Verifying dereference safety via expanding-scope analysis

A. Loginov*, E. Yahav, S. Chandra, S. Fink, N. Rinetzky, M. G. Nanda

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

34 Scopus citations

Abstract

This paper addresses the challenging problem of verifying the safety of pointer dereferences in real Java programs. We provide an automatic approach to this problem based on a sound interprocedural analysis. We present a staged expanding-scope algorithm for interprocedural abstract interpretation, which invokes sound analysis with partial programs of increasing scope. This algorithm achieves many benefits typical of whole-program interprocedural analysis, but scales to large programs by limiting analysis to small program fragments. To address cases where the static analysis of program fragments fails to prove safety, the analysis also suggests possible annotations which, if a user accepts, ensure the desired properties. Experimental evaluation on a number of Java programs shows that we are able to verify 90% of all dereferences soundly and automatically, and further reduce the number of remaining dereferences using non-nullness annotations.

Original languageEnglish
Title of host publicationISSTA'08
Subtitle of host publicationProceedings of the 2008 International Symposium on Software Testing and Analysis 2008
PublisherAssociation for Computing Machinery
Pages213-223
Number of pages11
ISBN (Print)9781605580500
DOIs
StatePublished - 2008
Event2008 International Symposium on Software Testing and Analysis, ISSTA 2008 - Seattle, WA, United States
Duration: 20 Jul 200824 Jul 2008

Publication series

NameISSTA'08: Proceedings of the 2008 International Symposium on Software Testing and Analysis 2008

Conference

Conference2008 International Symposium on Software Testing and Analysis, ISSTA 2008
Country/TerritoryUnited States
CitySeattle, WA
Period20/07/0824/07/08

Keywords

  • Abstract interpretation
  • Static analysis

Fingerprint

Dive into the research topics of 'Verifying dereference safety via expanding-scope analysis'. Together they form a unique fingerprint.

Cite this