Pointer Analysis, Conditional Soundness, and Proving the Absence of Errors

Authors:
Christopher L. Conway;Dennis Dams;Kedar S. Namjoshi;Clark Barrett
Affiliations:
Dept. of Computer Science, New York University,;Bell Laboratories, Alcatel-Lucent,;Bell Laboratories, Alcatel-Lucent,;Dept. of Computer Science, New York University,
Venue:
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Year:
2008

Citing 23
Cited 2

Compilers: principles, techniques, and tools

Compilers: principles, techniques, and tools
Context-sensitive interprocedural points-to analysis in the presence of function pointers

PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Efficient context-sensitive pointer analysis for C programs

PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Points-to analysis in almost linear time

POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Unification-based pointer analysis with directional assignments

PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Demand-driven pointer analysis

Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
On the importance of points-to analysis and other memory disambiguation methods for C programs

Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Pointer analysis: haven't we solved this problem yet?

PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
CCured: type-safe retrofitting of legacy code

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Composing dataflow analyses and transformations

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic discovery of linear restraints among variables of a program

POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Systematic design of program analysis frameworks

POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Searching for points-to analysis

Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Speeding Up Dataflow Analysis Using Flow-Insensitive Pointer Analysis

SAS '02 Proceedings of the 9th International Symposium on Static Analysis
CSSV: towards a realistic tool for statically detecting all buffer overflows in C

PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Flow-Insensitive Points-to Analysis with Term and Set Constraints

Flow-Insensitive Points-to Analysis with Term and Set Constraints
Macroscopic data structure analysis and optimization

Macroscopic data structure analysis and optimization
SAFECode: enforcing alias analysis for weakly typed languages

Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Combining abstract interpreters

Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics

Proceedings of the 2006 ACM SIGPLAN/SIGBED conference on Language, compilers, and tool support for embedded systems
Combination of abstractions in the ASTRÉE static analyzer

ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
The ASTREÉ analyzer

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems

Verifying low-level implementations of high-level datatypes

CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Conditional model checking: a technique to pass information between verifiers

Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

It is well known that the use of points-to information can substantially improve the accuracy of a static program analysis. Commonly used algorithms for computing points-to information are known to be sound only for memory-safe programs. Thus, it appears problematic to utilize points-to information to verify the memory safety property without giving up soundness. We show that a sound combination is possible, even if the points-to information is computed separately and only conditionally sound. This result is based on a refined statement of the soundness conditions of points-to analyses and a general mechanism for composing conditionally sound analyses.