skip to main content
research-article
Open Access

FlowCFL: generalized type-based reachability analysis: graph reduction and equivalence of CFL-based and type-based reachability

Published:13 November 2020Publication History
Skip Abstract Section

Abstract

Reachability analysis is a fundamental program analysis with a wide variety of applications. We present FlowCFL, a type-based reachability analysis that accounts for mutable heap data. The underlying semantics of FlowCFL is Context-Free-Language (CFL)-reachability.

We make three contributions. First, we define a dynamic semantics that captures the notion of flow commonly used in reachability analysis. Second, we establish correctness of CFL-reachability over graphs with inverse edges (inverse edges are necessary for the handling of mutable heap data). Our approach combines CFL-reachability with reference immutability to avoid the addition of certain inverse edges, which results in graph reduction and precision improvement. The key contribution of our work is the formal account of correctness, which extends to the case when inverse edges are removed. Third, we present a type-based reachability analysis and establish equivalence between a certain CFL-reachability analysis and the type-based analysis, thus proving correctness of the type-based analysis.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

This is the presentation video of my paper accepted at the research track at OOPSLA'20. In this paper, we make three contributions. First, we define a dynamic semantics that captures the notion of flow commonly used in reachability analysis. Second, we establish correctness of CFL-reachability over graphs with inverse edges (inverse edges are necessary for the handling of mutable heap data). Our approach combines CFL-reachability with reference immutability to avoid the addition of certain inverse edges, which results in graph reduction and precision improvement. The key contribution of our work is the formal account of correctness, which extends to the case when inverse edges are removed. Third, we present a type-based reachability analysis and establish equivalence between a certain CFL-reachability analysis and the type-based analysis, thus proving correctness of the type-based analysis.

