General, Scalable Path-Sensitive Fault DetectionReport
Recent research has shown that program paths are impor- tant in static analysis for detecting and reporting faults. However, developing a scalable path-sensitive analysis is chal- lenging. Often the techniques only address one particular type of fault and require much manual effort to tune for the desirable scalability and precision. In this paper, we present a novel framework that automatically generates scalable, in- terprocedural, path-sensitive analyses to detect user speci- fied faults. The framework consists of a specification tech- nique for expressing program properties related to faults, a scalable path-sensitive algorithm, and a generator that unifies the two. The generated analysis identifies not only faults but also the path segments that are relevant to the faults. The generality of the framework is accomplished for both data and control centric faults, so that the detection of multiple types of faults can be unified, which enables the exploitation of fault interactions for diagnosis and efficiency. We implemented our framework and generated fault detec- tors for identifying buffer overflow, integer truncation and signedness errors, and null-pointer dereference. We exper- imentally demonstrated that the generated analysis scales up to at least half a million lines of code, and its detection capability is comparable to manually produced analyses. In our experiment, a total of 53 faults of the three types from 9 benchmarks are detected, among which 37 have not been reported previously. The results show that we are able to identify faults deeply embedded in the code, and the aver- age length of faulty path segments is 1�4 procedures, which provides a focus for diagnosis.
All rights reserved (no additional license for public reuse)
Le, Wei, and Mary Soffa. "General, Scalable Path-Sensitive Fault Detection." University of Virginia Dept. of Computer Science Tech Report (2010).
University of Virginia, Department of Computer Science