Path-sensitive bug detection analysis of C# program illustrated by null pointer dereference

V. . Koshelev; I. . Dudina; V. . Ignatyev; A. . Borzilov

doi:10.15514/ISPRAS-2015-27(5)-5

Труды Института системного программирования РАН (Oct 2018)

Path-sensitive bug detection analysis of C# program illustrated by null pointer dereference

V. . Koshelev,
I. . Dudina,
V. . Ignatyev,
A. . Borzilov

Affiliations

V. . Koshelev: ИСП РАН
I. . Dudina: ИСП РАН
V. . Ignatyev: ИСП РАН
A. . Borzilov: ИСП РАН

DOI: https://doi.org/10.15514/ISPRAS-2015-27(5)-5
Journal volume & issue: Vol. 27, no. 5
pp. 59 – 86

Abstract

Read online

This paper proposes an approach for detecting bugs in C# programs and uses null pointer deference as the main example. The approach is based on a scalable path-sensitive analysis, which involves symbolic execution with state merging and function summary methods. Functions are analyzed in backward topological order with account for previously calculated summaries. For summary construction, we use the same analysis engine as for bug detection. The problem of bug detection is reduced to satisfiability of a first-order logical formula defined on atoms, which are arithmetic expressions on function input values. We have implemented the approach in our Roslyn-based analyzer, called CSCC. Evaluation of CSCC on open-source commodity applications has shown acceptable scalability and reasonable true positive/false positive ratio.

Published in Труды Института системного программирования РАН

ISSN: 2079-8156 (Print); 2220-6426 (Online)
Publisher: Ivannikov Institute for System Programming of the Russian Academy of Sciences
Country of publisher: Russian Federation
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://ispranproceedings.elpub.ru/jour/index

About the journal

Abstract

Keywords