Skip to main content
SpringerLink
Log in

Pointer-Range Analysis

  • Conference paper
Static Analysis (SAS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3148))

Included in the following conference series:

Abstract

Array-Range Analysis computes at compile time the range of possible index values for each array-index expression in a program. This information can be used to detect potential out-of-bounds array accesses and to identify non-aliasing array accesses. In a language like C, where arrays can be accessed indirectly via pointers, and where pointer arithmetic is allowed, range analysis must be extended to compute the range of possible values for each pointer dereference.

This paper describes a Pointer-Range Analysis algorithm that computes a safe approximation of the set of memory locations that may be accessed by each pointer dereference. To properly account for non-trivial aspects of C, including pointer arithmetic and type-casting, a range representation is described that separates the identity of a pointer’s target location from its type; this separation allows a concise representation of pointers to multiple arrays, and precise handling of mismatched-type pointer arithmetic.

This work was supported in part by the National Science Foundation under grants CCR-9987435 and CCR-0305387.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: International Conference on Compiler Construction, Barcelona, Spain (March 2004)

    Google Scholar 

  2. Blume, W., Eigenmann, R.: Demand-driven, symbolic range propagation. In: 8th International workshop on Languages and Compilers for Parallel Computing, pp. 141–160, Columbus, OH (August 1995)

    Google Scholar 

  3. Bodik, R., Gupta, R., Sarkar, V.: ABCD: Eliminating array bounds checks on demand. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Vancouver, BC, June 2000, pp. 321–333 (2000)

    Google Scholar 

  4. Carlisle, M.C., Rogers, A.: Software caching and computation migration in Olden. Technical Report TR-483-95, Princeton University (1995)

    Google Scholar 

  5. Cousot, P., Cousot, R.: Static determination of dynamic properties of programs. In: ACM Symposium on Principles of Programming Languages, April 1976, pp. 106–130 (1976)

    Google Scholar 

  6. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: ACM Symposium on Principles of Programming Languages, Januany 1978, pp. 84–96 (1978)

    Google Scholar 

  7. Creusillet, B., Irigoin, F.: Interprocedural array region analyses. International Journal of Parallel Programming 24(6), 513–546 (1996)

    Google Scholar 

  8. Das, M.: Unification-based pointer analysis with directional assignments. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Vancouver, BC, June 2000, pp. 35–46 (2000)

    Google Scholar 

  9. Dor, N., Rodeh, M., Sagiv, M.: Cleanness checking of string manipulations in C programs via integer analysis. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, p. 194. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Emami, M., Ghiya, R., Hendren, L.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Orlando, FL, June 1994, pp. 242–256 (1994)

    Google Scholar 

  11. Gu, J., Li, Z., Lee, G.: Symbolic array dataflow analysis for array privatization and program parallelization. In: ACM/IEEE Conference on Supercomputing, San Diego, CA (December 1995)

    Google Scholar 

  12. Gupta, M., Mukhopadhyay, S., Sinha, N.: Automatic parallelization of recursive procedures. In: International Conference on Parallel Architectures and Compilation Techniques (PACT), Newport Beach, CA, October 1999, pp. 139–148. IEEE Computer Society, Los Alamitos (1999)

    Google Scholar 

  13. Harrison, W.H.: Compiler analysis of the value ranges for variables. IEEE Transactions on Software Engineering SE-3, 243–250 (1977)

    Article  Google Scholar 

  14. Havlak, P., Kennedy, K.: An implementation of interprocedural bounded regular section analysis. IEEE Transactions of Parallel and Distributed Computing 2(3), 350–360 (1991)

    Article  Google Scholar 

  15. Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of C. In: USENIX Annual Technical Conference, Monterey, CA (June 2002)

    Google Scholar 

  16. Landi, W., Ryder, B.G.: A safe approximate algorithm for interprocedural pointer aliasing. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, San Francisco, CA, June 1992, pp. 235–248 (1992)

    Google Scholar 

  17. Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: USENIX Security Symposium, Washington, D.C. (August. 2001)

    Google Scholar 

  18. Martin, F.: Experimental comparison of call string and functional approaches to interprocedural analysis. In: Jähnichen, S. (ed.) CC 1999. LNCS, vol. 1575, pp. 63–75. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  19. Patterson, J.R.C.: Accurate static branch prediction by value range propagation. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, La Jolla, CA, June 1995, pp. 67–78 (1995)

    Google Scholar 

  20. Pugh, W., Wonnacott, D.: Constraint-based array dependence analysis. ACM Transactions on Programming Languages and Systems 20(3), 635–678 (1998)

    Article  Google Scholar 

  21. Rugina, R., Rinard, M.: Symbolic bounds analysis of pointers, array indices, and accessed memory regions. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Vancouver, BC, June 2000, pp. 182–195 (2000)

    Google Scholar 

  22. Stephenson, M., Babb, J., Amarasinghe, S.: Bitwidth analysis with application to silicon compilation. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Vancouver, BC, June 2000, pp. 108–120 (2000)

    Google Scholar 

  23. Su, Z., Wagner, D.: A class of polynomially solvable range constraints for interval analysis without widenings and narrowings. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 280–295. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  24. Verbrugge, C., Co, P., Hendren, L.: Generalized constant propagation: A study in C. In: Gyimóthy, T. (ed.) CC 1996. LNCS, vol. 1060, pp. 74–90. Springer, Heidelberg (1996)

    Google Scholar 

  25. Wagner, D., Foster, J., Brewer, E., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Symposium on Network and Distributed Systems Security, San Diego, CA, February 2000, pp. 3–17 (2000)

    Google Scholar 

  26. Welsh, J.: Economic range checks in Pascal. Software–Practice and Experience 8, 85–97 (1978)

    Article  MATH  Google Scholar 

  27. Wilson, R.P., Lam, M.S.: Efficient context-sensitive pointer analysis for C programs. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, La Jolla, CA, June 1995, pp. 1–12 (1995)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Sciences Department, University of Wisconsin-Madison, 1210 West Dayton Street, Madison, WI, 53706, USA

    Suan Hsi Yong & Susan Horwitz

Authors
  1. Suan Hsi Yong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Susan Horwitz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Verona, Strada Le Grazie, 15, 37134, Verona, Italy

    Roberto Giacobazzi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yong, S.H., Horwitz, S. (2004). Pointer-Range Analysis. In: Giacobazzi, R. (eds) Static Analysis. SAS 2004. Lecture Notes in Computer Science, vol 3148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27864-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-27864-1_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22791-5

  • Online ISBN: 978-3-540-27864-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation