier used without arguments -- A
printf/scanf style function received a non-literal format
specifier without trailing arguments. For example:
char msg[100];
...
printf( msg );
This can easily be rewritten to the relatively safe:
char msg[100];
...
printf( "%s", msg );
The danger lies in the fact that msg can contain hidden format
codes. If msg is read from user input, then in the first
example, a naive user could cause a glitch or a crash and a
malicious user might exploit this to undermine system security.
Since the unsafe form can easily be transformed into the safe
form the latter should always be used.
593 Custodial pointer 'Symbol' (Location) possibly not freed or
returned -- This is the 'possible' version of message 429. A
pointer of auto storage class was allocated storage and not all
paths leading to a return statement or to the end of the function
contained either a free or a return of the pointer. Hence there
is a potential memory leak. For example:
void f( int n )
{
int *p = new int;
if( n ) delete p;
} // message 593
In this example an allocation is made and, if n is 0, no delete
will have been made.
Please see message 429 for an explaination of “custodial” and
ways of regulating when pointer variables retain custody of
allocations.
601 Expected a type for symbol Symbol, int assumed -- A declaration
did not have an explicit type. int was assumed. Was this a
mistake? This could easily happen if an intended comma was
replaced by a semicolon. For example, if instead of typing:
double radius,
diameter;
the programmer had typed:
double radius;
diameter;
this message would be raised.
602 Comment within comment -- The sequence /* was found within a
comment. Was this deliberate? Or was a comment end inadvertently
omitted? If you want PC-lint/FlexeLint to recognize nested
comments you should set the Nested Comment flag using the +fnc
option. Then this warning will not be issued. If it is your
practice to use the sequence:
/*
/* */
then use -e602.
603 Symbol 'Symbol' (Location) not initialized -- The address of the
named symbol is being passed to a function where the
corresponding parameter is declared as pointer to const. This
implies that the function will not modify the object. If this is
the case then the original object should have been initialized
sometime earlier.
604 Returning address of auto variable 'Symbol' -- The address of
the named symbol is being passed back by a function. Since the
object is an auto and since the duration of an auto is not
guaranteed past the return, this is most likely an error. You
may want to copy the value into a global variable and pass back
the address of the global or you might consider having the caller
pass an address of one of its own variables to the callee.
605 Increase in pointer capability (Context) -- This warning is
typically caused by assigning a (pointer to const) to an ordinary
pointer. For example:
int *p;
const int *q;
p = q; /* 605 */
The message will be inhibited if a cast is used as in:
p = (int *) q;
An increase in capability is indicated because the const pointed
to by q can now be modified through p. This message can be given
for the volatile qualifier as well as the const qualifier and may
be given for arbitrary pointer depths (pointers to pointers,
pointers to arrays, etc.).
If the number of pointer levels exceeds one, things get murky in
a hurry. For example:
const char ** ppc;
char ** pp;
pp = ppc; /* 605 - clearly not safe */
ppc = pp; /* 605 - looks safe but it's not */
It was not realized by the C community until very recently that
assigning pp to ppc was dangerous. The problem is that after the
above assignment, a pointer to a const char can be assigned
indirectly through ppc and accessed through pp which can then
modify the const char.
The message speaks of an “increase in capability” in assigning to
ppc, which seems counter intuitive because the indirect pointer
has less capability. However, assigning the pointer does not
destroy the old one and the combination of the two pointers
represents a net increase in capability.
The message may also be given for function pointer assignments
when the prototype of one function contains a pointer of higher
capability than a corresponding pointer in another prototype.
There is a curious inversion here whereby a prototype of lower
capability translates into a function of greater trust and hence
greater capability (a Trojan Horse). For example, let
void warrior( char * );
be a function that destroys its argument. Consider the function:
void Troy( void (*horse)(const char *) );
Troy() will call horse() with an argument that it considers
precious believing the horse() will do no harm. Before compilers
knew better and believing that adding in a const to the
destination never hurt anything, earlier compilers allowed the
Greeks to pass warrior() to Troy and the rest, as they say, is
history.
606 Non-ANSI escape sequence: '\String' -- An escape sequence
occurred, within a character or string literal, that was not on
the approved list which is:
\' \" \? \\ \a \b \f \n \r \t \v
\octal-digits \xhex-digits
607 Parameter 'Symbol' of macro found within string -- The indicated
name appeared within a string or character literal within a macro
and happens to be the same as the name of a formal parameter of
the macro as in:
#define mac(n) printf( "n = %d,", n );
Is this a coincidence? The ANSI standard indicates that the name
will not be replaced but since many C compilers do replace such
names the construction is suspect. Examine the macro definition
and if you do not want substitution, change the name of the
parameter. If you do want substitution, set the +fps flag
(Parameter within String) and suppress the message with -e607.
