PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Analysis of pointers and structures
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
Efficient accommodation of may-alias information in SSA form
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Efficient context-sensitive pointer analysis for C programs
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Efficient building and placing of gating functions
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Gated SSA-based demand-driven symbolic analysis for parallelizing compilers
ICS '95 Proceedings of the 9th international conference on Supercomputing
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SUIF Explorer: an interactive and interprocedural parallelizer
Proceedings of the seventh ACM SIGPLAN symposium on Principles and practice of parallel programming
Compositional pointer and escape analysis for Java programs
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Ultra-fast aliasing analysis using CLA: a million lines of C code in a second
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Using meta-level compilation to check FLASH protocol code
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Extended SSA Numbering: Introducing SSA Properties to Language with Multi-level Pointers
CC '98 Proceedings of the 7th International Conference on Compiler Construction
Effective Representation of Aliases and Indirect Memory Operations in SSA Form
CC '96 Proceedings of the 6th International Conference on Compiler Construction
Efficient, context-sensitive pointer analysis for c programs
Efficient, context-sensitive pointer analysis for c programs
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Integrating software productivity tools into Eclipse
eclipse '03 Proceedings of the 2003 OOPSLA workshop on eclipse technology eXchange
Compiler Optimization of Memory-Resident Value Communication Between Speculative Threads
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Constraint-based test data generation in the presence of stack-directed pointers
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Error checking with client-driven pointer analysis
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
How is aliasing used in systems software?
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Practical memory leak detection using guarded value-flow analysis
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An overview of the saturn project
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Performance aware secure code partitioning
Proceedings of the conference on Design, automation and test in Europe
Goal-oriented test data generation for pointer programs
Information and Software Technology
Conditional correlation analysis for safe region-based memory management
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Marple: a demand-driven path-sensitive buffer overflow detector
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
The dependence condition graph: Precise conditions for dependence between program points
Computer Languages, Systems and Structures
Structural abstraction of software verification conditions
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization
Demand-driven compositional symbolic execution
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Generating analyses for detecting faults in path segments
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Detecting memory access errors with flow-sensitive conditional range analysis
ICESS'05 Proceedings of the Second international conference on Embedded Software and Systems
SPAS: scalable path-sensitive pointer analysis on full-sparse SSA
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Static memory leak detection using full-sparse value-flow analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Improving integer security for systems with KINT
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Learning fine-grained structured input for memory corruption detection
ISC'12 Proceedings of the 15th international conference on Information Security
MemSafe: ensuring the spatial and temporal memory safety of C at runtime
Software—Practice & Experience
Marple: Detecting faults in path segments using automatically generated analyses
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
Hi-index | 0.00 |
This paper proposes a pointer alias analysis for automatic error detection. State-of-the-art pointer alias analyses are either too slow or too imprecise for finding errors in real-life programs. We propose a hybrid pointer analysis that tracks actively manipulated pointers held in local variables and parameters accurately with path and context sensitivity and handles pointers stored in recursive data structures less precisely but efficiently. We make the unsound assumption that pointers passed into a procedure, in parameters, global variables, and locations reached by applying simple access paths to parameters and global variables, are all distinct from each other and from any other locations. This assumption matches the semantics of many functions, reduces spurious aliases and speeds up the analysis.We present a program representation, called IPSSA, which captures intraprocedural and interprocedural definition-use relationships of directly and indirectly accessed memory locations. This representation makes it easy to create demand-driven path-sensitive and context-sensitive analyses.We demonstrate how a program checker based on IPSSA can be used to find security violations. Our checker, when applied to 10 programs, found 6 new violations and 8 previously reported ones. The checker generated only one false warning, suggesting that our approach is effective in creating practical and easy-to-use bug detection tools.