Abstract. The incorrect use of pointers is one of the most common source of bugs. As a consequence, any kind of static code checking capable of detecting potential bugs at compile time is welcome. This paper presents a static analysis for the detection of incorrect accesses to memory (dereferences of invalid pointers). A pointer may beinvalid because it has not been initialised or because it refers to a memory location which has been deallocated. The analyser is derived from an axiomatisation of alias and connectivity properties which is shown to be sound with respect to the natural semantics of the language. It deals with dynamically allocated data structures and it is accurate enough to handle circular structures. 1
|
450
|
Systematic design of program analysis frameworks
– Cousot, Cousot
- 1979
|
|
342
|
Context-sensitive interprocedural points-to analysis in the presence of function pointers
– Emami, Ghiya, et al.
|
|
192
|
Interprocedural May-Alias Analysis for Pointers: Beyond k-Limiting
– Deutsch
- 1994
|
|
140
|
Parallelizing Programs with Recursive Data Structures
– Hendren
- 1990
|
|
66
|
Parametric program slicing
– Field, Ramalingam, et al.
- 1995
|
|
62
|
A storeless model of aliasing and its abstractions using firrite representations of right-regular equiwdence relations
– Deutsch
- 1992
|
|
56
|
Information-flow and data-flow analysis of while-programs
– Bergeretti, Carre
- 1985
|
|
42
|
Extending Typestate Checking Using Conditional Liveness Analysis
– Strom, Yellin
- 1993
|
|
36
|
Data flow analysis in software reliability
– Fosdick, Osterweil
- 1976
|
|
35
|
Compile-time detection of information flow in sequential programs
– Banǎtre, Bryce, et al.
- 1994
|
|
28
|
Deriving algorithms from type inference systems: Application to strictness analysis
– Hankin, Métayer
- 1994
|
|
28
|
Verification of array, record, and pointer operations in Pascal
– Luckham, Suzuki
- 1979
|
|
23
|
A logic-based approach to data flow analysis problems
– Sagiv, Francez, et al.
- 1990
|
|
21
|
An extended form of must alias analysis for dynamic allocation
– Altucher, Landi
- 1995
|
|
21
|
Using specifications to check source code
– Evans
- 1994
|
|
20
|
Aspect: An economical bug-detector
– Jackson
- 1991
|
|
20
|
A general axiom of assignment, assignment and linked data stuctures, a proof of the Schorr-Waite algorithm
– Morris
- 1982
|
|
14
|
The logic of aliasing
– Cartwright, Oppen
- 1981
|
|
10
|
Calculating with pointers
– Bijlsma
- 1989
|
|
8
|
An inference algorithm for the static verification of pointer manipulation
– Fradet, Gaugne, et al.
- 1996
|
|
7
|
a C program checker, Computer Science technical report
– Johnson, Lint
- 1978
|
|
6
|
Compile-time detection of information ow in sequential programs
– Bantre, Bryce, et al.
- 1994
|
|
5
|
Information- ow and data- ow analysis of while programs
– Bergeretti, Carre
- 1985
|
|
5
|
Data ow analysis in software reliability
– Fosdick, Osterweil
- 1976
|
|
4
|
Program analysis and specialisation for the C programming language
– Andersen
- 1994
|
|
4
|
A storeless model of aliasing and its abstraction using nite representations of right-regular equivalence relations
– Deutsch
- 1992
|
|
2
|
Using speci cations to check source code, inTechnical Report, MIT Lab for computer science
– Evans
- 1994
|
|
2
|
Veri cation of array, record, and pointer operations in Pascal, in
– Luckham, Suzuki
- 1979
|
|
2
|
Alogic-based approach to data ow analysis problems
– Sagiv, Francez, et al.
- 1990
|
|
1
|
An inference algorithm for the static veri cation of pointer manipulation, IRISA Research Report 980
– Fradet, Gaugne, et al.
- 1996
|
