Abstract
Program analyses frequently track objects throughout a program, which requires reasoning about aliases. Most dataflow analysis frameworks, however, delegate the task of handling aliases to the analysis clients, which causes a number of problems. For instance, custom-made extensions for alias analysis are complex and cannot easily be reused. On the other hand, due to the complex interfaces involved, off-the-shelf alias analyses are hard to integrate precisely into clients. Lastly, for precision many clients require strong updates, and alias abstractions supporting strong updates are often relatively inefficient.
In this paper, we present IDEal, an alias-aware extension to the framework for Interprocedural Distributive Environment (IDE) problems. IDEal relieves static-analysis authors completely of the burden of handling aliases by automatically resolving alias queries on-demand, both efficiently and precisely. IDEal supports a highly precise analysis using strong updates by resorting to an on-demand, flow-sensitive, and context-sensitive all-alias analysis. Yet, it achieves previously unseen efficiency by propagating aliases individually, creating highly reusable per-pointer summaries.
We empirically evaluate IDEal by comparing TSf, a state-of-the-art typestate analysis, to TSal, an IDEal-based typestate analysis. Our experiments show that the individual propagation of aliases within IDEal enables TSal to propagate 10.4x fewer dataflow facts and analyze 10.3x fewer methods when compared to TSf. On the DaCapo benchmark suite, TSal is able to efficiently compute precise results.
- Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. 2016. AndroZoo: collecting millions of Android apps for the research community. In International Conference on Mining Software Repositories (MSR). 468–471. Google Scholar
Digital Library
- Rajeev Alur, Pavol Cerný, P. Madhusudan, and Wonhong Nam. 2005. Synthesis of interface specifications for Java classes. In Symposium on Principles of Programming Languages (POPL). 98–109. Google Scholar
Digital Library
- Steven Arzt and Eric Bodden. 2016. StubDroid: automatic inference of precise data-flow summaries for the android framework. In International Conference on Software Engineering (ICSE). 725–735. Google Scholar
Digital Library
- Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Programming Language Design and Implementation (PLDI). 259–269. Google Scholar
Digital Library
- Stephen M. Blackburn, Robin Garner, Chris Hoffmann, Asjad M. Khan, Kathryn S. McKinley, Rotem Bentzur, Amer Diwan, Daniel Feinberg, Daniel Frampton, Samuel Z. Guyer, Martin Hirzel, Antony L. Hosking, Maria Jump, Han Bok Lee, J. Eliot B. Moss, Aashish Phansalkar, Darko Stefanovic, Thomas VanDrunen, Daniel von Dincklage, and Ben Wiedermann. 2006. The DaCapo benchmarks: Java benchmarking development and analysis. In Object-Oriented Programming Systems, Languages and Applications (OOPSLA) . 169–190.Google Scholar
- Sam Blackshear, Bor-Yuh Evan Chang, and Manu Sridharan. 2015. Selective control-flow abstraction via jumping. In Object-Oriented Programming Systems, Languages and Applications (OOPSLA) . 163–182. Google Scholar
Digital Library
- Eric Bodden, Reehan Shaikh, and Laurie J. Hendren. 2008. Relational aspects as tracematches. In International Conference on Aspect-Oriented Software Development (AOSD) . 84–95. Google Scholar
Digital Library
- Eric Bodden, Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba, and Mira Mezini. 2013. SPLLIFT: statically analyzing software product lines in minutes instead of years. In Programming Language Design and Implementation (PLDI) . 355–364. Google Scholar
Digital Library
- Cristiano Calcagno, Dino Distefano, Peter W. O’Hearn, and Hongseok Yang. 2009. Compositional shape analysis by means of bi-abduction. In Symposium on Principles of Programming Languages (POPL). 289–300. Google Scholar
