Accelerating Static Null Pointer Dereference Detection with Parallel Computing
Authors: 
Rulin Xu, Luohui Chen, Ruyi Zhang, Yuanliang Zhang, Wei Xiao, Haifang Zhou, Xiaoguang MaoAuthors Info & Claims
Rulin Xu, Luohui Chen, Ruyi Zhang, Yuanliang Zhang, Wei Xiao, Haifang Zhou, Xiaoguang MaoAuthors Info & ClaimsPages 135 - 144
Abstract
High-precision static analysis can effectively detect Null Pointer Dereference (NPD) vulnerabilities in C language, but the performance overhead is significant. In recent years, researchers have attempted to enhance the efficiency of static analysis by leveraging multicore resources. However, due to complex dependencies in the analysis process, the parallelization of static value-flow NPD analysis for large-scale software still faces significant challenges. It is difficult to achieve a good balance between detection efficiency and accuracy, which impacts its application.This paper presents PANDA, the first parallel detector for high-precision static value-flow NPD analyzer in the C language. The core idea of PANDA is to utilize dependency analysis to ensure high precision while decoupling the strong dependencies between static value-flow analysis steps. This transforms the traditionally challenging-to-parallelize NPD analysis into two parallelizable algorithms: function summarization and combined query-based vulnerability analysis. PANDA introduces a task-level parallel framework and enhances it with a dynamic scheduling method to parallel schedule the above two key steps, significantly improving the performance and scalability of memory vulnerability detection.Fully implemented within the LLVM framework (version 15.0.7), PANDA demonstrates a significant advantage in balancing accuracy and efficiency compared to current popular open-source detection tools. In precision-targeted benchmark tests, PANDA maintains a false positive rate within 3.17% and a false negative rate within 5.16%; in historical CVE detection rate tests, its recall rate far exceeds that of comparative open-source tools. In performance evaluations, compared to its serial version, PANDA achieves up to an 11.23-fold speedup on a 16-node server, exhibiting outstanding scalability.
References
[1]
Cristiano Calcagno and Dino Distefano. 2011. Infer: An Automatic Program Verifier for Memory Safety of C Programs. In NASA Formal Methods, Mihaela Bobaru, Klaus Havelund, Gerard J. Holzmann, and Rajeev Joshi (Eds.). Vol. 6617. Springer Berlin Heidelberg, Berlin, Heidelberg, 459–465. https://doi.org/10.1007/978-3-642-20398-5_33
[2]
Heling Cao, Fei Wang, Miaolei Deng, and Lei Li. 2022. The Improved Dynamic Slicing for Spectrum-Based Fault Localization. PeerJ Computer Science 8 (Sept. 2022), e1071. https://doi.org/10.7717/peerj-cs.1071
[3]
Marek Chalupa. 2020. DG: Analysis and Slicing of LLVM Bitcode. In Automated Technology for Verification and Analysis, Dang Van Hung and Oleg Sokolsky (Eds.). Vol. 12302. Springer International Publishing, Cham, 557–563. https://doi.org/10.1007/978-3-030-59152-6_33
[4]
Liqian Chen, Dengping Wei, Banghu Yin, and Ji Wang. 2023. Static Analysis of Linear Absolute Value Equalities among Variables of a Program. Science of Computer Programming 225 (Jan. 2023), 102906. https://doi.org/10.1016/j.scico.2022.102906
[5]
Cppcheck Team. 2023. Cppcheck - A Tool for Static C/C++ Code Analysis. http://cppcheck.net/.