608 Assigning to an array parameter -- An assignment is being made
to a parameter that is typed array. For the purpose of the
assignment, the parameter is regarded as a pointer. Normally
such parameters are typed as pointers rather than arrays.
However if this is your coding style you should suppress this
message.
609 Suspicious pointer conversion -- An assignment is being made
between two pointers which differ in size (one is far and the
other is near) but which are otherwise compatible.
610 Suspicious pointer combination -- Pointers of different size
(one is far and the other is near) are being compared,
subtracted, or paired (in a conditional expression). This is
suspicious because normally pointers entering into such
operations are the same size.
611 Suspicious cast -- Either a pointer to a function is being cast
to a pointer to an object or vice versa. This is regarded as
questionable by the ANSI standard. If this is not a user error,
suppress this warning.
612 Expected a declarator -- A declaration contained just a storage
class and a type. This is almost certainly an error since the
only time a type without a declarator makes sense is in the case
of a struct, union or enum but in that case you wouldn't use a
storage class.
613 Possible use of null pointer 'Symbol' in [left/right] argument to
operator 'String' Reference -- From information gleaned from
earlier statements, it is possible that a null pointer (a pointer
whose value is 0) can be used in a context where null pointers
are inappropriate. Such contexts include: Unary *, pointer
increment (++) or decrement(--), addition of pointer to numeric,
and subtraction of two pointers. In the case of binary
operators, one of the words 'left' or 'right' is used to
designate which operand is null. Symbol identifies the pointer
variable that may be NULL. See also messages 413 and 794.
614 auto aggregate initializer not constant -- An initializer for an
auto aggregate normally consists of a collection of
constant-valued expressions. Some compilers may, however, allow
variables in this context in which case you may suppress this
message.
615 auto aggregate initializer has side effects -- This warning is
similar to 614. Auto aggregates (arrays, structures and union)
are normally initialized by a collection of constant-valued
expressions without side-effects. A compiler could support
side-effects in which case you might want to suppress this
message.
616 control flows into case/default -- It is possible for flow of
control to fall into a case statement or a default statement from
above. Was this deliberate or did the programmer forget to
insert a break statement? If this was deliberate then place a
comment immediately before the statement that was flagged as in:
case 'a': a = 0;
/* fall through */
case 'b': a++;
Note that the message will not be given for a case that merely
follows another case without an intervening statement. Also,
there must actually be a possibility for flow to occur from
above.
617 String is both a module and an include file -- The named file is
being used as both an include file and as a module. Was this a
mistake? Unlike Error 306 (repeated module) this is just a
warning and processing of the file is attempted.
618 Storage class specified after a type -- A storage class
specifier (static, extern, typedef, register or auto) was found
after a type was specified. This is legal but deprecated.
Either place the storage class specifier before the type or
suppress this message.
619 Loss of precision (Context) (Pointer to Pointer) -- A far
pointer is being assigned to a near pointer either in an
assignment statement or an implied assignment such as an
initializer, a return statement, or passing an argument in the
presence of a prototype (Context indicates which). Such
assignments are a frequent source of error when the actual
segment is not equal to the default data segment. If you are
sure that the segment of the far pointer equals the default data
segment you should use a cast to suppress this message.
620 Suspicious constant (L or one?) -- A constant ended in a
lower-case letter 'l'. Was this intended to be a one? The two
characters look very similar. To avoid misinterpretations, use
the upper-case letter 'L'.
621 Identifier clash (Symbol 'Name' with Symbol 'Name' at String) --
The two symbols appeared in the same name space but are identical
to within the first count characters set by option
-idlen(count,option). See -idlen.
622 Size of argument no. Integer inconsistent with format -- The
argument to scanf, fscanf or sscanf, where position is given by
Integer, was a pointer whose size did not match the format. For
example,
int far *p;
scanf( "%d", p );
will draw this warning (in the default memory model).
623 redefining the storage class of symbol 'Symbol' (TypeDiff)
conflicts with Location -- An inter-module symbol was a typedef
symbol in one module and an ordinary symbol in another module.
This is legal but potentially confusing. Is this what the
programmer intended?
624 typedef 'Symbol' redeclared (TypeDiff) (Location) -- A symbol
was declared in a typedef differently in two different modules.
This is technically legal but is not a wise programming practice.
