skip to main content
research-article
Open Access
Artifacts Available
Artifacts Evaluated & Functional

IDEal: efficient and precise alias-aware dataflow analysis

Published:12 October 2017Publication History
Skip Abstract Section

Abstract

Program analyses frequently track objects throughout a program, which requires reasoning about aliases. Most dataflow analysis frameworks, however, delegate the task of handling aliases to the analysis clients, which causes a number of problems. For instance, custom-made extensions for alias analysis are complex and cannot easily be reused. On the other hand, due to the complex interfaces involved, off-the-shelf alias analyses are hard to integrate precisely into clients. Lastly, for precision many clients require strong updates, and alias abstractions supporting strong updates are often relatively inefficient.

In this paper, we present IDEal, an alias-aware extension to the framework for Interprocedural Distributive Environment (IDE) problems. IDEal relieves static-analysis authors completely of the burden of handling aliases by automatically resolving alias queries on-demand, both efficiently and precisely. IDEal supports a highly precise analysis using strong updates by resorting to an on-demand, flow-sensitive, and context-sensitive all-alias analysis. Yet, it achieves previously unseen efficiency by propagating aliases individually, creating highly reusable per-pointer summaries.

We empirically evaluate IDEal by comparing TSf, a state-of-the-art typestate analysis, to TSal, an IDEal-based typestate analysis. Our experiments show that the individual propagation of aliases within IDEal enables TSal to propagate 10.4x fewer dataflow facts and analyze 10.3x fewer methods when compared to TSf. On the DaCapo benchmark suite, TSal is able to efficiently compute precise results.

