Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleOctober 2024JUST ACCEPTED
Iterating Pointers: Enabling Static Analysis for Loop-based Pointers
ACM Transactions on Architecture and Code Optimization (TACO), Just Accepted https://doi.org/10.1145/3701993Pointers are an integral part of C and other programming languages. They enable substantial flexibility from the programmer’s standpoint, allowing the user fine, unmediated control over data access patterns. However, accesses done through pointers are ...
Practical Verification of Smart Contracts using Memory Splitting
Proceedings of the ACM on Programming Languages (PACMPL), Volume 8, Issue OOPSLA2Article No.: 356, Pages 2402–2433https://doi.org/10.1145/3689796SMT-based verification of low-level code requires modeling and reasoning about memory operations. Prior work has shown that optimizing memory representations is beneficial for scaling verification—pointer analysis, for example can be used to split memory ...
Scaling Type-Based Points-to Analysis with Saturation
Proceedings of the ACM on Programming Languages (PACMPL), Volume 8, Issue PLDIArticle No.: 187, Pages 990–1013https://doi.org/10.1145/3656417Designing a whole-program static analysis requires trade-offs between precision and scalability. While a context-insensitive points-to analysis is often considered a good compromise, it still has non-linear complexity that leads to scalability problems ...
- research-articleOctober 2023
A Container-Usage-Pattern-Based Context Debloating Approach for Object-Sensitive Pointer Analysis
Proceedings of the ACM on Programming Languages (PACMPL), Volume 7, Issue OOPSLA2Article No.: 256, Pages 971–1000https://doi.org/10.1145/3622832In this paper, we introduce DebloaterX, a new approach for automatically identifying context-independent objects to debloat contexts in object-sensitive pointer analysis (kobj). Object sensitivity achieves high precision, but its context construction ...
- research-articleJuly 2023
Hybrid Inlining: A Framework for Compositional and Context-Sensitive Static Analysis
ISSTA 2023: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and AnalysisPages 114–126https://doi.org/10.1145/3597926.3598042Context-sensitivity is essential for achieving good precision in inter-procedural static analysis. To be context-sensitive, top-down analysis needs to fully inline all the statements in a callee at all its callsites, leading to statement explosion. ...
-
- short-paperNovember 2022
A practical call graph construction method for Python
ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software EngineeringPages 1805–1807https://doi.org/10.1145/3540250.3559077Python has become one of the most popular programming languages today. Call graph is one of the essential data structures for many applications in software engineering. However, the precision and recall rate of the existing Python call graph ...
Generic sensitivity: customizing context-sensitive pointer analysis for generics
ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software EngineeringPages 1110–1121https://doi.org/10.1145/3540250.3549122Generic programming has been extensively used in object-oriented programs such as Java. However, existing context-sensitive pointer analyses perform poorly in analyzing generics. This paper introduces generic sensitivity, a new context customization ...
- research-articleJuly 2022
PUS: a fast and highly efficient solver for inclusion-based pointer analysis
ICSE '22: Proceedings of the 44th International Conference on Software EngineeringPages 1781–1792https://doi.org/10.1145/3510003.3510075A crucial performance bottleneck in most interprocedural static analyses is solving pointer analysis constraints. We present Pus, a highly efficient solver for inclusion-based pointer analysis. At the heart of Pus is a new constraint solving algorithm ...
- research-articleMarch 2022
BinPointer: towards precise, sound, and scalable binary-level pointer analysis
CC 2022: Proceedings of the 31st ACM SIGPLAN International Conference on Compiler ConstructionPages 169–180https://doi.org/10.1145/3497776.3517776Binary-level pointer analysis is critical to binary-level applications such as reverse engineering and binary debloating. In this paper, we propose BinPointer, a new binary-level interprocedural pointer analysis that relies on an offset-sensitive value-...
- research-articleMarch 2022
A Case for Precise, Fine-Grained Pointer Synthesis in High-Level Synthesis
ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 27, Issue 4Article No.: 30, Pages 1–26https://doi.org/10.1145/3491430This article combines two practical approaches to improve pointer synthesis within HLS tools. Both approaches focus on inefficiencies in how HLS tools treat the points-to graph—a mapping that connects each instruction to the memory locations that it might ...