625 auto symbol 'Symbol' has unusual type modifier -- Some type
modifiers such as far, near, fortran are inappropriate for auto
variables.
626 argument no. Integer inconsistent with format -- The argument to
a printf (or fprintf or sprintf) was inconsistent with the
format. Although the size of the quantity was appropriate the
type was not. You might consider casting the quantity to the
correct type. You could also suppress this message, as more
flagrant violations are picked up with warning 559.
627 (arg. no. Integer) indirect object inconsistent with format --
The type of an argument to scanf (or fscanf or sscanf) was
inappropriate to the format. However, the argument was a pointer
and it pointed to a quantity of the expected size.
628 no argument information provided for function 'Symbol' (Location)
-- The named function was called but there was no argument
information supplied. Argument information can come from a
prototype or from a function definition. This usually happens
when an old-style function declaration indicates that the
function is in a library but no prototype is given for the
function nor is any argument information provided in a standard
library file. This message is suppressed if you are producing a
lint object module because presumably the object module will be
compared with a library file at some later time.
629 static class for function 'Symbol' is non standard -- A static
class was found for a function declaration within a function.
The static class is only permitted for functions in declarations
that have file scope (i.e., outside any function). Either move
the declaration outside the function or change static to extern;
if the second choice is made, make sure that a static declaration
at file scope also exists before the extern declaration. Though
technically the construct is not portable, many compilers do
tolerate it. If you suppress the message, PC-lint/FlexeLint will
treat it as a proper function declaration.
630 ambiguous reference to symbol 'Name' -- If the +fab flag is set,
then if two structures containing the same member name (not
necessarily different kinds of structures) are embedded in the
same structure and a reference to this member name omits one of
the intervening (disambiguating) names, this warning is emitted.
631 tag 'Symbol' defined differently at Location -- The struct,
union or enum tag Symbol was defined differently in different
scopes. This is not necessarily an error since C permits the
redefinition, but it can be a source of subtle error. It is not
generally a programming practice to be recommended.
632 Assignment to strong type 'Name' in context: Context -- An
assignment (or implied assignment, Context indicates which)
violates a Strong type check as requested by a -strong(A...
option.
633 Assignment from a strong type 'Name' in context: Context -- An
assignment (or implied assignment, Context indicates which)
violates a Strong type check as requested by a -strong(X...
option.
634 Strong type mismatch (type 'Symbol') in equality or conditional
-- An equality operation (== or !=) or a conditional operation (?
violates a Strong type check as requested by a -strong(J...
option. This message would have been suppressed using flags
"Je".
635 resetting strong parent of type 'Symbol', old parent == type
'Symbol' -- The strong parent of the given Symbol is being
reset. This is being done with a -parent option or by a typedef.
Note that this may not necessarily be an error; you are being
alerted to the fact that the old link is being erased.
636 ptr to strong type 'Name' versus another type -- Pointers are
being compared and there is a strong type clash below the first
level. For example,
/*lint -strong(J,INT) */
typedef int INT;
INT *p; int *q;
if( p == q ) /* Warning 636 */
will elicit this warning. This message would have been
suppressed using flags “Je” or “Jr” or both.
637 Expected index type 'Symbol' for strong type 'Symbol' -- This is
the message you receive when an inconsistency with the -index
option is recognized. A subscript is not the stipulated type
(the first type mentioned in the message) nor equivalent to it
within the hierarchy of types.
638 Strong type mismatch for type 'Name' in relational -- A
relational operation ( >= <= > < ) violates a Strong type
check as requested by a -strong(J... option. This message would
have been suppressed using flags "Jr".
639 Strong type mismatch for type 'Name' in binary operation -- A
binary operation other than an equality or a relational operation
violates a Strong type check as requested by a -strong(J...
option. This message would have been suppressed using flags
"Jo".
640 Expected strong type 'Name' in Boolean context -- A Boolean
context expected a type specified by a -strong(B... option.
641 Converting enum to int -- An enumeration type was used in a
context that required a computation such as an argument to an
arithmetic operator or was compared with an integral argument.
This warning will be suppressed if you use the integer model of
enumeration (+fie) but you will lose some valuable type-checking
in doing so. An intermediate policy is to simply turn off this
warning. Assignment of int to enum will still be caught.
This warning is not issued for a tagless enum without variables.
For example
enum {false,true};
This cannot be used as a separate type. PC-lint/FlexeLint
recognizes this and treats false and true as arithmetic
constants.
