Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A unified approach to global program optimization
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Discipline of Programming
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Test input generation with java PathFinder
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Evaluating and tuning a static analysis to find null pointer bugs
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
SYNERGY: a new algorithm for property checking
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Sound, complete and scalable path-sensitive analysis
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Verifying dereference safety via expanding-scope analysis
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Demystifying model transformations: an approach based on automated rule inference
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Software and Systems Modeling (SoSyM)
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Fluid updates: beyond strong vs. weak updates
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Predicate abstraction of Java programs with collections
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Sound input filter generation for integer overflow errors
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
| Hi-index | 0.00 |
Null dereferences are a bane of programming in languages such as Java. In this paper we propose a sound, demand-driven, inter-procedurally context-sensitive dataflow analysis technique to verify a given dereference as safe or potentially unsafe. Our analysis uses an abstract lattice of formulas to find a pre-condition at the entry of the program such that a null-dereference can occur only if the initial state of the program satisfies this pre-condition. We use a simplified domain of formulas, abstracting out integer arithmetic, as well as unbounded access paths due to recursive data structures. For the sake of precision we model aliasing relationships explicitly in our abstract lattice, enable strong updates, and use a limited notion of path sensitivity. For the sake of scalability we prune formulas continually as they get propagated, reducing to true conjuncts that are less likely to be useful in validating or invalidating the formula. We have implemented our approach, and present an evaluation of it on a set of ten real Java programs. Our results show that the set of design features we have incorporated enable the analysis to (a) explore long, inter-procedural paths to verify each dereference, with (b) reasonable accuracy, and (c) very quick response time per dereference, making it suitable for use in desktop development environments.