Making k-Object-Sensitive Pointer Analysis More Precise with Still k-Limiting Tian Tan,Yue Li and Jingling Xue SAS 2016 UNSW September,2016 ALSTRA
Making k-Object-Sensitive Pointer Analysis More Precise with Still k-Limiting Tian Tan, Yue Li and Jingling Xue SAS 2016 September, 2016 1
A New Pointer Analysis for Object-Oriented Programs 2
A New Pointer Analysis for Object-Oriented Programs 2
Pointer Analysis Determine "which objects can a variable point to?" Foundation of many clients: Bug detection Security analysis Compiler optimization o Program understanding 3
Pointer Analysis Determine “which objects can a variable point to?” Foundation of many clients: ◦ Bug detection ◦ Security analysis ◦ Compiler optimization ◦ Program understanding ◦ … 3
Object-Oriented Programs ●Java,C#,Object--C,JavaScript,,.… Embedded software: You Mobile application: o Web server: Apache Tomcat® redhat JBoss Web Server Desktop application: eeclipse© OpenOffice" 4
Object-Oriented Programs Java, C#, Object-C, JavaScript, … ◦ Embedded software: ◦ Mobile application: ◦ Web server: ◦ Desktop application: 4
A Practically Useful Pointer Analysis for Object-Oriented Programs 5
A Practically Useful Pointer Analysis for Object-Oriented Programs 5
A Practically Useful Pointer Analysis for Object-Oriented Programs Good Context Abstraction (Context Sensitivity) 6
A Practically Useful Pointer Analysis for Object-Oriented Programs Good Context Abstraction (Context Sensitivity) 6
A Practically Useful Pointer Analysis for Object-Oriented Programs Good Context Abstraction (Context Sensitivity) k-CFA (call-site-sensitivity),type-sensitivity,... 7
A Practically Useful Pointer Analysis for Object-Oriented Programs Good Context Abstraction (Context Sensitivity) 7 k-CFA (call-site-sensitivity), type-sensitivity, …
Object-Sensitivity Arguably the best context abstraction for pointer analysis for object-oriented programs 8
Object-Sensitivity Arguably the best context abstraction for pointer analysis for object-oriented programs 8
Object-Sensitivity Widely used in diverse real-world clients Property Verification (e.g.,APl protocol) ISSTA'06,TOSEM'08,PLDI'14,FSE'15,.. Bug Detection (e.g.,data race,deadlock) PLDI'06,ICSE'09,ISSTA'13,OOPSLA'15,.. Security Analysis (e.g.,taint analysis) PLDI'09,IEEE S&P'II,FSE'14,NDSS'15,FSE'15,.. Other Fundamental Analyses (e.g.,slicing) o PLDI'07,PLDI'14,ICSE'14,ECOOP'16,.. 9
Object-Sensitivity Widely used in diverse real-world clients ◦ Property Verification (e.g., API protocol) ISSTA’06, TOSEM’08, PLDI’14, FSE’15, … ◦ Bug Detection (e.g., data race, deadlock) PLDI’06, ICSE’09, ISSTA’13, OOPSLA’15, … ◦ Security Analysis (e.g., taint analysis) PLDI’09, IEEE S&P’11, FSE’14, NDSS’15, FSE’15, … ◦ Other Fundamental Analyses (e.g., slicing) PLDI’07, PLDI’14, ICSE’14, ECOOP’16, … 9
Object-Sensitivity Widely implemented in analysis platforms DooP Chord WALA T.J.WATSON LIBRARIES FOR RNALYSIS DroidSafe TAJS FlowDroid APPOSCOPY 10
Object-Sensitivity Widely implemented in analysis platforms APPOSCOPY Chord 10