Accurate Interprocedural Null-Dereference Analysis for Java

• Published in: 2009 IEEE 31st International Conference on Software Engineering pp. 133 - 143
• Main Authors: Nanda, Mangala Gowri, Sinha, Saurabh
• Format: Conference Proceeding
• Language: English
• Published: Washington, DC, USA IEEE Computer Society 16.05.2009; IEEE
• Series: ACM Conferences
• Subjects: Arithmetic; Computer bugs; General and reference > Cross-computing tools and techniques > Reliability; Information analysis; Java; Open source software; Performance analysis; Safety; Software and its engineering > Software notations and tools; Software and its engineering > Software notations and tools > General programming languages > Language types; Software and its engineering > Software organization and properties > Extra-functional properties > Software reliability
• ISBN: 9781424434534; 142443453X
• ISSN: 0270-5257
• DOI: 10.1109/ICSE.2009.5070515

Null dereference is a commonly occurring defect in Java programs, and many static-analysis tools identify such defects. However, most of the existing tools perform a limited interprocedural analysis. In this paper, we present an interprocedural path-sensitive and context-sensitive analysis for identifying null dereferences. Starting at a dereference statement, our approach performs a backward demand-driven analysis to identify precisely paths along which null values may flow to the dereference. The demand-driven analysis avoids an exhaustive program exploration, which lets it scale to large programs. We present the results of empirical studies conducted using large open-source and commercial products. Our results show that: (1) our approach detects fewer false positives, and significantly more interprocedural true positives, than other commonly used tools; (2) the analysis scales to large subjects; and (3) the identified defects are often deleted in subsequent releases, which indicates that the reported defects are important.