TU Darmstadt / ULB / TUbiblio

Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis

Späth, Johannes ; Nguyen Quang Do, Lisa ; Ali, Karim ; Bodden, Eric (2016)
Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis.
Rome, Italy
doi: 10.4230/LIPIcs.ECOOP.2016.22
Conference or Workshop Item, Bibliographie

Abstract

Many current program analyses require highly precise pointer information about small, tar- geted parts of a given program. This motivates the need for demand-driven pointer analyses that compute information only where required. Pointer analyses generally compute points-to sets of program variables or answer boolean alias queries. However, many client analyses require richer pointer information. For example, taint and typestate analyses often need to know the set of all aliases of a given variable under a certain calling context. With most current pointer analyses, clients must compute such information through repeated points-to or alias queries, increasing complexity and computation time for them. This paper presents Boomerang, a demand-driven, flow-, field-, and context-sensitive pointer analysis for Java programs. Boomerang computes rich results that include both the possible allocation sites of a given pointer (points-to information) and all pointers that can point to those allocation sites (alias information). For increased precision and scalability, clients can query Boomerang with respect to particular calling contexts of interest. Our experiments show that Boomerang is more precise than existing demand-driven pointer analyses. Additionally, using Boomerang, the taint analysis FlowDroid issues up to 29.4x fewer pointer queries compared to using other pointer analyses that return simpler pointer infor- mation. Furthermore, the search space of Boomerang can be significantly reduced by requesting calling contexts from the client analysis.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Späth, Johannes ; Nguyen Quang Do, Lisa ; Ali, Karim ; Bodden, Eric
Type of entry: Bibliographie
Title: Boomerang: Demand-Driven Flow-Sensitive, Field-Sensitive, and Context-Sensitive Pointer Analysis
Language: English
Date: July 2016
Publisher: Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik
Issue Number: 30
Book Title: 30th European Conference on Object-Oriented Programming (ECOOP 2016)
Event Location: Rome, Italy
DOI: 10.4230/LIPIcs.ECOOP.2016.22
Abstract:

Many current program analyses require highly precise pointer information about small, tar- geted parts of a given program. This motivates the need for demand-driven pointer analyses that compute information only where required. Pointer analyses generally compute points-to sets of program variables or answer boolean alias queries. However, many client analyses require richer pointer information. For example, taint and typestate analyses often need to know the set of all aliases of a given variable under a certain calling context. With most current pointer analyses, clients must compute such information through repeated points-to or alias queries, increasing complexity and computation time for them. This paper presents Boomerang, a demand-driven, flow-, field-, and context-sensitive pointer analysis for Java programs. Boomerang computes rich results that include both the possible allocation sites of a given pointer (points-to information) and all pointers that can point to those allocation sites (alias information). For increased precision and scalability, clients can query Boomerang with respect to particular calling contexts of interest. Our experiments show that Boomerang is more precise than existing demand-driven pointer analyses. Additionally, using Boomerang, the taint analysis FlowDroid issues up to 29.4x fewer pointer queries compared to using other pointer analyses that return simpler pointer infor- mation. Furthermore, the search space of Boomerang can be significantly reduced by requesting calling contexts from the client analysis.

Uncontrolled Keywords: Demand-Driven; Static Analysis; IFDS; Aliasing; Points-to Analysis
Identification Number: TUD-CS-2016-14776
Divisions: Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Date Deposited: 14 Aug 2017 13:22
Last Modified: 14 Sep 2021 13:24
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details