Detecting all potential null dereferences based on points-to property sound analysis

Null dereferences are a bane of programming in languages such as C, and static analysis is an effective method to detect them but often due to false negative. This paper proposes a points-to property sound analysis method to detect all potential null dereferences. First, the feature and detection method of null dereference of C programs are introduced. Second, an abstract memory model Region-based Symbolic Three-Valued Logic (RSTVL) is proposed to describe storage states of memory objects. Third, the property sound analysis theory based on abstract interpretation is proposed, which only analyze a single property of a program applies over-approximation strategy. Then, evaluations’ rules of points-to property based on RSTVL are presented, which guarantees the points-to property of a pointer contains the actual points-to property and detect all potential null dereferences. Experiment results of five real projects show that this method could detect all potential null dereferences with acceptable false-positive rates and efficiency. © 2018, © 2018 Informa UK Limited, trading as Taylor & Francis Group.