642 Format char 'Char' not supported by wsprintf -- This means that
you are using an option of the form: -printf(w... and you are
using a format character not supported by the Microsoft Windows
function wsprintf. If you are not really using wsprintf but are
using the w flag to get far pointers you should turn this message
off.
643 Loss of precision in pointer cast -- A far pointer was cast to a
near pointer. Such casts have had disastrous consequences for
Windows programmers. If you really need to make such a cast, you
can do it in stages. If you cast to a long first (i.e., some
integral type that can hold the pointer) and then into a shorter
value, we don't complain.
644 Variable 'Symbol' (Location) may not have been initialized -- An
auto variable was not necessarily assigned a value before use.
645 Symbol 'Symbol' (Location) may not have been initialized -- An
auto variable was conditionally assigned a value before being
passed to a function expecting a pointer to a const object. See
Warning 603 for an explanation of the dangers of such a
construct.
646 case/default within Kind loop; may have been misplaced -- A case
or default statement was found within a for, do, or while loop.
Was this intentional? At the very least, this reflects poor
programming style.
647 Suspicious truncation -- This message is issued when it appears
that there may have been an unintended loss of information during
an operation involving int or unsigned int the result of which is
later converted to long. It is issued only for systems in which
int is smaller than long. For example:
(long) (n << 8)
might elicit this message if n is unsigned int, whereas
(long) n << 8
would not. In the first case, the shift is done at int precision
and the high order 8 bits are lost even though there is a
subsequent conversion to a type that might hold all the bits. In
the second case, the shifted bits are retained.
The operations that are scrutinized and reported upon by this
message are: shift left, multiplication, and bit-wise
complementation. Addition and subtraction are covered by
Informational message 776.
The conversion to long may be done explicitly with a cast as
shown or implicitly via assignment, return, argument passing or
initialization.
The message can be suppressed by casting. You may cast one of
the operands so that the operation is done in full precision as
is given by the second example above. Alternatively, if you
decide there is really no problem here (for now or in the
future), you may cast the result of the operation to some form of
int. For example, you might write:
(long) (unsigned) (n << 8)
In this way PC-lint/FlexeLint will know you are aware of and
approve of the truncation.
648 Overflow in computing constant for operation: String --
Arithmetic overflow was detected while computing a constant
expression. For example, if int is 16 bits then 200 * 200 will
result in an overflow. String gives the operation that caused the
overflow and may be one of: addition, unsigned addition,
multiplication, unsigned multiplication, negation, shift left,
unsigned shift left, subtraction, or unsigned sub.
To suppress this message for particular constant operations you
may have to supply explicit truncation. For example, if you want
to obtain the low order 8 bits of the integer 20000 into the high
byte of a 16-bit int, shifting left would cause this warning.
However, truncating first and then shifting would be OK. The
following code illustrates this where int is 16 bits.
20000u << 8; /* 648 */
(0xFF & 20000u) << 8; /* OK */
If you truncate with a cast you may make a signed expression out
of an unsigned. For example, the following receives a warning
(for 16 bit int).
(unsigned char) OxFFFu << 8 /* 648 */
because the unsigned char is promoted to int before shifting.
The resulting quantity is actually negative. You would need to
revive the unsigned nature of the expression with
(unsigned) (unsigned char) OxFFF << 8 /* OK */
649 Sign fill during constant shift -- During the evaluation of a
constant expression a negative integer was shifted right causing
sign fill of vacated positions. If this is what is intended,
suppress this error, but be aware that sign fill is
implementation-dependent.
650 Constant out of range for operator String -- In a comparison
operator or equality test (or implied equality test as for a case
statement), a constant operand is not in the range specified by
the other operand. For example, if 300 is compared against a
char variable, this warning will be issued. Moreover, if char is
signed (and 8 bits) you will get this message if you compare
against an integer greater than 127. The problem can be fixed
with a cast. For example:
if( ch == 0xFF ) ...
if( (unsigned char) ch == 0xFF ) ...
If char is signed (+fcu has not been set) the first receives a
warning and can never succeed. The second suppresses the warning
and corrects the bug.
PC-lint/FlexeLint will take into account the limited precision of
some operands such as bit-fields and enumerated types. Also,
PC-lint/FlexeLint will take advantage of some computations that
limit the precision of an operand. For example,
if( (n & 0xFF) >> 4 == 16 ) ...
will receive this warning because the left-hand side is limited
to 4 bits of precision.
651 Potentially confusing initializer -- An initializer for a
complex aggregate is being processed that contains some
subaggregates that are bracketed and some that are not. ANSI
recommends either "minimally bracketed" initializers in which
there are no interior braces or "fully bracketed" initializers in
which all interior aggregates are bracketed.
