Splint use basic tutorial

A.splint introduces splint as a tool for statically checking the security weaknesses of C programs and writing errors. Splint does a variety of routine checks, including unused variables, inconsistent types, use of undefined variables, unexecutable code, ignore return values, execution paths not returned, infinite loops, and more. At the same time, by adding additional information to the source code, it allows for more powerful checks. Annotation is a stylized comment that assumes a function of functions, variables, parameters, and types in a file.

Second.plint installation download address:

http://www.splint.org/downloads/splint-3.1.2.src.tgz source package installation: # tar zxvf splint- 3.1.2.src.tgz# cd splint-3.1.2# mkdir /usr/local/splint# ./configure --prefix=/usr/local/splint# make install# vi ~/.bashrc add: export LARCH_PATH= /usr/local/splint/share/splint/libexport LCLIMPORTDIR=/usr/local/splint/share/splint/import# source ~/.bashrc# export PATH=/usr/local/splint/bin/splint:$PATH three The use of .splint 1. A null reference error causes this error when referencing a pointer that does not point to any memory address. That is, a pointer with no assignment is used. Splint supports a special comment. This comment is written in C. In the program code, it is used to specify the program. For example, the following program uses /*@null@*/to indicate that the value of *s may be NULL.

//Null.cchar firstChar1 (/*@null@*/char *s){return *s;}char firstChar2 (/*@null@*/char *s){ if (s ==NULL) return '\\0'; Return *s;}//END When scanning this program with splint, it will output:

# splint null.c Splint 3.1.1 --- 28 Apr 2005null.c: (in function firstChar1)null.c:3:11: Dereference of possibly null pointer s: *s null.c:1:35: Storage s may become nullFinished checking - -- 1 code warning found Since both firstChar1 and firstChar2 use a null description, indicating that the pointer s may be a NULL value. Therefore, splint checks the usage of the s value. Because the firstChar2 function, the value of s is NULL. Judge. So, there is no warning message for the pointer of the firstChar2 function. 2. Undefined variable error In the C language, the variable is required to be defined before it can be used. Therefore, when using a variable that is not defined, the compiler will Error. In the following example, the variable described by /*@in@*/indicates that it must be defined. The variable described by /*@out@*/indicates that this variable has been defined after the function has been executed. Br>

//usedef.cextern void setVal (/*@out@*/int *x);extern int getVal (/*@in@*/int *x);extern int mysteryVal (int *x); Int dumbfunc (/*@out@*/int *x, int i) { if (i > 3) return *x; else if (i > 1) return getVal (x); else if (i == 0 r Eturn mysteryVal (x); else { setVal (x); return *x; } }//END uses splint to check usedef.c

$ splint usedef.cSplint 3.1.1 --- 28 Apr 2005usedef.c : (in function dumbfunc)usedef.c:7:19: Value *x used before definition An rvalue is used that may not be initialized to a value on some execution path. (Use -usedef to inhibit warning)usedef.c:9 :18: Passed storage x not completely defined (*x is undefined): getVal (x) Storage derivable from a parameter, return value or global is not defined. Use /*@out@*/to say passed or returned storage which need Not used. (Use -compdef to inhibit warning) usedef.c:11:22: Passed storage x not completely defined (*x is undefined): mysteryVal (x)Finished checking --- 3 code warnings//Since x is not defined in the program, the error is not defined. However, setVal() uses the /*@out@*/description, so in setVal(x); and return x;, no undefined error is reported. 3 Type error C has more data types, and there are some nuances between them. splint can also The type is checked.

Example 1:

//bool.cint f (int i, char *s,bool b1, bool b2){if (i = 3) return b1; If (!i