[6]
Timothy A. Davis, William W. Hager, Scott P. Kolodziej, and S. Nuri Yeralan. 2020. Algorithm 1003: Mongoose, a Graph Coarsening and Partitioning Library. ACM Trans. Math. Software 46, 1 (March 2020), 1–18. https://doi.org/10.1145/3337792
[7]
Yukun Dong, Yuxue Sun, and Xun Wang. 2022. Automatic Repair Method for Null Pointer Dereferences Guided by Program Dependency Graph. Symmetry 14, 8 (July 2022), 1555. https://doi.org/10.3390/sym14081555
[8]
Carlos Galindo, Sergio Pérez, and Josep Silva. 2023. Exception-Sensitive Program Slicing. Journal of Logical and Algebraic Methods in Programming 130 (Jan. 2023), 100832. https://doi.org/10.1016/j.jlamp.2022.100832
[9]
Diego Garbervetsky, Edgardo Zoppi, and Benjamin Livshits. 2017. Toward Full Elasticity in Distributed Static Analysis: The Case of Callgraph Analysis. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ACM, Paderborn Germany, 442–453. https://doi.org/10.1145/3106237.3106261
[10]
Tsung-Wei Huang, Dian-Lun Lin, Chun-Xun Lin, and Yibo Lin. 2022. Taskflow: A Lightweight Parallel and Heterogeneous Task Graph Computing System. IEEE Transactions on Parallel and Distributed Systems 33, 6 (June 2022), 1303–1320. https://doi.org/10.1109/TPDS.2021.3104255
[11]
Bozhen Liu, Jeff Huang, and Lawrence Rauchwerger. 2019. Rethinking Incremental and Parallel Pointer Analysis. ACM Transactions on Programming Languages and Systems 41, 1 (March 2019), 1–31. https://doi.org/10.1145/3293606
[12]
Jinwei Liu, Haiying Shen, Ankur Sarker, and Wingyan Chung. 2018. Leveraging Dependency in Scheduling and Preemption for High Throughput in Data-Parallel Clusters. In 2018 IEEE International Conference on Cluster Computing (CLUSTER). IEEE, Belfast, United Kingdom, 359–369. https://doi.org/10.1109/CLUSTER.2018.00054
[13]
LLVM Project. 2023. Clang Static Analyzer. https://clang-analyzer.llvm.org.
[14]
Yingwei Ma, Yue Yu, Shanshan Li, Zhouyang Jia, Jun Ma, Rulin Xu, Wei Dong, and Xiangke Liao. 2023. MulCS: Towards a Unified Deep Representation for Multilingual Code Search. In 2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, Taipa, Macao, 120–131. https://doi.org/10.1109/SANER56733.2023.00021
[15]
Anders Alnor Mathiasen and Andreas Pavlogiannis. 2020. The Fine-Grained and Parallel Complexity of Andersen’s Pointer Analysis. arXiv. arxiv:2006.01491 [cs]
[16]
MITRE. 2023. Common Weakness Enumeration - CWE-476: NULL Pointer Dereference. https://cwe.mitre.org/data/definitions/476.html.
[17]
MITRE Corporation. 2023. Common Vulnerabilities and Exposures (CVE). https://www.cve.org/.
[18]
Md Anwarul Kaium Patwary, Saurabh Garg, Sudheer Kumar Battula, and Byeong Kang. 2021. SDP: Scalable Real-time Dynamic Graph Partitioner. arXiv. arxiv:2110.15669 [cs]
[19]
Mikhail R. Gadelha, Enrico Steffinlongo, Lucas C. Cordeiro, Bernd Fischer, and Denis Nicole. 2019. SMT-Based Refutation of Spurious Bug Reports in the Clang Static Analyzer. In 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). IEEE, Montreal, QC, Canada, 11–14. https://doi.org/10.1109/ICSE-Companion.2019.00026
[20]
Shaolin Ran, Beizhen Zhao, Xing Dai, Cheng Cheng, and Yong Zhang. 2023. Software-Hardware Co-Design for Accelerating Large-Scale Graph Convolutional Network Inference on FPGA. Neurocomputing 532 (May 2023), 129–140. https://doi.org/10.1016/j.neucom.2023.02.032
[21]
Qintao Shen, Hongyu Sun, Guozhu Meng, Kai Chen, and Yuqing Zhang. 2023. Detecting API Missing-Check Bugs Through Complete Cross Checking of Erroneous Returns. In Information Security and Cryptology, Yi Deng and Moti Yung (Eds.). Vol. 13837. Springer Nature Switzerland, Cham, 391–407. https://doi.org/10.1007/978-3-031-26553-2_21
[22]
Qingkai Shi, Xiao Xiao, Rongxin Wu, Jinguo Zhou, Gang Fan, and Charles Zhang. 2018. Pinpoint: Fast and Precise Sparse Value Flow Analysis for Million Lines of Code. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, Philadelphia PA USA, 693–706. https://doi.org/10.1145/3192366.3192418
[23]
Qingkai Shi, Peisen Yao, Rongxin Wu, and Charles Zhang. 2021. Path-Sensitive Sparse Analysis without Path Conditions. In Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation. ACM, Virtual Canada, 930–943. https://doi.org/10.1145/3453483.3454086
[24]
Ezekiel Soremekun, Lukas Kirschner, Marcel Böhme, and Andreas Zeller. 2021. Locating Faults with Program Slicing: An Empirical Analysis. Empirical Software Engineering 26, 3 (May 2021), 51. https://doi.org/10.1007/s10664-020-09931-7
