Detecting Memory Errors via Static Pointer Analysis (Preliminary Experience)

Programs which manipulate pointers are hard to debug. Pointer analysis algorithms (originally aimed at optimizing compilers) may provide some remedy by identifying potential errors such as dereferencing NULL pointers by statically analyzing the behavior of programs on all their input data. Our goal is to identify the "core program analysis techniques" that can be used when developing realistic tools which detect memory errors at compile time without generating too many false alarms. Our preliminary experience indicates that the following techniques are necessary: (i) finding aliases between pointers, (ii) flow sensitive techniques that account for the program control flow constructs, (iii) partial interpretation of conditional statements, (iv) analysis of the relationships between pointers, and sometimes (v) analysis of the underlying data structures manipulated by the C program. We show that a combination of these techniques can yield better results than those achieved by state of the art tools. Yet it is not clear to us whether our ideas are applicable to large programs.