An inference algorithm for the static verification of pointer manipulation (original) (raw)
Related papers
Static Detection of Pointer Errors: An Axiomatisation and a Checking Algorithm
1996
The incorrect use of pointers is one of the most common source of bugs. As a consequence, any kind of static code checking capable of detecting potential bugs at compile time is welcome. This paper presents a static analysis for the detection of incorrect accesses to memory (dereferences of invalid pointers). A pointer may be invalid because it has not been initialised or because it refers to a memory location which has been deallocated. The analyser is derived from an axiomatisation of alias and connectivity properties which is shown to be sound with respect to the natural semantics of the language. It deals with dynamically allocated data structures and it is accurate enough to handle circular structures.
Detecting memory errors via static pointer analysis (preliminary experience)
ACM SIGPLAN Notices, 1998
Programs which manipulate pointers are hard to debug. Pointer analysis algorithms (originally aimed at optimizing compilers) may provide some remedy by identifying potential errors such as dereferencing NULL pointers by statically analyzing the behavior of programs on all their input data.
A novel analysis space for pointer analysis and its application for bug finding
Science of Computer …, 2010
The size of today's programs continues to grow, as does the number of bugs they contain. Testing alone is rarely able to flush out all bugs, and many lurk in difficult-to-test corner cases. An important alternative is static analysis, in which correctness properties of a program are checked without running it. While it cannot catch all errors, static analysis can catch many subtle problems that testing would miss.
Total Pasta: Static Analysis For Unfailing Pointer Programs
Abstract Most errors in computer programs are only found once they are run, which results in critical errors being missed due to inadequate testing. If additional static analysis is performed, then the possibility exists for detecting such errors, and correcting them. This helps to improve the quality of the resulting code, increasing reliability.
Pointer analysis, conditional soundness, and proving the absence of errors
2008
It is well known that the use of points-to information can substantially improve the accuracy of a static program analysis. Commonly used algorithms for computing points-to information are known to be sound only for memory-safe programs. Thus, it appears problematic to utilize points-to information to verify the memory safety property without giving up soundness. We show that a sound combination is possible, even if the points-to information is computed separately and only conditionally sound.
On the Role of Static Analysis in Operating System Checking and Runtime Verification
2005
Software inevitably contains bugs. For certain classes of software like operating systems, reliability is a critical requirement. Recent research has shown that several commodity operating systems, even after careful design and extensive testing, still contain a number of bugs. Methods for automated detection of bugs in software can be classified into (1) static methods, (2) formal verification, and (3) runtime checking. In this paper, our focus is on verifying critical properties of large and complex software like OSs, one such property being correctness of memory accesses. For this purpose, we evaluate both static checking techniques and runtime checking techniques, and present our observations. Static checking is useful because the cost of repairing a bug increases along the software development lifetime. Bugs discovered and fixed early result in significant cost savings. We evaluate a representative set of existing static checking techniques on the basis of soundness, precision, and usefulness in checking large software like the Linux kernel. We also cover the related problem of deriving property rules for automated checking. Static checking though useful, cannot in general catch all possible bugs in C programs, without producing false alarms. Consequently, it is mostly a best-effort exercise to find some, but not all bugs. However, memory access checking is too critical to be trusted to static techniques. We introduce a survey of existing bounds checking techniques. In particular, we show that it is possible to classify the wide range of existing bounds checking techniques into a single hierarchy. We evaluated existing techniques based on soundness, performance, and usability. A software bounds checking framework for the Linux kernel is introduced and evaluated. We observe that existing static checking methods have limited coverage in detecting bugs. For verifying the correctness of critical program properties like memory accesses, runtime checking is necessary. However, runtime methods by themselves are not very useful due to performance reasons. Hence, we conclude advocating static analysis for use in runtime checking systems. iii To my family Contents List of Figures viii List of Tables viii Acknowledgments x
A formally-verified alias analysis
This paper reports on the formalization and proof of soundness, using the Coq proof assistant, of an alias analysis: a static analysis that approximates the flow of pointer values. The alias analysis considered is of the points-to kind and is intraprocedural, flow-sensitive, field-sensitive, and untyped. Its soundness proof follows the general style of abstract interpretation. The analysis is designed to fit in the CompCert C verified compiler, supporting future aggressive optimizations over memory accesses.
The Location Linking Concept: A Basis for Verification of Code Using Pointers
Lecture Notes in Computer Science, 2012
Ultimately, any verifying compiler effort needs to be able to verify code that makes use of pointers, though language mechanisms for data abstraction, alias avoidance and control, or disciplined software development techniques may minimize the need for code that is directly based on pointering. It is also clear that the verification machinery of such as compiler must use specifications of components to reason about component-based software in order to be scalable. So this paper follows a natural question that arises by putting these two ideas together: Can the general machinery in a verifying compiler for component specificationbased verification also be used to verify code that uses typically built-in types, such as arrays and pointers, if those types are defined to have specifications similar to any other component? This paper answers the question in the affirmative by presenting a Location Linking Template, a concept that captures pointer behavior, and using it to verify the code of a simple data abstraction realized using pointers. Additionally, we note that the concept can be extended and realized so that different languages can plug in alternative implementations to give programmers the flexibility to choose manual memory management or automatic garbage collection depending on their performance concerns. 5
A formally-verified C static analyzer
This paper reports on the design and soundness proof, using the Coq proof assistant, of Verasco, a static analyzer based on abstract interpretation for most of the ISO~C~1999 language (excluding recursion and dynamic allocation). Verasco establishes the absence of run-time errors in the analyzed programs. It enjoys a modular architecture that supports the extensible combination of multiple abstract domains, both relational and non-relational. Verasco integrates with the CompCert formally-verified C~compiler so that not only the soundness of the analysis results is guaranteed with mathematical certitude, but also the fact that these guarantees carry over to the compiled code.
Toward Symbolic Verification of Programs Handling Pointers
2004
We aim at checking safety properties on systems with pointers which are naturally infinite state systems. In this paper, we introduce Symbolic Memory States, a new symbolic representation well suited to the verification of systems with pointers. We show SMS enjoys all the good properties needed to check safety properties, such as closure under union, canonicity of the representation and decidable inclusion. We also introduce pointer automata, a model for programs using dynamic allocation of memory. We define the properties we want to check in this model and we give undecidability results. The verification part is still work in progress.