STANSE: Bug-Finding Framework for C Programs

  • Jan Obdržálek
  • Jiří Slabý
  • Marek Trtík
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7119)


Stanse is a free (available under the GPLv2 license) modular framework for finding bugs in C programs using static analysis. Its two main design goals are 1) ability to process large software projects like the Linux kernel and 2) extensibility with new bug-finding techniques with a minimal effort. Currently there are four bug-finding algorithms implemented within Stanse: AutomatonChecker checks properties described in an automata-based formalism, ThreadChecker detects deadlocks among multiple threads, LockChecker finds locking errors based on statistics, and ReachabilityChecker looks for unreachable code. Stanse has been tested on the Linux kernel, where it has found dozens of previously undiscovered bugs.


Dependency Graph Real Error Abstract Syntax Tree Error Trace Function Summary 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chou, A., Chelf, B., Engler, D., Heinrich, M.: Using meta-level compilation to check FLASH protocol code. ACM SIGOPS Oper. Syst. Rev. 34(5), 59–70 (2000)CrossRefGoogle Scholar
  2. 2.
    Engler, D., Chelf, B., Chou, A., Hallem, S.: Checking system rules using system-specific, programmer-written compiler extensions. In: OSDI 2000, pp. 1–16 (2000)Google Scholar
  3. 3.
    Engler, D., Chen, D.Y., Hallem, S., Chou, A., Chelf, B.: Bugs as deviant behavior: A general approach to inferring errors in systems code. ACM SIGOPS Oper. Syst. Rev. 35(5), 57–72 (2001)CrossRefGoogle Scholar
  4. 4.
    Hallem, S., Chelf, B., Xie, Y., Engler, D.: A system and language for building system-specific, static analyses. In: PLDI 2002, pp. 69–82. ACM (2002)Google Scholar
  5. 5.
    Hovemeyer, D., Pugh, W.: Finding bugs is easy. In: OOPSLA 2004, pp. 132–136. ACM (2004)Google Scholar
  6. 6.
    Shapiro, M., Horwitz, S.: Fast and accurate flow-insensitive points-to analysis. In: POPL 1997, pp. 1–14. ACM (1997)Google Scholar
  7. 7.
    Steensgaard, B.: Points-to analysis in almost linear time. In: POPL 1996, pp. 32–41. ACM (1996)Google Scholar
  8. 8.
    Voung, J.W., Jhala, R., Lerner, S.: RELAY: static race detection on millions of lines of code. In: ESEC-FSE 2007, pp. 205–214. ACM (2007)Google Scholar
  9. 9.
  10. 10.
  11. 11.
  12. 12.
  13. 13.
  14. 14.
  15. 15.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jan Obdržálek
    • 1
  • Jiří Slabý
    • 1
  • Marek Trtík
    • 1
  1. 1.Masaryk UniversityBrnoCzech Republic

Personalised recommendations