References

  1. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, Edinburgh, United Kingdom-June 09-11, 2014. ACM, New York, NY, USA, 259-269. https://doi.org/10.1145/2594291.2594299 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Joseph A. Bank, Andrew C. Myers, and Barbara Liskov. 1997. Parameterized Types for Java. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '97). ACM, New York, NY, USA, 132-145. https://doi.org/10.1145/263699.263714 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Michael Carbin, Sasa Misailovic, and Martin C. Rinard. 2013a. Verifying quantitative reliability for programs that execute on unreliable hardware. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2013, part of SPLASH 2013, Indianapolis, IN, USA, October 26-31, 2013. ACM, New York, NY, USA, 33-52. https://doi.org/10.1145/2509136.2509546 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Michael Carbin, Sasa Misailovic, and Martin C. Rinard. 2013b. Verifying quantitative reliability for programs that execute on unreliable hardware (Appendix). http://groups.csail.mit.edu/pac/rely/rely13appendix.pdf.Google ScholarGoogle Scholar
  5. Krishnendu Chatterjee, Bhavya Choudhary, and Andreas Pavlogiannis. 2018. Optimal Dyck reachability for data-dependence and alias analysis. PACMPL 2, POPL ( 2018 ), 30 : 1-30 : 30. https://doi.org/10.1145/3158118 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Werner Dietl, Michael D. Ernst, and Peter Müller. 2011. Tunable Static Inference for Generic Universe Types. In ECOOP 2011-Object-Oriented Programming-25th European Conference, Lancaster, UK, July 25-29, 2011 Proceedings (Lecture Notes in Computer Science), Mira Mezini (Ed.), Vol. 6813. Springer, Berlin, Heidelberg, 333-357. https://doi.org/10.1007/978-3-642-22655-7_16 Google ScholarGoogle ScholarCross RefCross Ref
  7. Julian Dolby, Christian Hammer, Daniel Marino, Frank Tip, Mandana Vaziri, and Jan Vitek. 2012. A data-centric approach to synchronization. ACM Transactions on Programming Languages and Systems 34, 1 (April 2012 ), 1-48. https://doi.org/ 10.1145/2160910.2160913 Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Yao Dong, Ana Milanova, and Julian Dolby. 2016. JCrypt: Towards Computation over Encrypted Data. In Proceedings of the 13th International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and Tools, Lugano, Switzerland, August 29-September 2, 2016. ACM, New York, NY, USA, 8 : 1-8 : 12. https: //doi.org/10.1145/2972206.2972209 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Michael D. Ernst, René Just, Suzanne Millstein, Werner Dietl, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paul o Barros, Ravi Bhoraskar, Seungyeop Han, Paul Vines, and Edward XueJun Wu. 2014. Collaborative Verification of Information Flow for a High-Assurance App Store. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014. ACM, New York, NY, USA, 1092-1104. https: //doi.org/10.1145/2660267.2660343 Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Manuel Fähndrich, Jakob Rehof, and Manuvir Das. 2000. Scalable Context-sensitive Flow Analysis Using Instantiation Constraints. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation (PLDI '00). ACM, New York, NY, USA, 253-263. https://doi.org/10.1145/349299.349332 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves le Traon, Damien Octeau, and Patrick McDaniel. 2013. Highly precise taint analysis for Android applications. EC SPRIDE Technical Report TUD-CS-2013-0113. http://www.bodden.de/pubs/TUD-CS-2013-0113.pdf.Google ScholarGoogle Scholar
  12. Robert Fuhrer, Frank Tip, Adam Kieżun, Julian Dolby, and Markus Keller. 2005. Eficiently Refactoring Java Applications to Use Generic Libraries. In Proceedings of the 19th European Conference on Object-Oriented Programming (ECOOP'05). Springer-Verlag, Berlin, Heidelberg, 71-96. https://doi.org/10.1007/11531142_4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Wei Huang, Werner Dietl, Ana Milanova, and Michael D. Ernst. 2012a. Inference and Checking of Object Ownership. In Proceedings of the 26th European Conference on Object-Oriented Programming (ECOOP'12). Springer-Verlag, Berlin, Heidelberg, 181-206. https://doi.org/10.1007/978-3-642-31057-7_9 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Wei Huang, Yao Dong, and Ana Milanova. 2014. Type-Based Taint Analysis for Java Web Applications. In Fundamental Approaches to Software Engineering-17th International Conference, FASE 2014, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, April 5-13, 2014, Proceedings (Lecture Notes in Computer Science), Stefania Gnesi and Arend Rensink (Eds.), Vol. 8411. Springer, Berlin, Heidelberg, 140-154. https://doi.org/10. 