[25]
Yu Su, Ding Ye, and Jingling Xue. 2014. Parallel Pointer Analysis with CFL-Reachability. In 2014 43rd International Conference on Parallel Processing. IEEE, MN, USA, 451–460. https://doi.org/10.1109/ICPP.2014.54
[26]
Yu Su, Ding Ye, Jingling Xue, and Xiang-Ke Liao. 2016. An Efficient GPU Implementation of Inclusion-Based Pointer Analysis. IEEE Transactions on Parallel and Distributed Systems 27, 2 (Feb. 2016), 353–366. https://doi.org/10.1109/TPDS.2015.2397933
[27]
Yulei Sui and Jingling Xue. 2016. SVF: Interprocedural Static Value-Flow Analysis in LLVM. In Proceedings of the 25th International Conference on Compiler Construction. ACM, Barcelona Spain, 265–266. https://doi.org/10.1145/2892208.2892235
[28]
Chengpeng Wang, Wenyang Wang, Peisen Yao, Qingkai Shi, Jinguo Zhou, Xiao Xiao, and Charles Zhang. 2023. Anchor : Fast and Precise Value-flow Analysis for Containers via Memory Orientation. ACM Transactions on Software Engineering and Methodology 32, 3 (July 2023), 1–39. https://doi.org/10.1145/3565800
[29]
Teng Wang, Haochen He, Xiaodong Liu, Shanshan Li, Zhouyang Jia, Yu Jiang, Qing Liao, and Wang Li. 2023. ConfTainter: Static Taint Analysis For Configuration Options. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, Luxembourg, Luxembourg, 1640–1651. https://doi.org/10.1109/ASE56229.2023.00067
[30]
Guannan Wei, Songlin Jia, Ruiqi Gao, Haotian Deng, Shangyin Tan, Oliver Bračevac, and Tiark Rompf. 2023. Compiling Parallel Symbolic Execution with Continuations. In 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). IEEE, Melbourne, Australia, 1316–1328. https://doi.org/10.1109/ICSE48619.2023.00116
[31]
Rulin Xu, Xiaoguang Mao, Luohui Chen, and Yue Yu. 2023. A Parallel Memory Defect Detection Method Based on Sparse-Value-Flow Graph. In 2023 IEEE International Conference on Joint Cloud Computing (JCC). IEEE, Athens, Greece, 57–65. https://doi.org/10.1109/JCC59055.2023.00014
[32]
Ying-Zhou Zhang. 2021. SymPas: Symbolic Program Slicing. Journal of Computer Science and Technology 36, 2 (April 2021), 397–418. https://doi.org/10.1007/s11390-020-9754-4
[33]
Zhiqiang Zuo, John Thorpe, Yifei Wang, Qiuhong Pan, Shenming Lu, Kai Wang, Guoqing Harry Xu, Linzhang Wang, and Xuandong Li. 2019. Grapple: A Graph System for Static Finite-State Property Checking of Large-Scale Systems Code. In Proceedings of the Fourteenth EuroSys Conference 2019. ACM, Dresden Germany, 1–17. https://doi.org/10.1145/3302424.3303972
Index Terms
- Accelerating Static Null Pointer Dereference Detection with Parallel Computing
Recommendations
Precise null-pointer analysis
In Java, C or C++, attempts to dereference the null value result in an exception or a segmentation fault. Hence, it is important to identify those program points where this undesired behaviour might occur or prove the other program points (and possibly ...
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09: Proceedings of the 31st International Conference on Software EngineeringNull dereference is a commonly occurring defect in Java programs, and many static-analysis tools identify such defects. However, most of the existing tools perform a limited interprocedural analysis. In this paper, we present an interprocedural path-...
Evaluating and tuning a static analysis to find null pointer bugs
PASTE '05: Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineeringUsing static analysis to detect memory access errors, such as null pointer dereferences, is not a new problem. However, much of the previous work has used rather sophisticated analysis techniques in order to detect such errors.In this paper we show that ...
Comments
Information & Contributors
Information
Published In
July 2024
518 pages
ISBN:9798400707056
DOI:10.1145/3671016
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- National Natural Science Foundation of China
- Science and Technology Innovation Program of Hunan Province
Conference
Internetware 2024
Sponsor:
Acceptance Rates
Overall Acceptance Rate 55 of 111 submissions, 50%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 69Total Downloads
- Downloads (Last 12 months)69
- Downloads (Last 6 weeks)13
Reflects downloads up to 02 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format