aboutsummaryrefslogtreecommitdiff
path: root/development/splint/README
blob: ff6b7c4a30c1ac6c9ee982789c094d224ae4a330 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
splint is a tool for statically checking C programs for security vulnerabilities
and programming mistakes. Splint does many of the traditional lint checks
including unused declarations, type inconsistencies, use before definition,
unreachable code, ignored return values, execution paths with no return,
likely infinite loops, and fall through cases.

More powerful checks are made possible by additional information given
in source code annotations.  Annotations are stylized comments that
document assumptions about functions, variables, parameters and types.
In addition to the checks specifically enabled by annotations, many
of the traditional lint checks are improved by exploiting this additional
information.

As more effort is put into annotating programs, better checking results.
Splint is designed to be flexible and allow programmers to select
appropriate points on the effort-benefit curve for particular projects.
As different checks are turned on and more information is given in code
annotations the number of bugs that can be detected increases dramatically.