Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Typestate: A programming language concept for enhancing software reliability
IEEE Transactions on Software Engineering
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Critical slicing for software fault localization
ISSTA '96 Proceedings of the 1996 ACM SIGSOFT international symposium on Software testing and analysis
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Unification-based pointer analysis with directional assignments
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Fault localization using execution traces
ACM-SE 30 Proceedings of the 30th annual Southeast regional conference
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A Discipline of Programming
From symptom to cause: localizing errors in counterexample traces
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Extending Typestate Checking Using Conditional Liveness Analysis
IEEE Transactions on Software Engineering
ICSE '81 Proceedings of the 5th international conference on Software engineering
Building a Better Backtrace: Techniques for Postmortem Program Analysis
Building a Better Backtrace: Techniques for Postmortem Program Analysis
Software validation via scalable path-sensitive value flow analysis
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Symbolic path simulation in path-sensitive dataflow analysis
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
HDD: hierarchical delta debugging
Proceedings of the 28th international conference on Software engineering
Proceedings of the 5th international conference on Generative programming and component engineering
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Refining buffer overflow detection via demand-driven path-sensitive analysis
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Triage: diagnosing production run failures at the user's site
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
From uncertainty to belief: inferring the specification within
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Context-aware statistical debugging: from bug predictors to faulty control flow paths
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Proceedings of the 7th international conference on Aspect-oriented software development
Profile-guided program simplification for effective testing and analysis
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
HVC '08 Proceedings of the 4th International Haifa Verification Conference on Hardware and Software: Verification and Testing
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
SherLog: error diagnosis by connecting clues from run-time logs
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Detection and diagnosis of control interception
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Improving software diagnosability via log enhancement
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Partial replay of long-running applications
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Memory leak analysis by contradiction
SAS'06 Proceedings of the 13th international conference on Static Analysis
Improving Software Diagnosability via Log Enhancement
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
Path optimization in programs and its application to debugging
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Automated error diagnosis using abductive inference
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Predicting recurring crash stacks
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Thresher: precise refutations for heap reachability
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Automated debugging for arbitrarily long executions
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Marple: Detecting faults in path segments using automatically generated analyses
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
| Hi-index | 0.00 |
In this paper, we describe PSE (Postmortem Symbolic Evaluation), a static analysis algorithm that can be used by programmers to diagnose software failures. The algorithm requires minimal information about a failure, namely its kind (e.g. NULL dereference), and its location in the program's source code. It produces a set of execution traces along which the program can be driven to the given failure. PSE tracks the flow of a single value of interest from the point in the program where the failure occurred back to the points in the program where the value may have originated. The algorithm combines a novel dataflow analysis and memory alias analysis in a manner that allows for precise exploration of the program's behavior in polynomial time. We have applied PSE to the problem of diagnosing potential NULL-dereference errors in a suite of C programs, including several SPEC benchmarks and a large commercial operating system. In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second.