Pointer Analysis, Conditional Soundness, and Proving the Absence of Errors
نویسندگان
چکیده
It is well known that the use of points-to information can substantially improve the accuracy of a static program analysis. Commonly used algorithms for computing points-to information are known to be sound only for memory-safe programs. Thus, it appears problematic to utilize points-to information to verify the memory safety property without giving up soundness. We show that a sound combination is possible, even if the points-to information is computed separately and only conditionally sound. This result is based on a refined statement of the soundness conditions of points-to analyses and a general mechanism for composing conditionally sound analyses.
منابع مشابه
Applying Static Analysis for Detecting Null Pointers in Java Programs
The detection of bugs in software has been a difficult and time-consuming manual task. Some bugs are hard to find as they manifest themselves far from the actual errors such as dereferencing null-pointer. To avoid these bugs, a useful static program analysis tool would inspect a program for presence of such errors. The goal of static analysis is to detect common run-time errors that are not det...
متن کاملCobalt: A Language for Writing Provably-Sound Compiler Optimizations
We overview the current status and future directions of the Cobalt project. Cobalt is a domainspecific language for implementing compiler optimizations as guarded rewrite rules. Cobalt optimizations operate over a C-like intermediate representation including unstructured control flow, pointers to local variables and dynamically allocated memory, and recursive procedures. The design of Cobalt en...
متن کاملA framework for describing recursive data structure topologies in Coq
This paper presents an axiomatic framework in Coq for verifying invariants on heap data structures such as lists and trees in a C-like language with a low-level store model. The goal of the framework is to detect common errors such as memory leaks, dangling pointers and looped data structures. The framework provides a language for expressing invariants, and a set of inference axioms for verifyi...
متن کاملExperiences Using Static Analysis to Find Bugs
Static analysis examines code in the absence of input data and without running the code, and can detect potential security violations (e.g., SQL injection), runtime errors (e.g., dereferencing a null pointer) and logical inconsistencies (e.g., a conditional test that cannot possibly be true). While there is a rich body of literature on algorithms and analytical frameworks used by such tools, re...
متن کاملDetecting Null Pointer Violations in Java Programs
The use of formal methods has been growing steadily and there have been a number of successful applications of formal methods in a range of application areas It seems agreed that quality should be assured by apply ing testing analysis and formal methods to rigorously de ned precode artifacts The detection of null pointer violation errors is de nitely such a goal This way of applying formal meth...
متن کامل