Article

Evaluating and tuning a static analysis to find null pointer bugs

Authors:

David Hovemeyer,

Jaime Spacco,

William PughAuthors Info & Claims

PASTE '05: Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

Pages 13 - 19

https://doi.org/10.1145/1108792.1108798

Published: 05 September 2005 Publication History

Get Access

Abstract

Using static analysis to detect memory access errors, such as null pointer dereferences, is not a new problem. However, much of the previous work has used rather sophisticated analysis techniques in order to detect such errors.In this paper we show that simple analysis techniques can be used to identify many such software defects, both in production code and in student code. In order to make our analysis both simple and effective, we use a non-standard analysis which is neither complete nor sound. However, we find that it is effective at finding an interesting class of software defects.We describe the basic analysis we perform, as well as the additional errors we can detect using techniques such as annotations and inter-procedural analysis.In studies of both production software and student projects, we find false positive rates of around 20% or less. In the student code base, we find that our static analysis techniques are able to pinpoint 50% to 80% of the defects leading to a null pointer exception at runtime.

References

[1]

William R. Bush, Jonathan D. Pincus, and David J. Sielaff. A static analyzer for finding dynamic programming errors. Software---Practice and Experience, 30:775--802, 2000.

Crossref

Google Scholar

[2]

Manuvir Das, Sorin Lerner, and Mark Seigle. ESP: Path-sensitive program verification in polynomial time. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pages 57--68. ACM Press, 2002.

Digital Library

Google Scholar

[3]

Eclipse. http://www.eclipse.org, 2005.

Google Scholar

[4]

D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, San Diego, CA, October 2000.

Digital Library

Google Scholar

[5]

D. Evans. Static detection of dynamic memory errors. In Proceedings of the SIGPLAN Conference on Programming Languages, Design, and Implementation, 1996.

Digital Library

Google Scholar

[6]

Manuel Fähndrich and K. Rustan M. Leino. Declaring and checking non-null types in an object-oriented language. In OOPSLA '03: Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications, pages 302--312, New York, NY, USA, 2003. ACM Press.

Digital Library

Google Scholar

[7]

C. Flanagan, K. Leino, M. Lillibridge, C. Nelson, J. Saxe, and R. Stata. Extended static checking for Java, 2002.

Google Scholar

[8]

David Hovemeyer and William Pugh. Finding bugs is easy. In Companion of the 19th ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, Vancouver, BC, October 2004.

Digital Library

Google Scholar

[9]

Atanas Rountev, Scott Kagan, and Michael Gibas. Evaluating the imprecision of static analysis. In PASTE '04: Proceedings of the ACM-SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pages 14--16, Washington DC, USA, 2004.

Digital Library

Google Scholar

[10]

Jaime Spacco, Jaymie Strecker, David Hovemeyer, and William Pugh. Software repository mining with Marmoset: An automated programming project snapshot and testing system. In Proceedings of the Mining Software Repositories Workshop (MSR 2005), St. Louis, Missouri, USA, May 2005.

Digital Library

Google Scholar

[11]

Yichen Xie and Dawson Engler. Using redundancies to find errors. In SIGSOFT '02/FSE-10: Proceedings of the 10th ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 51--60, Charleston, South Carolina, USA, 2002.

Digital Library

Google Scholar

Cited By

View all

Xie DChen BHuang KWang YPan LChen ZPeng X(2024)Enhancing Field Tracking and Interprocedural Analysis to Find More Null Pointer Exceptions2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00093(849-859)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00093
Karimipour NPham JClapp LSridharan MChandra SBlincoe KTonella P(2023)Practical Inference of Nullability TypesProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616326(1395-1406)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616326
Guo ZTan TLiu SLiu XLai WYang YLi YChen LDong WZhou Y(2023)Mitigating False Positive Static Analysis Warnings: Progress, Challenges, and OpportunitiesIEEE Transactions on Software Engineering10.1109/TSE.2023.332966749:12(5154-5188)Online publication date: Dec-2023
https://doi.org/10.1109/TSE.2023.3329667
Show More Cited By

Index Terms

Evaluating and tuning a static analysis to find null pointer bugs
1. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis
    2. Program semantics

