Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Effective Representation of Aliases and Indirect Memory Operations in SSA Form
CC '96 Proceedings of the 6th International Conference on Compiler Construction
An infrastructure for adaptive dynamic optimization
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
RTSS '05 Proceedings of the 26th IEEE International Real-Time Systems Symposium
Effective typestate verification in the presence of aliasing
Proceedings of the 2006 international symposium on Software testing and analysis
Using Valgrind to detect undefined value errors with bit-precision
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
MEDS: The Memory Error Detection System
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Scaling CFL-Reachability-Based Points-To Analysis Using Context-Sensitive Must-Not-Alias Analysis
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Increasing the Scope and Resolution of Interprocedural Static Single Assignment
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Bounds checking with taint-based analysis
HiPEAC'07 Proceedings of the 2nd international conference on High performance embedded architectures and compilers
Automatic detection of uninitialized variables
CC'03 Proceedings of the 12th international conference on Compiler construction
Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization
How to do a million watchpoints: efficient debugging using dynamic instrumentation
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Boosting the performance of flow-sensitive points-to analysis using value flow
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Formalizing the LLVM intermediate representation for verified program transformations
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ICSM '11 Proceedings of the 2011 27th IEEE International Conference on Software Maintenance
SPAS: scalable path-sensitive pointer analysis on full-sparse SSA
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Practical memory checking with Dr. Memory
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Flow-sensitive pointer analysis for millions of lines of code
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
On-demand dynamic summary-based points-to analysis
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Static memory leak detection using full-sparse value-flow analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
An incremental points-to analysis with CFL-Reachability
CC'13 Proceedings of the 22nd international conference on Compiler Construction
ReQoS: reactive static/dynamic compilation for QoS in warehouse scale computers
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Precise and scalable context-sensitive pointer analysis via value flow graph
Proceedings of the 2013 international symposium on memory management
Dynamic expressivity with static optimization for streaming languages
Proceedings of the 7th ACM international conference on Distributed event-based systems
Query-directed adaptive heap cloning for optimizing compilers
CGO '13 Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)
| Hi-index | 0.00 |
Uninitialized variables can cause system crashes when used and security vulnerabilities when exploited. With source rather than binary instrumentation, dynamic analysis tools such as MSan can detect uninitialized memory uses at significantly reduced overhead but are still costly. In this paper, we introduce a static value-flow analysis, called Usher, to guide and accelerate the dynamic analysis performed by such tools. Usher reasons about the definedness of values using a value-flow graph (VFG) that captures def-use chains for both top-level and address-taken variables interprocedurally and removes unnecessary instrumentation by solving a graph reachability problem. Usher works well with any pointer analysis (done a priori) and facilitates advanced instrumentation-reducing optimizations (with two demonstrated here). Implemented in LLVM and evaluated using all the 15 SPEC2000 C programs, Usher can reduce the slowdown of MSan from 212% -- 302% to 123% -- 140% for a number of configurations tested.