Filters








8,739 Hits in 5.4 sec

Precise Null Pointer Analysis Through Global Value Numbering [article]

Ankush Das, Akash Lal
2017 arXiv   pre-print
Our program transformation is based on Global Value Numbering, a scheme inspired from compiler optimizations literature.  ...  It allows even a flow-insensitive analysis to make use of branch conditions such as checking if a pointer is NULL and gain precision.  ...  Our evaluation demonstrates the merit of our approach on a practical end-to-end scenario of finding null-pointer dereferences in software.  ... 
arXiv:1702.05807v1 fatcat:ou4esuf4gzaa5iwzjxi6nv5puu

Precise Null Pointer Analysis Through Global Value Numbering [chapter]

Ankush Das, Akash Lal
2017 Lecture Notes in Computer Science  
Our program transformation is based on Global Value Numbering, a scheme inspired from compiler optimization literature.  ...  It allows even a flow-insensitive analysis to make use of branch conditions such as checking if a pointer is Null and gain precision.  ...  Global Value Numbering We improve upon the previous transformation by using a more precise method of determining expression equalities.  ... 
doi:10.1007/978-3-319-68167-2_2 fatcat:ajdiy6iv5ngm5pxcw6lt722g5y

A novel analysis space for pointer analysis and its application for bug finding

Marcio Buss, Daniel Brand, Vugranam Sreedhar, Stephen A. Edwards
2010 Science of Computer Programming  
We propose a new space of abstractions for pointer analysis-an important component of static analysis for C and similar languages.  ...  Its flexibility supports many new analysis techniques with different trade-offs between precision and speed.  ...  Table 3 lists the number of and character of pointer-related bugs we found, which include null pointer dereference, returning from a function with a global variable referring to the function's local variable  ... 
doi:10.1016/j.scico.2009.08.002 fatcat:ofxawbis35gujdrfh5blufrcxi

An SMT Encoding of LLVM's Memory Model for Bounded Translation Validation [chapter]

Juneyoung Lee, Dongjoo Kim, Chung-Kil Hur, Nuno P. Lopes
2021 Lecture Notes in Computer Science  
However, none of these tools has robust support to verify memory optimizations.In this paper, we present the first SMT encoding of LLVM's memory model that 1) is sufficiently precise to validate all of  ...  This work was supported in part by the Basic Science Research Program through the National Research Foundation of Korea (NRF-2020R1A2C2011947).  ...  Predicate isZeroByte(b) holds if b is a null pointer or if it is a zero-valued non-pointer byte. This is needed because stores of null pointers can be optimized to memset instructions.  ... 
doi:10.1007/978-3-030-81688-9_35 fatcat:gpsiovaoznddrn6sthv42rut2q

How is aliasing used in systems software?

Brian Hackett, Alex Aiken
2006 Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering - SIGSOFT '06/FSE-14  
Our study requires an automatic alias analysis that both scales to large systems and has a low false positive rate.  ...  To this end, we also present a new context-, flow-, and partially path-sensitive alias analysis that, together with a new technique for object naming, achieves a false aliasing rate of 26.2% on our benchmarks  ...  Often this aliasing is innocuous; neither pointer is written, or the global is only accessed when the local pointer is NULL.  ... 
doi:10.1145/1181775.1181785 dblp:conf/sigsoft/HackettA06 fatcat:k6lbzwegkfc6llnfp6e7dbtrqa

PSE

Roman Manevich, Manu Sridharan, Stephen Adams
2004 Software engineering notes  
In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second.  ...  The algorithm combines a novel dataflow analysis and memory alias analysis in a manner that allows for precise exploration of the program's behavior in polynomial time.  ...  In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second.  ... 
doi:10.1145/1041685.1029907 fatcat:zgj2cruga5bexjmfx3nuovabcq

PSE

Roman Manevich, Manu Sridharan, Stephen Adams
2004 Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering - SIGSOFT '04/FSE-12  
In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second.  ...  The algorithm combines a novel dataflow analysis and memory alias analysis in a manner that allows for precise exploration of the program's behavior in polynomial time.  ...  In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second.  ... 
doi:10.1145/1029894.1029907 dblp:conf/sigsoft/ManevichSA04 fatcat:msy2mexc7fd5nacy3wpcbulcga

Automatic predicate abstraction of C programs

Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani
2012 SIGPLAN notices  
Predicate abstraction of software has many applications, including detecting program errors, synthesizing program invariants, and improving the precision of program analyses through predicate sensitivity  ...  We thank Manuvir Das for providing us his onelevel flow analysis tool.  ...  Thanks also to the members of the Software Productivity Tools research group at Microsoft Research for many enlightening discussions on program analysis, programming languages and device drivers, as well  ... 
doi:10.1145/2442776.2442783 fatcat:odw5ibnlkfcctgkrj2bc3lhovy

Automatic predicate abstraction of C programs

Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani
2001 SIGPLAN notices  
Predicate abstraction of software has many applications, including detecting program errors, synthesizing program invariants, and improving the precision of program analyses through predicate sensitivity  ...  We thank Manuvir Das for providing us his onelevel flow analysis tool.  ...  Thanks also to the members of the Software Productivity Tools research group at Microsoft Research for many enlightening discussions on program analysis, programming languages and device drivers, as well  ... 
doi:10.1145/381694.378846 fatcat:dccnganv7bdqpl72uraf4l4buy

Automatic predicate abstraction of C programs

Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani
2001 Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation - PLDI '01  
Predicate abstraction of software has many applications, including detecting program errors, synthesizing program invariants, and improving the precision of program analyses through predicate sensitivity  ...  We thank Manuvir Das for providing us his onelevel flow analysis tool.  ...  Thanks also to the members of the Software Productivity Tools research group at Microsoft Research for many enlightening discussions on program analysis, programming languages and device drivers, as well  ... 
doi:10.1145/378795.378846 dblp:conf/pldi/BallMMR01 fatcat:pswjhix5kra7hh56ejcial2sra

Automatic Verification of Pointer Data-Structure Systems for All Numbers of Processes [chapter]

Farn Wang
1999 Lecture Notes in Computer Science  
Analysis shows our method can automatically generate a CIS of size 1619 to verify that a version of Mellor-Crummy & Scott's algorithm preserves mutual exclusion for all numbers of processes.  ...  We formally model such concurrent software as processes running algorithms on data-structures with pointers. We show that the verification problem of such algorithms is undecidable.  ...  A process can access and manipulate other processes' information through global and local pointers.  ... 
doi:10.1007/3-540-48119-2_20 fatcat:snc7tb3webefxmy6ocadzeanra

Shape analysis with inductive recursion synthesis

Bolei Guo, Neil Vachharajani, David I. August
2007 Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation - PLDI '07  
A combination of pointer analysis and program slicing is used to deal with the scalability issue typically faced by shape analyses. iv Finally, we present a data dependence test for recursive data structures  ...  One promising formalism for describing heap is separation logic, with recursively defined predicates that allow for concise yet precise summarization of linked data structures.  ...  Of course, for correctness, all expressions whose values may be propagated to a given pointer through a series of assignments need to be checked.  ... 
doi:10.1145/1250734.1250764 dblp:conf/pldi/GuoVA07 fatcat:ovl3pyb4p5dzhmudly3rqj4rku

Effective dynamic detection of alias analysis errors

Jingyue Wu, Gang Hu, Yang Tang, Junfeng Yang
2013 Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2013  
NEONGOBY works by dynamically observing pointer addresses during the execution of a test program and then checking these addresses against an alias analysis for errors.  ...  It is explicitly designed to (1) be agnostic to the alias analysis it checks for maximum applicability and ease of use and (2) detect alias analysis errors that manifest on real-world programs and workloads  ...  NEONGOBY handles undefined pointer values by setting them to NULL because NULL aliases nothing.  ... 
doi:10.1145/2491411.2491439 dblp:conf/sigsoft/WuHTY13 fatcat:2cnrd5yprjg7heg73uxk3ufrci

Calysto

Domagoj Babic, Alan J. Hu
2008 Proceedings of the 13th international conference on Software engineering - ICSE '08  
to the leading, less precise, static-analysis-based tool for similar properties.  ...  Many techniques exist, trading-off varying levels of automation, thoroughness of coverage of program behavior, precision of analysis, and scalability to large code bases.  ...  Program functions can have multiple effects, e.g., returning a value, modifying globals, and modifying memory locations reachable through passed-in parameters.  ... 
doi:10.1145/1368088.1368118 dblp:conf/icse/BabicH08 fatcat:k7qsybu4dbavnmwskxlyiyhybm

Context- and path-sensitive memory leak detection

Yichen Xie, Alex Aiken
2005 Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering - ESEC/FSE-13  
We achieve very precise context-and pathsensitivity by expressing our analysis using boolean constraints.  ...  In experiments with six large open source projects our analysis produced 510 warnings of which 455 were unique memory leaks, a false positive rate of only 10.8%.  ...  The return value (rv) can only point to null or newly allocated memory locations.  ... 
doi:10.1145/1081706.1081728 dblp:conf/sigsoft/XieA05 fatcat:ikrgkmymp5aaxf3bwof27uq5qu
« Previous Showing results 1 — 15 out of 8,739 results