References

  1. Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. 2016. AndroZoo: collecting millions of Android apps for the research community. In International Conference on Mining Software Repositories (MSR). 468–471. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Rajeev Alur, Pavol Cerný, P. Madhusudan, and Wonhong Nam. 2005. Synthesis of interface specifications for Java classes. In Symposium on Principles of Programming Languages (POPL). 98–109. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Steven Arzt and Eric Bodden. 2016. StubDroid: automatic inference of precise data-flow summaries for the android framework. In International Conference on Software Engineering (ICSE). 725–735. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Programming Language Design and Implementation (PLDI). 259–269. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Stephen M. Blackburn, Robin Garner, Chris Hoffmann, Asjad M. Khan, Kathryn S. McKinley, Rotem Bentzur, Amer Diwan, Daniel Feinberg, Daniel Frampton, Samuel Z. Guyer, Martin Hirzel, Antony L. Hosking, Maria Jump, Han Bok Lee, J. Eliot B. Moss, Aashish Phansalkar, Darko Stefanovic, Thomas VanDrunen, Daniel von Dincklage, and Ben Wiedermann. 2006. The DaCapo benchmarks: Java benchmarking development and analysis. In Object-Oriented Programming Systems, Languages and Applications (OOPSLA) . 169–190.Google ScholarGoogle Scholar
  6. Sam Blackshear, Bor-Yuh Evan Chang, and Manu Sridharan. 2015. Selective control-flow abstraction via jumping. In Object-Oriented Programming Systems, Languages and Applications (OOPSLA) . 163–182. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Eric Bodden, Reehan Shaikh, and Laurie J. Hendren. 2008. Relational aspects as tracematches. In International Conference on Aspect-Oriented Software Development (AOSD) . 84–95. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Eric Bodden, Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba, and Mira Mezini. 2013. SPLLIFT: statically analyzing software product lines in minutes instead of years. In Programming Language Design and Implementation (PLDI) . 355–364. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Cristiano Calcagno, Dino Distefano, Peter W. O’Hearn, and Hongseok Yang. 2009. Compositional shape analysis by means of bi-abduction. In Symposium on Principles of Programming Languages (POPL). 289–300. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Nurit Dor, Michael Rodeh, and Shmuel Sagiv. 2000. Checking Cleanness in Linked Lists. In International Symposium on Static Analysis (SAS) . 115–134. Google ScholarGoogle ScholarCross RefCross Ref
  11. Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. 2013. An empirical study of cryptographic misuse in android applications. In 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4-8, 2013 . 73–84. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Pietro Ferrara. 2014. Generic Combination of Heap and Value Analyses in Abstract Interpretation. In Verification, Model Checking, and Abstract Interpretation (VMCAI) . 302–321. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Stephen J. Fink, Eran Yahav, Nurit Dor, G. Ramalingam, and Emmanuel Geay. 2006. Effective typestate verification in the presence of aliasing. In International Symposium on Software Testing and Analysis (ISSTA). 133–144. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Stephen J. Fink, Eran Yahav, Nurit Dor, G. Ramalingam, and Emmanuel Geay. 2008. Effective typestate verification in the presence of aliasing. ACM Transactions on Software Engineering and Methodology (TOSEM) 17, 2 (2008).Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Manuel Geffken, Hannes Saffrich, and Peter Thiemann. 2014. Precise Interprocedural Side-Effect Analysis. In International Colloquium on Theoretical Aspects of Computing (ICTAC) . 188–205. Google ScholarGoogle ScholarCross RefCross Ref
  16. Rakesh Ghiya and Laurie J. Hendren. 1996. Is it a Tree, a DAG, or a Cyclic Graph? A Shape Analysis for Heap-Directed Pointers in C. In Symposium on Principles of Programming Languages (POPL). 1–15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Alexey Gotsman, Josh Berdine, and Byron Cook. 2006. Interprocedural Shape Analysis with Separated Heap Abstractions. In International Symposium on Static Analysis (SAS). 240–260. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Bertrand Jeannet, Alexey Loginov, Thomas W. Reps, and Shmuel Sagiv. 2004. A Relational Approach to Interprocedural Shape Analysis. In International Symposium on Static Analysis (SAS). 246–264. Google ScholarGoogle ScholarCross RefCross Ref
  19. Vini Kanvar and Uday P. Khedker. 2016. Heap Abstractions for Static Analysis. ACM Computing Surveys (CSUR) 49, 2 (2016), 29:1–29:47.Google ScholarGoogle Scholar
  20. Uday P. Khedker, Amitabha Sanyal, and Amey Karkare. 2007. Heap reference analysis using access graphs. ACM Transactions on Programming Languages and Systems (TOPLAS) 30, 1 (2007). Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Ondrej Lhoták and Kwok-Chiang Andrew Chung. 2011. Points-to analysis with efficient strong updates. In Symposium on Principles of Programming Languages (POPL) . 3–16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Magnus Madsen and Anders Møller. 2014. Sparse Dataflow Analysis with Pointers and Reachability. In International Symposium on Static Analysis (SAS) . 201–218. Google ScholarGoogle ScholarCross RefCross Ref
  23. Sarah Nadi, Stefan Krüger, Mira Mezini, and Eric Bodden. 2016. Jumping through hoops: why do Java developers struggle with cryptography APIs?. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016 . 935–946. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Nomair A. Naeem and Ondrej Lhoták. 2008. Typestate-like analysis of multiple interacting objects. In Object-Oriented Programming Systems, Languages and Applications (OOPSLA) . 347–366. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Nomair A. Naeem and Ondrej Lhoták. 2011. Faster Alias Set Analysis Using Summaries. In Compiler Construction (CC). 82–103. Google ScholarGoogle ScholarCross RefCross Ref
  26. Nomair A. Naeem, Ondrej Lhoták, and Jonathan Rodriguez. 2010. Practical Extensions to the IFDS Algorithm. In Compiler Construction (CC) . 124–144. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Rohan Padhye and Uday P. Khedker. 2013. Interprocedural data flow analysis in Soot using value contexts. In International Workshop on State Of the Art in Java Program analysis, (SOAP) . 31–36. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Marianna Rapoport, Ondrej Lhoták, and Frank Tip. 2015. Precise Data Flow Analysis in the Presence of Correlated Method Calls. In International Symposium on Static Analysis (SAS). 54–71. Google ScholarGoogle ScholarCross RefCross Ref
  29. Thomas W. Reps, Susan Horwitz, and Shmuel Sagiv. 1995. Precise Interprocedural Dataflow Analysis via Graph Reachability. In Symposium on Principles of Programming Languages (POPL). 49–61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Symposium on Logic in Computer Science (LICS) . 55–74. Google ScholarGoogle ScholarCross RefCross Ref
  31. Shmuel Sagiv, Thomas W. Reps, and Susan Horwitz. 1996. Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation. Theoretical Computer Science 167, 1&2 (1996), 131–170.Google ScholarGoogle Scholar
  32. Shmuel Sagiv, Thomas W. Reps, and Reinhard Wilhelm. 1999. Parametric Shape Analysis via 3-Valued Logic. In Symposium on Principles of Programming Languages (POPL) . 105–118. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, and Eric Bodden. 2016. Boomerang: Demand-Driven Flow- and ContextSensitive Pointer Analysis for Java. In European Conference on Object-Oriented Programming (ECOOP). 22:1–22:26.Google ScholarGoogle Scholar
  34. Manu Sridharan, Satish Chandra, Julian Dolby, Stephen J. Fink, and Eran Yahav. 2013. Alias Analysis for Object-Oriented Programs. In Aliasing in Object-Oriented Programming. Types, Analysis and Verification. 196–232. Google ScholarGoogle ScholarCross RefCross Ref
  35. Manu Sridharan, Denis Gopan, Lexin Shan, and Rastislav Bodík. 2005. Demand-driven points-to analysis for Java. In Object-Oriented Programming Systems, Languages and Applications (OOPSLA) . 59–76. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Omer Tripp, Marco Pistoia, Patrick Cousot, Radhia Cousot, and Salvatore Guarnieri. 2013. Andromeda: Accurate and Scalable Security Analysis of Web Applications. In International Conference on Fundamental Approaches to Software Engineering (FASE) . 210–225. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Octavian Udrea and Cristian Lumezanu. 2006. Rule-Based Static Analysis of Network Protocol Implementations. In USENIX Security Symposium . 193–208.Google ScholarGoogle Scholar
  38. John Whaley, Michael C. Martin, and Monica S. Lam. 2002. Automatic extraction of object-oriented component interfaces. In International Symposium on Software Testing and Analysis (ISSTA). 218–228. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Eran Yahav and G. Ramalingam. 2004. Verifying safety properties using separation and heterogeneous abstractions. In Programming Language Design and Implementation (PLDI) . 25–34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Dacong Yan, Guoqing (Harry) Xu, and Atanas Rountev. 2011. Demand-driven context-sensitive alias analysis for Java. In International Symposium on Software Testing and Analysis (ISSTA) . 155–165. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. IDEal: efficient and precise alias-aware dataflow analysis

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!