Splint - Secure Programming Lint
Download - Documentation - Manual - Links Reporting Bugs - Mailing Lists      Sponsors - Credits

Annotation-Assisted Lightweight Static Checking
Inexpensive Program Analysis Group
University of Virginia, Department of Computer Science
Secure Programming Lint
SPecifications Lint
First Aid for Programmers

Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.

Splint Version 3.1.2

Source code - [tgz distribution]
Windows Installer

SourceForge Project Page
Current Development Code
Browse Code CVS

Mailing Lists [splint-discuss archives]

Splint Manual

Papers: Improving Security Using Extensible Lightweight Static Analysis, IEEE Software Jan/Feb 2002; Statically Detecting Likely Buffer Overflow Vulnerabilities, USENIX Security 2001; Static Detection of Dynamic Memory Errors, PLDI 1996; More...

Talks: USENIX Security 2001 [PPT] [PDF]; UW/MSR [PPT] [PDF]; More...

FAQ (updated 3 May 2004)
Press - external articles
Release - latest release notes

Real mathematics has no effects on war. No one has yet discovered any warlike purpose to be served by the theory of numbers. — G. H. Hardy, The Mathematician's Apology, 1940.
5 August 2010 Mao Yu has create a Windows installer for splint-3.1.2: http://github.com/maoserr/splint_win32/downloads.
5 December 2008 Christoph Thielecke has developed a Splint GUI, availble for download here: http://crissi.linux-administrator.com/linux/splintgui/index_en.html
12 July 2007 Splint 3.1.2 is now available (this updates the source distribution to the latest CVS code)
17 Feb 2004 Security holes force firms to rethink coding processes, NetworkWorldFusion, 19 April 2004.
17 Feb 2004David Evans will be speaking 20 February 2004 at the Open Source International Conference 2004 in Malaga, Spain.
17 Feb 2004 Splint is described in the German Computer Magazine c't issues 4/2004 article, Fehlersuche in Java (full article not available on line, just links). (Thanks to Steffen Maier for noticing.)
3 Dec 2003 Herbert Martin Dietze has provided a new OS/2 binary: http://www.fh-wedel.de/pub/fh-wedel/staff/herbert/splint
1 Nov 2003 Scott Frazer has contributed a Borland C++Builder (a free compiler) build. The patches are incorporated into the latest CVS development code and will be in the next release. For directions, see bcc32.html.
31 July 2003 Checking Code and Models in Production Environments, MATLAB Digest, July 2003.
Previous News

NSF Splint development was sponsored by the
National Science Foundation

Splint - Secure Programming Lint info@splint.org
Download - Documentation - Manual - Links
Source - Linux - Publications - Talks
Reporting Bugs - Mailing Lists       Sponsors - Credits