Abstract not found

personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission.

in my opinion, it

The Universe type system is an ownership type system which enforces the owners-as-modifiers model. In this paper, we present a static analysis for inference of Universe types. We have implemented the analysis and performed preliminary experiments. Our results are promising. 1.

We propose static program analysis techniques for identifying the impact of relational database schema changes upon object-oriented applications. We use dataflow analysis to extract all possible database interactions that an application may make. We then use this information to predict the effects of schema change. We evaluate our approach with a case-study of a commercially available content management system, where we investigated 62 versions of between 70k-127k LoC and a schema size of up to 101 tables and 568 stored procedures. We demonstrate that the program analysis must be more precise, in terms of context-sensitivity than related work. However, increasing the precision of this analysis increases the computational cost. We use program slicing to reduce the size of the program that needs to be analysed. Using this approach, we are able to analyse the case study in under 2 minutes on a standard desktop machine, with no false negatives and a low level of false positives.

Even experienced developers struggle to implement security policies correctly. For example, despite 15 years of development, standard Java libraries still suffer from missing and incorrectly applied permission checks, which enable untrusted applications to execute native calls or modify private class variables without authorization. Previous techniques for static verification of authorization enforcement rely on manually specified policies or attempt to infer the policy by code-mining. Neither approach guarantees that the policy used for verification is correct. In this paper, we exploit the fact that many modern APIs have multiple, independent implementations. Our flow- and contextsensitive analysis takes as input an API, multiple implementations thereof, and the definitions of security checks and security-sensitive events. For each API entry point, the analysis computes the security

Abstract. Binary Decision Diagrams (BDDs) have recently become widely accepted as a space-efficient method of representing relations in points-to analyses. When BDDs are used to represent relations, each element of a domain is assigned a bit pattern to represent it, but not every bit pattern represents an element. The circuit design, model checking, and verification communities have achieved significant reductions in BDD sizes using Zero-Suppressed BDDs (ZBDDs) to avoid the overhead of these don’t-care bit patterns. We adapt BDD-based program analyses to use ZBDDs instead of BDDs. Our experimental evaluation studies the space requirements of ZBDDs for both context-insensitive and contextsensitive program analyses and shows that ZBDDs can greatly reduce the space requirements for expensive context-sensitive points-to analysis. Using ZBDDs to reduce the size of the relations allows a compiler or other software analysis tools to analyze larger programs with greater precision. We also provide a metric that can be used to estimate whether ZBDDs will be more compact than BDDs for a given analysis. 1

A context-sensitive points-to analysis maintains separate pointsto relationships for each possible (abstract) calling context of a method. Previous work has shown that a large number of equivalence classes exists in the representation of calling contexts. Such equivalent contexts provide opportunities for context-sensitive analyses based on binary decision diagrams (BDDs), in which BDDs automatically merge equivalent points-to relationships. However, the use of a BDD “black box ” introduces additional overhead for analysis running time. Furthermore, with heap cloning (i.e., using context-sensitive object allocation sites), BDDs are not as effective because the number of equivalence classes increases significantly. A further step must be taken to look inside the BDD black box to investigate where the equivalence comes from, and what tradeoffs can be employed to enable practical large-scale heap cloning.

Static analyses are generally parametrized by an abstraction which is chosen from a family of abstractions. We are interested in flexible families of abstractions with many parameters, as these families can allow one to increase precision in ways tailored to the client without sacrificing scalability. For example, we consider k-limited points-to analyses where each call site and allocation site in a program can have a different k value. We then ask a natural question in this paper: What is the minimal (coarsest) abstraction in a given family which is able to prove a set of client queries? In addressing this question, we make the following two contributions: (i) we introduce two machine learning algorithms for efficiently finding a minimal abstraction; and (ii) for a static race detector backed by a k-limited points-to analysis, we show empirically that minimal abstractions are actually quite coarse: it suffices to provide context/object sensitivity to a very small fraction (0.4–2.3%) of the sites to yield equally precise results as providing context/object sensitivity uniformly to all sites.

This dissertation was presented by