652 #define of symbol 'Symbol' declared previously at Location -- A
macro is being defined for a symbol that had previously been
declared. For example:
int n;
#define n N
will draw this complaint. Prior symbols checked are local and
global variables, functions and typedef symbols, and struct,
union and enum tags. Not checked are struct and union member.
653 Possible loss of fraction -- When two integers are divided and
assigned to a floating point variable the fraction portion is
lost. For example, although
double x = 5 / 2;
appears to assign 2.5 to x it actually assigns 2.0. To make sure
you don’t lose the fraction, cast at least one of the operands to
a floating point type. If you really wish to do the truncation,
cast the resulting divide to an integral (int or long) before
assigning to the floating point variable.
654 Option String obsolete; use -width(W,I) -- The option -w is now
used to set the warning level and should no longer be used to
specify the width of error messages. Instead use -width with the
same arguments as before to set the width. To set the warning
level to 3, for example, use the option -w3, not -w(3).
655 bit-wise operation uses (compatible) enum's -- A bit-wise
operator (one of '|', '&' or '^') is used to combine two
compatible enumerations. The type of the result is considered to
be the enumeration. This is considered a very minor deviation
from the strict model and you may elect to suppress this warning.
656 Arithmetic operation uses (compatible) enum's -- An arithmetic
operator (one of '+', or '-') is used to combine two compatible
enumerations. The type of the result is considered to be the
enumeration. This is considered a very minor deviation from the
strict model and you may elect to suppress this warning.
657 Unusual (nonportable) anonymous struct or union -- A struct or
union declaration without a declarator was taken to be anonymous.
However, the anonymous union supported by C++ and other dialects
of C require untagged union's. Tagged unions and tagged or
untagged structs are rarely supported, as anonymous.
658 Anonymous union assumed (use flag +fan) -- A union without a
declarator was found. Was this an attempt to define an anonymous
union? If so, anonymous unions should be activated with the +fan
flag. This flag is activated automatically for C++.
659 Nothing follows '}' on line within struct/union/enum declaration
-- A struct/union/class/enum definition occurred and the closing
'}' was not followed on the same line by another token. It looks
suspicious. Missing semi-colons after such definitions can be a
source of strange and mysterious messages. If you intentionally
omitted the semi-colon then simply place the token which follows
on the same line as the '}'. At the very least follow the '}'
with a comment.
660 Option 'String' requests removing an extent that is not on the
list -- A number of options use the '-' prefix to remove and '+'
to add elements to a list. For example to add (the most unusual)
extension .C++ to designate C++ processing of files bearing that
extension, a programmer should employ the option:
+cpp(.C++)
However, if a leading ‘-’ is employed (a natural mistake) this
warning will be emitted.
661 possible access of out-of-bounds pointer ('Integer' beyond end of
data) by operator 'String' -- An out-of-bounds pointer may have
been accessed. See message 415 for a description of the
parameters Integer and String. For example:
int a[10];
if( n <= 10 ) a[n] = 0;
Here the programmer presumably should have written n<10. This
message is similar to messages 415 and 796 but differs from them
by the degree of probability.
662 possible creation of out-of-bounds pointer ('Integer' beyond end
of data) by operator 'String' -- An out-of-bounds pointer may
have been created. See message 415 for a description of the
parameters Integer and String. For example:
int a[10];
if( n <= 20 ) f( a + n );
Here, it appears as though an illicit pointer is being created,
but PC-lint/FlexeLint cannot be certain. See also messages 416
and 797.
663 Suspicious array to pointer conversion -- This warning occurs in
the following kind of situation:
struct x { int a; } y[2];
... y->a ...
Here, the programmer forgot to index the array but the error
normally goes undetected because the array reference is
automatically and implicitly converted to a pointer to the first
element of the array. If you really mean to access the first
element use y[0].a.
664 Left side of logical OR (||) or logical AND (&&) does not return
-- An exiting function was found on the left hand side of an
operator implying that the right hand side would never be
executed. For example:
if( (exit(0),n == 0) || n > 2 ) ...
Since the exit function does not return, control can never flow
to the right hand operator.
