Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Interprocedural slicing using dependence graphs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Control-flow analysis of higher-order languages of taming lambda
Control-flow analysis of higher-order languages of taming lambda
A generalized theory of bit vector data flow analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient context-sensitive pointer analysis for C programs
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Path-sensitive value-flow analysis
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Unification-based pointer analysis with directional assignments
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Evaluating the effectiveness of pointer alias analyses
Science of Computer Programming - Special issue n static program analysis (SAS'98)
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Ultra-fast aliasing analysis using CLA: a million lines of C code in a second
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Pointer analysis: haven't we solved this problem yet?
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
The Science of Programming
Flow analysis and optimization of LISP-like structures
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
The Effects of the Precision of Pointer Analysis
SAS '97 Proceedings of the 4th International Symposium on Static Analysis
Storeless semantics and alias logic
Proceedings of the 2003 ACM SIGPLAN workshop on Partial evaluation and semantics-based program manipulation
Checking and inferring local non-aliasing
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Precise Call Graphs for C Programs with Function Pointers
Automated Software Engineering
PSE: explaining program failures via postmortem static analysis
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Symbolic path simulation in path-sensitive dataflow analysis
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
SAFECode: enforcing alias analysis for weakly typed languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Effective typestate verification in the presence of aliasing
Proceedings of the 2006 international symposium on Software testing and analysis
Combined static and dynamic analysis for inferring program dependencies using a pattern language
CASCON '06 Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative research
Interstatement must aliases for data dependence analysis of heap locations
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Identifying Data Transfer Objects in EJB Applications
WODA '07 Proceedings of the 5th International Workshop on Dynamic Analysis
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Generating precise and concise procedure summaries
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Effective typestate verification in the presence of aliasing
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proceedings of the 7th international conference on Aspect-oriented software development
Detecting bugs in register allocation
ACM Transactions on Programming Languages and Systems (TOPLAS)
Effective interprocedural resource leak detection
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Reference count analysis with shallow aliasing
Information Processing Letters
Zero-sized heap allocations vulnerability analysis
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Boosting the performance of flow-sensitive points-to analysis using value flow
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Unleashing the power of static analysis
SAS'06 Proceedings of the 13th international conference on Static Analysis
Path-Sensitive dataflow analysis with iterative refinement
SAS'06 Proceedings of the 13th international conference on Static Analysis
A path sensitive type system for resource usage verification of c like languages
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Partially Evaluating Finite-State Runtime Monitors Ahead of Time
ACM Transactions on Programming Languages and Systems (TOPLAS)
Thresher: precise refutations for heap reachability
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Precise and scalable context-sensitive pointer analysis via value flow graph
Proceedings of the 2013 international symposium on memory management
Alias analysis for object-oriented programs
Aliasing in Object-Oriented Programming
| Hi-index | 0.00 |
In this paper, we present a new algorithm for tracking the flow of values through a program. Our algorithm represents a substantial improvement over the state of the art. Previously described value flow analyses that are control-flow sensitive do not scale well, nor do they eliminate value flow information from infeasible execution paths (i.e., they are path-insensitive). Our algorithm scales to large programs, and it is path-sensitive.The efficiency of our algorithm arises from three insights: The value flow problem can be "bit-vectorized" by tracking the flow of one value at a time; dataflow facts from different execution paths with the same value flow information can be merged; and information about complex aliasing that affects value flow can be plugged in from a different analysis.We have incorporated our analysis in ESP, a software validation tool. We have used ESP to validate the Windows operating system kernel (a million lines of code) against an important security property. This experience suggests that our algorithm scales to large programs, and is accurate enough to trace the flow of values in real code.