Article

Recency-Abstraction for heap-allocated storage

Authors:

Gogul Balakrishnan,

Thomas RepsAuthors Info & Claims

SAS'06: Proceedings of the 13th international conference on Static Analysis

Pages 221 - 239

https://doi.org/10.1007/11823230_15

Published: 29 August 2006 Publication History

Abstract

In this paper, we present an abstraction for heap-allocated storage, called the recency-abstraction, that allows abstract-interpretation algorithms to recover some non-trivial information for heap-allocated data objects. As an application of the recency-abstraction, we show how it can resolve virtual-function calls in stripped executables (i.e., executables from which debugging information has been removed). This approach succeeded in resolving 55% of virtual-function call-sites, whereas previous tools for analyzing executables fail to resolve any of the virtual-function call-sites.

References

[1]

L. O. Andersen. Binding-time analysis and the taming of C pointers. In PEPM, pages 47-58, 1993.

Digital Library

[2]

D.F. Bacon and P.F. Sweeney. Fast static analysis of C++ virtual function calls. In Object-Oriented Programming, Systems, Languages, and Applications, pages 324- 341, 1996.

Digital Library

[3]

G. Balakrishnan and T. Reps. Analyzing memory accesses in x86 executables. In Comp. Construct., pages 5-23, 2004.

[4]

G. Balakrishnan and T. Reps. Recovery of variables and heap structure in x86 executables. Tech. Rep. 1533, Comp. Sci. Dept., Univ. of Wisconsin, Madison, US., September 2005.

[5]

B. Calder and D. Grunwald. Reducing indirect function call overhead in C++ programs. In Princip. of Prog. Lang., pages 397-408, 1994.

Digital Library

[6]

D.R. Chase, M. Wegman, and F. Zadeck. Analysis of pointers and structures. In Prog. Lang. Design and Impl., pages 296-310, 1990.

Digital Library

[7]

H. Chen andD.Wagner. MOPS: An infrastructure for examining security properties of software. In Conf. on Comp. and Commun. Sec., pages 235-244, November 2002.

Digital Library

[8]

B.-C. Cheng and W.W. Hwu. Modular interprocedural pointer analysis using access paths: Design, implementation, and evaluation. In Prog. Lang. Design and Impl., pages 57-69, 2000.

Digital Library

[9]

M. Das. Unification-based pointer analysis with directional assignments. In Prog. Lang. Design and Impl., pages 35-46, 2000.

Digital Library

[10]

J. Dean, D. Grove, and C. Chambers. Optimization of object-oriented programs using static class hierarchy analysis. In European Conference on Object-Oriented Programming, pages 77-101, 1995.

Digital Library

[11]

D.R. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Op. Syst. Design and Impl., pages 1-16, 2000.

Digital Library

[12]

M. Fähndrich, J. Rehof, and M. Das. Scalable context-sensitive flow analysis using instantiation constraints. In Prog. Lang. Design and Impl., 2000.

Digital Library

[13]

J.S. Foster, M. Fähndrich, and A. Aiken. Polymorphic versus monomorphic flowinsensitive points-to analysis for C. In SAS, 2000.

Digital Library

[14]

D. Gopan, F. DiMaio, N.Dor, T. Reps, and M. Sagiv. Numeric domains with summarized dimensions. In Tools and Algs. for the Construct. and Anal. of Syst., pages 512-529, 2004.

[15]

D. Gopan, T. Reps, and M. Sagiv. A framework for numeric analysis of array operations. In Princip. of Prog. Lang., pages 338-350, 2005.

Digital Library

[16]

B. Guo, M.J. Bridges, S. Triantafyllis, G. Ottoni, E. Raman, and D.I. August. Practical and accurate low-level pointer analysis. In 3nd IEEE/ACM Int. Symp. on Code Gen. and Opt., pages 291-302, 2005.

Digital Library

[17]

B. Hackett and R. Rugina. Region-based shape analysis with tracked locations. In Princip. of Prog. Lang., pages 310-323, 2005.

Digital Library

[18]

M. Hind and A. Pioli. Assessing the effects of flow-sensitivity on pointer alias analyses. In SAS, 1998.

Digital Library

[19]

S. Horwitz, P. Pfeiffer, and T. Reps. Dependence analysis for pointer variables. In Prog. Lang. Design and Impl., pages 28-40, 1989.

