Abstract
In this paper, we present an abstraction for heap-allocated storage, called the recency-abstraction, that allows abstract-interpretation algorithms to recover some non-trivial information for heap-allocated data objects. As an application of the recency-abstraction, we show how it can resolve virtual-function calls in stripped executables (i.e., executables from which debugging information has been removed). This approach succeeded in resolving 55% of virtual-function call-sites, whereas previous tools for analyzing executables fail to resolve any of the virtual-function call-sites.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andersen, L.O.: Binding-time analysis and the taming of C pointers. In: PEPM, pp. 47–58 (1993)
Bacon, D.F., Sweeney, P.F.: Fast static analysis of C++ virtual function calls. In: Object-Oriented Programming, Systems, Languages, and Applications, pp. 324–341 (1996)
Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Comp. Construct., pp. 5–23 (2004)
Balakrishnan, G., Reps, T.: Recovery of variables and heap structure in x86 executables. Tech. Rep. 1533, Comp. Sci. Dept., Univ. of Wisconsin, Madison, US (September 2005)
Calder, B., Grunwald, D.: Reducing indirect function call overhead in C++ programs. In: Princip. of Prog. Lang., pp. 397–408 (1994)
Chase, D.R., Wegman, M., Zadeck, F.: Analysis of pointers and structures. In: Prog. Lang. Design and Impl., pp. 296–310 (1990)
Chen, H., Wagner, D.: MOPS: An infrastructure for examining security properties of software. In: Conf. on Comp. and Commun. Sec., pp. 235–244 (November 2002)
Cheng, B.-C., Hwu, W.W.: Modular interprocedural pointer analysis using access paths: Design, implementation, and evaluation. In: Prog. Lang. Design and Impl., pp. 57–69 (2000)
Das, M.: Unification-based pointer analysis with directional assignments. In: Prog. Lang. Design and Impl., pp. 35–46 (2000)
Dean, J., Grove, D.A., Chambers, C.: Optimization of object-oriented programs using static class hierarchy analysis. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 77–101. Springer, Heidelberg (1995)
Engler, D.R., Chelf, B., Chou, A., Hallem, S.: Checking system rules using system-specific, programmer-written compiler extensions. In: Op. Syst. Design and Impl., pp. 1–16 (2000)
Fähndrich, M., Rehof, J., Das, M.: Scalable context-sensitive flow analysis using instantiation constraints. In: Prog. Lang. Design and Impl. (2000)
Foster, J.S., Fähndrich, M., Aiken, A.: Polymorphic versus monomorphic flow-insensitive points-to analysis for C. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, pp. 175–199. Springer, Heidelberg (2000)
Gopan, D., DiMaio, F., Dor, N., Reps, T., Sagiv, M.: Numeric domains with summarized dimensions. In: Tools and Algs. for the Construct. and Anal. of Syst., pp. 512–529 (2004)
Gopan, D., Reps, T., Sagiv, M.: A framework for numeric analysis of array operations. In: Princip. of Prog. Lang., pp. 338–350 (2005)
Guo, B., Bridges, M.J., Triantafyllis, S., Ottoni, G., Raman, E., August, D.I.: Practical and accurate low-level pointer analysis. In: 3rd IEEE/ACM Int. Symp. on Code Gen. and Opt., pp. 291–302 (2005)
Hackett, B., Rugina, R.: Region-based shape analysis with tracked locations. In: Princip. of Prog. Lang., pp. 310–323 (2005)
Hind, M., Pioli, A.: Assessing the Effects of Flow-Sensitivity on Pointer Alias Analyses. In: Levi, G. (ed.) SAS 1998. LNCS, vol. 1503, pp. 57–81. Springer, Heidelberg (1998)
Horwitz, S., Pfeiffer, P., Reps, T.: Dependence analysis for pointer variables. In: Prog. Lang. Design and Impl., pp. 28–40 (1989)
IDAPro disassembler, http://www.datarescue.com/idabase/
Immerman, N.: Descriptive Complexity. Springer, Heidelberg (1999)
Jones, N.D., Muchnick, S.S.: Flow analysis and optimization of Lisp-like structures. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, ch. 4, pp. 102–131. Prentice-Hall, Englewood Cliffs (1981)
Jones, N.D., Muchnick, S.S.: Flow analysis and optimization of Lisp-like structures. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, ch. 12, pp. 380–384. Prentice-Hall, Englewood Cliffs (1981)
Jones, N.D., Muchnick, S.S.: A flexible approach to interprocedural data flow analysis and programs with recursive data structures. In: Princip. of Prog. Lang., pp. 66–74 (1982)
Larus, J.R., Hilfinger, P.N.: Detecting conflicts between structure accesses. In: Prog. Lang. Design and Impl., pp. 21–34 (1988)
Lev-Ami, T.: TVLA: A framework for Kleene based static analysis. Master’s thesis, Tel-Aviv University, Tel-Aviv, Israel (2000)
Lev-Ami, T., Reps, T., Sagiv, M., Wilhelm, R.: Putting static analysis to work for verification: A case study. In: Int. Symp. on Softw. Testing and Analysis, pp. 26–38 (2000)
Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. In: TOSEM (2005)
Pande, H., Ryder, B.: Data-flow-based virtual function resolution. In: Cousot, R., Schmidt, D.A. (eds.) SAS 1996. LNCS, vol. 1145, pp. 238–254. Springer, Heidelberg (1996)
Patnaik, S., Immerman, N.: Dyn-FO: A parallel, dynamic complexity class. In: Symp. on Princ. of Database Syst. (1994)
Reps, T., Balakrishnan, G., Lim, J.: Intermediate-representation recovery from low-level code. In: PEPM (2006)
Sagiv, M., Reps, T., Wilhelm, R.: Solving shape-analysis problems in languages with destructive updating. Trans. on Prog. Lang. and Syst. 20(1), 1–50 (1998)
Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. Trans. on Prog. Lang. and Syst. 24(3), 217–298 (2002)
Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications, ch. 7, pp. 189–234. Prentice-Hall, Englewood Cliffs (1981)
Steensgaard, B.: Points-to analysis in almost-linear time. In: Princip. of Prog. Lang. (1996)
Stransky, J.: A lattice for abstract interpretation of dynamic (Lisp-like) structures. Inf. and Comp. 101(1), 70–102 (1992)
Sundaresan, V., Hendren, L., Razafimahefa, C., Vallée-Rai, R., Lam, P., Gagnon, E., Godin, C.: Practical virtual method call resolution for Java. In: Object-Oriented Programming, Systems, Languages, and Applications, pp. 264–280 (2000)
Whaley, J., Lam, M.: Cloning-based context-sensitive pointer alias analyses using binary decision diagrams. In: Prog. Lang. Design and Impl. (2004)
Yavuz-Kahveci, T., Bultan, T.: Automated verification of concurrent linked lists with counters. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, p. 69. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Balakrishnan, G., Reps, T. (2006). Recency-Abstraction for Heap-Allocated Storage. In: Yi, K. (eds) Static Analysis. SAS 2006. Lecture Notes in Computer Science, vol 4134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11823230_15
Download citation
DOI: https://doi.org/10.1007/11823230_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37756-6
Online ISBN: 978-3-540-37758-0
eBook Packages: Computer ScienceComputer Science (R0)