Affiliation:
1. University of Maryland, College Park, MD
Abstract
Using static analysis to detect memory access errors, such as null pointer dereferences, is not a new problem. However, much of the previous work has used rather sophisticated analysis techniques in order to detect such errors.In this paper we show that simple analysis techniques can be used to identify many such software defects, both in production code and in student code. In order to make our analysis both simple and effective, we use a non-standard analysis which is neither complete nor sound. However, we find that it is effective at finding an interesting class of software defects.We describe the basic analysis we perform, as well as the additional errors we can detect using techniques such as annotations and inter-procedural analysis.In studies of both production software and student projects, we find false positive rates of around 20% or less. In the student code base, we find that our static analysis techniques are able to pinpoint 50% to 80% of the defects leading to a null pointer exception at runtime.
Publisher
Association for Computing Machinery (ACM)
Reference11 articles.
1. ESP
2. Eclipse. http://www.eclipse.org 2005. Eclipse. http://www.eclipse.org 2005.
3. Static detection of dynamic memory errors
Cited by
12 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Bug detection in Java code: An extensive evaluation of static analysis tools using Juliet Test Suites;Software: Practice and Experience;2022-12-29
2. UBITect: a precise and scalable method to detect use-before-initialization bugs in Linux kernel;Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering;2020-11-07
3. Theoretical Background and State-of-the-Art;Advanced Information and Knowledge Processing;2020
4. Pinpoint: fast and precise sparse value flow analysis for million lines of code;ACM SIGPLAN Notices;2018-12-02
5. Pinpoint: fast and precise sparse value flow analysis for million lines of code;Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation;2018-06-11