Ravichandhran Madhavan
Raghavan Komondoor
Abstract
Null dereferences are a bane of programming in languages such as Java. In this paper we propose a sound, demand-driven, inter-procedurally context-sensitive dataflow analysis technique to verify a given dereference as safe or potentially unsafe. Our analysis uses an abstract lattice of formulas to find a pre-condition at the entry of the program such that a null-dereference can occur only if the initial state of the program satisfies this pre-condition. We use a simplified domain of formulas, abstracting out integer arithmetic, as well as unbounded access paths due to recursive data structures. For the sake of precision we model aliasing relationships explicitly in our abstract lattice, enable strong updates, and use a limited notion of path sensitivity. For the sake of scalability we prune formulas continually as they get propagated, reducing to true conjuncts that are less likely to be useful in validating or invalidating the formula. We have implemented our approach, and present an evaluation of it on a set of ten real Java programs. Our results show that the set of design features we have incorporated enable the analysis to (a) explore long, inter-procedural paths to verify each dereference, with (b) reasonable accuracy, and (c) very quick response time per dereference, making it suitable for use in desktop development environments.
- T. Ball and S. Rajamani. Automatically validating temporal safety properties of interfaces. In Model Checking Software, volume 2057 of Lecture Notes in Computer Science, pages 102--122. Springer Berlin / Heidelberg, 2001. Google Scholar
Digital Library
- M. Barnett, K. R. M. Leino, and W. Schulte. The spec# programming system: An overview. In G. Barthe, L. Burdy, M. Huisman, J.-L. Lanet, and T. Muntean, editors, Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, volume 3362 of Lecture Notes in Computer Science, pages 49--69. Springer Berlin / Heidelberg, 2005. Google ScholarDigital Library
- S. Chandra, S. J. Fink, and M. Sridharan. Snugglebug: a powerful approach to weakest preconditions. In PLDI '09: Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 363--374, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proc. ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, POPL '77, pages 238--252, New York, NY, USA, 1977. ACM. Google ScholarDigital Library
- E. W. Dijkstra. A Discipline of Programming. Prentice Hall PTR, Upper Saddle River, NJ, USA, 1997. Google ScholarDigital Library
- I. Dillig, T. Dillig, and A. Aiken. Sound, complete and scalable path-sensitive analysis. In PLDI '08: Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation, pages 270--280, 2008. Google ScholarDigital Library
- I. Dillig, T. Dillig, and A. Aiken. Fluid updates: Beyond strong vs. weak updates. In A. Gordon, editor, Programming Languages and Systems, volume 6012 of Lecture Notes in Computer Science, pages 246--266. Springer Berlin / Heidelberg, 2010. Google ScholarDigital Library
- C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for java. In PLDI '02: Proc. SIGPLAN Conference on Programming Language Design and Implementation, pages 234--245, 2002. Google ScholarDigital Library
- P. Godefroid, N. Klarlund, and K. Sen. Dart: directed automated random testing. In PLDI 05: Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 213--223, 2005. Google ScholarDigital Library
- B. Gulavani, T. Henzinger, Y. Kannan, A. Nori, and S. Rajamani. Synergy: An new algorithm for property checking. In FSE '06: Proc. ACM SIGSOFT Symp. on Foundations of Software Engineering, pages 117--127, 2006. Google ScholarDigital Library
- D. Hovemeyer, J. Spacco, and W. Pugh. Evaluating and tuning a static analysis to null pointer bugs. In PASTE '05: Proc. ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, pages 13--19, 2005. Google ScholarDigital Library
- G. Kildall. A unified approach to global program optimization. In POPL '73: Proc. ACM Symposium on Principles of Programming Languages, pages 194--206, New York, NY, USA, 1973. Google ScholarDigital Library
- A. Loginov, E. Yahav, S. Chandra, S. Fink, N. Rinetzky, and M. Nanda. Verifying dereference safety via expanding-scope analysis. In ISSTA '08: Proc. International Symposium on Software Testing and Analysis, pages 213--224, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- M. G. Nanda, S. Mani, V. S. Sinha, and S. Sinha. Demystifying model transformations: an approach based on automated rule inference. In OOPSLA '09: Proc. ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications, pages 341--360, 2009. Google ScholarDigital Library
- M. G. Nanda and S. Sinha. Accurate interprocedural null-dereference analysis for java. In ICSE '09: Proc. International Conference on Software Engineering, pages 133--143, Washington, DC, USA, 2009. IEEE Computer Society. Google ScholarDigital Library
- J. C. Reynolds. Separation logic: A logic for shared mutable data structures. Logic in Computer Science, Symposium on, pages 55--74, 2002. Google ScholarDigital Library
- M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst., 24:217--298, May 2002. Google ScholarDigital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In S. S. Muchnick and N. D. Jones, editors, Program Flow Analysis: Theory and Application. Prentice Hall Professional Technical Reference, 1981.Google Scholar
- F. Spoto. Precise null-pointer analysis. Software and Systems Modeling, 10:219--252, 2011. 10.1007/s10270-009-0132--5. Google ScholarDigital Library
- W. Visser, C. S. Pasareanu, and S. Khurshid. Test input generation with java pathfinder. In ISSTA '04: Proc. ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 97--107, 2004. Google ScholarDigital Library
- T.J. Watson Libraries for Analysis (WALA), http://wala.sf.net.Google Scholar
Index Terms
- Null dereference verification via over-approximated weakest pre-conditions analysis
Recommendations
Verifying dereference safety via expanding-scope analysis
ISSTA '08: Proceedings of the 2008 international symposium on Software testing and analysisThis paper addresses the challenging problem of verifying the safety of pointer dereferences in real Java programs. We provide an automatic approach to this problem based on a sound interprocedural analysis. We present a staged expanding-scope algorithm ...
Null dereference verification via over-approximated weakest pre-conditions analysis
OOPSLA '11: Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applicationsNull dereferences are a bane of programming in languages such as Java. In this paper we propose a sound, demand-driven, inter-procedurally context-sensitive dataflow analysis technique to verify a given dereference as safe or potentially unsafe. Our ...
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09: Proceedings of the 31st International Conference on Software EngineeringNull dereference is a commonly occurring defect in Java programs, and many static-analysis tools identify such defects. However, most of the existing tools perform a limited interprocedural analysis. In this paper, we present an interprocedural path-...
Comments