Splint, short for Secure Programming Lint, is a programming tool for statically checking C programs for security vulnerabilities and coding mistakes. Formerly called LCLint, it is a modern version of the Unix lint tool.

With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.

 

 


Building splint

  • Download the source code:

# wget http://www.splint.org/downloads/splint-3.1.2.src.tgz

  • Extract the archive.

#  tar zxvf splint-3.1.2.src.tgz

  • Prepare the build

# cd splint-3.1.2
# ./configure

  • Build

# make

.....

.....

Making all in doc

make[2]: Entering directory /splint-3.1.2/doc'

make[2]: Nothing to be done for all'.

make[2]: Leaving directory /splint-3.1.2/doc'

make[2]: Entering directory /splint-3.1.2'

make[2]: Leaving directory /splint-3.1.2'

make[1]: Leaving directory /splint-3.1.2'


  • Install

# make install

 

.....

.....

mkdir /usr/local/man

mkdir /usr/local/man/man1

 /usr/bin/install -c -m 644 ./splint.1 /usr/local/man/man1/splint.1

make[2]: Leaving directory /splint-3.1.2/doc'

make[1]: Leaving directory /splint-3.1.2/doc'

make[1]: Entering directory /splint-3.1.2'

make[2]: Entering directory /splint-3.1.2'

make[2]: Nothing to be done for install-exec-am'.

make[2]: Nothing to be done for install-data-am'.

make[2]: Leaving directory /splint-3.1.2'

make[1]: Leaving directory /splint-3.1.2'


 

Now you splint is ready to run

  • Verify the presence of the executable:

# which splint

/usr/local/bin/splint

  • Just to try, let's write s asimple program that prints the first ten integers:

 

$ cat main.c

int main(void)

{

        int i;

        for(i=0; i<10; i++)

        {

                printf("i=%d\n", i);

        }

}

  • And now let's splint eats main.c

# splint main.c


 

Splint 3.1.2 --- 10 May 2012


main.c: (in function main)

main.c:8:2: Path with no return in function declared to return int

  There is a path through a function declared to return a value on which there

  is no return statement. This means the execution may fall through without

  returning a meaningful result to the caller. (Use -noret to inhibit warning)


Finished checking --- 1 code warning

Splint are saying that our main function is not returning a value as expected….

Now try on a your more complex programs, you'll find a lot of interesting things….


Gg1