A Practical String Analyzer by the Widening Approach
The static determination of approximated values of string expressions has many potential applications. For instance, approximated string values may be used to check the validity and security of generated strings, as well as to collect the useful string properties. Previous string analysis efforts have been focused primarily on the maxmization of the precision of regular approximations of strings. These methods have not been completely satisfactory due to the difficulties in dealing with heap variables and context sensitivity. In this paper, we present an abstract-interpretation-based solution that employs a heuristic widening method. The presented solution is implemented and compared to JSA. In most cases, our solution gives results as precise as those produced by previous methods, and it makes the additional contribution of easily dealing with heap variables and context sensitivity in a very natural way. We anticipate the employment of our method in practical applications.
KeywordsString Operator Regular Expression Widening Operator Abstract Domain Context Sensitivity
Unable to display preview. Download preview PDF.
- 1.Chase, D.R., Wegman, M., Zadeck, F.K.: Analysis of pointers and structures. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 296–310. ACM Press, New York (1990)Google Scholar
- 3.Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the ACM Symposium on Principles of Programming Languages, pp. 238–252 (January 1977)Google Scholar
- 5.Gould, C., Su, Z., Devanbu, P.: Static checking of dynamically generated queries in database applications. In: Proceedings of the International Conference on Software Engineering, pp. 645–654 (May 2004)Google Scholar
- 7.Minamide, Y.: Static approximation of dynamically generated web pages. In: Proceedings of the International World Wide Web Conference Committee, pp. 432–441 (2005)Google Scholar
- 8.Mohri, M., Nederhof, M.-J.: Regular approximation of context-free grammars through transformation. In: Junqua, J.-C., van Noord, G. (eds.) Robustness in Language and Speech Technology, pp. 153–163. Kluwer Academic Publishers, Dordrecht (2001)Google Scholar
- 9.Nielson, F., Nielson, H.R.: Infinitary control flow analysis: a collecting semantics for closure analysis. In: Proceedings of the ACM Symposium on Principles of Programming Languages, pp. 332–345. ACM Press, New York (1997)Google Scholar
- 10.Shivers, O.: Control flow analysis in scheme. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (June 1988)Google Scholar
- 11.Tabuchi, N., Sumii, E., Yonezawa, A.: Regular expression types for strings in a text processing language. In: Proceedings of Workshop on Types in Programming, pp. 1–18 (July 2002)Google Scholar
- 12.Thiemann, P.: Grammar-based analysis string expressions. In: Proceedings of the ACM Workshop on Types in Language Design and Implementation, pp. 59–70 (2004)Google Scholar