1007/978-3-642-54804-8_10 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Wei Huang, Yao Dong, Ana Milanova, and Julian Dolby. 2015. Scalable and Precise Taint Analysis for Android. In Proceedings of the 2015 International Symposium on Software Testing and Analysis (ISSTA 2015 ). ACM, New York, NY, USA, 106-117. https://doi.org/10.1145/2771783.2771803 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Wei Huang, Ana Milanova, Werner Dietl, and Michael D. Ernst. 2012b. Reim & ReImInfer: Checking and Inference of Reference Immutability and Method Purity. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA '12). ACM, New York, NY, USA, 879-896. https://doi.org/10. 1145/2384616.2384680 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Adam Kiezun, Michael D. Ernst, Frank Tip, and Robert M. Fuhrer. 2007. Refactoring for Parameterizing Java Classes. In Proceedings of the 29th International Conference on Software Engineering (ICSE '07). IEEE Computer Society, Washington, DC, USA, 437-446. https://doi.org/10.1109/ICSE. 2007.70 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Yuanbo Li, Qirun Zhang, and Thomas W. Reps. 2020. Fast graph simplification for interleaved Dyck-reachability. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020, Alastair F. Donaldson and Emina Torlak (Eds.). ACM, New York, NY, USA, 780-793. https://doi.org/10.1145/3385412.3386021 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Jingbo Lu and Jingling Xue. 2019. Precision-preserving yet fast object-sensitive pointer analysis with partial context sensitivity. PACMPL 3, OOPSLA ( 2019 ), 148 : 1-148 : 29. https://doi.org/10.1145/3360574 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Ana Milanova. 2018. Definite Reference Mutability. In 32nd European Conference on Object-Oriented Programming, ECOOP 2018, July 16-21, 2018, Amsterdam, The Netherlands (LIPIcs), Todd D. Millstein (Ed.), Vol. 109. Schloss Dagstuhl-LeibnizZentrum für Informatik, 25 : 1-25 : 30. https://doi.org/10.4230/LIPIcs.ECOOP. 2018.25 Google ScholarGoogle ScholarCross RefCross Ref
  21. Ana Milanova. 2020. FlowCFL: A Framework for Type-based Reachability Analysis in the Presence of Mutable Data. ( 2020 ). https://arxiv.org/abs/ 2005.06496Google ScholarGoogle Scholar
  22. Ana Milanova and Wei Huang. 2013. Composing polymorphic information flow systems with reference immutability. In Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs, FTfJP 2013, Montpellier, France, July 1, 2013. ACM, New York, NY, USA, 5 : 1-5 :7. https://doi.org/10.1145/2489804.2489809 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Ana Milanova, Wei Huang, and Yao Dong. 2014. CFL-reachability and context-sensitive integrity types. In 2014 International Conference on Principles and Practices of Programming on the Java Platform Virtual Machines, Languages and Tools, PPPJ '14, Cracow, Poland, September 23-26, 2014, Joanna Kolodziej and Bruce R. Childers (Eds.). ACM, New York, NY, USA, 99-109. https://doi.org/10.1145/2647508.2647522 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Andrew C. Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In POPL '99, Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, TX, USA, January 20-22, 1999. ACM, New York, NY, USA, 228-241. https://doi.org/10.1145/292540.292561 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Jens Palsberg. 2001. Type-based analysis and applications. In Proceedings of the 2001 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis For Software Tools and Engineering, PASTE'01, Snowbird, Utah, USA, June 18-19, 2001, John Field and Gregor Snelting (Eds.). ACM, New York, NY, USA, 20-27. https://doi.org/10.1145/379605.379635 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Jaime Quinonez, Matthew S. Tschantz, and Michael D. Ernst. 2008. Inference of Reference Immutability. In Proceedings of the 22Nd European Conference on Object-Oriented Programming (ECOOP '08). Springer-Verlag, Berlin, Heidelberg, 616-641. https://doi.org/10.1007/978-3-540-70592-5_26 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Jakob Rehof and Manuel Fähndrich. 2001. Type-base Flow Analysis: From Polymorphic Subtyping to CFL-reachability. In Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '01). ACM, New York, NY, USA, 54-66. https://doi.org/10.1145/360204.360208 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Thomas W. Reps. 1998. Program analysis via graph reachability. Inf. Softw. Technol. 40, 11-12 ( 1998 ), 701-726. https: //doi.org/10.1016/S0950-5849 ( 98 ) 00093-7 Google ScholarGoogle Scholar
