25 research outputs found
Precise Null Pointer Analysis Through Global Value Numbering
Precise analysis of pointer information plays an important role in many
static analysis techniques and tools today. The precision, however, must be
balanced against the scalability of the analysis. This paper focusses on
improving the precision of standard context and flow insensitive alias analysis
algorithms at a low scalability cost. In particular, we present a
semantics-preserving program transformation that drastically improves the
precision of existing analyses when deciding if a pointer can alias NULL. Our
program transformation is based on Global Value Numbering, a scheme inspired
from compiler optimizations literature. It allows even a flow-insensitive
analysis to make use of branch conditions such as checking if a pointer is NULL
and gain precision. We perform experiments on real-world code to measure the
overhead in performing the transformation and the improvement in the precision
of the analysis. We show that the precision improves from 86.56% to 98.05%,
while the overhead is insignificant.Comment: 17 pages, 1 section in Appendi
Static Deadlock Detection for Rust Programs
Rust relies on its unique ownership mechanism to ensure thread and memory
safety. However, numerous potential security vulnerabilities persist in
practical applications. New language features in Rust pose new challenges for
vulnerability detection. This paper proposes a static deadlock detection method
tailored for Rust programs, aiming to identify various deadlock types,
including double lock, conflict lock, and deadlock associated with conditional
variables. With due consideration for Rust's ownership and lifetimes, we first
complete the pointer analysis. Then, based on the obtained points-to
information, we analyze dependencies among variables to identify potential
deadlocks. We develop a tool and conduct experiments based on the proposed
method. The experimental results demonstrate that our method outperforms
existing deadlock detection methods in precision
An incremental points-to analysis with CFL-reachability
Abstract. Developing scalable and precise points-to analyses is increasingly important for analysing and optimising object-oriented programs where pointers are used pervasively. An incremental analysis for a program updates the existing analysis information after program changes to avoid reanalysing it from scratch. This can be efficiently deployed in software development environments where code changes are often small and frequent. This paper presents an incremental approach for demand-driven context-sensitive points-to analyses based on Context-Free Language (CFL) reachability. By tracing the CFL-reachable paths traversed in computing points-to sets, we can precisely identify and recompute on demand only the points-to sets affected by the program changes made. Combined with a flexible policy for controlling the granularity of traces, our analysis achieves significant speedups with little space overhead over reanalysis from scratch when evaluated with a null dereferencing client using 14 Java benchmarks.