Accurate Interprocedural Null-Dereference Analysis for Java
Null dereference is a commonly occurring defect in Java programs, and many static-analysis tools identify such defects. However, most of the existing tools perform a limited interprocedural analysis. In this paper, we present an interprocedural path-sensitive and context-sensitive analysis for ident...
Saved in:
| Published in | 2009 IEEE 31st International Conference on Software Engineering pp. 133 - 143 |
|---|---|
| Main Authors | , |
| Format | Conference Proceeding |
| Language | English |
| Published |
Washington, DC, USA
IEEE Computer Society
16.05.2009
IEEE |
| Series | ACM Conferences |
| Subjects | |
| Online Access | Get full text |
| ISBN | 9781424434534 142443453X |
| ISSN | 0270-5257 |
| DOI | 10.1109/ICSE.2009.5070515 |
Cover
| Abstract | Null dereference is a commonly occurring defect in Java programs, and many static-analysis tools identify such defects. However, most of the existing tools perform a limited interprocedural analysis. In this paper, we present an interprocedural path-sensitive and context-sensitive analysis for identifying null dereferences. Starting at a dereference statement, our approach performs a backward demand-driven analysis to identify precisely paths along which null values may flow to the dereference. The demand-driven analysis avoids an exhaustive program exploration, which lets it scale to large programs. We present the results of empirical studies conducted using large open-source and commercial products. Our results show that: (1) our approach detects fewer false positives, and significantly more interprocedural true positives, than other commonly used tools; (2) the analysis scales to large subjects; and (3) the identified defects are often deleted in subsequent releases, which indicates that the reported defects are important. |
|---|---|
| AbstractList | Null dereference is a commonly occurring defect in Java programs, and many static-analysis tools identify such defects. However, most of the existing tools perform a limited interprocedural analysis. In this paper, we present an interprocedural path-sensitive and context-sensitive analysis for identifying null dereferences. Starting at a dereference statement, our approach performs a backward demand-driven analysis to identify precisely paths along which null values may flow to the dereference. The demand-driven analysis avoids an exhaustive program exploration, which lets it scale to large programs. We present the results of empirical studies conducted using large open-source and commercial products. Our results show that: (1) our approach detects fewer false positives, and significantly more interprocedural true positives, than other commonly used tools; (2) the analysis scales to large subjects; and (3) the identified defects are often deleted in subsequent releases, which indicates that the reported defects are important. |
| Author | Sinha, Saurabh Nanda, Mangala Gowri |
| Author_xml | – sequence: 1 givenname: Mangala Gowri surname: Nanda fullname: Nanda, Mangala Gowri organization: IBM India Research Lab, India – sequence: 2 givenname: Saurabh surname: Sinha fullname: Sinha, Saurabh organization: IBM India Research Lab, India |
| BookMark | eNqNkE9Lw0AQxResYK39AOIlZyF19l92g6cQq1aKHtTzstnMQjRNyqYV-u3d0Hp3YBiY37yB9y7JpOs7JOSawoJSyO9W5ftywQDyhQQFksozMs-VpoIJwYXkYkKmwBSkkkl1QebD8AWxIqE6n5L7wrl9sDtMVt0Owzb0Duu4aJPXfdumDxjQx-4cJkVn28PQDInvQ_Jif-wVOfe2HXB-mjPy-bj8KJ_T9dvTqizWqWWS7lLuHFXMaccxQ6lAc1dLnnP0NHd1rXQFYCsvEbiWVigdTVRe2EwzrSzN-IzcHP82iGi2odnYcDAnu5HCkVq3MVXffw-GghmzMWM2Zszm79hUoUEfJbf_lvBfUd1kJg |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/ICSE.2009.5070515 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EndPage | 143 |
| ExternalDocumentID | 5070515 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IG 6IH 6IK 6IL 6IM 6IN AAJGR AARBI ACM ADPZR ALMA_UNASSIGNED_HOLDINGS APO BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK GUFHI IERZE OCL RIE RIL RIO -~X .4S .DC 123 23M 29O 5VS 8US AAWTH ABLEC ADZIZ AFFNX ARCSS AVWKF CHZPO EDO FEDTE I-F I07 IEGSK IJVOP IPLJI M43 RNS XOL |
