|
Abstract : |
We study the applicability of pointer analysis algorithms (originally aimed at optimizing compilers) to identify potential errors such as dereferencing NULL pointers in C programs, by statically analyzing the behavior of programs on all their input data. The algorithms are conservative, i.e., they never miss an error but may also create "false alarms". Our goal is to identify the "core program analysis techniques " that are needed to develop a realistic tool that does not generate too many false alarms. Our experience indicates that the following techniques are necessary: (i) finding aliases between pointers, (ii) flow sensitive techniques that account for the program control flow constructs, (iii) partial interpretation of conditional statements, (iv) analysis of relationships between pointers, and sometimes (v) analysis of the underlying data structures manipulated by the C program. Our experimental work shows that the combination of these techniques yields better results than those achieved by state of the art tools. ACKNOWLEDGMENTS, |
