A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Precise Null Pointer Analysis Through Global Value Numbering
[article]
2017
arXiv
pre-print
Preserved Fulltext
Our program transformation is based on Global Value Numbering, a scheme inspired from compiler optimizations literature. ...
It allows even a flow-insensitive analysis to make use of branch conditions such as checking if a pointer is NULL and gain precision. ...
Our evaluation demonstrates the merit of our approach on a practical end-to-end scenario of finding null-pointer dereferences in software. ...
arXiv:1702.05807v1
fatcat:ou4esuf4gzaa5iwzjxi6nv5puu
Precise Null Pointer Analysis Through Global Value Numbering
[chapter]
2017
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Our program transformation is based on Global Value Numbering, a scheme inspired from compiler optimization literature. ...
It allows even a flow-insensitive analysis to make use of branch conditions such as checking if a pointer is Null and gain precision. ...
Global Value Numbering We improve upon the previous transformation by using a more precise method of determining expression equalities. ...
doi:10.1007/978-3-319-68167-2_2
fatcat:ajdiy6iv5ngm5pxcw6lt722g5y
A novel analysis space for pointer analysis and its application for bug finding
2010
Science of Computer Programming
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2010; you can also visit the original URL.
The file type is application/pdf.
We propose a new space of abstractions for pointer analysis-an important component of static analysis for C and similar languages. ...
Its flexibility supports many new analysis techniques with different trade-offs between precision and speed. ...
Table 3 lists the number of and character of pointer-related bugs we found, which include null pointer dereference, returning from a function with a global variable referring to the function's local variable ...
doi:10.1016/j.scico.2009.08.002
fatcat:ofxawbis35gujdrfh5blufrcxi
An SMT Encoding of LLVM's Memory Model for Bounded Translation Validation
[chapter]
2021
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
However, none of these tools has robust support to verify memory optimizations.In this paper, we present the first SMT encoding of LLVM's memory model that 1) is sufficiently precise to validate all of ...
This work was supported in part by the Basic Science Research Program through the National Research Foundation of Korea (NRF-2020R1A2C2011947). ...
Predicate isZeroByte(b) holds if b is a null pointer or if it is a zero-valued non-pointer byte. This is needed because stores of null pointers can be optimized to memset instructions. ...
doi:10.1007/978-3-030-81688-9_35
fatcat:gpsiovaoznddrn6sthv42rut2q
How is aliasing used in systems software?
2006
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering - SIGSOFT '06/FSE-14
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Our study requires an automatic alias analysis that both scales to large systems and has a low false positive rate. ...
To this end, we also present a new context-, flow-, and partially path-sensitive alias analysis that, together with a new technique for object naming, achieves a false aliasing rate of 26.2% on our benchmarks ...
Often this aliasing is innocuous; neither pointer is written, or the global is only accessed when the local pointer is NULL. ...
doi:10.1145/1181775.1181785
dblp:conf/sigsoft/HackettA06
fatcat:k6lbzwegkfc6llnfp6e7dbtrqa
PSE
2004
Software engineering notes
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2005; you can also visit the original URL.
The file type is application/pdf.
In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second. ...
The algorithm combines a novel dataflow analysis and memory alias analysis in a manner that allows for precise exploration of the program's behavior in polynomial time. ...
In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second. ...
doi:10.1145/1041685.1029907
fatcat:zgj2cruga5bexjmfx3nuovabcq
PSE
2004
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering - SIGSOFT '04/FSE-12
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2005; you can also visit the original URL.
The file type is application/pdf.
In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second. ...
The algorithm combines a novel dataflow analysis and memory alias analysis in a manner that allows for precise exploration of the program's behavior in polynomial time. ...
In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second. ...
doi:10.1145/1029894.1029907
dblp:conf/sigsoft/ManevichSA04
fatcat:msy2mexc7fd5nacy3wpcbulcga
Automatic predicate abstraction of C programs
2012
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Predicate abstraction of software has many applications, including detecting program errors, synthesizing program invariants, and improving the precision of program analyses through predicate sensitivity ...
We thank Manuvir Das for providing us his onelevel flow analysis tool. ...
Thanks also to the members of the Software Productivity Tools research group at Microsoft Research for many enlightening discussions on program analysis, programming languages and device drivers, as well ...
doi:10.1145/2442776.2442783
fatcat:odw5ibnlkfcctgkrj2bc3lhovy
Automatic predicate abstraction of C programs
2001
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Predicate abstraction of software has many applications, including detecting program errors, synthesizing program invariants, and improving the precision of program analyses through predicate sensitivity ...
We thank Manuvir Das for providing us his onelevel flow analysis tool. ...
Thanks also to the members of the Software Productivity Tools research group at Microsoft Research for many enlightening discussions on program analysis, programming languages and device drivers, as well ...
doi:10.1145/381694.378846
fatcat:dccnganv7bdqpl72uraf4l4buy
Automatic predicate abstraction of C programs
2001
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation - PLDI '01
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Predicate abstraction of software has many applications, including detecting program errors, synthesizing program invariants, and improving the precision of program analyses through predicate sensitivity ...
We thank Manuvir Das for providing us his onelevel flow analysis tool. ...
Thanks also to the members of the Software Productivity Tools research group at Microsoft Research for many enlightening discussions on program analysis, programming languages and device drivers, as well ...
doi:10.1145/378795.378846
dblp:conf/pldi/BallMMR01
fatcat:pswjhix5kra7hh56ejcial2sra
Automatic Verification of Pointer Data-Structure Systems for All Numbers of Processes
[chapter]
1999
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Analysis shows our method can automatically generate a CIS of size 1619 to verify that a version of Mellor-Crummy & Scott's algorithm preserves mutual exclusion for all numbers of processes. ...
We formally model such concurrent software as processes running algorithms on data-structures with pointers. We show that the verification problem of such algorithms is undecidable. ...
A process can access and manipulate other processes' information through global and local pointers. ...
doi:10.1007/3-540-48119-2_20
fatcat:snc7tb3webefxmy6ocadzeanra
Shape analysis with inductive recursion synthesis
2007
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation - PLDI '07
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
A combination of pointer analysis and program slicing is used to deal with the scalability issue typically faced by shape analyses. iv Finally, we present a data dependence test for recursive data structures ...
One promising formalism for describing heap is separation logic, with recursively defined predicates that allow for concise yet precise summarization of linked data structures. ...
Of course, for correctness, all expressions whose values may be propagated to a given pointer through a series of assignments need to be checked. ...
doi:10.1145/1250734.1250764
dblp:conf/pldi/GuoVA07
fatcat:ovl3pyb4p5dzhmudly3rqj4rku
Effective dynamic detection of alias analysis errors
2013
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2013
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
NEONGOBY works by dynamically observing pointer addresses during the execution of a test program and then checking these addresses against an alias analysis for errors. ...
It is explicitly designed to (1) be agnostic to the alias analysis it checks for maximum applicability and ease of use and (2) detect alias analysis errors that manifest on real-world programs and workloads ...
NEONGOBY handles undefined pointer values by setting them to NULL because NULL aliases nothing. ...
doi:10.1145/2491411.2491439
dblp:conf/sigsoft/WuHTY13
fatcat:2cnrd5yprjg7heg73uxk3ufrci
Calysto
2008
Proceedings of the 13th international conference on Software engineering - ICSE '08
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
to the leading, less precise, static-analysis-based tool for similar properties. ...
Many techniques exist, trading-off varying levels of automation, thoroughness of coverage of program behavior, precision of analysis, and scalability to large code bases. ...
Program functions can have multiple effects, e.g., returning a value, modifying globals, and modifying memory locations reachable through passed-in parameters. ...
doi:10.1145/1368088.1368118
dblp:conf/icse/BabicH08
fatcat:k7qsybu4dbavnmwskxlyiyhybm
Context- and path-sensitive memory leak detection
2005
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering - ESEC/FSE-13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We achieve very precise context-and pathsensitivity by expressing our analysis using boolean constraints. ...
In experiments with six large open source projects our analysis produced 510 warnings of which 455 were unique memory leaks, a false positive rate of only 10.8%. ...
The return value (rv) can only point to null or newly allocated memory locations. ...
doi:10.1145/1081706.1081728
dblp:conf/sigsoft/XieA05
fatcat:ikrgkmymp5aaxf3bwof27uq5qu
« Previous
Showing results 1 — 15 out of 8,739 results