The return of the Stanford Checker [LWN.net]

We first looked at the "Stanford Checker" back in March, 2001. The Checker is a system built on top of gcc which analyzes large amounts of source code and looks for obscure errors. In the past, it has been responsible for many kernel bug fixes. The Checker team has been quiet for a while; now, perhaps with the end of the academic year, the group has returned with a new set of error reports.

So what has the checker group found this time?

Missing unlocks. Here, the Checker looked for situations where kernel code could either take out a lock or disable interrupts, then fail to undo the action before returning. 18 possible errors were found.
Memory leaks. The Checker looked for failure paths which failed to return allocated memory. "while we only include 24 errors, there were lots in general."
Failure to check return codes. Numerous places were found where kernel code does not look at the return status from a function which can fail.
Missing null pointer checks (54 errors). Most of the errors seem to be with calls to kmalloc.
Large stack variables (37). Allocating a variable of size greater than 1KB may not be, strictly, an error, but it can lead to problems quickly when the stack runs out of space.

The Checker code itself remains unreleased, unfortunately. The Checker group does the kernel a great service by performing this testing and passing on the problems for fixing. But there are no end of other development projects out there that could benefit from this code. One can only hope that, someday, the Checker code will be more widely available.

(Log in to post comments)

The return of the Stanford Checker

Posted Jun 13, 2002 7:19 UTC (Thu) by jbeyer (guest, #901) [Link]

Dawson Engler seems to be a nice guy. He answers mail, but he
says, that his checker will not be release NOW. Hopefully he
will release it soon, it would be very useful.

Has the FSF contacted him to get a release?

Joerg

The return of the Stanford Checker

Posted Jun 13, 2002 7:53 UTC (Thu) by DeletedUser1717 ((unknown), #1717) [Link]

Even assuming that it is derived from a GPL source, as the Checker has never been distributed (it is only used internally at Stanford) there is no requirement to release any source for it.

The return of the Stanford Checker

Posted Jun 13, 2002 11:23 UTC (Thu) by jbeyer (guest, #901) [Link]

is giving the checker to a student a distribution?

dont get me wrong I would not press on anybody and I sure dont
want to do any harm to the cheker writers. I hope that they will
release it soon - any way in what shape the source is :-)

The return of the Stanford Checker

Posted Jun 13, 2002 14:21 UTC (Thu) by gleef (guest, #1004) [Link]

jbeyer asks:
is giving the checker to a student a distribution?

Giving a student binaries or source code to install on their on system (or in their directory on the Stanford systems) would be a distribution. Merely permitting the students to run the version already installed by the authors is not. I don't know how the Checker project operates.

Even if they are distributing to students, if they excercise distribution option 'a' under GPL term 3, they may package the source together with the binaries on the same medium, and have no further obligation to distribute the source. They can't prevent the hypothetical students from redistributing the software, but nobody can force the students to, either.

I am not a lawyer; the above should not be construed as legal advice.