(courtesy of Derek)

Splint (Secure Programming Lint) is a descendant of the old "lint" program. It is a static source-code checker for the C programming language. That is, it parses and checks the source code, rather than monitoring the application at run-time, in order to detect programming errors, security vulnerabilities.

By itself, splint does many checks over and above those from compilers, even when the latter have maximum warning enabled (e.g. gcc -ansi -pedantic -Wall). However, splint can even go further, with the use of code annotations in the form of stylised comments, to provide exceptionally powerful tests.

Splint provides four general levels of "strictness", but also has the option of disabling individual checks. Furthermore, in the first occurrence of a given error message, it will instruct the user as to the appropriate flag to use to ignore it. This makes the tool very usable.

Splint is GPL-licensed and is freely available from the splint website (http://www.splint.org). In addition to the source code, the splint website also provides documentation (including the full manual), FAQ, references, mailing lists, and binary executables for several common platforms.

I have used splint for many months now, and find it a particularly effective way of generating "squeaky-clean" code. Often, I've found that splint finds problems that the compiler misses. However, like compiler warnings, it is imperative that one starts developing with splint, rather than trying to "fix"
code at the end of the development cycle, otherwise the inundation of error messages makes it prohibitively difficult to use. I also have found that it is invaluable for ensuring that code is strictly ISO/IEC 9899 compliant (something that gcc doesn't do).