| | |
Summary: Static Error Detection using Semantic Inconsistency Inference
Isil Dillig Thomas Dillig Alex Aiken
Computer Science Department
Stanford University
{isil, tdillig, aiken}@cs.stanford.edu
Abstract
Inconsistency checking is a method for detecting software errors
that relies only on examining multiple uses of a value. We propose
that inconsistency inference is best understood as a variant of the
older and better understood problem of type inference. Using this
insight, we describe a precise and formal framework for discover-
ing inconsistency errors. Unlike previous approaches to the prob-
lem, our technique for finding inconsistency errors is purely se-
mantic and can deal with complex aliasing and path-sensitive con-
ditions. We have built a null dereference analysis of C programs
based on semantic inconsistency inference and have used it to find
hundreds of previously unknown null dereference errors in widely
used C programs.
Categories and Subject Descriptors D.2.4 [Software Engineer-
ing]: Software/Program Verification; D.2.5 [Software Engineer-
|