665 Unparenthesized parameter Integer in macro 'Symbol' is passed an
expression -- An expression was passed to a macro parameter that
was not parenthesized. For example:
#define mult(a,b) (a*b)
... mult( 100, 4 + 10 )
Here the programmer is beguiled into thinking that the 4+10 is
taken as a quantity to be multiplied by 100 but instead results
in: 100*4+10 which is quite different. The recommended remedy
([22, ?0.4]) is to parenthesize such parameters as in:
#define mult(a,b) ((a)*(b))
The message is not arbitrarily given for any unparenthesized
parameter but only when the actual macro argument sufficiently
resembles an expression and the expression involves binary
operators. The priority of the operator is not considered except
that it must have lower priority than the unary operators. The
message is not issued at the point of macro definition because it
may not be appropriate to parenthesize the parameter. For
example, the following macro expects that an operator will be
passed as argument. It would be an error to enclose op in
parentheses.
666 Expression with side effects passed to repeated parameter Integer
of macro 'Symbol' -- A repeated parameter within a macro was
passed an argument with side-effects. For example:
#define ABS(x) ((x) < 0 ? -(x) : (x))
... ABS( n++ )
Although the ABS macro is correctly defined to specify the
absolute value of its argument, the repeated use of the parameter
x implies a repeated evaluation of the actual argument n++. This
results in two increments to the variable n. [22, ?0.6] Any
expression containing a function call is also considered to have
side-effects.
667 Inconsistent use of qualifiers for symbol 'Symbol' (type 'Type'
vs. 'Type') conflicts with Location -- A declaration for the
identified Symbol is inconsistent with a prior declaration for
the same symbol. There was a nominal difference in the
declaration but owing to the memory model chosen there was no
real difference. For example, in large model, one declaration
declares external symbol alpha to be a far pointer and another
declaration omits the memory model specification.
668 Possibly passing a null pointer to function 'Symbol', Context
Reference -- A NULL pointer is possibly being passed to a
function identified by Symbol. The argument in question is given
by Context. The function is either a library function designed
not to receive a NULL pointer or a user function dubbed so via
the option -function.
669 Possible data overrun for function 'Symbol', argument Integer
exceeds argument Integer Reference -- This message is for data
transfer functions such as memcpy, strcpy, fgets, etc. when the
size indicated by the first cited argument (or arguments) can
possibly exceed the size of the buffer area cited by the second.
The message may also be issued for user functions via the
-function option.
670 Possible access beyond array for function 'Symbol', argument
Integer exceeds Integer Reference -- This message is issued for
several library functions (such as fwrite, memcmp, etc) wherein
there is a possible attempt to access more data than exist. For
example, if the length of data specified in the fwrite call
exceeds the size of the data specified. The function is
specified by Symbol and the arguments are identified by argument
number.
671 Possibly passing to function 'Symbol' a negative value (Integer),
Context Reference -- An integral value that may possibly be
negative is being passed to a function that is expecting only
positive values for a particular argument. The message contains
the name of the function (Symbol), the questionable value
(Integer) and the argument number (Context). The function may be
a standard library function designed to accept only positive
values such as malloc or memcpy (third argument), or may have
been identified by the user as such through the -function or -sem
options. See message 422 for an example and further explanation.
672 Possible memory leak in assignment to pointer 'Symbol' -- An
assignment was made to a pointer variable (designated by Symbol)
which may already be holding the address of an allocated object
which had not been freed. The allocation of memory which is not
freed is considered a 'memory leak'. The memory leak is
considered 'possible' because only some lines of flow will result
in a leak.
673 Possibly inappropriate deallocation (Name1) for 'Name2' data. --
This message indicates that a deallocation (free(), delete, or
delete[]) as specified by String1 may be inappropriate for the
data being freed. The kind of data is one or more of: malloc,
new, new[], static, auto, member, modified or constant. The word
'Possibly' is used in the message to indicate that only some of
the lines of flow to the deallocation show data inconsistent with
the allocation.
674 Returning address of auto through variable 'Symbol'. -- The
value held by a pointer variable contains the address of an auto
variable. It is normally incorrect to return the address of an
item on the stack because the portion of the stack allocated to
the returning function is subject to being obliterated after
return.
675 No prior semantics associated with 'Name' in option 'String' --
The -function option is used to transfer semantics from its first
argument to subsequent arguments. However it was found that the
first argument Name did not have semantics.
676 Possibly negative subscript (Integer) in operator 'String' -- An
integer whose value was possibly negative was added to an array
or to a pointer to an allocated area (allocated by malloc,
operator new, etc.) This message is not given for pointers whose
origin is unknown since a negative subscript is in general legal.
677 sizeof used within preprocessor statement. -- Whereas the use of
sizeof during preprocessing is supported by a number of compilers
it is not a part of the ANSI C or C++ standard.
