Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Precise interprocedural dataflow analysis with applications to constant propagation
TAPSOFT '95 Selected papers from the 6th international joint conference on Theory and practice of software development
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
CSMR '10 Proceedings of the 2010 14th European Conference on Software Maintenance and Reengineering
Analyzing the discipline of preprocessor annotations in 30 million lines of C code
Proceedings of the tenth international conference on Aspect-oriented software development
Saving the world wide web from vulnerable JavaScript
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Intraprocedural dataflow analysis for software product lines
Proceedings of the 11th annual international conference on Aspect-oriented Software Development
Inter-procedural data-flow analysis with IFDS/IDE and Soot
Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis
Toward variability-aware testing
FOSD '12 Proceedings of the 4th International Workshop on Feature-Oriented Software Development
SPLLIFT: statically analyzing software product lines in minutes instead of years
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Intraprocedural dataflow analysis for software product lines
Transactions on Aspect-Oriented Software Development X
Hi-index | 0.00 |
A software product line encodes a potentially large variety of software products as variants of some common code base, e.g., through the use of #ifdef statements or other forms of conditional compilation. Traditional information-flow analyses cannot cope with such constructs. Hence, to check for possibly insecure information flow in a product line, one currently has to analyze each resulting product separately, of which there may be thousands, making this task intractable. We report about ongoing work that will instead enable users to check the security of information flows in entire software product lines in one single pass, without having to generate individual products from the product line. Executing the analysis on the product line promises to be orders of magnitude more faster than analyzing products individually. We discuss the design of our information-flow analysis and our ongoing implementation using the IFDS/IDE framework by Reps, Horwitz and Sagiv.