Abstract
A new algorithm is presented that automatically uncovers memory errors such as NULL pointers dereference and memory leaks in C programs. The algorithm is conservative, i.e., it can never miss an error but may report “false alarms”. When applied to several intricate C programs manipulating singly linked lists, the new algorithm yields more accurate results, does not report any false alarm and usually runs even faster and consumes less space than a less precise algorithm.
This research was supported by a grant from the Ministry of Science,Israel.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, Univ. of Copenhagen (May 1994)
Austin, T.M., Breach, S.E., Sohi, G.S.: Efficient detection of all pointer and array access errors. In: SIGPLAN Conf. on Prog. Lang. Design and Impl. ACM Press, New York (1994)
Chase, D.R., Wegman, M., Zadeck, F.: Analysis of pointers and structures. In: SIGPLAN Conf. on Prog. Lang. Design and Impl., New York, NY, pp. 296–310. ACM Press, New York (1990)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Symp. on Princ. of Prog. Lang., New York, NY, pp. 269–282. ACM Press, New York (1979)
Dor, N., Rodeh, M., Sagiv, M.: Detecting memory errors via static pointer analysis. In: Proceedings of the ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE 1998), pp. 27–34 (June 1998), Available at http://www.math.tau.ac.il/nurr/paste98.ps.gz
Cop, Digital Equipment. Extended static checking (1998), Available at http://www.research.digital.com/SRC/esc/Esc.html
Evans, D.: Static detection of dynamic memory errors. In: SIGPLAN Conf. on Prog. Lang. Design and Impl. (1996), Available at http://www.cs.virginia.edu/evans/pldi96-abstract.html
Field, J., Ramalingam, G., Tip, F.: Parametric program slicing. In: ACM Symp. on Princ. of Prog. Lang., pp. 379–392 (January 1995)
Fradet, P., Gaugne, R., Métayer, D.: Static detection of pointer errors: an axiomatisation and a checking algorithm. In: Riis Nielson, H. (ed.) ESOP 1996. LNCS, vol. 1058, Springer, Heidelberg (1996)
Ghiya, R., Hendren, L.: Putting pointer analysis to work. In: Symp. on Princ. of Prog. Lang., New York, NY. ACM Press, New York (1998)
Horwitz, S., Reps, T.: The use of program dependence graphs in software engineering. In: Proceedings of the Fourteenth International Conference on Software Engineering, pp. 392–411. ACM, New York (1992)
Jackson, D.: Aspect, an economical bug detector. In: Proceedings of the 13th International Conference on Software Engineering, pp. 13–22 (May 1994)
Jensen, J.L., Joergensen, M.E., Klarlund, N., Schwartzbach, M.I.: Automatic verification of pointer programs using monadic second-order logic. In: SIGPLAN Conf. on Prog. Lang. Design and Impl. (1997)
Jones, N.D., Muchnick, S.S.: Flow analysis and optimization of Lisp-like structures. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, pp. 102–131. Prentice-Hall, Englewood Cliffs (1981)
Martin, F.: PAG - an efficient program analyzer generator. International Journal on Software Tools for Technology Transfer 2(1), 46–67 (1998)
Muchnick, S.: Advanced Compiler Design and Implementation. Morgan Kaufmann, San Francisco (1997)
Nielson, F., Nielson, H.R., Hankin, C.L.: Principles of Program Analysis. Springer, Heidelberg (1999)
Cop, Parasoft. Insure++ (1999), Available at http://www.parasoft.com/
Cop, Prefixco. Prefix automated code reviewer (1999), Available at http://www.prefixco.com
Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. Tech. Rep. TR-1383, Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI (July 1998), Available at http://www.cs.wisc.edu/wpis/papers/parametric.ps
Sagiv, M., Reps, T., Wilhelm, R.: Solving shape-analysis problems in languages with destructive updating. Trans. on Prog. Lang. and Syst. 20(1), 1–50 (1998)
Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3- valued logic. In: Symp. on Princ. of Prog. Lang (1999), Available at http://www.cs.wisc.edu/wpis/papers/popl99.ps
Sander, G.: Graph layout through the vcg tool. In: Graph Drawing. In: DIMACS International Workshop GD 1994, pp. 194–205 (1995)
Shapiro, M., Horwitz, S.: Fast and accurate flow-insensitive points-to analysis. In: Symp. on Princ. of Prog. Lang., pp. 1–14 (1997)
Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, pp. 189–234. Prentice-Hall, Englewood Cliffs (1981)
Stransky, J.: A lattice for abstract interpretation of dynamic (Lisp-like) structures. Inf. and Comp. 101(1), 70–102 (1992)
Reliable Systems, Icontract - desgin by contract (1999), Available at http://www.reliable-systems.com/
Zapata, E.: Automatic parallelization of irregular applications. In: SPA 1999 (1999)
Zorn, B., Hilfinger, P.: A memory allocation profilers for c and lisp programs (1991), Available at ftp://gatekeeper.dec.com/pub/misc/mprof-3.0.tar.z
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dor, N., Rodeh, M., Sagiv, M. (2000). Checking Cleanness in Linked Lists. In: Palsberg, J. (eds) Static Analysis. SAS 2000. Lecture Notes in Computer Science, vol 1824. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45099-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-45099-3_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67668-3
Online ISBN: 978-3-540-45099-3
eBook Packages: Springer Book Archive