Heap Abstractions for Static Analysis

@article{Kanvar2016HeapAF,
  title={Heap Abstractions for Static Analysis},
  author={Vini Kanvar and Uday P. Khedker},
  journal={ACM Computing Surveys (CSUR)},
  year={2016},
  volume={49},
  pages={1 - 47}
}
Heap data is potentially unbounded and seemingly arbitrary. Hence, unlike stack and static data, heap data cannot be abstracted in terms of a fixed set of program variables. This makes it an interesting topic of study and there is an abundance of literature employing heap abstractions. Although most studies have addressed similar concerns, insights gained in one description of heap abstraction may not directly carry over to some other description. In our search of a unified theme, we view heap… Expand
"What's in a name?" going beyond allocation site names in heap analysis
TLDR
An access-based abstraction that partitions each name-based group of locations into equivalence classes at every program point using an additional criterion of the sets of access paths reaching the locations in the memory is proposed. Expand
Template-Based Verification of Heap-Manipulating Programs
We propose a shape analysis suitable for analysis engines that perform automatic invariant inference using an SMT solver. The proposed solution includes an abstract template domain that encodes theExpand
Efficient and precise points-to analysis: modeling the heap by merging equivalent automata
TLDR
MAHJONG is a novel heap abstraction that is specifically developed to address the needs of an important class of type-dependent clients, such as call graph construction, devirtualization and may-fail casting, and is expected to provide significant benefits for many program analyses where call graphs are required. Expand
Mix your contexts well: opportunities unleashed by recent advances in scaling context-sensitivity
TLDR
A detailed comparative study of the existing precise context-sensitive heap analyses and proposes novel context abstractions that lead to a new sweet-spot in the arena, and shows that the newer proposals not only enhance the precision of both LSRV contexts and object-sensitive analyses, but also scale well to large programs. Expand
Foundations and Trends Pointer Analysis
Pointer analysis is a fundamental static program analysis, with a rich literature and wide applications. The goal of pointer analysis is to compute an approximation of the set of program objects thatExpand
Generalized Points-to Graphs: A New Abstraction of Memory in the Presence of Pointers
TLDR
This work proposes a novel abstraction called the Generalized Points-to Graph (GPG) which views points-to relations as memory updates and generalizes them using the counts of indirection levels leaving the unknown pointees implicit, and constructs GPGs as compact representations of bottom-up procedure summaries in terms of memory Updates and control flow between them. Expand
Generalized Points-to Graphs: A Precise and Scalable Abstraction for Points-to Analysis
Computing precise (fully flowand context-sensitive) and exhaustive (as against demand-driven) pointsto information is known to be expensive. Top-down approaches require repeated analysis of aExpand
PointEval: On the Impact of Pointer Analysis Frameworks
TLDR
This work evaluates two major frameworks for pointer analysis, WALA and Doop, on the DaCapo set of benchmarks and concludes that Doop provides a better pointer analysis than Wala in terms of precision and scalability. Expand
A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications
The present paper proposes the first static analysis for Android applications which is both flow-sensitive on the heap abstraction and provably sound with respect to a rich formal model of theExpand
Refinement in object-sensitivity points-to analysis via slicing
TLDR
This paper proposes a novel approach based on object sensitivity analysis that takes as input a set of client queries, and tries to answer them using an initial round of inexpensive object sensitivityAnalysis that uses a low object-name length bound at all allocation sites. Expand
...
1
2
3
4
...

References

SHOWING 1-10 OF 141 REFERENCES
Heap reference analysis using access graphs
TLDR
This work formulate the following new analyses for heap data: liveness, availability, and anticipability and propose solution methods for them and formulate the first ever end-to-end static analysis to distinguish live objects from reachable objects. Expand
Abstracting runtime heaps for program understanding
TLDR
The abstract heap model and the associated algorithms for transforming a concrete heap dump into the corresponding abstract model as well as algorithms for merging, comparing, and computing changes between abstract models are described. Expand
Static Analysis of Accessed Regions in Recursive Data Structures
TLDR
A heap analysis algorithm that characterizes how programs access regions within recursive data structures, such as sublists within lists or subtrees within trees, and expresses heap access information using labels on the nodes of the shape graphs, making the analysis more efficient. Expand
Data Structure Analysis: A Fast and Scalable Context-Sensitive Heap Analysis
TLDR
A scalable heap analysis algorithm designed to enable analyses and transformations of programs at the level of entire logical data structures is described, which shows that the key to achieving scalability in a fully context-sensitive algorithm is the use of a unificationbased approach. Expand
A semantics for procedure local heaps and its abstractions
TLDR
An analysis method is presented that uses a characterization of a procedure's behavior in which parts of the heap not relevant to the procedure are ignored and a new static-analysis algorithm is developed using canonical abstraction. Expand
Efficient bottom-up heap analysis for symbolic path-based data access summaries
TLDR
A heap analysis for extracting data access summaries based on symbolic access paths (SAPs) of methods in object-oriented languages is proposed, solving the problem of the dependence of local analysis results on the global heap aliasing by inferring the sets of aliases on which the correctness of the local results is predicated. Expand
Scaling abstraction refinement via pruning
TLDR
A new technique called pruning is introduced that uses client feedback in a different way and is able to scale up to much more expensive abstractions than before. Expand
Recency-Abstraction for Heap-Allocated Storage
TLDR
It is shown how the recency-abstraction can resolve virtual-function calls in stripped executables (i.e., executables from which debugging information has been removed) and succeeded in resolving 55% ofvirtual-function call-sites, whereas previous tools for analyzing executables fail to resolve any of the virtual- function call- Sites. Expand
Putting pointer analysis to work
TLDR
This paper addresses the problem of how to apply pointer analysis to a wide variety of compiler applications by putting two existing pointer analyses, points-to analysis and connection analysis, to work, and shows how to extend traditional analyses like common subexpression elimination, loop-invariant removal and location-invaries removal to include pointer references. Expand
Combining Shape Analyses by Intersecting Abstractions
TLDR
A constructive formulation of meet is described, based on certain relations between abstract heap objects, which is implemented in the TVLA system and used to prove temporal heap properties of several small Java programs, and obtained empirical evidence showing the effectiveness of the meet algorithm. Expand
...
1
2
3
4
5
...