Späth, Johannes ; Nguyen Quang Do, Lisa ; Ali, Karim ; Bodden, Eric (2016)
Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis.
Rome, Italy
doi: 10.4230/LIPIcs.ECOOP.2016.22
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Many current program analyses require highly precise pointer information about small, tar- geted parts of a given program. This motivates the need for demand-driven pointer analyses that compute information only where required. Pointer analyses generally compute points-to sets of program variables or answer boolean alias queries. However, many client analyses require richer pointer information. For example, taint and typestate analyses often need to know the set of all aliases of a given variable under a certain calling context. With most current pointer analyses, clients must compute such information through repeated points-to or alias queries, increasing complexity and computation time for them. This paper presents Boomerang, a demand-driven, flow-, field-, and context-sensitive pointer analysis for Java programs. Boomerang computes rich results that include both the possible allocation sites of a given pointer (points-to information) and all pointers that can point to those allocation sites (alias information). For increased precision and scalability, clients can query Boomerang with respect to particular calling contexts of interest. Our experiments show that Boomerang is more precise than existing demand-driven pointer analyses. Additionally, using Boomerang, the taint analysis FlowDroid issues up to 29.4x fewer pointer queries compared to using other pointer analyses that return simpler pointer infor- mation. Furthermore, the search space of Boomerang can be significantly reduced by requesting calling contexts from the client analysis.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2016 |
| Autor(en): | Späth, Johannes ; Nguyen Quang Do, Lisa ; Ali, Karim ; Bodden, Eric |
| Art des Eintrags: | Bibliographie |
| Titel: | Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis |
| Sprache: | Englisch |
| Publikationsjahr: | Juli 2016 |
| Verlag: | Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik |
| (Heft-)Nummer: | 30 |
| Buchtitel: | 30th European Conference on Object-Oriented Programming (ECOOP 2016) |
| Veranstaltungsort: | Rome, Italy |
| DOI: | 10.4230/LIPIcs.ECOOP.2016.22 |
| Kurzbeschreibung (Abstract): | Many current program analyses require highly precise pointer information about small, tar- geted parts of a given program. This motivates the need for demand-driven pointer analyses that compute information only where required. Pointer analyses generally compute points-to sets of program variables or answer boolean alias queries. However, many client analyses require richer pointer information. For example, taint and typestate analyses often need to know the set of all aliases of a given variable under a certain calling context. With most current pointer analyses, clients must compute such information through repeated points-to or alias queries, increasing complexity and computation time for them. This paper presents Boomerang, a demand-driven, flow-, field-, and context-sensitive pointer analysis for Java programs. Boomerang computes rich results that include both the possible allocation sites of a given pointer (points-to information) and all pointers that can point to those allocation sites (alias information). For increased precision and scalability, clients can query Boomerang with respect to particular calling contexts of interest. Our experiments show that Boomerang is more precise than existing demand-driven pointer analyses. Additionally, using Boomerang, the taint analysis FlowDroid issues up to 29.4x fewer pointer queries compared to using other pointer analyses that return simpler pointer infor- mation. Furthermore, the search space of Boomerang can be significantly reduced by requesting calling contexts from the client analysis. |
| Freie Schlagworte: | Demand-Driven; Static Analysis; IFDS; Aliasing; Points-to Analysis |
| ID-Nummer: | TUD-CS-2016-14776 |
| Fachbereich(e)/-gebiet(e): | Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) |
| Hinterlegungsdatum: | 14 Aug 2017 13:22 |
| Letzte Änderung: | 14 Sep 2021 13:24 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum