Log In Sign Up

Gradual Program Analysis for Null Pointers

by   Sam Estep, et al.

Static analysis tools typically address the problem of excessive false positives by requiring programmers to explicitly annotate their code. However, when faced with incomplete annotations, many analysis tools are either too conservative, yielding false positives, or too optimistic, resulting in unsound analysis results. In order to flexibly and soundly deal with partially-annotated programs, we propose to build upon and adapt the gradual typing approach to abstract-interpretation-based program analyses. Specifically, we focus on null-pointer analysis and demonstrate that a gradual null-pointer analysis hits a sweet spot, by gracefully applying static analysis where possible and relying on dynamic checks where necessary for soundness. In addition to formalizing a gradual null-pointer analysis for a core imperative language, we build a prototype using the Infer static analysis framework, and present preliminary evidence that the gradual null-pointer analysis reduces false positives compared to two existing null-pointer checkers for Infer. Further, we discuss ways in which the gradualization approach used to derive the gradual analysis from its static counterpart can be extended to support more domains. This work thus provides a basis for future analysis tools that can smoothly navigate the tradeoff between human effort and run-time overhead to reduce the number of reported false positives.


page 3

page 5

page 13

page 17

page 19

page 21

page 23

page 25


Learning to Reduce False Positives in Analytic Bug Detectors

Due to increasingly complex software design and rapid iterative developm...

MCPA: Program Analysis as Machine Learning

Static program analysis today takes an analytical approach which is quit...

Nowhere to Hide: Detecting Obfuscated Fingerprinting Scripts

As the web moves away from stateful tracking, browser fingerprinting is ...

Robustness to fundamental uncertainty in AGI alignment

The AGI alignment problem has a bimodal distribution of outcomes with mo...

Designing a Provenance Analysis for SGX Enclaves

Intel SGX enables memory isolation and static integrity verification of ...

A True Positives Theorem for a Static Race Detector - Extended Version

RacerD is a static race detector that has been proven to be effective in...

AutoPruner: Transformer-Based Call Graph Pruning

Constructing a static call graph requires trade-offs between soundness a...

Code Repositories