Abstract
In this paper, we describe PSE (Postmortem Symbolic Evaluation), a static analysis algorithm that can be used by programmers to diagnose software failures. The algorithm requires minimal information about a failure, namely its kind (e.g. NULL dereference), and its location in the program's source code. It produces a set of execution traces along which the program can be driven to the given failure. PSE tracks the flow of a single value of interest from the point in the program where the failure occurred back to the points in the program where the value may have originated. The algorithm combines a novel dataflow analysis and memory alias analysis in a manner that allows for precise exploration of the program's behavior in polynomial time. We have applied PSE to the problem of diagnosing potential NULL-dereference errors in a suite of C programs, including several SPEC benchmarks and a large commercial operating system. In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second.
| Original language | English |
|---|---|
| Pages | 63-72 |
| Number of pages | 10 |
| State | Published - 1 Dec 2004 |
| Externally published | Yes |
| Event | Twelfth ACM SIGSOFT International Symposium on the Foundations of Software Engineering, SIGSOFT 2004/FSE-12 - Newport Beach, CA, United States Duration: 31 Oct 2004 → 5 Nov 2004 |
Conference
| Conference | Twelfth ACM SIGSOFT International Symposium on the Foundations of Software Engineering, SIGSOFT 2004/FSE-12 |
|---|---|
| Country/Territory | United States |
| City | Newport Beach, CA |
| Period | 31/10/04 → 5/11/04 |
Keywords
- Alias analysis
- Postmortem analysis
- Typestate
- Value flow
ASJC Scopus subject areas
- General Computer Science