A Unified Model for Context-Sensitive Program Analyses:

Context-sensitive methods of program analysis increase the precision of interprocedural analysis by achieving the effect of call inlining. These methods have been defined using different formalisms and hence appear as algorithms that are very different from each other. Some methods traverse a call graph top-down, whereas some others traverse it bottom-up first and then top-down. Some define contexts explicitly, whereas some do not. Some of them directly compute data flow values, while some first compute summary functions and then use them to compute data flow values. Further, different methods place different kinds of restrictions on the data flow frameworks supported by them. As a consequence, it is difficult to compare the ideas behind these methods in spite of the fact that they solve essentially the same problem. We argue that these incomparable views are similar to those of blind men describing an elephant, called context sensitivity, and make it difficult for a non-expert reader to form a coherent picture of context-sensitive data flow analysis. We bring out this whole-elephant view of context sensitivity in program analysis by proposing a unified model of context sensitivity that provides a clean separation between computation of contexts and computation of data flow values. Our model captures the essence of context sensitivity and defines simple soundness and precision criteria for context-sensitive methods. It facilitates declarative specifications of context-sensitive methods, insightful comparisons between them, and reasoning about their soundness and precision. We demonstrate this by instantiating our model to many known context-sensitive methods.

Download Full-text

Applications of Synchronized Pushdown Systems

Ernst Denert Award for Software Engineering 2019 ◽

10.1007/978-3-030-58617-1_3 ◽

2020 ◽

pp. 19-45

Author(s):

Johannes Späth

Keyword(s):

Data Flow ◽

Flow Analysis ◽

Computational Effort ◽

Pointer Analysis ◽

Sensitive Data ◽

Data Flow Analysis ◽

Context Sensitive ◽

Program Slice ◽

Static Data ◽

Per Se

AbstractA precise static data-flow analysis transforms the program into a context-sensitive and field-sensitive approximation of the program. It is challenging to design an analysis of this precision efficiently due to the fact that the analysis is undecidable per se. Synchronized pushdown systems (SPDS) present a highly precise approximation of context-sensitive and field-sensitive data-flow analysis. This chapter presents some data-flow analyses that SPDS can be used for. Further on, this chapter summarizes two other contributions of the thesis “Synchronized Pushdown System for Pointer and Data-Flow Analysis” called Boomerang and IDEal. Boomerang is a demand-driven pointer analysis that builds on top of SPDS and minimizes the highly computational effort of a whole-program pointer analysis by restricting the computation to the minimal program slice necessary for an individual query. IDEal is a generic and efficient framework for data-flow analyses, e.g., typestate analysis. IDEal resolves pointer relations automatically and efficiently by the help of Boomerang. This reduces the burden of implementing pointer relations into an analysis. Further on, IDEal performs strong updates, which makes the analysis sound and precise.

Download Full-text

Exploring context-sensitive data flow analysis for early vulnerability detection

Journal of Systems and Software ◽

10.1016/j.jss.2015.12.021 ◽

2016 ◽

Vol 113 ◽

pp. 337-361 ◽

Cited By ~ 9

Author(s):

Luciano Sampaio ◽

Alessandro Garcia

Keyword(s):

Data Flow ◽

Flow Analysis ◽

Vulnerability Detection ◽

Sensitive Data ◽

Data Flow Analysis ◽

Context Sensitive

Download Full-text

Semantic Foundations of Data Flow Analysis

DAIMI Report Series ◽

10.7146/dpb.v10i131.7585 ◽

1981 ◽

Vol 10 (131) ◽

Cited By ~ 1

Author(s):

Flemming Nielson

Keyword(s):

Program Analysis ◽

Abstract Interpretation ◽

Data Flow ◽

Flow Analysis ◽

Denotational Semantics ◽

System Of Equations ◽

Program Transformations ◽

Sensitive Data ◽

Data Flow Analysis ◽

Made In

Abstract Interpretation (P. Cousot, R. Cousot and others) is a method for program analysis that is able to describe many data flow analyses. We investigate and weaken the assumptions made in abstract interpretation and express abstract interpretation within Denotational Semantics. As an example we specify constant propagation.Some authors have used abstract interpretation to formulate ''available expressions'' (a so-called ''history-sensitive'' data flow analysis). Our development of ''available expressions'' is better justified, semantically.In traditional data flow analysis and abstract interpretation it is generally assumed that the ''Meet Over all Paths'' solution is wanted. We prove that the solution specified by our approach is the ''Meet Over all Paths'' solution to a certain system of equations obtained from the program.To indicate the usefulness of our approach we show how to validate a class of program transformations, including ''constant folding''.Throughout this paper we use a toy language consisting of declarations, expressions and commands (involving conditional and iteration). Excluded are procedures and jumps.

Download Full-text

PDroid: Detecting Privacy Leakage on Android

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.556-562.2658 ◽

2014 ◽

Vol 556-562 ◽

pp. 2658-2662 ◽

Cited By ~ 1

Author(s):

Pu Han Zhang ◽

Jing Zhe Li ◽

Shuai Shao ◽

Peng Wang

Keyword(s):

Data Flow ◽

Programming Model ◽

Flow Analysis ◽

Prototype System ◽

Sensitive Information ◽

Sensitive Data ◽

Data Flow Analysis ◽

Call Graph ◽

Android Apps ◽

Privacy Leakage

The prevalence of Android makes it face the severe security threats from malicious apps. Many Android malware can steal users’ sensitive data and leak them out. The data flow analysis is a popular technique used to detect privacy leakages by tracking the sensitive information flow statically. In practice, an effective data flow analysis should employ inter-procedure information tracking. However, the Android event-driven programming model brings a challenge to construct the call graph (CG) for a target app. This paper presents a method which employs the inter-procedural and context-sensitive data flow analysis to detect privacy leakage in Android apps. To make the analysis accurate, a flow-sensitive and points-to call target analysis is employed to construct and improve the call graph. A prototype system, called PDroid, has been implemented and applied to some real malware. The experiment shows that our method can effective detect the privacy leakages cross multiple method call instances.

Download Full-text

Interprocedural Control Flow Analysis (Extended version)

DAIMI Report Series ◽

10.7146/dpb.v27i538.7071 ◽

1998 ◽

Vol 27 (538) ◽

Author(s):

Flemming Nielson ◽

Hanne Riis Nielson

Keyword(s):

Abstract Interpretation ◽

Data Flow ◽

Flow Analysis ◽

Object Oriented ◽

Control Flow ◽

Data Flow Analysis ◽

Context Sensitive ◽

Mutable State ◽

Do So ◽

Control Flow Analysis

Control Flow Analysis is a widely used approach for analysing functional and object oriented programs and recently it has also successfully been used to analyse more challenging notions of computation involving concurrency. However, once the applications become more demanding also the analysis needs to be more precise in its ability to deal with mutable state (or side-effects) and to perform polyvariant (or context-sensitive) analysis. Several insights in Data Flow Analysis and Abstract Interpretation show how to do so for imperative programs but the techniques have not had much impact on Control Flow Analysis because of the less abstract way in which the techniques are normally expressed. In this paper we show how to incorporate a number of key insights from Data Flow Analysis involving such advanced interprocedural techniques as call strings and assumption sets using Abstract Interpretation to induce the analyses from a general collecting semantics.

Download Full-text