  29. Thomas W. Reps. 2000. Undecidability of context-sensitive data-independence analysis. ACM Trans. Program. Lang. Syst. 22, 1 ( 2000 ), 162-186. https://doi.org/10.1145/345099.345137 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Thomas W. Reps, Susan Horwitz, and Shmuel Sagiv. 1995. Precise Interprocedural Dataflow Analysis via Graph Reachability. In Conference Record of POPL'95: 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Francisco, California, USA, January 23-25, 1995. ACM, New York, NY, USA, 49-61. https://doi.org/10.1145/199448.199462 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Adrian Sampson, Werner Dietl, Emily Fortuna, Danushen Gnanapragasam, Luis Ceze, and Dan Grossman. 2011. EnerJ: approximate data types for safe and general low-power computation. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, San Jose, CA, USA, June 4-8, 2011. ACM, New York, NY, USA, 164-174. https://doi.org/10.1145/1993498.1993518 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Umesh Shankar, Kunal Talwar, Jefrey S. Foster, and David Wagner. 2001. Detecting Format String Vulnerabilities with Type Qualifiers. In Proceedings of the 10th Conference on USENIX Security Symposium-Volume 10 (SSYM'01). USENIX Association, Berkeley, CA, USA, 16-16. http://dl.acm.org/citation.cfm?id= 1267612. 1267628Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Johannes Späth, Karim Ali, and Eric Bodden. 2019. Context-, flow-, and field-sensitive data-flow analysis using synchronized Pushdown systems. PACMPL 3, POPL ( 2019 ), 48 : 1-48 : 29. https://doi.org/10.1145/3290361 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Manu Sridharan and Rastislav Bodík. 2006. Refinement-based Context-sensitive Points-to Analysis for Java. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '06). ACM, New York, NY, USA, 387-400. https://doi.org/10.1145/1133981.1134027 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Manu Sridharan, Denis Gopan, Lexin Shan, and Rastislav Bodík. 2005. Demand-driven points-to analysis for Java. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2005, October 16-20, 2005, San Diego, CA, USA. ACM, New York, NY, USA, 59-76. https://doi.org/ 10.1145/1094811.1094817 Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Frank Tip, Robert M. Fuhrer, Adam Kieżun, Michael D. Ernst, Ittai Balaban, and Bjorn De Sutter. 2011. Refactoring using type constraints. ACM Transactions on Programming Languages and Systems 33, 3 (April 2011 ), 1-47. https: //doi.org/10.1145/1961204.1961205 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Matthew S. Tschantz and Michael D. Ernst. 2005. Javari: Adding Reference Immutability to Java. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA '05). ACM, New York, NY, USA, 211-230. https://doi.org/10.1145/1094811.1094828 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Mandana Vaziri, Frank Tip, Julian Dolby, Christian Hammer, and Jan Vitek. 2010. A Type System for Data-centric Synchronization. In Proceedings of the 24th European Conference on Object-oriented Programming (ECOOP'10). SpringerVerlag, Berlin, Heidelberg, 304-328. http://dl.acm.org/citation.cfm?id= 1883978. 1884000Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Dennis M. Volpano, Cynthia E. Irvine, and Geofrey Smith. 1996. A Sound Type System for Secure Flow Analysis. J. Comput. Secur. 4, 2 /3 ( 1996 ), 167-188. https://doi.org/10.3233/JCS-1996-42-304 Google ScholarGoogle ScholarCross RefCross Ref
  40. Guoqing Xu, Atanas Rountev, and Manu Sridharan. 2009. Scaling CFL-Reachability-Based Points-To Analysis Using ContextSensitive Must-Not-Alias Analysis. In Proceedings of the 23rd European Conference on ECOOP 2009-Object-Oriented Programming (Genoa). Springer-Verlag, Berlin, Heidelberg, 98-122. https://doi.org/10.1007/978-3-642-03013-0_6 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Qirun Zhang and Zhendong Su. 2017. Context-sensitive Data-dependence Analysis via Linear Conjunctive Language Reachability. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2017 ). ACM, New York, NY, USA, 344-358. https://doi.org/10.1145/3009837.3009848 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. FlowCFL: generalized type-based reachability analysis: graph reduction and equivalence of CFL-based and type-based reachability

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image Proceedings of the ACM on Programming Languages
        Proceedings of the ACM on Programming Languages  Volume 4, Issue OOPSLA
        November 2020
        3108 pages
        EISSN:2475-1421
        DOI:10.1145/3436718
        Issue’s Table of Contents

        Copyright © 2020 Owner/Author

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 13 November 2020
        Published in pacmpl Volume 4, Issue OOPSLA

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!