TRUST Security Seminar: Java Static Checker: A Tool for Locating Faults
Seminar | October 14 | 1-2 p.m. | Soda Hall, Wozniak Lounge
Suzanna Schmeelk, University of California, Berkeley
Team for Research in Ubiquitous Security Technologies
Removing faults from programs is an important component for developing robust software, that is, software which does not break down easily. Robust software is a requirement for users who do not want to use problematic code. Therefore, learning methodologies for removing faults is an essential ingredient for programming success. This research examines removing faults using a novel static analysis methodology. As tens of thousands of faults exist in practice, this research specifically examines removing a high-frequency fault, null pointer dereferences, from programs developed by students. Null pointer dereference faults are critical to locate as they can can cause disastrous denial-of-service (DoS) when not handled correctly. Static analysis can be used to examine code for faults during compilation. It is being included increasingly more often into industrial software development processes where non-failing software is an important product. Companies, including Yahoo!, nVidia, Oracle, HP, Samsung, McAfee, NASA and Ericsson, have invested in static analysis tools to equip their developers. Thus, it is essential for students to be aware of static analysis fault removal tool so that more robust software can be developed and used.
This research presents the design, implementation and evaluation of Java Static Checker (JSC), a light-weight static analysis tool which examines source code for fault classes via fault category and fault location. JSC uses path, flow and partial context-sensitive data-flow analysis to locate potential faults. It has a forward-analysis design to parallelize multiple fault checkers for multiple fault categories without adding additional internal transformations. The design also includes an integrated database and special intermediate code representations to limit false positive output generated by the tool.
JSC’s framework consists of standard code optimization algorithms for propagating values throughout a program and treats each class as a library, abstracting away specific instances of client calls. During value propagation, JSC uses path and flow-sensitive data flow analysis to limit potential values at particular points within the program and to examine programs for classes of faults based on location. JSC has the ability to use context-sensitive data flow analysis via a scalable integrated database that can store method return values. The JSC prototype is evaluated using student programs. The evaluation shows promising results, as JSC finds more faults than other existing open source lightweight static analysis tools. The implications from this research show that JSC can be more effective than existing open source tools in locating null pointer dereferences on student programs.
jesnjosh@eecs.berkeley.edu, 510-643-5105