Skip to main content
SpringerLink
Log in

Recency-Abstraction for Heap-Allocated Storage

  • Conference paper
Static Analysis (SAS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4134))

Included in the following conference series:

Abstract

In this paper, we present an abstraction for heap-allocated storage, called the recency-abstraction, that allows abstract-interpretation algorithms to recover some non-trivial information for heap-allocated data objects. As an application of the recency-abstraction, we show how it can resolve virtual-function calls in stripped executables (i.e., executables from which debugging information has been removed). This approach succeeded in resolving 55% of virtual-function call-sites, whereas previous tools for analyzing executables fail to resolve any of the virtual-function call-sites.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andersen, L.O.: Binding-time analysis and the taming of C pointers. In: PEPM, pp. 47–58 (1993)

    Google Scholar 

  2. Bacon, D.F., Sweeney, P.F.: Fast static analysis of C++ virtual function calls. In: Object-Oriented Programming, Systems, Languages, and Applications, pp. 324–341 (1996)

    Google Scholar 

  3. Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Comp. Construct., pp. 5–23 (2004)

    Google Scholar 

  4. Balakrishnan, G., Reps, T.: Recovery of variables and heap structure in x86 executables. Tech. Rep. 1533, Comp. Sci. Dept., Univ. of Wisconsin, Madison, US (September 2005)

    Google Scholar 

  5. Calder, B., Grunwald, D.: Reducing indirect function call overhead in C++ programs. In: Princip. of Prog. Lang., pp. 397–408 (1994)

    Google Scholar 

  6. Chase, D.R., Wegman, M., Zadeck, F.: Analysis of pointers and structures. In: Prog. Lang. Design and Impl., pp. 296–310 (1990)

    Google Scholar 

  7. Chen, H., Wagner, D.: MOPS: An infrastructure for examining security properties of software. In: Conf. on Comp. and Commun. Sec., pp. 235–244 (November 2002)

    Google Scholar 

  8. Cheng, B.-C., Hwu, W.W.: Modular interprocedural pointer analysis using access paths: Design, implementation, and evaluation. In: Prog. Lang. Design and Impl., pp. 57–69 (2000)

    Google Scholar 

  9. Das, M.: Unification-based pointer analysis with directional assignments. In: Prog. Lang. Design and Impl., pp. 35–46 (2000)

    Google Scholar 

  10. Dean, J., Grove, D.A., Chambers, C.: Optimization of object-oriented programs using static class hierarchy analysis. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 77–101. Springer, Heidelberg (1995)

    Google Scholar 

  11. Engler, D.R., Chelf, B., Chou, A., Hallem, S.: Checking system rules using system-specific, programmer-written compiler extensions. In: Op. Syst. Design and Impl., pp. 1–16 (2000)

    Google Scholar 

  12. Fähndrich, M., Rehof, J., Das, M.: Scalable context-sensitive flow analysis using instantiation constraints. In: Prog. Lang. Design and Impl. (2000)

    Google Scholar 

  13. Foster, J.S., Fähndrich, M., Aiken, A.: Polymorphic versus monomorphic flow-insensitive points-to analysis for C. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, pp. 175–199. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  14. Gopan, D., DiMaio, F., Dor, N., Reps, T., Sagiv, M.: Numeric domains with summarized dimensions. In: Tools and Algs. for the Construct. and Anal. of Syst., pp. 512–529 (2004)

    Google Scholar 

  15. Gopan, D., Reps, T., Sagiv, M.: A framework for numeric analysis of array operations. In: Princip. of Prog. Lang., pp. 338–350 (2005)

    Google Scholar 

  16. Guo, B., Bridges, M.J., Triantafyllis, S., Ottoni, G., Raman, E., August, D.I.: Practical and accurate low-level pointer analysis. In: 3rd IEEE/ACM Int. Symp. on Code Gen. and Opt., pp. 291–302 (2005)

    Google Scholar 

  17. Hackett, B., Rugina, R.: Region-based shape analysis with tracked locations. In: Princip. of Prog. Lang., pp. 310–323 (2005)

    Google Scholar 

  18. Hind, M., Pioli, A.: Assessing the Effects of Flow-Sensitivity on Pointer Alias Analyses. In: Levi, G. (ed.) SAS 1998. LNCS, vol. 1503, pp. 57–81. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  19. Horwitz, S., Pfeiffer, P., Reps, T.: Dependence analysis for pointer variables. In: Prog. Lang. Design and Impl., pp. 28–40 (1989)

