new2 new2

splint --- a powerful lint tool for C code

Original version: Tue Apr 23 08:38:14 2002
Last update: Fri Nov 12 15:50:09 2004

splint, and its earlier generation, lclint, are software tools for diagnosing potential errors, and security holes, in software written in the C programming language.

Disclaimer: I had nothing to do with the development of these tools, other than sending the developers feedback from my experiences as an installer and beta tester. However, these tools are so important that I want to help make them known to other software developers, and to system managers, so I created this Web site for that purpose.

A recent published article about splint can be found in

@String{j-IEEE-SOFTWARE         = "IEEE Software"}

  author =       "David Evans and David Larochelle",
  title =        "Improving Security Using Extensible Lightweight Static
  journal =      j-IEEE-SOFTWARE,
  volume =       "19",
  number =       "1",
  pages =        "42--51",
  month =        jan # "\slash " # feb,
  year =         "2002",
  CODEN =        "IESOEG",
  ISSN =         "0740-7459",
  bibdate =      "Fri Feb 8 05:40:47 MST 2002",
  bibsource =    "",
  URL =          ";
  acknowledgement = ack-nhfb,

An individual or institutional subscription to the IEEE Digital Library is required to access the full text of the article; consult your local librarian if you cannot fetch the PDF file yourself. Most large academic libraries will have that journal.

splint is available at in source form, and also in binary distributions for several flavors of UNIX and Microsoft Windows. An extensive user manual in PostScript and PDF form can also be found at that location.

These comments from the above technical paper are noteworthy:

...buffer overflow vulnerabilities account for approximately 50 percent of the Software Engineering Institute's CERT advisories.
           [p. 42, col. 2]
Running splint on wu-ftpd 2.5 ... produced 101 warnings. Twenty-five of these warnings indicated real problems, and 76 were false...
           [p. 49, col. 2]

I've been using lclint extensively since the spring of 2000, and installed the new generation, splint, in February 2002. I recommend them highly to software developers. lclint found several (potential) bugs in my own code that had not been caught by 50+ C compilers, 30+ C++ compilers, several other lint implementations, and extensive validation testing on 15+ flavors of UNIX.

As with any powerful lint program, the trick is to figure out the right set of options (lclint has 424 of them, and splint has 454), to avoid getting drowned in diagnostic output.

It took me some time to produce a set that works for my own coding practices, paring out the warnings that do not matter to me. Since my personal customized option lists are long (but fortunately, can be set once-and-for-all in personal startup files in users' login directories), I make them available here for others to examine, and further customize for their own use: