Accurate Interprocedural Null-Dereference Analysis for Java

Null dereference is a commonly occurring defect in Java programs, and many static-analysis tools identify such defects. However, most of the existing tools perform a limited interprocedural analysis. In this paper, we present an interprocedural path-sensitive and context-sensitive analysis for ident...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2009 IEEE 31st International Conference on Software Engineering s. 133 - 143
Hlavní autoři: Nanda, Mangala Gowri, Sinha, Saurabh
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: Washington, DC, USA IEEE Computer Society 16.05.2009
IEEE
Edice:ACM Conferences
Témata:
Arithmetic
Computer bugs
General and reference > Cross-computing tools and techniques > Reliability
Information analysis
Java
Open source software
Performance analysis
Safety
Software and its engineering > Software notations and tools
Software and its engineering > Software notations and tools > General programming languages > Language types
Software and its engineering > Software organization and properties > Extra-functional properties > Software reliability
ISBN:9781424434534, 142443453X
ISSN:0270-5257
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Null dereference is a commonly occurring defect in Java programs, and many static-analysis tools identify such defects. However, most of the existing tools perform a limited interprocedural analysis. In this paper, we present an interprocedural path-sensitive and context-sensitive analysis for identifying null dereferences. Starting at a dereference statement, our approach performs a backward demand-driven analysis to identify precisely paths along which null values may flow to the dereference. The demand-driven analysis avoids an exhaustive program exploration, which lets it scale to large programs. We present the results of empirical studies conducted using large open-source and commercial products. Our results show that: (1) our approach detects fewer false positives, and significantly more interprocedural true positives, than other commonly used tools; (2) the analysis scales to large subjects; and (3) the identified defects are often deleted in subsequent releases, which indicates that the reported defects are important.
ISBN:9781424434534
142443453X
ISSN:0270-5257
DOI:10.1109/ICSE.2009.5070515