|
Static bug detection techniques have advanced significantly in identifying issues such as null pointer dereferences, memory leaks, and use-after-free vulnerabilities. However, existing methods that rely on pre-computed points-to analysis often struggle with scalability and precision, especially when handling complex pointer manipulations and deep call contexts. To address the scalability challenges of precise points-to analysis, we propose a fused approach for bug detection. Initially, we utilize an inexpensive Andersen points-to analysis to construct a sparse yet coarse program memory model. High-precision analysis is then applied selectively, only when necessary, reducing redundant computations and enhancing accuracy. This combination of coarse modeling and on-demand precision enables efficient and scalable bug detection. Experimental results across five real-world benchmarks show that our demand-driven flow-, context- and path-sensitive approach achieves up to a 4.55x speedup in analysis time compared to traditional eager flow-sensitive analysis. Notably, our approach successfully completes the analysis of large-scale programs such as sqlite3, which time out under traditional approaches. Additionally, our approach reduces false positives by over 70%, maintaining the detection of all true positive bugs. These results demonstrate the effectiveness of our approach in improving the efficiency and precision of static bug detection.
|