- research-articleJune 2022
Context debloating for object-sensitive pointer analysis
ASE '21: Proceedings of the 36th IEEE/ACM International Conference on Automated Software EngineeringPages 79–91https://doi.org/10.1109/ASE51524.2021.9678880We introduce a new approach, Conch, for de-bloating contexts for all the object-sensitive pointer analysis algorithms developed for object-oriented languages, where the calling contexts of a method are distinguished by its receiver objects. Our key ...
- research-articleOctober 2021
Pointer-Based Divergence Analysis for OpenCL 2.0 Programs
ACM Transactions on Parallel Computing (TOPC), Volume 8, Issue 4Article No.: 20, Pages 1–23https://doi.org/10.1145/3470644A modern GPU is designed with many large thread groups to achieve a high throughput and performance. Within these groups, the threads are grouped into fixed-size SIMD batches in which the same instruction is applied to vectors of data in a lockstep. This ...
- research-articleFebruary 2020
TsmartGP: a tool for finding memory defects with pointer analysis
ASE '19: Proceedings of the 34th IEEE/ACM International Conference on Automated Software EngineeringPages 1170–1173https://doi.org/10.1109/ASE.2019.00129Precise pointer analysis is desired since it is a core technique to find memory defects. There are several dimensions of pointer analysis precision, flow sensitivity, context sensitivity, field sensitivity and path sensitivity. For static analysis tools ...
- research-articleJune 2019
Unsupervised learning of API aliasing specifications
PLDI 2019: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and ImplementationPages 745–759https://doi.org/10.1145/3314221.3314640Real world applications make heavy use of powerful libraries and frameworks, posing a significant challenge for static analysis as the library implementation may be very complex or unavailable. Thus, obtaining specifications that summarize the behaviors ...
- research-articleMay 2019
srcPtr: a framework for implementing static pointer analysis approaches
ICPC '19: Proceedings of the 27th International Conference on Program ComprehensionPages 144–147https://doi.org/10.1109/ICPC.2019.00031A lightweight pointer-analysis framework, srcPtr, is presented to support the implementation and comparison of points-to analysis algorithms. It differentiates itself from existing tools by performing the analysis directly on the abstract syntax tree, ...
- research-articleSeptember 2018
Utilizing object reference graphs and garbage collection roots to detect memory leaks in offline memory monitoring
ManLang '18: Proceedings of the 15th International Conference on Managed Languages & RuntimesArticle No.: 14, Pages 1–13https://doi.org/10.1145/3237009.3237023Complex software systems often suffer from performance problems caused by memory anomalies such as memory leaks. While the proliferation of objects is rather easy to detect using state-of-the-art memory monitoring tools, extracting a leak's root cause, ...
- research-articleMay 2018
Launch-mode-aware context-sensitive activity transition analysis
ICSE '18: Proceedings of the 40th International Conference on Software EngineeringPages 598–608https://doi.org/10.1145/3180155.3180188Existing static analyses model activity transitions in Android apps context-insensitively, making it impossible to distinguish different activity launch modes, reducing the pointer analysis precision for an activity's callbacks, and potentially resulting ...
- research-articleFebruary 2018
Parallel sparse flow-sensitive points-to analysis
CC '18: Proceedings of the 27th International Conference on Compiler ConstructionPages 59–70https://doi.org/10.1145/3178372.3179517This paper aims to contribute to further advances in pointer (or points-to) analysis algorithms along the combined dimen- sions of precision, scalability, and performance. For precision, we aim to support interprocedural ow-sensitive analysis. For ...
- short-paperMarch 2017
Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments
CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and PrivacyPages 281–288https://doi.org/10.1145/3029806.3029814Despite its widespread use in Android apps, reflection poses graving problems for static security analysis. Currently, string inference is applied to handle reflection, resulting in significantly missed security vulnerabilities. In this paper, we bring ...
- research-articleNovember 2016
On-demand strong update analysis via value-flow refinement
FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software EngineeringPages 460–473https://doi.org/10.1145/2950290.2950296We present a new Strong UPdate Analysis for C programs, called Supa, that enables computing points-to information on-demand via value-flow refinement, in environments with small time and memory budgets such as IDEs. We formulate Supa by solving a graph-...