Advertisement

Recency-Abstraction for Heap-Allocated Storage

  • Gogul Balakrishnan
  • Thomas Reps
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4134)

Abstract

In this paper, we present an abstraction for heap-allocated storage, called the recency-abstraction, that allows abstract-interpretation algorithms to recover some non-trivial information for heap-allocated data objects. As an application of the recency-abstraction, we show how it can resolve virtual-function calls in stripped executables (i.e., executables from which debugging information has been removed). This approach succeeded in resolving 55% of virtual-function call-sites, whereas previous tools for analyzing executables fail to resolve any of the virtual-function call-sites.

Keywords

Allocation Site Summary Node Link Data Structure Concrete Node Concrete Memory 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Andersen, L.O.: Binding-time analysis and the taming of C pointers. In: PEPM, pp. 47–58 (1993)Google Scholar
  2. 2.
    Bacon, D.F., Sweeney, P.F.: Fast static analysis of C++ virtual function calls. In: Object-Oriented Programming, Systems, Languages, and Applications, pp. 324–341 (1996)Google Scholar
  3. 3.
    Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Comp. Construct., pp. 5–23 (2004)Google Scholar
  4. 4.
    Balakrishnan, G., Reps, T.: Recovery of variables and heap structure in x86 executables. Tech. Rep. 1533, Comp. Sci. Dept., Univ. of Wisconsin, Madison, US (September 2005)Google Scholar
  5. 5.
    Calder, B., Grunwald, D.: Reducing indirect function call overhead in C++ programs. In: Princip. of Prog. Lang., pp. 397–408 (1994)Google Scholar
  6. 6.
    Chase, D.R., Wegman, M., Zadeck, F.: Analysis of pointers and structures. In: Prog. Lang. Design and Impl., pp. 296–310 (1990)Google Scholar
  7. 7.
    Chen, H., Wagner, D.: MOPS: An infrastructure for examining security properties of software. In: Conf. on Comp. and Commun. Sec., pp. 235–244 (November 2002)Google Scholar
  8. 8.
    Cheng, B.-C., Hwu, W.W.: Modular interprocedural pointer analysis using access paths: Design, implementation, and evaluation. In: Prog. Lang. Design and Impl., pp. 57–69 (2000)Google Scholar
  9. 9.
    Das, M.: Unification-based pointer analysis with directional assignments. In: Prog. Lang. Design and Impl., pp. 35–46 (2000)Google Scholar
  10. 10.
    Dean, J., Grove, D.A., Chambers, C.: Optimization of object-oriented programs using static class hierarchy analysis. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 77–101. Springer, Heidelberg (1995)Google Scholar
  11. 11.
    Engler, D.R., Chelf, B., Chou, A., Hallem, S.: Checking system rules using system-specific, programmer-written compiler extensions. In: Op. Syst. Design and Impl., pp. 1–16 (2000)Google Scholar
  12. 12.
    Fähndrich, M., Rehof, J., Das, M.: Scalable context-sensitive flow analysis using instantiation constraints. In: Prog. Lang. Design and Impl. (2000)Google Scholar
  13. 13.
    Foster, J.S., Fähndrich, M., Aiken, A.: Polymorphic versus monomorphic flow-insensitive points-to analysis for C. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, pp. 175–199. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Gopan, D., DiMaio, F., Dor, N., Reps, T., Sagiv, M.: Numeric domains with summarized dimensions. In: Tools and Algs. for the Construct. and Anal. of Syst., pp. 512–529 (2004)Google Scholar
  15. 15.
    Gopan, D., Reps, T., Sagiv, M.: A framework for numeric analysis of array operations. In: Princip. of Prog. Lang., pp. 338–350 (2005)Google Scholar
  16. 16.
    Guo, B., Bridges, M.J., Triantafyllis, S., Ottoni, G., Raman, E., August, D.I.: Practical and accurate low-level pointer analysis. In: 3rd IEEE/ACM Int. Symp. on Code Gen. and Opt., pp. 291–302 (2005)Google Scholar
  17. 17.
