Abstract debugging of higher-order imperative languages
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Solving shape-analysis problems in languages with destructive updating
ACM Transactions on Programming Languages and Systems (TOPLAS)
Pattern languages of program design 3
BI as an assertion language for mutable data structures
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Counterexample-guided abstraction refinement for symbolic model checking
Journal of the ACM (JACM)
Software validation via scalable path-sensitive value flow analysis
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
PSE: explaining program failures via postmortem static analysis
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Parameterized object sensitivity for points-to analysis for Java
ACM Transactions on Software Engineering and Methodology (TOSEM)
Error checking with client-driven pointer analysis
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Refinement-based context-sensitive points-to analysis for Java
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
How is aliasing used in systems software?
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Relational inductive shape analysis
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Effective typestate verification in the presence of aliasing
ACM Transactions on Software Engineering and Methodology (TOSEM)
Sound, complete and scalable path-sensitive analysis
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Compositional shape analysis by means of bi-abduction
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Program analysis via satisfiability modulo path programs
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Shape analysis for composite data structures
CAV'07 Proceedings of the 19th international conference on Computer aided verification
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
A dynamic evaluation of the precision of static heap abstractions
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Precise reasoning for programs using containers
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Precondition inference from intermittent assertions and application to contracts on collections
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Scaling abstraction refinement via pruning
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
The flow-insensitive precision of Andersen's analysis in practice
SAS'11 Proceedings of the 18th international conference on Static analysis
Symbolic execution with separation logic
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Memory leaks detection in java by bi-abductive inference
FASE'10 Proceedings of the 13th international conference on Fundamental Approaches to Software Engineering
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Understanding the origin of alarms in ASTRÉE
SAS'05 Proceedings of the 12th international conference on Static Analysis
Fluid updates: beyond strong vs. weak updates
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Automated error diagnosis using abductive inference
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Fixpoint-guided abstraction refinements
SAS'07 Proceedings of the 14th international conference on Static Analysis
Hi-index | 0.00 |
We present a precise, path-sensitive static analysis for reasoning about heap reachability, that is, whether an object can be reached from another variable or object via pointer dereferences. Precise reachability information is useful for a number of clients, including static detection of a class of Android memory leaks. For this client, we found the heap reachability information computed by a state-of-the-art points-to analysis was too imprecise, leading to numerous false-positive leak reports. Our analysis combines a symbolic execution capable of path-sensitivity and strong updates with abstract heap information computed by an initial flow-insensitive points-to analysis. This novel mixed representation allows us to achieve both precision and scalability by leveraging the pre-computed points-to facts to guide execution and prune infeasible paths. We have evaluated our techniques in the Thresher tool, which we used to find several developer-confirmed leaks in Android applications.