Results 1  10
of
134
Parametric Shape Analysis via 3Valued Logic
, 1999
"... Shape Analysis concerns the problem of determining "shape invariants"... ..."
Abstract

Cited by 539 (71 self)
 Add to MetaCart
Shape Analysis concerns the problem of determining "shape invariants"...
Efficient ContextSensitive Pointer Analysis for C Programs
, 1995
"... This paper proposes an efficient technique for contextsensitive pointer analysis that is applicable to real C programs. For efficiency, we summarize the effects of procedures using partial transfer functions. A partial transfer function (PTF) describes the behavior of a procedure assuming that certa ..."
Abstract

Cited by 396 (9 self)
 Add to MetaCart
This paper proposes an efficient technique for contextsensitive pointer analysis that is applicable to real C programs. For efficiency, we summarize the effects of procedures using partial transfer functions. A partial transfer function (PTF) describes the behavior of a procedure assuming that certain alias relationships hold when it is called. We can reuse a PTF in many calling contexts as long as the aliases among the inputs to the procedure are the same. Our empirical results demonstrate that this technique is successfula single PTF per procedure is usually sufficient to obtain completely contextsensitive results. Because many C programs use features such as type casts and pointer arithmetic to circumvent the highlevel type system, our algorithm is based on a lowlevel representation of memory locations that safely handles all the features of C. We have implemented our algorithm in the SUIF compiler system and we show that it runs efficiently for a set of C benchmarks. 1 Introd...
A Safe Approximate Algorithm for Interprocedural Pointer Aliasing
, 1992
"... Aliasing occurs at some program point during execution when two or more names exist for the same location. In a language which allows pointers, the problem of determining the set of pairs of names at a program point which may refer to the same location during program execution is NPhard. We present ..."
Abstract

Cited by 327 (34 self)
 Add to MetaCart
Aliasing occurs at some program point during execution when two or more names exist for the same location. In a language which allows pointers, the problem of determining the set of pairs of names at a program point which may refer to the same location during program execution is NPhard. We present an algorithm which safely approximates Interprocedural May Alias in the presence of pointers. This algorithm has been implemented in a prototype analysis tool for C programs. 3 The research reported here was supported, in part, by Siemens Research Corporation and NSF grant CCR8920078. y Department of Computer Science, Rutgers University, New Brunswick, NJ 08903 Contents 1 Introduction 3 2 Problem Representation 6 2.1 Interprocedural Control Flow Graph : : : : : : : : : : : : : : : : : : : : : : : : : : : 6 2.2 Types : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 6 2.3 Object Names : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : ...
Solving ShapeAnalysis Problems in Languages with Destructive Updating
 POPL '96
, 1996
"... This paper concerns the static analysis of programs that perform destructive updating on heapallocated storage. We give an algorithm that conservatively solves this problem by using a finite shapegraph to approximate the possible “shapes” that heapallocated structures in a program can take on. In ..."
Abstract

Cited by 292 (19 self)
 Add to MetaCart
This paper concerns the static analysis of programs that perform destructive updating on heapallocated storage. We give an algorithm that conservatively solves this problem by using a finite shapegraph to approximate the possible “shapes” that heapallocated structures in a program can take on. In contrast with previous work, our method M even accurate for certain programs that update cyclic data structures. For example, our method can determine that when the input to a program that searches a list and splices in a new element is a possibly circular list, the output is a possibly circular list.
Efficient FlowSensitive Interprocedural Computation of PointerInduced Aliases and Side Effects
, 1993
"... We present practical approximation methods for computing interprocedural aliases and side effects for a program written in a language that includes pointers, reference parameters and recursion. We present the following results: 1) An algorithm for flowsensitive interprocedural alias analysis which ..."
Abstract

Cited by 220 (11 self)
 Add to MetaCart
We present practical approximation methods for computing interprocedural aliases and side effects for a program written in a language that includes pointers, reference parameters and recursion. We present the following results: 1) An algorithm for flowsensitive interprocedural alias analysis which is more precise and efficient than the best interprocedural method known. 2) An extension of traditional flowinsensitive alias analysis which accommodates pointers and provides a framework for a family of algorithms which trade off precision for efficiency. 3) An algorithm which correctly computes side effects in the presence of pointers. Pointers cannot be correctly handled by conventional methods for side effect analysis. 4) An alias naming technique which handles dynamically allocated objects and guarantees the correctness of dataflow analysis. 5) A compact representation based on transitive reduction which does not result in a loss of precision and improves precision in some cases. 6)...
D.: Manufacturing cheap, resilient, and stealthy opaque constructs
 In: Proc. of the 25th ACM SIGPLANSIGACT symposium on Principles of programming languages
, 1998
"... It has become common to distribute software in forms that are isomorphic to the original source code. An important example is Java bytecode. Since such codes are easy to decompile, they increase the risk of mahcious reverse engineering attacks. In thii paper we describe the design of a Java code obf ..."
Abstract

