splint: C static analisys

hacker_compFor decades lint has remained the most used static analysis utility for C. splint (Secure Programming Lint) has been around for some years now and is regarding as the modern version of lint. In addition to coding gotchas, splint also checks for security vulnerabilities, which is a very significant aspect of modern programming.

splint needs very minimal effort to setup and use. And if you can spend some more time, it can work better than any other lint tool.

splint checks for buffer overflow vulnerabilities as well as dynamic memory errors. There are a lot of options to toggle several features.

Installation

To install splint on Ubuntu, run:

$ sudo apt-get install splint

Usage

To analyze a set of project files under the same directory with default options, run:

$ splint *.c

This will take care of the headers used too.

Learn more about splint:

$ man splint
$ splint -help

Help is divided into several topics:

 annotations (describes source-code annotations)
 comments (describes control comments)
 flags (describes flag categories)
 flags <category> (describes flags in category)
 flags all (short description of all flags)
 flags alpha (list all flags alphabetically)
 flags full (full description of all flags)
 mail (information on mailing lists)
 modes (show mode settings)
 parseerrors (help on handling parser errors)
 prefixcodes (character codes in namespace prefixes)
 references (sources for more information)
 vars (environment variables)
 version (information on compilation, maintainer)

To learn more about modes, for example, run:

$ splint -help modes

Webpage: splint

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s