Digital Library
- Nurit Dor, Michael Rodeh, and Shmuel Sagiv. 2000. Checking Cleanness in Linked Lists. In International Symposium on Static Analysis (SAS) . 115–134. Google Scholar
Cross Ref
- Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. 2013. An empirical study of cryptographic misuse in android applications. In 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4-8, 2013 . 73–84. Google Scholar
Digital Library
- Pietro Ferrara. 2014. Generic Combination of Heap and Value Analyses in Abstract Interpretation. In Verification, Model Checking, and Abstract Interpretation (VMCAI) . 302–321. Google Scholar
Digital Library
- Stephen J. Fink, Eran Yahav, Nurit Dor, G. Ramalingam, and Emmanuel Geay. 2006. Effective typestate verification in the presence of aliasing. In International Symposium on Software Testing and Analysis (ISSTA). 133–144. Google Scholar
Digital Library
- Stephen J. Fink, Eran Yahav, Nurit Dor, G. Ramalingam, and Emmanuel Geay. 2008. Effective typestate verification in the presence of aliasing. ACM Transactions on Software Engineering and Methodology (TOSEM) 17, 2 (2008).Google Scholar
Digital Library
- Manuel Geffken, Hannes Saffrich, and Peter Thiemann. 2014. Precise Interprocedural Side-Effect Analysis. In International Colloquium on Theoretical Aspects of Computing (ICTAC) . 188–205. Google Scholar
Cross Ref
- Rakesh Ghiya and Laurie J. Hendren. 1996. Is it a Tree, a DAG, or a Cyclic Graph? A Shape Analysis for Heap-Directed Pointers in C. In Symposium on Principles of Programming Languages (POPL). 1–15. Google Scholar
Digital Library
- Alexey Gotsman, Josh Berdine, and Byron Cook. 2006. Interprocedural Shape Analysis with Separated Heap Abstractions. In International Symposium on Static Analysis (SAS). 240–260. Google Scholar
Digital Library
- Bertrand Jeannet, Alexey Loginov, Thomas W. Reps, and Shmuel Sagiv. 2004. A Relational Approach to Interprocedural Shape Analysis. In International Symposium on Static Analysis (SAS). 246–264. Google Scholar
Cross Ref
- Vini Kanvar and Uday P. Khedker. 2016. Heap Abstractions for Static Analysis. ACM Computing Surveys (CSUR) 49, 2 (2016), 29:1–29:47.Google Scholar
- Uday P. Khedker, Amitabha Sanyal, and Amey Karkare. 2007. Heap reference analysis using access graphs. ACM Transactions on Programming Languages and Systems (TOPLAS) 30, 1 (2007). Google Scholar
Digital Library
- Ondrej Lhoták and Kwok-Chiang Andrew Chung. 2011. Points-to analysis with efficient strong updates. In Symposium on Principles of Programming Languages (POPL) . 3–16. Google Scholar
Digital Library
- Magnus Madsen and Anders Møller. 2014. Sparse Dataflow Analysis with Pointers and Reachability. In International Symposium on Static Analysis (SAS) . 201–218. Google Scholar
Cross Ref
- Sarah Nadi, Stefan Krüger, Mira Mezini, and Eric Bodden. 2016. Jumping through hoops: why do Java developers struggle with cryptography APIs?. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016 . 935–946. Google Scholar
Digital Library
- Nomair A. Naeem and Ondrej Lhoták. 2008. Typestate-like analysis of multiple interacting objects. In Object-Oriented Programming Systems, Languages and Applications (OOPSLA) . 347–366. Google Scholar
Digital Library
- Nomair A. Naeem and Ondrej Lhoták. 2011. Faster Alias Set Analysis Using Summaries. In Compiler Construction (CC). 82–103. Google Scholar
Cross Ref
- Nomair A. Naeem, Ondrej Lhoták, and Jonathan Rodriguez. 2010. Practical Extensions to the IFDS Algorithm. In Compiler Construction (CC) . 124–144. Google Scholar
Digital Library
- Rohan Padhye and Uday P. Khedker. 2013. Interprocedural data flow analysis in Soot using value contexts. In International Workshop on State Of the Art in Java Program analysis, (SOAP) . 31–36. Google Scholar
