Verifying dereference safety via expanding-scope analysis

A. Loginov; E. Yahav; S. Chandra; S. Fink; N. Rinetzky; M. G. Nanda

doi:10.1145/1390630.1390657

Verifying dereference safety via expanding-scope analysis

A. Loginov^*, E. Yahav, S. Chandra, S. Fink, N. Rinetzky, M. G. Nanda

^*Corresponding author for this work

School of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

38 Scopus citations

Abstract

This paper addresses the challenging problem of verifying the safety of pointer dereferences in real Java programs. We provide an automatic approach to this problem based on a sound interprocedural analysis. We present a staged expanding-scope algorithm for interprocedural abstract interpretation, which invokes sound analysis with partial programs of increasing scope. This algorithm achieves many benefits typical of whole-program interprocedural analysis, but scales to large programs by limiting analysis to small program fragments. To address cases where the static analysis of program fragments fails to prove safety, the analysis also suggests possible annotations which, if a user accepts, ensure the desired properties. Experimental evaluation on a number of Java programs shows that we are able to verify 90% of all dereferences soundly and automatically, and further reduce the number of remaining dereferences using non-nullness annotations.

Original language	English
Title of host publication	ISSTA'08
Subtitle of host publication	Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008
Publisher	Association for Computing Machinery
Pages	213-223
Number of pages	11
ISBN (Print)	9781605580500
DOIs	https://doi.org/10.1145/1390630.1390657
State	Published - 2008
Event	2008 International Symposium on Software Testing and Analysis, ISSTA 2008 - Seattle, WA, United States Duration: 20 Jul 2008 → 24 Jul 2008

Publication series

Name	ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008

Conference

Conference	2008 International Symposium on Software Testing and Analysis, ISSTA 2008
Country/Territory	United States
City	Seattle, WA
Period	20/07/08 → 24/07/08

Keywords

Abstract interpretation
Static analysis

Access to Document

10.1145/1390630.1390657

Cite this

Loginov, A., Yahav, E., Chandra, S., Fink, S., Rinetzky, N., & Nanda, M. G. (2008). Verifying dereference safety via expanding-scope analysis. In ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008 (pp. 213-223). (ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008). Association for Computing Machinery. https://doi.org/10.1145/1390630.1390657

@inproceedings{7da08ad087694cd98b82dca42a3eb476,

title = "Verifying dereference safety via expanding-scope analysis",

abstract = "This paper addresses the challenging problem of verifying the safety of pointer dereferences in real Java programs. We provide an automatic approach to this problem based on a sound interprocedural analysis. We present a staged expanding-scope algorithm for interprocedural abstract interpretation, which invokes sound analysis with partial programs of increasing scope. This algorithm achieves many benefits typical of whole-program interprocedural analysis, but scales to large programs by limiting analysis to small program fragments. To address cases where the static analysis of program fragments fails to prove safety, the analysis also suggests possible annotations which, if a user accepts, ensure the desired properties. Experimental evaluation on a number of Java programs shows that we are able to verify 90% of all dereferences soundly and automatically, and further reduce the number of remaining dereferences using non-nullness annotations.",

keywords = "Abstract interpretation, Static analysis",

author = "A. Loginov and E. Yahav and S. Chandra and S. Fink and N. Rinetzky and Nanda, {M. G.}",

year = "2008",

doi = "10.1145/1390630.1390657",

language = "אנגלית",

isbn = "9781605580500",

series = "ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008",

publisher = "Association for Computing Machinery",

pages = "213--223",

booktitle = "ISSTA'08",

address = "ארצות הברית",

note = "2008 International Symposium on Software Testing and Analysis, ISSTA 2008 ; Conference date: 20-07-2008 Through 24-07-2008",

}

Loginov, A, Yahav, E, Chandra, S, Fink, S, Rinetzky, N & Nanda, MG 2008, Verifying dereference safety via expanding-scope analysis. in ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008. ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008, Association for Computing Machinery, pp. 213-223, 2008 International Symposium on Software Testing and Analysis, ISSTA 2008, Seattle, WA, United States, 20/07/08. https://doi.org/10.1145/1390630.1390657

Verifying dereference safety via expanding-scope analysis. / Loginov, A.; Yahav, E.; Chandra, S. et al.
ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008. Association for Computing Machinery, 2008. p. 213-223 (ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Verifying dereference safety via expanding-scope analysis

AU - Loginov, A.

AU - Yahav, E.

AU - Chandra, S.

AU - Fink, S.

AU - Rinetzky, N.

AU - Nanda, M. G.

PY - 2008

Y1 - 2008

N2 - This paper addresses the challenging problem of verifying the safety of pointer dereferences in real Java programs. We provide an automatic approach to this problem based on a sound interprocedural analysis. We present a staged expanding-scope algorithm for interprocedural abstract interpretation, which invokes sound analysis with partial programs of increasing scope. This algorithm achieves many benefits typical of whole-program interprocedural analysis, but scales to large programs by limiting analysis to small program fragments. To address cases where the static analysis of program fragments fails to prove safety, the analysis also suggests possible annotations which, if a user accepts, ensure the desired properties. Experimental evaluation on a number of Java programs shows that we are able to verify 90% of all dereferences soundly and automatically, and further reduce the number of remaining dereferences using non-nullness annotations.

AB - This paper addresses the challenging problem of verifying the safety of pointer dereferences in real Java programs. We provide an automatic approach to this problem based on a sound interprocedural analysis. We present a staged expanding-scope algorithm for interprocedural abstract interpretation, which invokes sound analysis with partial programs of increasing scope. This algorithm achieves many benefits typical of whole-program interprocedural analysis, but scales to large programs by limiting analysis to small program fragments. To address cases where the static analysis of program fragments fails to prove safety, the analysis also suggests possible annotations which, if a user accepts, ensure the desired properties. Experimental evaluation on a number of Java programs shows that we are able to verify 90% of all dereferences soundly and automatically, and further reduce the number of remaining dereferences using non-nullness annotations.

KW - Abstract interpretation

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=57449104459&partnerID=8YFLogxK

U2 - 10.1145/1390630.1390657

DO - 10.1145/1390630.1390657

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:57449104459

SN - 9781605580500

T3 - ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008

SP - 213

EP - 223

BT - ISSTA'08

PB - Association for Computing Machinery

T2 - 2008 International Symposium on Software Testing and Analysis, ISSTA 2008

Y2 - 20 July 2008 through 24 July 2008

ER -

Loginov A, Yahav E, Chandra S, Fink S, Rinetzky N, Nanda MG. Verifying dereference safety via expanding-scope analysis. In ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008. Association for Computing Machinery. 2008. p. 213-223. (ISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008). doi: 10.1145/1390630.1390657

Verifying dereference safety via expanding-scope analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this