Value-Flow-Based Demand-Driven Pointer Analysis for C and C++

IEEE We present SUPA, a value-flow-based demand-driven flow- and context-sensitive pointer analysis with strong updates for C and C++ programs. SUPA enables computing points-to information via value-flow refinement, in environments with small time and memory budgets. We formulate SUPA by solving a graph-reachability problem on an inter-procedural value-flow graph representing a program's def-use chains, which are pre-computed efficiently but over-approximately. To answer a client query (a request for a variable's points-to set), SUPA reasons about the flow of values along the pre-computed def-use chains sparsely (rather than across all program points), by performing only the work necessary for the query (rather than analyzing the whole program). In particular, strong updates are performed to filter out spurious def-use chains through value-flow refinement as long as the total budget is not exhausted

The neural basis of responsibility attribution in decision-making

Social responsibility links personal behavior with societal expectations and plays a key role in affecting an agent's emotional state following a decision. However, the neural basis of responsibility attribution remains unclear. In two previous event-related brain potential (ERP) studies we found that personal responsibility modulated outcome evaluation in gambling tasks. Here we conducted a functional magnetic resonance imaging (fMRI) study to identify particular brain regions that mediate responsibility attribution. In a context involving team cooperation, participants completed a task with their teammates and on each trial received feedback about team success and individual success sequentially. We found that brain activity differed between conditions involving team success vs. team failure. Further, different brain regions were associated with reinforcement of behavior by social praise vs. monetary reward. Specifically, right temporoparietal junction (RTPJ) was associated with social pride whereas dorsal striatum and dorsal anterior cingulate cortex (ACC) were related to reinforcement of behaviors leading to personal gain. The present study provides evidence that the RTPJ is an important region for determining whether self-generated behaviors are deserving of praise in a social context

Boosting the precision of virtual call integrity protection with partial pointer analysis for C++

© 2017 Association for Computing Machinery. We present, Vip, an approach to boosting the precision of Virtual call Integrity Protection for large-scale real-world C++ programs (e.g., Chrome) by using pointer analysis for the first time. Vip introduces two new techniques: (1) a sound and scalable partial pointer analysis for discovering statically the sets of legitimate targets at virtual callsites from separately compiled C++ modules and (2) a lightweight instrumentation technique for performing (virtual call) integrity checks at runtime. Vip raises the bar against vtable hijacking attacks by providing stronger security guarantees than the CHA-based approach with comparable performance overhead. Vip is implemented in LLVM-3.8.0 and evaluated using SPEC programs and Chrome. Statically, Vip protects virtual calls more effectively than CHA by significantly reducing the sets of legitimate targets permitted at 20.3% of the virtual callsites per program, on average. Dynamically, Vip incurs an average (maximum) instrumentation overhead of 0.7% (3.3%), making it practically deployable as part of a compiler tool chain

Outflows from active galactic nuclei: The BLR-NLR metallicity correlation

The metallicity of active galactic nuclei (AGNs), which can be measured by emission line ratios in their broad and narrow line regions (BLRs and NLRs), provides invaluable information about the physical connection between the different components of AGNs. From the archival databases of the International Ultraviolet Explorer, the Hubble Space Telescope and the Sloan Digital Sky Survey, we have assembled the largest sample available of AGNs which have adequate spectra in both the optical and ultraviolet bands to measure the narrow line ratio [N II]/H{\alpha} and also, in the same objects, the broad-line N V/C IV ratio. These permit the measurement of the metallicities in the NLRs and BLRs in the same objects. We find that neither the BLR nor the NLR metallicity correlate with black hole masses or Eddington ratios, but there is a strong correlation between NLR and BLR metallicities. This metallicity correlation implies that outflows from BLRs carry metal-rich gas to NLRs at characteristic radial distances of ~ 1.0 kiloparsec. This chemical connection provides evidence for a kinetic feedback of the outflows to their hosts. Metals transported into the NLR enhance the cooling of the ISM in this region, leading to local star formation after the AGNs turn to narrow line LINERs. This post-AGN star formation is predicted to be observable as an excess continuum emission from the host galaxies in the near infrared and ultraviolet, which needs to be further explored.Comment: 19 pages, 13 figures, 3 tables. Accepted for publication at MNRA

