skip to main content
research-article
Public Access

EXPLORER : query- and demand-driven exploration of interprocedural control flow properties

Published:23 October 2015Publication History
Skip Abstract Section

Abstract

This paper describes a general framework and its implementation in a tool called EXPLORER for statically answering a class of interprocedural control flow queries about Java programs. EXPLORER allows users to formulate queries about feasible callstack configurations using regular expressions, and it employs a precise, demand-driven algorithm for answering such queries. Specifically, EXPLORER constructs an automaton A that is iteratively refined until either the language accepted by A is empty (meaning that the query has been refuted) or until no further refinement is possible based on a precise, context-sensitive abstraction of the program. We evaluate EXPLORER by applying it to three different program analysis tasks, namely, (1) analysis of the observer design pattern in Java, (2) identification of a class of performance bugs, and (3) analysis of inter-component communication in Android applications. Our evaluation shows that EXPLORER is both efficient and precise.

References

  1. G. Agrawal, J. Li, and Q. Su. Evaluating a demand driven technique for call graph construction. In CC, pages 29–45. Springer, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. K. Ali and O. Lhotak. Application-only call graph construction. In ECOOP, pages 688–712. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. T. Azim and I. Neamtiu. Targeted and depth-first exploration for systematic testing of android apps. In OOPSLA, pages 641–660, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. D. Bacon and P. Sweeney. Fast static analysis of c++ virtual function calls. ACM Sigplan Notices, 31:324–341, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. C. Baier, J.-P. Katoen, et al. Principles of model checking, volume 26202649. MIT press Cambridge, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. T. Ball and S. K. Rajamani. Slic: a specification language for interface checking (of c). Microsoft Research, 2002.Google ScholarGoogle Scholar
  7. S. M. Blackburn, R. Garner, C. Hoffmann, A. M. Khang, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, et al. The dacapo benchmarks: Java benchmarking development and analysis. In ACM Sigplan Notices, volume 41, pages 169–190. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Y. Cao, Y. Fratantonio, A. Bianchi, M. Egele, C. Kruegel, G. Vigna, and Y. Chen. Edgeminer: Automatically detecting implicit control flow transitions through the android framework. In NDSS, 2015.Google ScholarGoogle ScholarCross RefCross Ref
  9. A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise analysis of string expressions. In Static Analysis Symposium (SAS), volume 2694 of LNCS, pages 1–18, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. E. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. Journal of the ACM, 50(5):752–794, 2000.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. E. M. Clarke, O. Grumberg, and D. Peled. Model checking. MIT press, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. J. W. Cooper. Java design patterns: a tutorial. Addison-Wesley Professional, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Dean, D. Grove, and C. Chambers. Optimization of objectoriented programs using static class hierarchy analysis. In ECOOP, pages 77–101, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. E. Duesterwald, R. Gupta, and M. L. Soffa. Demand-driven computation of interprocedural data flow. In POPL’95, pages 37–48. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In OSDI. USENIX Association, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Y. Feng, S. Anand, I. Dillig, and A. Aiken. Apposcopy: Semantics-based detection of android malware through static analysis. In SIGSOFT FSE, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. L. Ford and D. R. Fulkerson. Flows in networks, volume 1962. Princeton Princeton University Press, 1962.Google ScholarGoogle ScholarCross RefCross Ref
  18. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. Riskranker: scalable and accurate zero-day android malware detection. In MobiSys, pages 281–294, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. S. Z. Guyer and C. Lin. Client-driven pointer analysis. In Static Analysis, pages 214–236. Springer, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. N. Heintze and O. Tardieu. Demand-driven pointer analysis. In PLDI, pages 24–34. ACM, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Software verification with BLAST. In SPIN Workshop, pages 235–239, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. S. Lerner, T. Millstein, E. Rice, and C. Chambers. Automated soundness proofs for dataflow analyses and transformations via local rules. In POPL, pages 364–377, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. O. Lhoták and L. Hendren. Scaling java points-to analysis using spark. In Compiler Construction, pages 153–169. Springer, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Y. Liu, C. Xu, and S. Cheung. Characterizing and detecting performance bugs for smartphone applications. In ICSE, pages 1013–1024, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. M. Martin, B. Livshits, and M. S. Lam. Finding application errors and security flaws using PQL. In OOPSLA, pages 365– 383, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for java. TOSEM, 14(1):1–41, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. F. Nielson and H. R. Nielson. Interprocedural control flow analysis. In ESOP, pages 20–39, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. L. Traon. Effective inter-component communication mapping in android with epicc: an essential step towards holistic security analysis. In USENIX Security, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. F. B. Schneider. Enforceable security policies. TISSEC, 3(1):30–50, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. O. Shivers. Control flow analysis in scheme. In PLDI, pages 164–174. ACM, 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. O. Shivers. Control-flow analysis of higher-order languages. PhD thesis, Carnegie Mellon University, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. S. Shoham, E. Yahav, S. Fink, and M. Pistoia. Static specification mining using automata-based abstractions. In ISSTA, pages 174–184. ACM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. M. Sridharan and R. Bodik. Refinement-based contextsensitive points-to analysis for java. In PLDI, pages 387–400. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. M. Sridharan, D. Gopan, L. Shan, and R. Bodik. Demanddriven pointers-to analysis for java. In OOPSLA, pages 59–76. ACM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. Software Engineering, IEEE Transactions on, (1):157–171, 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. H. Tang, X. Wang, L. Zhang, B. Xie, L. Zhang, and H. Mei. Summary-based context-sensitive data-dependence analysis in presence of callbacks. In POPL, pages 83–95, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan. Soot-a java bytecode optimization framework. In CASCON, page 13, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. D. Yan, G. Xu, and A. Rountev. Demand-driven contextsensitive alias analysis for java. In ISSTA, pages 155–165, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. S. Yang, D. Yan, H. Wu, Y. Wang, and A. Rountev. Static control-flow analysis of user-driven callbacks in android applications. In ICSE, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. X. Zheng and R. Rugina. Demand-driven alias analysis for c. ACM SIGPLAN Notices, 43(1):197–208, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In NDSS, 2012.Google ScholarGoogle Scholar

Index Terms

  1. EXPLORER : query- and demand-driven exploration of interprocedural control flow properties

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 50, Issue 10
      OOPSLA '15
      October 2015
      953 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2858965
      • Editor:
      • Andy Gill
      Issue’s Table of Contents
      • cover image ACM Conferences
        OOPSLA 2015: Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications
        October 2015
        953 pages
        ISBN:9781450336895
        DOI:10.1145/2814270

      Copyright © 2015 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 23 October 2015

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!