ABSTRACT
The development of a high-quality data-flow analysis---one that is precise and scalable---is a challenging task. A concrete client analysis not only requires data-flow but, in addition, type-hierarchy, points-to, and call-graph information, all of which need to be obtained by wisely chosen and correctly parameterized algorithms. Therefore, many static analysis frameworks have been developed that provide analysis writers with generic data-flow solvers as well as those additional pieces of information. Such frameworks ease the development of an analysis by requiring only a description of the data-flow problem to be solved and a set of framework parameters. Yet, analysis writers often struggle when an analysis does not behave as expected on real-world code. It is usually not apparent what causes a failure due to the complex interplay of the several algorithms and the client analysis code within such frameworks. In this work, we present some of the insights we gained by instrumenting the LLVM-based static analysis framework PhASAR for C/C++ code and show the broad area of applications at which flexible instrumentation supports analysis and framework developers. We present five cases in which instrumentation gave us valuable insights to debug and improve both, the concrete analyses and the underlying PhASAR framework.
- 2019. coreutils. Retrieved 04/02/2019 from https://www.gnu.org/ software/coreutils/coreutils.htmlGoogle Scholar
- 2019. DroidBench. Retrieved 04/02/2019 from https://github.com/ secure-software-engineering/DroidBenchGoogle Scholar
- 2019. SecuriBench. Retrieved 04/02/2019 from https://suif.stanford. edu/~livshits/work/securibench/intro.htmlGoogle Scholar
- Eric Bodden. 2018. The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them). In Companion Proceedings for the ISSTA/E-COOP 2018 Workshops (ISSTA ’18). ACM, New York, NY, USA, 85–93.Google ScholarDigital Library
- Martin Bravenboer and Yannis Smaragdakis. 2009. Strictly Declarative Specification of Sophisticated Points-to Analyses. In Proceedings of the 24th ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA ’09). ACM, New York, NY, USA, 243–262. Google ScholarDigital Library
- Michael Eichberg and Ben Hermann. 2014. A Software Product Line for Static Analyses: The OPAL Framework. In Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis (SOAP ’14). ACM, New York, NY, USA, 1–6. Google ScholarDigital Library
- Herbert Jordan, Bernhard Scholz, and Pavle Subotić. 2016. Soufflé: On synthesis of program analyzers. In International Conference on Computer Aided Verification. Springer, 422–430.Google ScholarCross Ref
- Patrick Lam, Eric Bodden, Ondvrej Lhoták, and Laurie Hendren. 2011. The Soot framework for Java program analysis: a retrospective.Google Scholar
- Johannes Lerch and Ben Hermann. 2015. Design Your Analysis: A Case Study on Implementation Reusability of Data-flow Functions. In Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2015). ACM, New York, NY, USA, 26–30.Google ScholarDigital Library
- Nicholas Nethercote and Julian Seward. 2007. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’07). ACM, New York, NY, USA, 89–100. Google ScholarDigital Library
- Lisa Nguyen, Stefan Krüger, Patrick Hill, Karim Ali, and Eric Bodden. 2018. VISUFLOW, a Debugging Environment for Static Analyses. In International Conference for Software Engineering (ICSE), Tool Demonstrations Track. Google ScholarDigital Library
- Thomas Reps, Susan Horwitz, and Mooly Sagiv. 1995. Precise Interprocedural Dataflow Analysis via Graph Reachability. In Proceedings of the 22Nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’95). ACM, New York, NY, USA, 49–61. Google ScholarDigital Library
- Thomas Reps, Stefan Schwoon, and Somesh Jha. 2003. Weighted Pushdown Systems and Their Application to Interprocedural Dataflow Analysis. In Proceedings of the 10th International Conference on Static Analysis (SAS’03). Springer-Verlag, Berlin, Heidelberg, 189–213. http: //dl.acm.org/citation.cfm?id=1760267.1760283 Google ScholarDigital Library
- Mooly Sagiv, Thomas Reps, and Susan Horwitz. 1996. Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation. Theor. Comput. Sci. 167, 1-2 (Oct. 1996), 131–170. Google ScholarDigital Library
- Philipp Dominik Schubert, Ben Hermann, and Eric Bodden. 2019. PhASAR: An Inter-procedural Static Analysis Framework for C/C++. In Tools and Algorithms for the Construction and Analysis of Systems, Tomáš Vojnar and Lijun Zhang (Eds.). Springer International Publishing, Cham, 393–410.Google Scholar
- Shinichi Shiraishi, Veena Mohan, and Hemalatha Marimuthu. 2015. Test Suites for Benchmarks of Static Analysis Tools. In Proceedings of the 2015 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) (ISSREW ’15). IEEE Computer Society, Washington, DC, USA, 12–15. Google ScholarDigital Library
- Asia Slowinska and Herbert Bos. 2009. Pointless Tainting: Evaluating the Practicality of Pointer Tainting. In Proceedings of the 4th ACM European Conference on Computer Systems (EuroSys ’09). ACM, New York, NY, USA, 61–74. Google ScholarDigital Library
- John Toman and Dan Grossman. 2017. Taming the Static Analysis Beast. In 2nd Summit on Advances in Programming Languages (SNAPL 2017) (Leibniz International Proceedings in Informatics (LIPIcs)), Benjamin S. Lerner, Rastislav Bodík, and Shriram Krishnamurthi (Eds.), Vol. 71. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 18:1–18:14.Google Scholar
- WALA 2019. WALA. Retrieved 04/02/2019 from http://wala. sourceforge.net/wiki/index.php/Main_PageGoogle Scholar
Index Terms
- Know your analysis: how instrumentation aids understanding static analysis
Recommendations
The secret sauce in efficient and precise static analysis: the beauty of distributive, summary-based static analyses (and how to master them)
ISSTA '18: Companion Proceedings for the ISSTA/ECOOP 2018 WorkshopsIn this paper I report on experiences gained from more than five years of extensively designing static code analysis tools- in particular such ones with a focus on security- to scale to real-world projects within an industrial context. Within this time ...
Machine-learning-guided selectively unsound static analysis
ICSE '17: Proceedings of the 39th International Conference on Software EngineeringWe present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at ...
Machine-Learning-Guided Typestate Analysis for Static Use-After-Free Detection
ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications ConferenceTypestate analysis relies on pointer analysis for detecting temporal memory safety errors, such as use-after-free (UAF). For large programs, scalable pointer analysis is usually imprecise in analyzing their hard "corner cases", such as infeasible paths, ...
Comments