Demand-Driven Pointer Analysis with Strong Updates via Value-Flow Refinement

We present a new demand-driven flow- and context-sensitive pointer analysis with strong updates for C programs, called SUPA, that enables computing points-to information via value-flow refinement, in environments with small time and memory budgets such as IDEs. We formulate SUPA by solving a graph reachability problem on an inter-procedural value-flow graph representing a program's def-use chains, which are pre-computed efficiently but over-approximately. To answer a client query (a request for a variable's points-to set), SUPA reasons about the flow of values along the pre-computed def-use chains sparsely (rather than across all program points), by performing only the work necessary for the query (rather than analyzing the whole program). In particular, strong updates are performed to filter out spurious def-use chains through value-flow refinement as long as the total budget is not exhausted. SUPA facilitates efficiency and precision tradeoffs by applying different pointer analyses in a hybrid multi-stage analysis framework. We have implemented SUPA in LLVM (3.5.0) and evaluate it by choosing uninitialized pointer detection as a major client on 18 open-source C programs. As the analysis budget increases, SUPA achieves improved precision, with its single-stage flow-sensitive analysis reaching 97.4% of that achieved by whole-program flow-sensitive analysis by consuming about 0.18 seconds and 65KB of memory per query, on average (with a budget of at most 10000 value-flow edges per query). With context-sensitivity also considered, SUPA's two- stage analysis becomes more precise for some programs but also incurs more analysis times. SUPA is also amenable to parallelization. A parallel implementation of its single-stage flow-sensitive analysis achieves a speedup of up to 6.9x with an average of 3.05x a 8-core machine with respect its sequential version

Precise static happens-before analysis for detecting UAF order violations in android

© 2019 IEEE. Unlike Java, Android provides a rich set of APIs to support a hybrid concurrency system, which consists of both Java threads and an event queue mechanism for dispatching asynchronous events. In this model, concurrency errors often manifest themselves in the form of order violations. An order violation occurs when two events access the same shared object in an incorrect order, causing unexpected program behaviors (e.g., null pointer dereferences). This paper presents SARD, a static analysis tool for detecting both intra-and inter-thread use-after-free (UAF) order violations, when a pointer is dereferenced (used) after it no longer points to any valid object, through systematic modeling of Android's concurrency mechanism. We propose a new flow-and context-sensitive static happens-before (HB) analysis to reason about the interleavings between two events to effectively identify precise HB relations and eliminate spurious event interleavings. We have evaluated SARD by comparing with NADROID, a state-of-the-art static order violation detection tool for Android. SARD outperforms NADROID in terms of both precision (by reporting three times fewer false alarms than NADROID given the same set of apps used by NADROID) and efficiency (by running two orders of magnitude faster than NADROID)

Chandra observation of Abell 1689: New determination of mass distribution and comparison to lensing measurements

We present a new estimate of the projected X-ray mass of Abell 1689 observed with Chandra, in an attempt to clarify the issue of whether or not there exists a discrepancy between X-ray and gravitational lensing mass estimates claimed in previous investigations based on {\it Einstein}, {\it ROSAT} and {\it ASCA} observations. A particular attention is paid to examining if there is an offset between X-ray centroid and central dominant cD galaxy, which may be an indicator of the presence of local dynamical activities of intracluster gas in the central core and therefore, explain the discrepancy between X-ray and lensing mass estimates, if any. The unprecedentedly high spatial resolution achieved by Chandra allows us to precisely localize the X-ray centroid of Abell 1689, which appears to coincide perfectly with the central cD galaxy. This fact, along with the symmetry and regularity of the X-ray surface brightness and temperature distributions, suggests that Abell 1689 is a fully-relaxed cluster. We thus employ hydrostatic equilibrium hypothesis to determine the projected mass profile of Abell 1689, and compare it with the results obtained by different lensing techniques available in the literature. Our analysis confirms the existance of the discrepancy of a factor of $\sim2$ between X-ray and lensing mass estimates in the central region of $r\approx0.2$ Mpc, although the two methods yield essentially consistent result on large radii. If the perfect coincidence between the X-ray center and the cD galaxy of Abell 1689 detected by Chandra observation is not a projection effect, the central mass discrepancy between X-ray and lensing measurements may pose a challenge to our conventional understanding of dynamical evolution of the intracluster gas in the central regions of clusters.Comment: 26 pages, 7 figures, Accepted for publication in the Astrophysical Journa