Leveraging Deep Learning Models for Cross-function Null Pointer Risks Detection

The progress made in deep learning for natural language understanding has inspired researchers to explore similar techniques for programming language understanding. Various methods have been proposed for identifying vulnerabilities in code, including those that work on raw code or use abstract syntax tree (AST) and data-flow analysis. However, these methods only perform single-function analysis and cannot precisely pinpoint bugs. This study introduces a pipeline for detecting and locating null pointer vulnerabilities in C++ source code through cross-function analysis. The pipeline includes a data-flow analyzer capable of analyzing function call relationships and a deep learning model. We evaluate our approach on an industrial dataset and compare it with cppcheck using a user study. Our findings indicate that our method is an effective complement to cppcheck.