Splint Annotation-Assisted Lightweight Static Checking Inexpensive Program Analysis Group University of Virginia, Department of Computer Science Secure Programming Lint SPecifications Lint First Aid for Programmers

Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.

Download Splint Version 3.1.2 Source code: https://github.com/splintchecker/splint Historical source code distributions - [tgz distribution] Windows Installer Links Documentation Splint Manual Papers: Improving Security Using Extensible Lightweight Static Analysis, IEEE Software Jan/Feb 2002; Statically Detecting Likely Buffer Overflow Vulnerabilities, USENIX Security 2001; Static Detection of Dynamic Memory Errors, PLDI 1996; More... Talks: USENIX Security 2001 [PPT] [PDF]; UW/MSR [PPT] [PDF]; More... Examples FAQ (updated 3 May 2004) Press - external articles Release - latest release notes

News 5 August 2010 Mao Yu has create a Windows installer for splint-3.1.2: //github.com/maoserr/splint_win32/downloads. 5 December 2008 Christoph Thielecke has developed a Splint GUI, availble for download here: //crissi.linux-administrator.com/linux/splintgui/index_en.html 12 July 2007 Splint 3.1.2 is now available (this updates the source distribution to the latest CVS code) 17 Feb 2004 Security holes force firms to rethink coding processes, NetworkWorldFusion, 19 April 2004. 17 Feb 2004 David Evans will be speaking 20 February 2004 at the Open Source International Conference 2004 in Malaga, Spain. 17 Feb 2004 Splint is described in the German Computer Magazine c't issues 4/2004 article, Fehlersuche in Java (full article not available on line, just links). (Thanks to Steffen Maier for noticing.) 3 Dec 2003 Herbert Martin Dietze has provided a new OS/2 binary: //www.fh-wedel.de/pub/fh-wedel/staff/herbert/splint 1 Nov 2003 Scott Frazer has contributed a Borland C++Builder (a free compiler) build. The patches are incorporated into the latest CVS development code and will be in the next release. For directions, see bcc32.html. 31 July 2003 Checking Code and Models in Production Environments, MATLAB Digest, July 2003. Previous News Splint development was sponsored by the National Science Foundation