TU Darmstadt / ULB / TUbiblio

Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis

Späth, Johannes and Do, Lisa Nguyen Quang and Ali, Karim and Bodden, Eric (2016):
Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis.
In: 30th European Conference on Object-Oriented Programming (ECOOP 2016), Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik, Rome, Italy, ISBN 978-3-95977-014-9,
DOI: 10.4230/LIPIcs.ECOOP.2016.22,
[Conference or Workshop Item]

Abstract

Many current program analyses require highly precise pointer information about small, tar- geted parts of a given program. This motivates the need for demand-driven pointer analyses that compute information only where required. Pointer analyses generally compute points-to sets of program variables or answer boolean alias queries. However, many client analyses require richer pointer information. For example, taint and typestate analyses often need to know the set of all aliases of a given variable under a certain calling context. With most current pointer analyses, clients must compute such information through repeated points-to or alias queries, increasing complexity and computation time for them. This paper presents Boomerang, a demand-driven, flow-, field-, and context-sensitive pointer analysis for Java programs. Boomerang computes rich results that include both the possible allocation sites of a given pointer (points-to information) and all pointers that can point to those allocation sites (alias information). For increased precision and scalability, clients can query Boomerang with respect to particular calling contexts of interest. Our experiments show that Boomerang is more precise than existing demand-driven pointer analyses. Additionally, using Boomerang, the taint analysis FlowDroid issues up to 29.4x fewer pointer queries compared to using other pointer analyses that return simpler pointer infor- mation. Furthermore, the search space of Boomerang can be significantly reduced by requesting calling contexts from the client analysis.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Späth, Johannes and Do, Lisa Nguyen Quang and Ali, Karim and Bodden, Eric
Title: Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis
Language: English
Abstract:

Many current program analyses require highly precise pointer information about small, tar- geted parts of a given program. This motivates the need for demand-driven pointer analyses that compute information only where required. Pointer analyses generally compute points-to sets of program variables or answer boolean alias queries. However, many client analyses require richer pointer information. For example, taint and typestate analyses often need to know the set of all aliases of a given variable under a certain calling context. With most current pointer analyses, clients must compute such information through repeated points-to or alias queries, increasing complexity and computation time for them. This paper presents Boomerang, a demand-driven, flow-, field-, and context-sensitive pointer analysis for Java programs. Boomerang computes rich results that include both the possible allocation sites of a given pointer (points-to information) and all pointers that can point to those allocation sites (alias information). For increased precision and scalability, clients can query Boomerang with respect to particular calling contexts of interest. Our experiments show that Boomerang is more precise than existing demand-driven pointer analyses. Additionally, using Boomerang, the taint analysis FlowDroid issues up to 29.4x fewer pointer queries compared to using other pointer analyses that return simpler pointer infor- mation. Furthermore, the search space of Boomerang can be significantly reduced by requesting calling contexts from the client analysis.

Title of Book: 30th European Conference on Object-Oriented Programming (ECOOP 2016)
Number: 30
Publisher: Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik
ISBN: 978-3-95977-014-9
Uncontrolled Keywords: Demand-Driven; Static Analysis; IFDS; Aliasing; Points-to Analysis
Divisions: Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Event Location: Rome, Italy
Date Deposited: 14 Aug 2017 13:22
DOI: 10.4230/LIPIcs.ECOOP.2016.22
Identification Number: TUD-CS-2016-14776
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item