Splint Annotation-Assisted Lightweight Static Checking Inexpensive Program Analysis Group University of Virginia, Department of Computer Science Secure Programming Lint SPecifications Lint First Aid for Programmers

Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.

Download Splint Version 3.1.2 Source code - [tgz distribution] Windows Installer SourceForge Project Page Current Development Code Browse Code CVS Mailing Lists [splint-discuss archives] Links Documentation Splint Manual Papers: Improving Security Using Extensible Lightweight Static Analysis, IEEE Software Jan/Feb 2002; Statically Detecting Likely Buffer Overflow Vulnerabilities, USENIX Security 2001; Static Detection of Dynamic Memory Errors, PLDI 1996; More... Talks: USENIX Security 2001 [PPT] [PDF]; UW/MSR [PPT] [PDF]; More... Examples FAQ (updated 3 May 2004) Press - external articles Release - latest release notes If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet – he's going to choose dancing pigs over computer security any day. If the computer prompts him with a warning screen like: "The applet DANCING PIGS could contain malicious code that might do permanent damage to your computer, steal your life's savings, and impair your ability to have children," he'll click "OK" without even reading it. Thirty seconds later he won't even remember that the warning screen even existed. — Bruce Schneier, Secrets and Lies

News 5 August 2010 Mao Yu has create a Windows installer for splint-3.1.2: http://github.com/maoserr/splint_win32/downloads. 5 December 2008 Christoph Thielecke has developed a Splint GUI, availble for download here: http://crissi.linux-administrator.com/linux/splintgui/index_en.html 12 July 2007 Splint 3.1.2 is now available (this updates the source distribution to the latest CVS code) 17 Feb 2004 Security holes force firms to rethink coding processes, NetworkWorldFusion, 19 April 2004. 17 Feb 2004 David Evans will be speaking 20 February 2004 at the Open Source International Conference 2004 in Malaga, Spain. 17 Feb 2004 Splint is described in the German Computer Magazine c't issues 4/2004 article, Fehlersuche in Java (full article not available on line, just links). (Thanks to Steffen Maier for noticing.) 3 Dec 2003 Herbert Martin Dietze has provided a new OS/2 binary: http://www.fh-wedel.de/pub/fh-wedel/staff/herbert/splint 1 Nov 2003 Scott Frazer has contributed a Borland C++Builder (a free compiler) build. The patches are incorporated into the latest CVS development code and will be in the next release. For directions, see bcc32.html. 31 July 2003 Checking Code and Models in Production Environments, MATLAB Digest, July 2003. Previous News Splint development was sponsored by the National Science Foundation

	Splint - Secure Programming Lint info@splint.org Download - Documentation - Manual - Links Source - Linux - Publications - Talks Reporting Bugs - Mailing Lists       Sponsors - Credits