Abstract
Static analysis of programs is indispensable to any software tool, environment, or system that requires compile-time information about the semantics of programs. With the emergence of languages like C and LISP, static analysis of programs with dynamic storage and recursive data structures has become a field of active research. Such analysis is difficult, and the static-analysis community has recognized the need for simplifying assumptions and approximate solutions. However, even under the common simplifying assumptions, such analyses are harder than previously recognized. Two fundamental static-analysis problems are may alias and must alias. The former is not recursive (is undecidable), and the latter is not recursively enumerable (is uncomputable), even when all paths are executable in the program being analyzed for languages with if statements, loops, dynamic storage, and recursive data structures.
- AHO, A. V. HOPCROPT, J. E., AND ULLMAN, J.D. 1976. The Design and Analysis of Computer Algorithms. Addison-Wesley, Reading, Mass. Google Scholar
- AHO, A. V., SETHI, R., AND ULLMAN, J.D. 1986. Compilers: Prmctples, Techniques, and Tools. Addison-Wesley, Reading, Mass. Google Scholar
- COUSOT, P., AND COUSOT, R. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the 4th Annual ACM Symposium on Principles of Programming Languages. ACM, New York, 238-252. Google Scholar
- HECHT, M.S. 1977. Flow Analysis of Computer Programs. Elsevier North-Holland, New York. Google Scholar
- HOPCROFT, J. E., AND ULLMAN, J.D. 1979. Introduction to Automata Theory, Languages, and Computation. Addison-Wesley, Reading, Mass. Google Scholar
- HORWITZ, S., PFEIFFER, P., AND REPS, T. 1989. Dependence analysis for pointer variables. In Proceedings of the ACM SIGPLAN Symposium on Compiler Construction. ACM, New York, 28-40. Google Scholar
- KAM, J. B., AND ULLMAN, J.D. 1977. Monotone data flow analysis frameworks. Acta Informatica 7, 305-317.Google Scholar
- KAM, J. B., AND ULLMAN, J.D. 1976. Global flow analysis and iterative algorithms. J. ACM 23, 1, 158-171. Google Scholar
- KILDALL, G. 1973. A unified approach to global program optimization. In Conference Record of the ACM Symposium on Principles of Programming Languages. ACM, New York, 194-206. Google Scholar
- LANDI, W. 1992. Interprocedural aliasing in the presence of pointers. Ph.D. thesis, LCSR-TR- 174, Rutgers Univ., New Brunswick, N.J. Google Scholar
- LANDI, W., AND RYDER, B. G. 1991. Pointer-induced aliasing: A problem classification. In Conference Record of the 18th Annual ACM Symposium on Principles of Programming Languages. ACM, New York, 93-103. Google Scholar
- LARUS, J.R. 1989. Restructuring symbolic programs for concurrent execution on multiprocessors. Ph.D. thesis, Univ. of California, Berkeley. Google Scholar
- LARUS, J. R., AND HILFINGER, P. N. 1988. Detecting conflicts between structure accesses. In Proceedings of the SIGPLAN '88 Conference on Programming Language Design and Implementation. ACM SIGPLAN Not. 23, 7, 21-34. Google Scholar
- MYERS, E.M. 1981. A precise interprocedural data flow algorithm. In Conference Record of the 8th Annual ACM Symposium on Principles of Programming Languages. ACM, New York, 219-230. Google Scholar
- ULLMAN, J. D. 1973. Fast algorithms for the elimination of common subexpressions. Acta Informatica 2, 3, 191-213.Google Scholar
- WEGMAN, M., AND ZADECK, F.K. 1991. Constant propagation with conditional branches. ACM Trans. Program. Lang. Syst. 13, 2 (Apr.), 181-210. Google Scholar
Index Terms
Undecidability of static analysis
Recommendations
The undecidability of aliasing
Alias analysis is a prerequisite for performing most of the common program analyses such as reaching-definitions analysis or live-variables analysis. Landi [1992] recently established that it is impossible to compute statically precise alias information—...
Precise flow-insensitive may-alias analysis is NP-hard
Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...
Static analysis for detecting taint-style vulnerabilities in web applications
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, ...






Comments