678 Member 'Symbol' field length (Integer) too small for enum
precision (Integer) -- A bit field was found to be too small to
support all the values of an enumeration (that was used as the
base of the bit field). For example:
enum color { red, green, yellow, blue };
struct abc { enum color c:2; };
Here, the message is not given because the four enumeration
values of color will just fit within 2 bits. However, if one
additional color is inserted, Warning 678 will be issued
informing the programmer of the undesirable and dangerous
condition.
679 Suspicious Truncation in arithmetic expression combining with
pointer -- This message is issued when it appears that there may
have been an unintended loss of information during an operation
involving integrals prior to combining with a pointer whose
precision is greater than the integral expression. For example:
//lint -sp8 pointers are 8 bytes
//lint -si4 integers are 4 bytes
char *f( char *p, int n, int m )
{
return p + (n + m); // warning 679
}
By the rules of C/C++, the addition n+m is performed
independently of its context and is done at integer precision.
Any overflow is ignored even though the larger precision of the
pointer could easily accommodate the overflow. If, on the other
hand the expression were: p+n+m, which parses as (p+n)+m, no
warning would be issued.
If the expression were p + n * m then, to suppress the warning, a
cast is needed. If long were the same size as pointers you could
use the expression:
return p + ((long) n * m);
680 Suspicious Truncation in arithmetic expression converted to
pointer -- An arithmetic expression was cast to pointer.
Moreover, the size of the pointer is greater than the size of the
expression. In computing the expression, any overflow would be
lost even though the pointer type would be able to accommodate
the lost information. To suppress the message, cast one of the
operands to an integral type large enough to hold the pointer.
Alternatively, if you are sure there is no problem you may cast
the expression to an integral type before casting to pointer.
See messages 647, 776, 790 and 679.
681 Loop is not entered -- The controlling expression for a loop
(either the expression within a while clause or the second
expression within a for clause) evaluates initially to 0 and so
it appears as though the loop is never entered.
682 sizeof applied to a parameter 'Symbol' whose type is a sized
array -- If a parameter is typed as an array it is silently
promoted to pointer. Taking the size of such an array will
actually yield the size of a pointer. Consider, for example:
unsigned f( char a[100] ) { return sizeof(a); }
Here it looks as though function f() will return the value 100
but it will actually return the size of a pointer which is
usually 4.
683 function 'Symbol' #define'd -- This message is issued whenever
the name of a function with some semantic association is defined
as a macro. For example:
#define strlen mystrlen
will raise this message. The problem is that the semantics
defined for strlen will then be lost. Consider this message an
alert to transfer semantics from strlen to mystrlen, using
-function(strlen, mystrlen) The message will be issued for
built-in functions (with built-in semantics) or for user-defined
semantics. The message will not be issued if the function is
defined to be a function with a similar name but with underscores
either appended or prepended or both. For example:
#define strlen __strlen
will not produce this message. It will produce Info 828 instead.
684 Passing address of auto variable 'Symbol' into caller space --
The address of an auto variable was passed via assignment into a
location specified by the caller to the function. For example:
void f( int *a[] )
{
int n;
a[1] = &n;
}
Here the address of an auto variable (n) is being passed into the
second element of the array passed to the function f. This looks
suspicious because upon return the array will contain a pointer
to a variable whose lifetime is over. It is possible that this
is benign since it could be that the caller to f() is merely
passing in a working space to be discarded upon return. If this
is the case, you can suppress the message for function f() using
the option
-efunc(684,f).
See also Warning 604.
685 Relational operator 'String,' always evaluates to 'String' --
The first String is one of '>', '>=', '<' or '<=' and identifies
the relational operator. The second string is one of 'True' or
'False,0>'. The message is given when an expression is compared
to a constant and the precision of the expression indicates that
the test will always succeed or always fail. For example,
char ch;
...
if( ch >= -128 ) ...
In this example, the precision of char ch is 8 bits signed
(assuming the fcu flag has been left in the OFF state) and hence
it has a range of values from -128 to 127 inclusive. Hence the
trest is always True.
Note that, technically, ch is promoted to int before comparing
with the constant. For the purpose of this comparison we
consider only the underlying precision. As another example, if u
is an unsigned int then
if( (u & 0xFF) > 0xFF ) ...
will also raise a 685 because the expression on the left hand
side has an effective precision of 16 bits.
686 Option 'String' is suspicious because of 'Name' -- An option is
considered suspicious for one of a variety of reasons. The
reason is designated by a reason code that is specified by Name.
At this writing, the only reason code is 'unbalanced quotes'.
