skip to main content
research-article
Public Access

Active learning of points-to specifications

Published:11 June 2018Publication History
Skip Abstract Section

Abstract

When analyzing programs, large libraries pose significant challenges to static points-to analysis. A popular solution is to have a human analyst provide points-to specifications that summarize relevant behaviors of library code, which can substantially improve precision and handle missing code such as native code. We propose Atlas, a tool that automatically infers points-to specifications. Atlas synthesizes unit tests that exercise the library code, and then infers points-to specifications based on observations from these executions. Atlas automatically infers specifications for the Java standard library, and produces better results for a client static information flow analysis on a benchmark of 46 Android apps compared to using existing handwritten specifications.

Skip Supplemental Material Section

Supplemental Material

p678-bastani.webm

References

  1. Aws Albarghouthi, Isil Dillig, and Arie Gurfinkel. 2016. Maximal specification synthesis. In POPL. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Karim Ali and Ondrej Lhoták. 2013. Averroes: Whole-program analysis without the whole program. In ECOOP. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Rajeev Alur, Pavol Cerny, Parthasarathy Madhusudan, and Wonhong Nam. 2005. Synthesis of interface specifications for Java classes. In POPL. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Glenn Ammons, Rastislav Bodík, and James R Larus. 2002. Mining specifications. In POPL. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Lars Ole Andersen. 1994. Program analysis and specialization for the C programming language. Ph.D. Dissertation. University of Cophenhagen.Google ScholarGoogle Scholar
  6. Dana Angluin. 1987. Learning regular sets from queries and counterexamples. Information and computation (1987). Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Osbert Bastani, Saswat Anand, and Alex Aiken. 2015. Interactively verifying absence of explicit information flows in Android apps. In OOPSLA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Osbert Bastani, Saswat Anand, and Alex Aiken. 2015. Specification inference using context-free language reachability. In POPL. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Osbert Bastani, Lazaro Clapp, Saswat Anand, Rahul Sharma, and Alex Aiken. 2017. Eventually Sound Points-To Analysis with Missing Code. arXiv preprint arXiv:1711.03436 (2017).Google ScholarGoogle Scholar
  11. Osbert Bastani, Rahul Sharma, Alex Aiken, and Percy Liang. 2017. Synthesizing program input grammars. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Nels E Beckman and Aditya V Nori. 2011. Probabilistic, modular and scalable inference of typestate specifications. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Lazaro Clapp, Saswat Anand, and Alex Aiken. 2015. Modelgen: mining explicit information flow specifications from concrete executions. In ISSTA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Facebook. 2017. Adding models. (2017). http://fbinfer.com/docs/adding-models.htmlGoogle ScholarGoogle Scholar
  15. Manuel Fähndrich, Jeffrey S Foster, Zhendong Su, and Alexander Aiken. 1998. Partial online cycle elimination in inclusion constraint graphs. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. 2014. Apposcopy: Semantics-based detection of android malware through static analysis. In FSE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Adam P Fuchs, Avik Chaudhuri, and Jeffrey S Foster. 2009. Scandroid: Automated security certification of android. (2009).Google ScholarGoogle Scholar
  18. Stefan Heule, Eric Schkufza, Rahul Sharma, and Alex Aiken. 2016. Stratified synthesis: automatically learning the x86-64 instruction set. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Stefan Heule, Manu Sridharan, and Satish Chandra. 2015. Mimic: Computing models for opaque code. In FSE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Jinseong Jeon, Xiaokang Qiu, Jonathan Fetter-Degges, Jeffrey S Foster, and Armando Solar-Lezama. 2016. Synthesizing framework models for symbolic execution. In ICSE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Levente Kocsis and Csaba Szepesvári. 2006. Bandit based monte-carlo planning. In ECML. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. John Kodumal and Alex Aiken. 2004. The set constraint/CFL reachability connection in practice. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. John Kodumal and Alexander Aiken. 2005. Banshee: A scalable constraint-based analysis toolkit. In SAS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Ted Kremenek, Paul Twohey, Godmar Back, Andrew Ng, and Dawson Engler. 2006. From uncertainty to belief: Inferring the specification within. In OSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Percy Liang and Mayur Naik. 2011. Scaling abstraction refinement via pruning. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Benjamin Livshits, Aditya V Nori, Sriram K Rajamani, and Anindya Banerjee. 2009. Merlin: specification inference for explicit information flow problems. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. David Melski and Thomas Reps. 2000. Interconvertibility of a class of set constraints and context-free-language reachability. TCS (2000). Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Ana Milanova, Atanas Rountev, and Barbara G Ryder. 2002. Parameterized object sensitivity for points-to and side-effect analyses for Java. In ISSTA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Mayur Naik, Alex Aiken, and John Whaley. 2006. Effective static race detection for Java. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Jeremy W Nimmer and Michael D Ernst. 2002. Automatic generation of program specifications. In ISSTA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. José Oncina and Pedro García. 1992. Identifying regular languages in polynomial time. Advances in Structural and Syntactic Pattern Recognition (1992).Google ScholarGoogle Scholar
  32. Murali Krishna Ramanathan, Ananth Grama, and Suresh Jagannathan. 2007. Static specification inference using predicate mining. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Thomas Reps. 1998. Program analysis via graph reachability. Information and software technology (1998).Google ScholarGoogle Scholar
  34. Andrei Sabelfeld and Andrew C Myers. 2003. Language-based information-flow security. IEEE Journal on selected areas in communications (2003). Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Rahul Sharma and Alex Aiken. 2014. From invariant checking to invariant inference using randomized search. In CAV. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Rahul Sharma, Aditya V Nori, and Alex Aiken. 2012. Interpolants as classifiers. In CAV. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Rahul Sharma, Eric Schkufza, Berkeley Churchill, and Alex Aiken. 2013. Data-driven equivalence checking. In OOPSLA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Olin Shivers. 1991. Control-flow analysis of higher-order languages. Ph.D. Dissertation. Citeseer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Sharon Shoham, Eran Yahav, Stephen Fink, and Marco Pistoia. 2007. Static specification mining using automata-based abstractions. In ISSTA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Yannis Smaragdakis, George Kastrinis, and George Balatsouras. 2014. Introspective analysis: context-sensitivity, across the board. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Manu Sridharan and Rastislav Bodík. 2006. Refinement-based context-sensitive points-to analysis for Java. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Manu Sridharan, Denis Gopan, Lexin Shan, and Rastislav Bodík. 2005. Demand-driven points-to analysis for Java. In OOPSLA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot-a Java bytecode optimization framework. In CASCON. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. John Whaley and Monica Lam. 2004. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Robert P Wilson and Monica S Lam. 1995. Efficient context-sensitive pointer analysis for C programs. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Jinlin Yang, David Evans, Deepali Bhardwaj, Thirumalesh Bhat, and Manuvir Das. 2006. Perracotta: mining temporal API rules from imperfect traces. In ICSE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Xin Zhang, Ravi Mangal, Radu Grigore, Mayur Naik, and Hongseok Yang. 2014. On abstraction refinement for program analyses in Datalog. In PLDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Haiyan Zhu, Thomas Dillig, and Isil Dillig. 2013. Automated inference of library specifications for source-sink property verification. In APLAS. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Active learning of points-to specifications

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 53, Issue 4
      PLDI '18
      April 2018
      834 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/3296979
      Issue’s Table of Contents
      • cover image ACM Conferences
        PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation
        June 2018
        825 pages
        ISBN:9781450356985
        DOI:10.1145/3192366

      Copyright © 2018 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 11 June 2018

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!