PSE: Explaining program failures via postmortem static analysis

Roman Manevich, Manu Sridharan, Stephen Adams, Manuvir Das, Zhe Yang

Research output: Contribution to conferencePaperpeer-review

92 Scopus citations

Abstract

In this paper, we describe PSE (Postmortem Symbolic Evaluation), a static analysis algorithm that can be used by programmers to diagnose software failures. The algorithm requires minimal information about a failure, namely its kind (e.g. NULL dereference), and its location in the program's source code. It produces a set of execution traces along which the program can be driven to the given failure. PSE tracks the flow of a single value of interest from the point in the program where the failure occurred back to the points in the program where the value may have originated. The algorithm combines a novel dataflow analysis and memory alias analysis in a manner that allows for precise exploration of the program's behavior in polynomial time. We have applied PSE to the problem of diagnosing potential NULL-dereference errors in a suite of C programs, including several SPEC benchmarks and a large commercial operating system. In most cases, the analysis is able to either validate a pointer dereference, or find precise error traces demonstrating a NULL value for the pointer, in less than a second.

Original languageEnglish
Pages63-72
Number of pages10
StatePublished - 1 Dec 2004
Externally publishedYes
EventTwelfth ACM SIGSOFT International Symposium on the Foundations of Software Engineering, SIGSOFT 2004/FSE-12 - Newport Beach, CA, United States
Duration: 31 Oct 20045 Nov 2004

Conference

ConferenceTwelfth ACM SIGSOFT International Symposium on the Foundations of Software Engineering, SIGSOFT 2004/FSE-12
Country/TerritoryUnited States
CityNewport Beach, CA
Period31/10/045/11/04

Keywords

  • Alias analysis
  • Postmortem analysis
  • Typestate
  • Value flow

Fingerprint

Dive into the research topics of 'PSE: Explaining program failures via postmortem static analysis'. Together they form a unique fingerprint.

Cite this