What tools do you use to check your C code ?
That is, a tool that helps you determine if you don't have unwanted infinite loop, if you silently cast enum to int, etc. (like a C lint)
Please, precise if it is opensource and on which OS is runs.
Edit : telll also which C standard it supports
There is splint, opensource, many OS, but doesn't support C99 C standard. http://www.splint.org/
First off (since it takes no effort) gcc -Wall (as Geoff mentions in his comment there are other warnings that need to be explicitly enabled)
The open source Splint is also good, and runs on pretty well any unix-like OS.
Since the question was about C, it's worth mentioning Misra. This is a set of recommendations aimed at minimising more error prone elements of the language. There are a number of Misra code checkers. Amongst others are these offerings from Abraxas and Greenhills
I don't think that there is a single tool that can assure your code quality. There is a various static code analyzer and it was discussed many times for example here. But nothing will replace a code review and QA process completely.
The combination of skilled programmers, good tools and good processes will make quality of your code better.
I use Gimpels PC-lint which is not open source, but is a pretty good static code analysis tool for C and C++, and is available for many operating systems. I use PC-Lint in conjunction with Visual lint which makes it much easier to use in the background.
If you happen to use Visual Studio, it's built-in static code checker has surprised me at least once.
You either enable the compiler option /analyze (found under 'Project' -> 'Properties' -> 'Configuration Properties' -> 'C/C++' -> 'Advanced') or run just the analysis with 'Build' -> 'Project only' -> 'Run Code Analysis on ...'
(I was actually pretty surprised to find it under 'Advanced', and NOT enabled by default ...)
We use the Green Hills compiler that has support for The Motor Industry Software Reliability Association rules aka MISRA C. There is also stand alone checkers available. Depending on what you want to do it can be a bit over kill.
I tried VC9 Code Analysis as chistoffer said on an ARMV4I DLL project but responds:
1>c1xxast : fatal error C1108: unable to find DLL: 'mspft80.dll'
I'm sure VS2008 is installed properly, but seems I've a missing component.
Have a look at Flawfinder, written by David Wheeler and available on from his home page. An excellent static security analyser that is a good starting point when looking at code.
Remember that this is no replacement for careful inspection by someone experienced in security, as David says on his page about Flawfinder, "A Fool with a Tool is still a Fool"!
HTH
cheers,
Rob