Field-Sensitive Value Analysis of Embedded C Programs with Union Types and Pointer Arithmetics

Field-Sensitive Value Analysis of Embedded C Programs with Union Types and Pointer Arithmetics (2006)

Cached

Download Links

[www.di.ens.fr]

Other Repositories/Bibliography

DBLP

by Antoine Miné

Citations:

25 - 5 self

BibTeX

@MISC{Miné06field-sensitivevalue,
    author = {Antoine Miné},
    title = {Field-Sensitive Value Analysis of Embedded C Programs with Union Types and Pointer Arithmetics},
    year = {2006}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

We propose a memory abstraction able to lift existing numerical static analyses to C programs containing union types, pointer casts, and arbitrary pointer arithmetics. Our framework is that of a combined points-to and data-value analysis. We abstract the contents of compound variables in a field-sensitive way, whether these fields contain numeric or pointer values, and use stock numerical abstract domains to find an overapproximation of all possible memory states--- with the ability to discover relationships between variables. A main novelty of our approach is the dynamic mapping scheme we use to associate a flat collection of abstract cells of scalar type to the set of accessed memory locations, while taking care of byte-level aliases---i.e., C variables with incompatible types allocated in overlapping memory locations. We do not rely on static type information which can be misleading in C programs as it does not account for all the uses a memory zone may be put to. Our work

Citations

1635	Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints - Cousot, Cousot - 1977
465	Parametric Shape Analysis via 3-Valued Logic - Sagiv, Reps, et al. - 1999
375	Efficient ContextSensitive Pointer Analysis for C Programs - Wilson, Lam - 1995
286	CCured: Type-safe retrofitting of legacy code - Necula, McPeak, et al. - 2002
205	Abstract interpretation frameworks - Cousot, Cousot - 1992
172	The octagon abstract domain - Miné
169	Temporal abstract interpretation - Cousot, Cousot - 2000
136	A static analyzer for large safety-critical software - Blanchet, Cousot, et al. - 2003
100	Symbolic bounds analysis for pointers, array indices, and accessed memory re - Rugina, Rinard
90	Analyzing Memory Accesses in x86 Executables - Balakrishnan, Reps
67	Pointer analysis: Haven’t we solved this problem yet - Hind - 2001
61	Points-to analysis by type inference in programs with structures and unions - Steensgaard - 1996
60	Pointer analysis for programs with structures and casting - Yong, Horwitz, et al. - 1999
41	Static analysis of arithmetical congruences - Granger - 1989
41	Coping with type casts in C - Stiff, Chandra, et al. - 1999
39	An efficient inclusion-based points-to analysis for strictly-typed languages - Whaley, Lam - 2002
38	Relational abstract domains for the detection of floating-point run-time errors - Miné - 2004
35	Cleanness checking of string manipulations in C programs via integer analysis - Dor, Rodeh, et al.
30	Static analysis of digital filters - Feret - 2004
27	Numeric domains with summarized dimensions - Gopan, DiMaio, et al. - 2004
14	A scalable nonuniform pointer analysis for embedded programs - Venet
11	et al., “Ariane 5 flight 501 failure report by the inquiry board,” European Space Agency - Lions - 1996
11	Combining interprocedural pointer analysis and conditional constant propagation - Pioli, Hind - 1999
11	Pointer–range analysis - Yong, Horwitz - 2004
2	The Santa Cruz Operation Inc. System V application binary interface - AT&T - 1997