Digital Library

[20]

IDAPro disassembler, http://www.datarescue.com/idabase/.

[21]

N. Immerman. Descriptive Complexity. Springer-Verlag, 1999.

[22]

N.D. Jones and S.S. Muchnick. Flow analysis and optimization of Lisp-like structures. In S.S. Muchnick and N.D. Jones, editors, Program Flow Analysis: Theory and Applications, chapter 4, pages 102-131. Prentice-Hall, Englewood Cliffs, NJ, 1981.

[23]

N.D. Jones and S.S. Muchnick. Flow analysis and optimization of Lisp-like structures. In S.S. Muchnick and N.D. Jones, editors, Program Flow Analysis: Theory and Applications, chapter 12, pages 380-384. Prentice-Hall, Englewood Cliffs, NJ, 1981.

[24]

N.D. Jones and S.S. Muchnick. A flexible approach to interprocedural data flow analysis and programs with recursive data structures. In Princip. of Prog. Lang., pages 66-74, 1982.

Digital Library

[25]

J.R. Larus and P.N. Hilfinger. Detecting conflicts between structure accesses. In Prog. Lang. Design and Impl., pages 21-34, 1988.

Digital Library

[26]

T. Lev-Ami. TVLA: A framework for Kleene based static analysis. Master's thesis, Tel-Aviv University, Tel-Aviv, Israel, 2000.

[27]

T. Lev-Ami, T. Reps, M. Sagiv, and R. Wilhelm. Putting static analysis to work for verification: A case study. In Int. Symp. on Softw. Testing and Analysis, pages 26-38, 2000.

Digital Library

[28]

A. Milanova, A. Rountev, and B.G. Ryder. Parameterized object sensitivity for points-to analysis for Java. TOSEM, 2005.

Digital Library

[29]

H. Pande and B. Ryder. Data-flow-based virtual function resolution. In SAS, pages 238-254, 1996.

Digital Library

[30]

S. Patnaik and N. Immerman. Dyn-FO: A parallel, dynamic complexity class. In Symp. on Princ. of Database Syst., 1994.

Digital Library

[31]

T. Reps, G. Balakrishnan, and J. Lim. Intermediate-representation recovery from low-level code. In PEPM, 2006.

Digital Library

[32]

M. Sagiv, T. Reps, and R. Wilhelm. Solving shape-analysis problems in languages with destructive updating. Trans. on Prog. Lang. and Syst., 20(1):1-50, January 1998.

Digital Library

[33]

M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. Trans. on Prog. Lang. and Syst., 24(3):217-298, 2002.

Digital Library

[34]

M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, chapter 7, pages 189-234. Prentice-Hall, 1981.

[35]

B. Steensgaard. Points-to analysis in almost-linear time. In Princip. of Prog. Lang., 1996.

Digital Library

[36]

J. Stransky. A lattice for abstract interpretation of dynamic (Lisp-like) structures. Inf. and Comp., 101(1):70-102, Nov. 1992.

Digital Library

[37]

V. Sundaresan, L. Hendren, C. Razafimahefa, R. Vallée-Rai, P. Lam, E. Gagnon, and C. Godin. Practical virtual method call resolution for Java. In Object-Oriented Programming, Systems, Languages, and Applications, pages 264-280, 2000.

Digital Library

[38]

J. Whaley and M. Lam. Cloning-based context-sensitive pointer alias analyses using binary decision diagrams. In Prog. Lang. Design and Impl., 2004.

Digital Library

[39]

T. Yavuz-Kahveci and T. Bultan. Automated verification of concurrent linked lists with counters. In SAS, 2002.

Digital Library

Cited By

Sun KChen SWang MHao D(2023)What Types Are Needed for Typing Dynamic Objects? A Python-Based Empirical StudyProgramming Languages and Systems10.1007/978-981-99-8311-7_2(24-45)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1007/978-981-99-8311-7_2
Bansal S(2023)StaticPersist: Compiler Support for PMEM ProgrammingVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-24950-1_3(44-65)Online publication date: 16-Jan-2023
https://dl.acm.org/doi/10.1007/978-3-031-24950-1_3
Bau GMiné ABotbol VBouaziz MGonnord LTitolo L(2022)Abstract interpretation of Michelson smart-contractsProceedings of the 11th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis10.1145/3520313.3534660(36-43)Online publication date: 14-Jun-2022
https://dl.acm.org/doi/10.1145/3520313.3534660
Show More Cited By

