100 likes | 267 Views
Splint: A Static Memory Leakage tool. Presented By: Krishna Balasubramanian. Lint. Original static code analyzer of C code Tool that flagged suspicious and non-portable constructs Lint first appeared in the seventh version (V7) of UNIX OS in 1979
E N D
Splint: A Static Memory Leakage tool Presented By: Krishna Balasubramanian
Lint • Original static code analyzer of C code • Tool that flagged suspicious and non-portable constructs • Lint first appeared in the seventh version (V7) of UNIX OS in 1979 • Term now applied generically to tools that flag suspicious usage in software written in any computer language • Many improvements made to Lint : Secure Programming Lint (Splint)
Background - Splint • Open source evolved version of Lint. • Developed by: Secure Programming Group at the University of Virginia, C S dept. • Successor to LCLint. • Incorporates original LCL checker developed by Yang Meng Tan.
Overview • Statically checks C programs for security vulnerabilities & programming mistakes . • Uses annotation in source code; creates more powerful checks. • Flexible approach. • Annotation done based on project at hand. • Programmers select points to annotate. • More number of annotations leads to better bug detection.
Environment • Built on Unix Based System. • Compiles on Unix, Linux, Solaris and Windows • Binaries available for every platform • Installation manual available for every platform.
Some Problems detected by Splint: • Dereferencing a possibly null pointer • Type mismatches, with greater precision and flexibility than provided by C compilers • Memory management errors including uses of dangling references and memory leaks • Buffer overflow vulnerabilities • Violations of customized naming conventions • Modifications and global variable uses that are inconsistent with specified interfaces
Annotating code • Ex1 : Null Dereferences • Common cause of failure • Null annotation indicates pointer value may be NULL • Splint indicates error for firstChar1 :- pointer dereferenced declared with Null annotation • No error detected for firstChar2 as true branch of s=NULL returns Null.c Running Splint
Annotating code 2. Ex2: Boolean Types • Checks test expression in an if, while, or for statement or an operand of an &&, || or !operator for Boolean. • Warning produced if type of test expression is not Boolean bool.c Running Splint
Download and Use • Free software • Different binaries available at: http://www.splint.org/ • Using Splint – A Manual: http://lclint.cs.virginia.edu/manual/manual.html • Download Visual Studio: www.cis.udel.edu