Digital Library
- Marianna Rapoport, Ondrej Lhoták, and Frank Tip. 2015. Precise Data Flow Analysis in the Presence of Correlated Method Calls. In International Symposium on Static Analysis (SAS). 54–71. Google Scholar
Cross Ref
- Thomas W. Reps, Susan Horwitz, and Shmuel Sagiv. 1995. Precise Interprocedural Dataflow Analysis via Graph Reachability. In Symposium on Principles of Programming Languages (POPL). 49–61. Google Scholar
Digital Library
- John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Symposium on Logic in Computer Science (LICS) . 55–74. Google Scholar
Cross Ref
- Shmuel Sagiv, Thomas W. Reps, and Susan Horwitz. 1996. Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation. Theoretical Computer Science 167, 1&2 (1996), 131–170.Google Scholar
- Shmuel Sagiv, Thomas W. Reps, and Reinhard Wilhelm. 1999. Parametric Shape Analysis via 3-Valued Logic. In Symposium on Principles of Programming Languages (POPL) . 105–118. Google Scholar
Digital Library
- Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, and Eric Bodden. 2016. Boomerang: Demand-Driven Flow- and ContextSensitive Pointer Analysis for Java. In European Conference on Object-Oriented Programming (ECOOP). 22:1–22:26.Google Scholar
- Manu Sridharan, Satish Chandra, Julian Dolby, Stephen J. Fink, and Eran Yahav. 2013. Alias Analysis for Object-Oriented Programs. In Aliasing in Object-Oriented Programming. Types, Analysis and Verification. 196–232. Google Scholar
Cross Ref
- Manu Sridharan, Denis Gopan, Lexin Shan, and Rastislav Bodík. 2005. Demand-driven points-to analysis for Java. In Object-Oriented Programming Systems, Languages and Applications (OOPSLA) . 59–76. Google Scholar
Digital Library
- Omer Tripp, Marco Pistoia, Patrick Cousot, Radhia Cousot, and Salvatore Guarnieri. 2013. Andromeda: Accurate and Scalable Security Analysis of Web Applications. In International Conference on Fundamental Approaches to Software Engineering (FASE) . 210–225. Google Scholar
Digital Library
- Octavian Udrea and Cristian Lumezanu. 2006. Rule-Based Static Analysis of Network Protocol Implementations. In USENIX Security Symposium . 193–208.Google Scholar
- John Whaley, Michael C. Martin, and Monica S. Lam. 2002. Automatic extraction of object-oriented component interfaces. In International Symposium on Software Testing and Analysis (ISSTA). 218–228. Google Scholar
Digital Library
- Eran Yahav and G. Ramalingam. 2004. Verifying safety properties using separation and heterogeneous abstractions. In Programming Language Design and Implementation (PLDI) . 25–34. Google Scholar
Digital Library
- Dacong Yan, Guoqing (Harry) Xu, and Atanas Rountev. 2011. Demand-driven context-sensitive alias analysis for Java. In International Symposium on Software Testing and Analysis (ISSTA) . 155–165. Google Scholar
Digital Library
Index Terms
IDEal: efficient and precise alias-aware dataflow analysis
Recommendations
Context-, flow-, and field-sensitive data-flow analysis using synchronized Pushdown systems
Precise static analyses are context-, field- and flow-sensitive. Context- and field-sensitivity are both expressible as context-free language (CFL) reachability problems. Solving both CFL problems along the same data-flow path is undecidable, which is ...
Precise flow-insensitive may-alias analysis is NP-hard
Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...
Precise and efficient integration of interprocedural alias information into data-flow analysis
Data-flow analysis is a basis for program optimization and parallelizing transformations. The mechanism of passing reference parameters at call sites generates interprocedural aliases which complicate this analysis. Solutions have been developed for ...






Comments