Accurate Interprocedural Null-Dereference Analysis for Java

Mangala Gowri Nanda and Saurabh Sinha

Gokulan R

CS15B033

27 April 2020

Summary of the paper

  • interprocedural, path-sensitive, context-sensitive analysis
  • backward driven driven analysis
    • starts from the target statement and explores all the way till the entry node of CFG
    • to analyse a given statement, the algorithm analyses less code than other algorithms
  • compared to prior works, detects more true-positives and less false-positives
  • Analysis Parameters
    • Traversal time
    • Number of predicates tracked
    • Number of paths stored

Key Algorithm

analyseMethod(node):
    initialise worklist with target node
    while worklist is not null
        node n removed from worklist
        for each predcessor p of n
        if p is not call/entry node or p calls external function
            process p, update state, add to worklist
        else if p is a function call
            analyse method and update state
        else
            p is entry node
    if called recursively, return updated state
    if entry method // analysis performed so far is context insensitive
    	update predicates
    else
    	trace back upwards from each call site of current method
    return (path explored, current state)

Future Work

  • Sound analysis: The given analysis is not sound, can be extended to guarantee soundness
  • When a path is discarded owing to the limit on max paths which can be tracked
    • Store the current context (path, state)
    • Once analysis completes, try to validate it
  • Heurestics to handle discarded paths / heuristic to choose a path to be discarded
  • Extending the algorithm to other types of bugs - eg: resource leak bugs
  • Can be used as an automated program solver

null_deref_analysis

By Gokulan Ravi

Made with Slides.com

null_deref_analysis

  • 131

More from Gokulan Ravi