STANSE: Bug-finding Framework for C Programs
This provides a scalable and extensible bug-finding tool for developers working on large software projects like the Linux kernel, though it is incremental as it builds on existing static analysis methods.
The authors tackled the problem of finding bugs in large C programs by developing STANSE, a modular static analysis framework, and tested it on the Linux kernel, discovering dozens of previously unknown bugs.
STANSE is a free (available under the GPLv2 license) modular framework for finding bugs in C programs using static analysis. Its two main design goals are 1) ability to process large software projects like the Linux kernel and 2) extensibility with new bug-finding techniques with a minimal effort. Currently there are four bug-finding algorithms implemented within STANSE: AutomatonChecker checks properties described in an automata-based formalism, ThreadChecker detects deadlocks among multiple threads, LockChecker finds locking errors based on statistics, and ReachabilityChecker looks for unreachable code. STANSE has been tested on the Linux kernel, where it has found dozens of previously undiscovered bugs.