Abstract
When two methods are invoked on the same object, the dispatch behaviours of these method calls will be correlated. If two correlated method calls are polymorphic (i.e., they dispatch to different method definitions depending on the type of the receiver object), a program’s interprocedural control-flow graph will contain infeasible paths. Existing algorithms for data-flow analysis are unable to ignore such infeasible paths, giving rise to loss of precision.
We show how infeasible paths due to correlated calls can be eliminated for Interprocedural Finite Distributive Subset (IFDS) problems, a large class of data-flow analysis problems with broad applications. Our approach is to transform an IFDS problem into an Interprocedural Distributive Environment (IDE) problem, in which edge functions filter out data flow along infeasible paths. A solution to this IDE problem can be mapped back to the solution space of the original IFDS problem. We formalize the approach, prove it correct, and report on an implementation in the WALA analysis framework.
This research was supported by the Natural Sciences and Engineering Research Council of Canada and the Ontario Ministry of Research and Innovation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Detailed proofs of our lemmas and theorems can be found in the Technical Report [15].
- 2.
The definitions that we give here are of complete lattices and semilattices. Since all of the (semi)lattices discussed in this paper are required to be complete, we omit the complete qualifier.
- 3.
The IDE literature uses the symbol \(\Lambda \) for the node that is denoted \(\mathbf 0\) in the IFDS literature. We use \(\mathbf 0\) throughout this paper for consistency.
- 4.
The IDE paper defines a more complicated but equivalent set of micro-functions that eliminate some duplication of computation.
References
Agesen, O.: Concrete Type Inference: Delivering Object-Oriented Applications. Ph.D. thesis, Stanford University (1995)
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: PLDI 2014, p. 29 (2014)
Blackburn, S.M., Garner, R., Hoffmann, C., Khan, A.M., McKinley, K.S., Bentzur, R., Diwan, A., Feinberg, D., Frampton, D., Guyer, S.Z., Hirzel, M., Hosking, A.L., Jump, M., Lee, H.B., Moss, J.E.B., Phansalkar, A., Stefanovic, D., VanDrunen, T., von Dincklage, D., Wiedermann, B.: The DaCapo benchmarks: Java benchmarking development and analysis. In: OOPSLA 2006, pp. 169–190 (2006)
Bodden, E., Tolêdo, T., Ribeiro, M., Brabrand, C., Borba, P., Mezini, M.: SPLLIFT - statically analyzing software product lines in minutes instead of years. In: Software Engineering 2014, pp. 81–82 (2014)
Fink, S., Dolby, J.: WALA – the TJ Watson libraries for analysis (2012). http://wala.sourceforge.net
Guarnieri, S., Pistoia, M., Tripp, O., Dolby, J., Teilhet, S., Berg, R.: Saving the world wide web from vulnerable JavaScript. In: ISSTA 2011, pp. 177–187 (2011)
Knoop, J., Steffen, B.: The interprocedural coincidence theorem. In: CC 1992, pp. 125–140 (1992)
Knoop, J., Steffen, B., Vollmer, J.: Parallelism for free: efficient and optimal bitvector analyses for parallel programs. ACM Trans. Program. Lang. Syst. 3, 268–299 (1996)
Kreiker, J., Reps, T., Rinetzky, N., Sagiv, M., Wilhelm, R., Yahav, E.: Interprocedural shape analysis for effectively cutpoint-free programs. In: Voronkov, A., Weidenbach, C. (eds.) Programming Logics. LNCS, vol. 7797, pp. 414–445. Springer, Heidelberg (2013)
Lerch, J., Hermann, B., Bodden, E., Mezini, M.: FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases. In: FSE 2014, pp. 98–108 (2014)
Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol. 14(1), 1–41 (2005)
Naeem, N.A., Lhoták, O.: Typestate-like analysis of multiple interacting objects. In: OOPSLA 2008, pp. 347–366 (2008)
Naeem, N.A., Lhoták, O., Rodriguez, J.: Practical extensions to the IFDS algorithm. In: CC 2010, pp. 124–144 (2010)
Odersky, M.: Essentials of Scala. In: LMO 2009, p. 2 (2009)
Rapoport, M., Lhoták, O., Tip, F.: Precise data flow analysis in the presence of correlated method calls. Technical report CS-2015-07, University of Waterloo (2015)
Reps, T.W., Horwitz, S., Sagiv, S.: Precise interprocedural dataflow analysis via graph reachability. In: POPL 1995, pp. 49–61 (1995)
Rodriguez, J.D.: A concurrent IFDS dataflow analysis algorithm using actors. Master’s thesis, University of Waterloo (2010)
Sagiv, S., Reps, T. W., and Horwitz, S.: Precise interprocedural dataflow analysis with applications to constant propagation. In: TAPSOFT 1995, pp. 651–665 (1995)
Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications, pp. 189–234 (1981)
Sridharan, M., Dolby, J., Chandra, S., Schäfer, M., Tip, F.: Correlation tracking for points-to analysis of JavaScript. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 435–458. Springer, Heidelberg (2012)
Tip, F.: Infeasible paths in object-oriented programs. Sci. Comput. Program. 97, 91–97 (2015)
Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: effective taint analysis of web applications. In: PLDI 2009, pp. 87–97 (2009)
Zhang, X., Mangal, R., Grigore, R., Naik, M., Yang, H.: On abstraction refinement for program analyses in Datalog. In: PLDI 2014, p. 27 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rapoport, M., Lhoták, O., Tip, F. (2015). Precise Data Flow Analysis in the Presence of Correlated Method Calls. In: Blazy, S., Jensen, T. (eds) Static Analysis. SAS 2015. Lecture Notes in Computer Science(), vol 9291. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48288-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-662-48288-9_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48287-2
Online ISBN: 978-3-662-48288-9
eBook Packages: Computer ScienceComputer Science (R0)