Splint (software)
Splint ( S ecure P rogramming Lint ) is a software for static source code analysis of the C programming language . Splint is an indirect further development of Lint . Splint is free software released under the GNU General Public License .
Splint analyzes C source code and indicates probable programming errors, for example if typical constructs of the C programming language were used in an unusual way, which probably resulted from confusing similar operators or forgetting a pair of brackets. In addition, Splint interprets various annotations in C comments in order to differentiate between the intentional and accidental use of a construct and only issue an error warning in the case of the latter.
example
The following example of a faulty source code shows how Splint works. The program should actually read the input character by character in a loop and output a corresponding message for each line break. The character "x" should end the program. All other characters are output directly.
However, the program is afflicted with typical sloppiness errors when programming in C:
- The variable c is read without being initialized beforehand.
- After the while statement is a semicolon, which causes an infinite loop .
- When getchar is assigned, there is an implicit type conversion from int to char.
- The if-condition contains an assignment instead of a comparison
- There is no break in the switch construct.
#include <stdio.h>
int main ()
{
char c;
while (c != 'x');
{
c = getchar ();
if (c = 'x') return 0;
switch (c)
{
case '\n':
case '\r':
printf ("Zeilenwechsel\n");
default:
printf ("%c",c);
}
}
return 0;
}
While a typical C compiler like gcc only warns of the assignment in the if statement, splint finds six suspicious code positions (the output has been shortened to include explanatory comments for the sake of clarity):
Variable c used before definition
Suspected infinite loop. No value used in loop test (c) is
Assignment of int to char: c = getchar()
Test expression for if is assignment expression: c = 'x'
Test expression for if not boolean, type char: c = 'x'
Fall through case (no preceding break)
In fact, the objectionable points in the source code correspond to the programming errors:
- The variable c is compared with 'x' although it was not previously assigned a value. This means that the further behavior of the program is undefined.
- The return value of the getchar function is of type int , but is assigned to a variable of type char . Since the type char does not contain all valid values of int , ambiguities can arise.
- C allows assignments within expressions. But, like here, this is often unintentional.
- In a switch statement, each branch should be explicitly closed with a break , otherwise the code of the next branch is also executed. With '\ n' and '\ r' this is intentional, but not in the default branch.
For comparison, the correct program, which splint does not complain about:
#include <stdio.h>
int main(void)
{
int c = 0;
while (c = getchar(), c != EOF && c != 'x')
{
switch (c)
{
case '\n':
case '\r':
printf ("Zeilenwechsel\n");
break;
default:
printf ("%c",c);
}
}
return 0;
}