Using the pointer mechanism, C programs can directly access the memory locations which makes C a very flexible language. But there are many dynamic memory errors that arise from wrong pointer operation, such as null pointer dereference. These dynamic errors debase the quality of the software. It is difficult to find these errors via traditional methods.The static analysis finds bugs via analyzing the code of the program without running it. In this paper, we try to detect the null dereference errors by using techniques of static analysis. We present a method to compute the l-value of a pointer expression which is based on a flow- and context- sensitive pointer analysis. With this method, we can check if the given two pointer expressions are alias.Combined with flow- and context- sensitive alias analysis, we present a demand-driven backwards dataflow analysis for detecting null pointer dereferences in C programs. It firstly gets the alias information from the pointer analysis, and then makes a backwards dataflow analysis to track the origin of the value of interest. This process can be formed as a data flow equation system. Finally we get the solution of this equation system by computing its fix point. When computing the fix point, we use a variant of the traditional worklist algorithm.We have implemented our algorithm in SUIF2 compiler infrastructure and analyzed some C programs. Experimental results show that our algorithm has a high precision. |