    Google Scholar 

  20. IDAPro disassembler, http://www.datarescue.com/idabase/

  21. Immerman, N.: Descriptive Complexity. Springer, Heidelberg (1999)

    MATH  Google Scholar 

  22. Jones, N.D., Muchnick, S.S.: Flow analysis and optimization of Lisp-like structures. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, ch. 4, pp. 102–131. Prentice-Hall, Englewood Cliffs (1981)

    Google Scholar 

  23. Jones, N.D., Muchnick, S.S.: Flow analysis and optimization of Lisp-like structures. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, ch. 12, pp. 380–384. Prentice-Hall, Englewood Cliffs (1981)

    Google Scholar 

  24. Jones, N.D., Muchnick, S.S.: A flexible approach to interprocedural data flow analysis and programs with recursive data structures. In: Princip. of Prog. Lang., pp. 66–74 (1982)

    Google Scholar 

  25. Larus, J.R., Hilfinger, P.N.: Detecting conflicts between structure accesses. In: Prog. Lang. Design and Impl., pp. 21–34 (1988)

    Google Scholar 

  26. Lev-Ami, T.: TVLA: A framework for Kleene based static analysis. Master’s thesis, Tel-Aviv University, Tel-Aviv, Israel (2000)

    Google Scholar 

  27. Lev-Ami, T., Reps, T., Sagiv, M., Wilhelm, R.: Putting static analysis to work for verification: A case study. In: Int. Symp. on Softw. Testing and Analysis, pp. 26–38 (2000)

    Google Scholar 

  28. Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. In: TOSEM (2005)

    Google Scholar 

  29. Pande, H., Ryder, B.: Data-flow-based virtual function resolution. In: Cousot, R., Schmidt, D.A. (eds.) SAS 1996. LNCS, vol. 1145, pp. 238–254. Springer, Heidelberg (1996)

    Google Scholar 

  30. Patnaik, S., Immerman, N.: Dyn-FO: A parallel, dynamic complexity class. In: Symp. on Princ. of Database Syst. (1994)

    Google Scholar 

  31. Reps, T., Balakrishnan, G., Lim, J.: Intermediate-representation recovery from low-level code. In: PEPM (2006)

    Google Scholar 

  32. Sagiv, M., Reps, T., Wilhelm, R.: Solving shape-analysis problems in languages with destructive updating. Trans. on Prog. Lang. and Syst. 20(1), 1–50 (1998)

    Article  Google Scholar 

  33. Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. Trans. on Prog. Lang. and Syst. 24(3), 217–298 (2002)

    Article  Google Scholar 

  34. Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications, ch. 7, pp. 189–234. Prentice-Hall, Englewood Cliffs (1981)

    Google Scholar 

  35. Steensgaard, B.: Points-to analysis in almost-linear time. In: Princip. of Prog. Lang. (1996)

    Google Scholar 

  36. Stransky, J.: A lattice for abstract interpretation of dynamic (Lisp-like) structures. Inf. and Comp. 101(1), 70–102 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  37. Sundaresan, V., Hendren, L., Razafimahefa, C., Vallée-Rai, R., Lam, P., Gagnon, E., Godin, C.: Practical virtual method call resolution for Java. In: Object-Oriented Programming, Systems, Languages, and Applications, pp. 264–280 (2000)

    Google Scholar 

  38. Whaley, J., Lam, M.: Cloning-based context-sensitive pointer alias analyses using binary decision diagrams. In: Prog. Lang. Design and Impl. (2004)

    Google Scholar 

  39. Yavuz-Kahveci, T., Bultan, T.: Automated verification of concurrent linked lists with counters. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, p. 69. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Comp. Sci. Dept., University of Wisconsin,  

    Gogul Balakrishnan & Thomas Reps

Authors
  1. Gogul Balakrishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Reps
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Seoul National University, P.O. Box, Korea

    Kwangkeun Yi

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Balakrishnan, G., Reps, T. (2006). Recency-Abstraction for Heap-Allocated Storage. In: Yi, K. (eds) Static Analysis. SAS 2006. Lecture Notes in Computer Science, vol 4134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11823230_15

Download citation

  • DOI: https://doi.org/10.1007/11823230_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37756-6

  • Online ISBN: 978-3-540-37758-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation