Affiliation:
1. University of Colorado, Boulder, CO, USA
2. IBM T.J. Watson Research Center, Yorktown Heights, NY, USA
Abstract
We present a precise, path-sensitive static analysis for reasoning about heap reachability, that is, whether an object can be reached from another variable or object via pointer dereferences. Precise reachability information is useful for a number of clients, including static detection of a class of Android memory leaks. For this client, we found the heap reachability information computed by a state-of-the-art points-to analysis was too imprecise, leading to numerous false-positive leak reports. Our analysis combines a symbolic execution capable of path-sensitivity and strong updates with abstract heap information computed by an initial flow-insensitive points-to analysis. This novel mixed representation allows us to achieve both precision and scalability by leveraging the pre-computed points-to facts to guide execution and prune infeasible paths. We have evaluated our techniques in the Thresher tool, which we used to find several developer-confirmed leaks in Android applications.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Cited by
31 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Falcon: A Fused Approach to Path-Sensitive Sparse Data Dependence Analysis;Proceedings of the ACM on Programming Languages;2024-06-20
2. Evaluating the Reusability of Android Static Analysis Tools;Lecture Notes in Computer Science;2024
3. SyzDirect: Directed Greybox Fuzzing for Linux Kernel;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15
4. Historia: Refuting Callback Reachability with Message-History Logics;Proceedings of the ACM on Programming Languages;2023-10-16
5. Anchor
: Fast and Precise Value-flow Analysis for Containers via Memory Orientation;ACM Transactions on Software Engineering and Methodology;2023-04-26