    Hackett, B., Rugina, R.: Region-based shape analysis with tracked locations. In: Princip. of Prog. Lang., pp. 310–323 (2005)Google Scholar
  18. 18.
    Hind, M., Pioli, A.: Assessing the Effects of Flow-Sensitivity on Pointer Alias Analyses. In: Levi, G. (ed.) SAS 1998. LNCS, vol. 1503, pp. 57–81. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  19. 19.
    Horwitz, S., Pfeiffer, P., Reps, T.: Dependence analysis for pointer variables. In: Prog. Lang. Design and Impl., pp. 28–40 (1989)Google Scholar
  20. 20.
  21. 21.
    Immerman, N.: Descriptive Complexity. Springer, Heidelberg (1999)MATHGoogle Scholar
  22. 22.
    Jones, N.D., Muchnick, S.S.: Flow analysis and optimization of Lisp-like structures. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, ch. 4, pp. 102–131. Prentice-Hall, Englewood Cliffs (1981)Google Scholar
  23. 23.
    Jones, N.D., Muchnick, S.S.: Flow analysis and optimization of Lisp-like structures. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, ch. 12, pp. 380–384. Prentice-Hall, Englewood Cliffs (1981)Google Scholar
  24. 24.
    Jones, N.D., Muchnick, S.S.: A flexible approach to interprocedural data flow analysis and programs with recursive data structures. In: Princip. of Prog. Lang., pp. 66–74 (1982)Google Scholar
  25. 25.
    Larus, J.R., Hilfinger, P.N.: Detecting conflicts between structure accesses. In: Prog. Lang. Design and Impl., pp. 21–34 (1988)Google Scholar
  26. 26.
    Lev-Ami, T.: TVLA: A framework for Kleene based static analysis. Master’s thesis, Tel-Aviv University, Tel-Aviv, Israel (2000)Google Scholar
  27. 27.
    Lev-Ami, T., Reps, T., Sagiv, M., Wilhelm, R.: Putting static analysis to work for verification: A case study. In: Int. Symp. on Softw. Testing and Analysis, pp. 26–38 (2000)Google Scholar
  28. 28.
    Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. In: TOSEM (2005)Google Scholar
  29. 29.
    Pande, H., Ryder, B.: Data-flow-based virtual function resolution. In: Cousot, R., Schmidt, D.A. (eds.) SAS 1996. LNCS, vol. 1145, pp. 238–254. Springer, Heidelberg (1996)Google Scholar
  30. 30.
    Patnaik, S., Immerman, N.: Dyn-FO: A parallel, dynamic complexity class. In: Symp. on Princ. of Database Syst. (1994)Google Scholar
  31. 31.
    Reps, T., Balakrishnan, G., Lim, J.: Intermediate-representation recovery from low-level code. In: PEPM (2006)Google Scholar
  32. 32.
    Sagiv, M., Reps, T., Wilhelm, R.: Solving shape-analysis problems in languages with destructive updating. Trans. on Prog. Lang. and Syst. 20(1), 1–50 (1998)CrossRefGoogle Scholar
  33. 33.
    Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. Trans. on Prog. Lang. and Syst. 24(3), 217–298 (2002)CrossRefGoogle Scholar
  34. 34.
    Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications, ch. 7, pp. 189–234. Prentice-Hall, Englewood Cliffs (1981)Google Scholar
  35. 35.
    Steensgaard, B.: Points-to analysis in almost-linear time. In: Princip. of Prog. Lang. (1996)Google Scholar
  36. 36.
    Stransky, J.: A lattice for abstract interpretation of dynamic (Lisp-like) structures. Inf. and Comp. 101(1), 70–102 (1992)CrossRefMathSciNetMATHGoogle Scholar
  37. 37.
    Sundaresan, V., Hendren, L., Razafimahefa, C., Vallée-Rai, R., Lam, P., Gagnon, E., Godin, C.: Practical virtual method call resolution for Java. In: Object-Oriented Programming, Systems, Languages, and Applications, pp. 264–280 (2000)Google Scholar
  38. 38.
    Whaley, J., Lam, M.: Cloning-based context-sensitive pointer alias analyses using binary decision diagrams. In: Prog. Lang. Design and Impl. (2004)Google Scholar
  39. 39.
    Yavuz-Kahveci, T., Bultan, T.: Automated verification of concurrent linked lists with counters. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, p. 69. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Gogul Balakrishnan
    • 1
  • Thomas Reps
    • 1
  1. 1.Comp. Sci. Dept.University of Wisconsin 

Personalised recommendations