Recommendations

Symbolic heap abstraction with demand-driven axiomatization of memory invariants
OOPSLA '10

Many relational static analysis techniques for precise reasoning about heap contents perform an explicit case analysis of all possible heaps that can arise. We argue that such precise relational reasoning can be obtained in a more scalable and ...
Modular Heap Abstraction-Based Memory Leak Detection for Heap-Manipulating Programs
APSEC '12: Proceedings of the 2012 19th Asia-Pacific Software Engineering Conference - Volume 01

Heap-manipulating programs allow flexible manipulations over dynamically allocated, shared, and mutable heap cells via pointers that point to not only linked data structures but also their pointer fields. Therefore, memory leak detection for these ...
Symbolic heap abstraction with demand-driven axiomatization of memory invariants
OOPSLA '10: Proceedings of the ACM international conference on Object oriented programming systems languages and applications

Many relational static analysis techniques for precise reasoning about heap contents perform an explicit case analysis of all possible heaps that can arise. We argue that such precise relational reasoning can be obtained in a more scalable and ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SAS'06: Proceedings of the 13th international conference on Static Analysis

August 2006

442 pages

ISBN:3540377565

Editor:
Kwangkeun Yi
Seoul National University, Korea

Sponsors

KISS Special Interest Group on Programming Languages: KISS Special Interest Group on Programming Languages
Seoul National University
Korea Info Sci Society: Korea Information Science Society

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 29 August 2006

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sun KChen SWang MHao D(2023)What Types Are Needed for Typing Dynamic Objects? A Python-Based Empirical StudyProgramming Languages and Systems10.1007/978-981-99-8311-7_2(24-45)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1007/978-981-99-8311-7_2
Bansal S(2023)StaticPersist: Compiler Support for PMEM ProgrammingVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-24950-1_3(44-65)Online publication date: 16-Jan-2023
https://dl.acm.org/doi/10.1007/978-3-031-24950-1_3
Bau GMiné ABotbol VBouaziz MGonnord LTitolo L(2022)Abstract interpretation of Michelson smart-contractsProceedings of the 11th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis10.1145/3520313.3534660(36-43)Online publication date: 14-Jun-2022
https://dl.acm.org/doi/10.1145/3520313.3534660
Gurfinkel ANavas J(2021)Abstract Interpretation of LLVM with a Region-Based Memory ModelSoftware Verification10.1007/978-3-030-95561-8_8(122-144)Online publication date: 18-Jul-2021
https://dl.acm.org/doi/10.1007/978-3-030-95561-8_8
Monat ROuadjaout AMiné A(2021)A Multilanguage Static Analysis of Python Programs with Native C ExtensionsStatic Analysis10.1007/978-3-030-88806-0_16(323-345)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-88806-0_16
Ouadjaout AMiné A(2020)A Library Modeling Language for the Static Analysis of C ProgramsStatic Analysis10.1007/978-3-030-65474-0_11(223-247)Online publication date: 18-Nov-2020
https://dl.acm.org/doi/10.1007/978-3-030-65474-0_11
Welearegai GSchlueter MHammer CHung CPapadopoulos G(2019)Static security evaluation of an industrial web applicationProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3297471(1952-1961)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3297471
Arceri VPasqua MMastroeni I(2019)An Abstract Domain for Objects in Dynamic Programming LanguagesFormal Methods. FM 2019 International Workshops10.1007/978-3-030-54997-8_9(136-151)Online publication date: 7-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-54997-8_9
Kastrinis GBalatsouras GFerles KProkopaki-Kostopoulou NSmaragdakis YDubach CXue J(2018)An efficient data structure for must-alias analysisProceedings of the 27th International Conference on Compiler Construction10.1145/3178372.3179519(48-58)Online publication date: 24-Feb-2018
https://dl.acm.org/doi/10.1145/3178372.3179519
Nguyễn PGilray TTobin-Hochstadt SVan Horn D(2017)Soft contract verification for higher-order stateful programsProceedings of the ACM on Programming Languages10.1145/31581392:POPL(1-30)Online publication date: 27-Dec-2017
https://dl.acm.org/doi/10.1145/3158139
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents