Making pointer analysis more precise by unleashing the power of selective context sensitivity
Tian Tan,Yue Li,Xiaoxing Ma,Chang Xu,Yannis Smaragdakis +4 more
- Vol. 5, pp 1-27
Reads0
Chats0
TLDR
The Unity-Relay framework as discussed by the authors is a one-two-punch approach to combine and maximize the precision of all components of a context-sensitive pointer analysis for hard-to-analyze Java programs.Abstract:
Traditional context-sensitive pointer analysis is hard to scale for large and complex Java programs. To address this issue, a series of selective context-sensitivity approaches have been proposed and exhibit promising results. In this work, we move one step further towards producing highly-precise pointer analyses for hard-to-analyze Java programs by presenting the Unity-Relay framework, which takes selective context sensitivity to the next level. Briefly, Unity-Relay is a one-two punch: given a set of different selective context-sensitivity approaches, say S = S1, . . . , Sn, Unity-Relay first provides a mechanism (called Unity)to combine and maximize the precision of all components of S. When Unity fails to scale, Unity-Relay offers a scheme (called Relay) to pass and accumulate the precision from one approach Si in S to the next, Si+1, leading to an analysis that is more precise than all approaches in S. As a proof-of-concept, we instantiate Unity-Relay into a tool called Baton and extensively evaluate it on a set of hard-to-analyze Java programs, using general precision metrics and popular clients. Compared with the state of the art, Baton achieves the best precision for all metrics and clients for all evaluated programs. The difference in precision is often dramatic — up to 71% of alias pairs reported by previously-best algorithms are found to be spurious and eliminated.read more
Citations
More filters
Proceedings ArticleDOI
Accumulation Analysis
TL;DR: This paper proves that accumulation typestate specifications are exactly those typestateSpecies that can be checked soundly without aliasing information.
Proceedings ArticleDOI
Generic sensitivity: customizing context-sensitive pointer analysis for generics
TL;DR: In this paper , a new context customization scheme targeting generics is proposed, which enhances contexts with a type variable lookup map, which is efficiently updated during the analysis in a context-sensitive manner.
Journal ArticleDOI
Tai-e: A Static Analysis Framework for Java by Harnessing the Best Designs of Classics
TL;DR: This work believes it provides useful materials and viewpoints for building better static analysis infrastructures, and it expects it to draw more attentions of the community to this challenging but tangible topic.
Proceedings ArticleDOI
How far are German companies in improving security through static program analysis tools?
TL;DR: In this paper, the use of SPA tools among companies in Germany with a focus on security is targeted and insights on the current issues and the developers’ willingness to overcome the tools to overcome these issues are given.
Proceedings ArticleDOI
How far are German companies in improving security through static program analysis tools?
TL;DR: In this paper , the authors conducted an online survey with 256 responses and semi-structured interviews with 17 product owners and executives from multiple companies to investigate the use of static program analysis (SPA) tools among companies in Germany with a focus on security.
References
More filters
Proceedings ArticleDOI
FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
Steven Arzt,Siegfried Rasthofer,Christian Fritz,Eric Bodden,Alexandre Bartel,Jacques Klein,Yves Le Traon,Damien Octeau,Patrick McDaniel +8 more
TL;DR: FlowDroid is presented, a novel and highly precise static taint analysis for Android applications that successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project.
Proceedings ArticleDOI
Systematic design of program analysis frameworks
Patrick Cousot,Radhia Cousot +1 more
TL;DR: The systematic and correct design of program analysis frameworks with respect to a formal semantics is devoted to the main elements of the lattice theoretic approach to approximate semantic analysis of programs.
Proceedings ArticleDOI
The DaCapo benchmarks: java benchmarking development and analysis
Stephen M. Blackburn,Robin Garner,Chris Hoffmann,Asjad M. Khang,Kathryn S. McKinley,Rotem Bentzur,Amer Diwan,Daniel Feinberg,Daniel Frampton,Samuel Z. Guyer,Martin Hirzel,Antony L. Hosking,Maria Jump,Han Lee,J. Eliot B. Moss,Aashish Phansalkar,Darko Stefanovic,Thomas VanDrunen,Daniel von Dincklage,Ben Wiedermann +19 more
TL;DR: This paper recommends benchmarking selection and evaluation methodologies, and introduces the DaCapo benchmarks, a set of open source, client-side Java benchmarks that improve over SPEC Java in a variety of ways, including more complex code, richer object behaviors, and more demanding memory system requirements.
Book
Effective static race detection for Java
TL;DR: A novel technique for static race detection in Java programs, comprised of a series of stages that employ a combination of static analyses to successively reduce the pairs of memory accesses potentially involved in a race.
Journal ArticleDOI
Parameterized object sensitivity for points-to analysis for Java
TL;DR: This work presents object sensitivity, a new form of context sensitivity for flow-insensitive points-to analysis for Java, and proposes a parameterization framework that allows analysis designers to control the tradeoffs between cost and precision in the object-sensitive analysis.