1 / 10

Splint: A Static Memory Leakage tool

Splint: A Static Memory Leakage tool. Presented By: Krishna Balasubramanian. Lint. Original static code analyzer of C code Tool that flagged suspicious and non-portable constructs Lint first appeared in the seventh version (V7) of UNIX OS in 1979

arich
Télécharger la présentation

Splint: A Static Memory Leakage tool

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Splint: A Static Memory Leakage tool Presented By: Krishna Balasubramanian

  2. Lint • Original static code analyzer of C code • Tool that flagged suspicious and non-portable constructs • Lint first appeared in the seventh version (V7) of UNIX OS in 1979 • Term now applied generically to tools that flag suspicious usage in software written in any computer language • Many improvements made to Lint : Secure Programming Lint (Splint)

  3. Background - Splint • Open source evolved version of Lint. • Developed by: Secure Programming Group at the University of Virginia, C S dept. • Successor to LCLint. • Incorporates original LCL checker developed by Yang Meng Tan. 

  4. Overview • Statically checks C programs for security vulnerabilities & programming mistakes . • Uses annotation in source code; creates more powerful checks. • Flexible approach. • Annotation done based on project at hand. • Programmers select points to annotate. • More number of annotations leads to better bug detection.

  5. Environment • Built on Unix Based System. • Compiles on Unix, Linux, Solaris and Windows • Binaries available for every platform • Installation manual available for every platform.

  6. Some Problems detected by Splint: • Dereferencing a possibly null pointer • Type mismatches, with greater precision and flexibility than provided by C compilers • Memory management errors including uses of dangling references and memory leaks • Buffer overflow vulnerabilities • Violations of customized naming conventions • Modifications and global variable uses that are inconsistent with specified interfaces

  7. Annotating code • Ex1 : Null Dereferences • Common cause of failure • Null annotation indicates pointer value may be NULL • Splint indicates error for firstChar1 :- pointer dereferenced declared with Null annotation • No error detected for firstChar2 as true branch of s=NULL returns Null.c Running Splint

  8. Annotating code 2. Ex2: Boolean Types • Checks test expression in an if, while, or for statement or an operand of an &&, || or !operator for Boolean. • Warning produced if type of test expression is not Boolean bool.c Running Splint

  9. Download and Use • Free software • Different binaries available at: http://www.splint.org/ • Using Splint – A Manual: http://lclint.cs.virginia.edu/manual/manual.html • Download Visual Studio: www.cis.udel.edu

  10. Questions?

More Related