687 Suspicious use of comma operator -- A comma operator appeared
unbraced and unparenthesized in a statement following an if,
else, while or for clause. For example:
if( n > 0 ) n = 1,
n = 2;
Thus the comma could be mistaken for a semi-colon and hence be
the source of subtle bugs.
If the statement is enclosed in curly braces or if the expression
is enclosed in parentheses, the message is not issued.
688 Cast used within a preprocessor conditional statement -- A cast
was used within a preprocessor conditional statement such as #if
or #elif. As an example you may have written:
#define VERSION 11.3
...
#if (int) VERSION == 11
...
#endif
Such casts are not allowed by the various C and C++ standards.
689 Apparent end of comment ignored -- The pair of characters '*/'
was found not within a comment. As an example:
void f( void*/*comment*/ );
This is taken to be the equivalent of:
void f( void* );
That is, an implied blank is inserted between the ‘*’ and the
‘/’. To avoid this message simply place an explicit blank
between the two characters.
690 Possible access of pointer pointing Integer bytes past nul
character by operator 'String' -- Accessing past the terminating
nul character is often an indication of a programmer error. For
example:
char buf[20];
char c;
strcpy( buf, "a" );
if( i < 20 )
c = buf[i]; // legal but suspect.
See also Warning 448 in Section 13.3 and Info 836 in Section 13.4
691 Suspicious use of backslash -- The backslash character has been
used in a way that may produce unexpected results. Typically
this would occur within a macro such as:
#define A b \ // comment
The coder might be thinking that the macro definition will be
continued on to the next line. The standard indicates, however,
that the newline will not be dropped in the event of an
intervening comment. This should probably be recoded as:
#define A b /* comment */ \
692 Decimal character 'Char' follows octal escape sequence 'String'
-- A String was found that contains an '8' or '9' after an octal
escape sequence with no more than two octal digits, e.g.
"\079"
contains two characters: Octal seven (ASCII BEL) followed by ‘9’.
The casual reader of the code (and perhaps even the programmer)
could be fooled into thinking this is a single character. If
this is what the programmer intended he can also render this as
"\07" "9"
so that there can be no misunderstanding.
On the other hand,
"\1238"
will not raise a message because it is assumed that the
programmer knows that octal escape sequences cannot exceed four
characters (including the initial backslash).
693 Hexadecimal digit 'Char' immediately after 'String' is suspicious
in string literal. -- A String was found that looks suspiciously
like (but is not) a hexadecimal escape sequence; rather, it is a
null character followed by letter "x" followed by some
hexadecimal digit, e.g.:
"\0x62"
was found where the programmer probably meant to type “\x62”. If
you need precisely this sequence you can use:
"\0" "x62"
and this warning will not be issued.
694 The type of constant 'String' (precision Integer) is dialect
dependent -- A decimal integer constant that requires all the
bits of an unsigned long for its representation has a type that
depends on the dialect of C or C++ implemented by the compiler
you are using. For example, the constant 3000000000 requires 32
bits for its representation. If longs are 32 bits, then the
constant is judged to be unsigned long in C90, long long in C99
and undefined in C++.
You can remove the ambiguity by applying a clarifying suffix. If
you intend this to be unsigned use the 'U' suffix. If you intend
this to be a long long use the 'LL' suffix. If the latter and
you are using C++ then turn on the +fll flag.
695 Inline function 'Symbol' defined without a storage-class
specifier ('static' recommended) -- In C99, the result of a call
to a function declared with 'inline' but not 'static' or 'extern'
is unspecified.
Example: Let the following text represent two translation units:
/* In module_1.c */
void f() {}
/* In module_2.c */
inline void f() {}
void g() { f(); } /* which f() is called? */
The C99 Standard dictates that the above call to f() from g() in
module_2.c may result in the execution of either f().
The programmer may avoid confusion and improve portability by
using the keyword ‘static’ in addition to ‘inline’. The keyword
‘extern’ can also be used along with the ‘inline’ to resolve this
ambiguity; however, we recommend using ‘static’ because, as of
this writing, more compilers correctly interpret ‘static inline’.
696 Variable 'Symbol' has value 'String' that is out of range for
operator 'String' -- The variable cited in the message is being
compared (using one of the 6 comparison operations) with some
other expression called the comperand. The variable has a value
that is out of the range of values of this comperand. For
example consider:
void f( unsigned char ch )
{
int n = 1000;
if( ch < n ) // Message 696
...
Here a message 696 will be issued stating that n has a value of
1000 that is out of range because 1000 is not in the set of
values that ch can hold (assuming default sizes of scalars).
<