Cited by 168 (27 self)
 Add to MetaCart
It has become common to distribute software in forms that are isomorphic to the original source code. An important example is Java bytecode. Since such codes are easy to decompile, they increase the risk of mahcious reverse engineering attacks. In thii paper we describe the design of a Java code obfus&OF, a tool whichthrough the application of code transformations converts a Java program into an equivalent one that is more difficuh to reverse engineer. We describe a number of transformations which obfuscate controlflow. Transformations are evaluated with respect to potency (To what degree is a human reader confused?), resilience (How well are automatic deobfuscation attacks resisted?), cost (How much time/space overhead is added?), and stealth (How well does obfuscated code blend in with the original code?). The resilience of many controlaltering transformations rely on the resilience of opaque predicates. These are boolean valued expressions whose values are known to the obfuscator but difficult to determine for an automatic deobfuscator. We show how to construct resilient, cheap, and stealthy opaque predicates based on the intractability of certain static analysis problems such as alias analysis. 1
Fast and Accurate FlowInsensitive PointsTo Analysis
 IN SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 1997
"... In order to analyze a program that involves pointers, it is necessary to have (safe) information about what each pointer points to. There are many different approaches to computing pointsto information. This paper addresses techniques for flow and contextinsensitive interprocedural analysis of st ..."
Abstract

Cited by 149 (3 self)
 Add to MetaCart
In order to analyze a program that involves pointers, it is necessary to have (safe) information about what each pointer points to. There are many different approaches to computing pointsto information. This paper addresses techniques for flow and contextinsensitive interprocedural analysis of stackbased storage. The paper makes two contributions to work in this area: ffl The first contribution is a set of experiments that explore the tradeoffs between techniques previously defined by Lars Andersen and Bjarne Steensgaard. The former has a cubic worstcase running time, while the latter is essentially linear. However, the former may be much more precise than the latter. We have found that in practice, Andersen's algorithm is consistently more precise than Steensgaard's. For small programs, there is very little difference in the times required by the two approaches; however, for larger programs, Andersen's algorithm can be much slower than Steensgaard's. ffl The second contrib...
Supporting Dynamic Data Structures on DistributedMemory Machines
, 1995
"... this article, we describe an execution model for supporting programs that use pointerbased dynamic data structures. This model uses a simple mechanism for migrating a thread of control based on the layout of heapallocated data and introduces parallelism using a technique based on futures and lazy ..."
Abstract

Cited by 149 (8 self)
 Add to MetaCart
this article, we describe an execution model for supporting programs that use pointerbased dynamic data structures. This model uses a simple mechanism for migrating a thread of control based on the layout of heapallocated data and introduces parallelism using a technique based on futures and lazy task creation. We intend to exploit this execution model using compiler analyses and automatic parallelization techniques. We have implemented a prototype system, which we call Olden, that runs on the Intel iPSC/860 and the Thinking Machines CM5. We discuss our implementation and report on experiments with five benchmarks.
A Schema for Interprocedural Modification SideEffect Analysis With Pointer Aliasing
 In Proceedings of the SIGPLAN '93 Conference on Programming Language Design and Implementation
, 2001
"... The first interprocedural modification sideeffects analysis for C (MOD_C) that obtains better than worstcase precision on programs with generalpurpose pointer usage is presented with empirical results. The analysis consists of an algorithm schema corresponding to a family of MODC algorithms with ..."
Abstract

Cited by 131 (13 self)
 Add to MetaCart
The first interprocedural modification sideeffects analysis for C (MOD_C) that obtains better than worstcase precision on programs with generalpurpose pointer usage is presented with empirical results. The analysis consists of an algorithm schema corresponding to a family of MODC algorithms with two independent phases: one for determining pointerinduced aliases and a subsequent one for propagating interprocedural side effects. These MOD_C algorithms are parameterized by the aliasing method used. The empirical results compare the performance of two dissimilar MOD_C algorithms: MOD_C(FSAlias) uses a flowsensitive, callingcontextsensitive interprocedural alias analysis [LR92]; MOD_C(FIAlias) uses a flowinsensitive, callingcontextinsensitive alias analysis which is much faster, but less accurate. These two algorithms were profiled on 45 programs ranging in size from 250 to 30,000 lines of C code, and the results demonstrate dramatically the possible costprecision tradeoffs. This first comparative implementation of MODC analyses offers insight into the differences between flow/contextsensitive and flow/contextinsensitive analyses. The analysis cost versus precision tradeoffs in sideeffect information obtained is reported. The results show surprisingly that the precision of flowsensitive sideeffect analysis is not always prohibitive in cost, and that the precision of flowinsensitive analysis is substantially better than worstcase estimates and seems sufficient for certain applications. On average MODC (FSAlias) for procedures and calls is in the range of 20% more precise than MODC (F IAlias); however, the performance was found to be at least an order of magnitude slower than MODC (F IAlias).
Symbolic Bounds Analysis of Pointers, Array Indices, and Accessed Memory Regions
 PLDI 2000
, 2000
"... This paper presents a novel framework for the symbolic bounds analysis of pointers, array indices, and accessed memory regions. Our framework formulates each analysis problem as a system of inequality constraints between symbolic bound polynomials. It then reduces the constraint system to a linear p ..."
Abstract

Cited by 111 (14 self)
 Add to MetaCart
This paper presents a novel framework for the symbolic bounds analysis of pointers, array indices, and accessed memory regions. Our framework formulates each analysis problem as a system of inequality constraints between symbolic bound polynomials. It then reduces the constraint system to a linear program. The solution to the linear program provides symbolic lower and upper bounds for the values of pointer and array index variables and for the regions of memory that each statement and procedure accesses. This approach eliminates fundamental problems associated with applying standard xedpoint approaches to symbolic analysis problems. Experimental results from our implemented compiler show that the analysis can solve several important problems, including static race detection, automatic parallelization, static detection of array bounds violations, elimination of array bounds checks, and reduction of the number of bits used to store computed values.