| ID | FETCH-LOGICAL-a251t-3cc172c8c3e6e57083cd5393ef19cdd78b00abf5e0385a478515bf4a68287a163 |
| IEDL.DBID | RIE |
| ISBN | 9781424434534 142443453X |
| ISSN | 0270-5257 |
| IngestDate | Wed Aug 27 02:03:48 EDT 2025 Wed Jan 31 06:38:21 EST 2024 Wed Jan 31 06:42:45 EST 2024 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a251t-3cc172c8c3e6e57083cd5393ef19cdd78b00abf5e0385a478515bf4a68287a163 |
| PageCount | 11 |
| ParticipantIDs | ieee_primary_5070515 acm_books_10_1109_ICSE_2009_5070515_brief acm_books_10_1109_ICSE_2009_5070515 |
| PublicationCentury | 2000 |
| PublicationDate | 20090516 2009-May |
| PublicationDateYYYYMMDD | 2009-05-16 2009-05-01 |
| PublicationDate_xml | – month: 05 year: 2009 text: 20090516 day: 16 |
| PublicationDecade | 2000 |
| PublicationPlace | Washington, DC, USA |
| PublicationPlace_xml | – name: Washington, DC, USA |
| PublicationSeriesTitle | ACM Conferences |
| PublicationTitle | 2009 IEEE 31st International Conference on Software Engineering |
| PublicationTitleAbbrev | ICSE |
| PublicationYear | 2009 |
| Publisher | IEEE Computer Society IEEE |
| Publisher_xml | – name: IEEE Computer Society – name: IEEE |
| SSID | ssj0000453189 ssj0006499 |
| Score | 1.984778 |
| Snippet | Null dereference is a commonly occurring defect in Java programs, and many static-analysis tools identify such defects. However, most of the existing tools... |
| SourceID | ieee acm |
| SourceType | Publisher |
| StartPage | 133 |
| SubjectTerms | Arithmetic Computer bugs General and reference -- Cross-computing tools and techniques -- Reliability Information analysis Java Open source software Performance analysis Safety Software and its engineering -- Software notations and tools Software and its engineering -- Software notations and tools -- General programming languages -- Language types Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software reliability |
| Title | Accurate Interprocedural Null-Dereference Analysis for Java |
| URI | https://ieeexplore.ieee.org/document/5070515 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8NAEB7anjxVbcX6IqAXwW2TJrtJ8CS1pRZaBC30FvYJIrZSEw_-emfzEsVDb3lsXsNu9pudme8DuOLaMyEdUiIFi9FBUYwI3-MkHkZcS2qGwthC4fmCTZfBbEVXDbipa2G01nnyme7bzTyWrzYys0tlA8QuVpKkCc0wYkWtVr2egtAEu2dc_4VZkGtHotflEsv4WRV1-dhuVXE9lftBGe703HjwMHoaFzSW5dPstCXffomv5HPPpA3z6q2LlJPXfpaKvvz6Q-i462ftQ_enys95rOevA2jo9SG0K5kHpxz1Hbi9kzKzjBJOmaGIlyjL1uEs0H8l97qWKnEqihMHobAz45-8C8vJ-Hk0JaXmAuGIdFLiS4mQRkbS10zTEAGaVNSPfW28WCoVRjhMuTBU24giD0IEbFSYgDNLnM8R3B1Ba71Z62NwTMAiexdsKALPBHhPP3KpcplCt1PwHlyiYRPrTHwkuS_ixok1v5XGjJPSKj243qFVIrYv2vSgY62bvBdEHdXJk_8Pn8JeERqy2Ytn0Eq3mT5HhJGKi7xrfQNLvsL_ |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LTwIxEJ4gHvSECkZ8bqIXE4u7bLuPeDIIAQRiIiTcNm23TYwRDLIe_PVO92U0Hrjto_uatNtvOjPfB3DFlaN91mZECi9EByX2iHAdTsJ2wJVkui20KRQeT7z-jA7nbF6Bm7IWRimVJp-pltlMY_nxUiZmqewWsYuRJNmCbUYpZVm1VrmiguAEO2hY_oc9mqpHot9lE8P5WZR1udhuXrA95fs0D3g6dng76Dx3MyLL_Hlm4pJvv-RX0tmnV4Nx8d5Z0slrK1mLlvz6Q-m46YftQeOnzs96KmewfaioxQHUCqEHKx_3dbi7lzIxnBJWnqOIl8SGr8OaoAdLHlQpVmIVJCcWgmFryD95A2a97rTTJ7nqAuGIddbElRJBjQykqzzFfIRoMmZu6CrthDKO_QAHKheaKRNT5NRHyMaEptwz1Pkc4d0hVBfLhToCS1MvMHfBhoI6muI93cBmse3F6HgK3oRLNGxk3ImPKPVG7DAy5jfimGGUW6UJ1xu0isTqRekm1I11o_eMqqM4efz_4QvY6U_Ho2g0mDyewG4WKDK5jKdQXa8SdYZ4Yy3O0272DbwCxkw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+of+the+31st+International+Conference+on+Software+Engineering&rft.atitle=Accurate+Interprocedural+Null-Dereference+Analysis+for+Java&rft.au=Nanda%2C+Mangala+Gowri&rft.au=Sinha%2C+Saurabh&rft.series=ACM+Conferences&rft.date=2009-05-16&rft.pub=IEEE+Computer+Society&rft.isbn=9781424434534&rft.spage=133&rft.epage=143&rft_id=info:doi/10.1109%2FICSE.2009.5070515 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0270-5257&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0270-5257&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0270-5257&client=summon |