Recommendations

Evaluating and tuning a static analysis to find null pointer bugs

Using static analysis to detect memory access errors, such as null pointer dereferences, is not a new problem. However, much of the previous work has used rather sophisticated analysis techniques in order to detect such errors.In this paper we show that ...
Precise null-pointer analysis

In Java, C or C++, attempts to dereference the null value result in an exception or a segmentation fault. Hence, it is important to identify those program points where this undesired behaviour might occur or prove the other program points (and possibly ...
Efficient static analysis with path pruning using coverage data

Soundness and completeness are two primary concerns of a static analysis tool for finding defects in software. Exhaustive static analysis of the program through all paths is not always possible, especially for a large software causing incompleteness in ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

PASTE '05: Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

September 2005

118 pages

ISBN:1595932399

DOI:10.1145/1108792

Editors:
Michael Ernst
MIT
,
Thomas Jensen
CNRS

ACM SIGSOFT Software Engineering Notes Volume 31, Issue 1
January 2006
203 pages
ISSN:0163-5948
DOI:10.1145/1108768
Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 September 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

PASTE05

Sponsor:

PASTE05: PASTE '05 - ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

September 5 - 6, 2005

Lisbon, Portugal

Acceptance Rates

Overall Acceptance Rate 57 of 159 submissions, 36%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

76
Total Citations
View Citations
1,324
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)3

Reflects downloads up to 14 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Xie DChen BHuang KWang YPan LChen ZPeng X(2024)Enhancing Field Tracking and Interprocedural Analysis to Find More Null Pointer Exceptions2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00093(849-859)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00093
Karimipour NPham JClapp LSridharan MChandra SBlincoe KTonella P(2023)Practical Inference of Nullability TypesProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616326(1395-1406)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616326
Guo ZTan TLiu SLiu XLai WYang YLi YChen LDong WZhou Y(2023)Mitigating False Positive Static Analysis Warnings: Progress, Challenges, and OpportunitiesIEEE Transactions on Software Engineering10.1109/TSE.2023.332966749:12(5154-5188)Online publication date: Dec-2023
https://doi.org/10.1109/TSE.2023.3329667
Kellogg MDaskiewicz DDuc Nguyen LAhmed MErnst M(2023)Pluggable Type Inference for Free2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)10.1109/ASE56229.2023.00186(1542-1554)Online publication date: 11-Sep-2023
https://doi.org/10.1109/ASE56229.2023.00186
Moradi Dakhel AMajdinasab VNikanjam AKhomh FDesmarais MJiang Z(2023)GitHub Copilot AI pair programmer: Asset or Liability?Journal of Systems and Software10.1016/j.jss.2023.111734203(111734)Online publication date: Sep-2023
https://doi.org/10.1016/j.jss.2023.111734
Riouak IReichenbach CHedin GFors N(2021)A Precise Framework for Source-Level Control-Flow Analysis2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)10.1109/SCAM52516.2021.00009(1-11)Online publication date: Sep-2021
https://doi.org/10.1109/SCAM52516.2021.00009
Kim JBatory DGligoric MTsantalis NCai YDemeyer S(2019)Code transformation issues in move-instance-method refactoringsProceedings of the 3rd International Workshop on Refactoring10.1109/IWoR.2019.00011(17-22)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1109/IWoR.2019.00011
Yasuda KItoh SMibe RJodai YNakaya F(2019)Inferring Faults in Business Specifications Extracted from Source Code2019 26th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC48747.2019.00040(236-243)Online publication date: Dec-2019
https://doi.org/10.1109/APSEC48747.2019.00040
Mayo Q(2018)Detection of Generalizable Clone Security Coding Bugs Using Graphs and Learning Algorithmsundefined10.12794/metadc1404548Online publication date: Dec-2018
https://doi.org/10.12794/metadc1404548
Shi QXiao XWu RZhou JFan GZhang C(2018)Pinpoint: fast and precise sparse value flow analysis for million lines of codeACM SIGPLAN Notices10.1145/3296979.319241853:4(693-706)Online publication date: 11-Jun-2018
https://dl.acm.org/doi/10.1145/3296979.3192418
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations