Inter-procedural data-flow analysis with IFDS/IDE and Soot

@inproceedings{Bodden2012InterproceduralDA,
  title={Inter-procedural data-flow analysis with IFDS/IDE and Soot},
  author={Eric Bodden},
  booktitle={State Of the Art in Java Program Analysis},
  year={2012}
}
  • E. Bodden
  • Published in
    State Of the Art in Java…
    14 June 2012
  • Computer Science
The IFDS and IDE frameworks by Reps, Horwitz and Sagiv are two general frameworks for the inter-procedural analysis of data-flow problems with distributive flow functions over finite domains. Many data-flow problems do have distributive flow functions and are thus expressible as IFDS or IDE problems, reaching from basic analyses like truly-live variables to complex analyses for problems from the current literature such as typestate and secure information-flow. In this work we describe our… 

Figures from this paper

Data Flow Analysis in the Presence of Correlated Calls

This thesis presents a technique to improve the precision of data-flow analyses on objectoriented programs in the presence of correlated calls, by using the Inter-procedural Distributive Environment (IDE) algorithm to eliminate infeasible paths.

Interprocedural data flow analysis in Soot using value contexts

A general-purpose interprocedural analysis framework for Soot using data flow values for context-sensitivity and the key ideas of the tabulation method of the functional approach and the technique of value-based termination of call string construction are described.

Reviser: efficiently updating IDE-/IFDS-based data-flow analyses in response to incremental program changes

The Reviser algorithm is formulated as an extension to the IDE framework for Inter-procedural Finite Distributed Environment problems and automatically updates arbitrary IDE-based analyses and shows performance gains of up to 80% in comparison to a full recomputation.

Efficiently updating IDE-based data-flow analyses in response to incremental program changes

The Reviser algorithm is formulated as an extension to the IDE framework for Inter-procedural Finite Distributed Environment problems and automatically updates arbitrary IDE-based analyses and shows performance gains of up to 80% in comparison to a full recomputation.

An extensible framework for variable-precision data-flow analyses in MPS

This tool paper presents MPS-DF, which is the component in the MPS language workbench that supports the definition of data-flow analyses for DSLs, and is extensible such that it does not compromise the support for language composition in MPS.

Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis

The design and implementation of ModAlyzer are presented, a novel static-analysis approach that aims at accelerating whole-program analysis by making the analysis modular and compositional and sometimes even yields precision superior to WPA.

Optimal and Perfectly Parallel Algorithms for On-demand Data-Flow Analysis

This work considers on-demand IFDS analyses where the queries concern program locations of the same procedure (aka same-context queries), exploits the fact that flow graphs of programs have low treewidth to develop faster algorithms that are space and time optimal for many common data-flow analyses, in both the preprocessing and the query phase.

Synchronized pushdown systems for pointer and data-flow analysis

This thesis elaborates on a concrete application of Boomerang and IDE within a data-flow analysis that detects complex security vulnerabilities and shows once more that synchronized pushdown systems enable a promising compromise between efficiency and precision.

SPL LIFT — Transparent and Efficient Reuse of IFDS-based Static Program Analyses for Software Product Lines

This work shows how an important class of existing inter-procedural static analyses can be transparently lifted to SPLs, and shows that with SPL one can reuse IFDS-based analyses without changing a single line of code.

A programming model for semi-implicit parallelization of static analyses

A programming model for semi-implicit parallelization of static analyses which is inspired by reactive programming, able to outperform a state-of-the-art, specialized parallel IFDS solver both in absolute performance and scalability is proposed.
...

References

SHOWING 1-10 OF 20 REFERENCES

Practical Extensions to the IFDS Algorithm

Four extensions to the Interprocedural Finite Distributive Subset algorithm that make it applicable to a wider class of analysis problems are presented, often necessary when applying the IFDS algorithm to non-separable (i.e. non-bit-vector) problems.

IDE Dataflow Analysis in the Presence of Large Object-Oriented Libraries

This work defines an approach for library summary generation by using a graph representation of dataflow summary functions, and by abstracting away redundant dataflow facts that are internal to the library.

Position Paper : Static Flow-Sensitive & Context-Sensitive Information-flow Analysis for Software Product Lines ∗

This work reports about ongoing work that will instead enable users to check the security of information flows in entire software product lines in one single pass, without having to generate individual products from the product line.

Typestate-like analysis of multiple interacting objects

A static analysis of typestate-like temporal specifications of groups of interacting objects, which are expressed using tracematches, is presented, which defines a static analysis that computes precise local points-to sets and tracks the flow of individual objects, thereby enabling strong updates of thetracematch state.

Static flow-sensitive & context-sensitive information-flow analysis for software product lines: position paper

This work reports about ongoing work that will instead enable users to check the security of information flows in entire software product lines in one single pass, without having to generate individual products from the product line.

Precise interprocedural dataflow analysis via graph reachability

The paper shows how a large class of interprocedural dataflow-analysis problems can be solved precisely in polynomial time by transforming them into a special kind of graph-reachability problem. The

Snugglebug: a powerful approach to weakest preconditions

The results show that the algorithmic techniques were critical for successfully analyzing large Java applications and how integrating an inexpensive, custom logic simplifier with weakest precondition computation dramatically improves performance.

Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation

An efficient dynamic-programming algorithm is presented that produces precise solutions to interprocedural dataflow-analysis problems in which the dataflow information at a program point is represented by an environment and the effect of a program operation is representation by a distributive environment transformer.

Position paper: Static flow-sensitive & contextsensitive information-flow analysis for software product lines. Workshop on Programming Languages and Analysis for Security

  • Position paper: Static flow-sensitive & contextsensitive information-flow analysis for software product lines. Workshop on Programming Languages and Analysis for Security
  • 2012

Watson Libraries for Analysis (WALA)

  • Watson Libraries for Analysis (WALA)