Skip to main content

Precise Data Flow Analysis in the Presence of Correlated Method Calls

  • Conference paper
  • First Online:
Static Analysis (SAS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9291))

Included in the following conference series:

Abstract

When two methods are invoked on the same object, the dispatch behaviours of these method calls will be correlated. If two correlated method calls are polymorphic (i.e., they dispatch to different method definitions depending on the type of the receiver object), a program’s interprocedural control-flow graph will contain infeasible paths. Existing algorithms for data-flow analysis are unable to ignore such infeasible paths, giving rise to loss of precision.

We show how infeasible paths due to correlated calls can be eliminated for Interprocedural Finite Distributive Subset (IFDS) problems, a large class of data-flow analysis problems with broad applications. Our approach is to transform an IFDS problem into an Interprocedural Distributive Environment (IDE) problem, in which edge functions filter out data flow along infeasible paths. A solution to this IDE problem can be mapped back to the solution space of the original IFDS problem. We formalize the approach, prove it correct, and report on an implementation in the WALA analysis framework.

This research was supported by the Natural Sciences and Engineering Research Council of Canada and the Ontario Ministry of Research and Innovation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Detailed proofs of our lemmas and theorems can be found in the Technical Report [15].

  2. 2.

    The definitions that we give here are of complete lattices and semilattices. Since all of the (semi)lattices discussed in this paper are required to be complete, we omit the complete qualifier.

  3. 3.

    The IDE literature uses the symbol \(\Lambda \) for the node that is denoted \(\mathbf 0\) in the IFDS literature. We use \(\mathbf 0\) throughout this paper for consistency.

  4. 4.

    The IDE paper defines a more complicated but equivalent set of micro-functions that eliminate some duplication of computation.

References

  1. Agesen, O.: Concrete Type Inference: Delivering Object-Oriented Applications. Ph.D. thesis, Stanford University (1995)

    Google Scholar 

  2. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: PLDI 2014, p. 29 (2014)

    Google Scholar 

  3. Blackburn, S.M., Garner, R., Hoffmann, C., Khan, A.M., McKinley, K.S., Bentzur, R., Diwan, A., Feinberg, D., Frampton, D., Guyer, S.Z., Hirzel, M., Hosking, A.L., Jump, M., Lee, H.B., Moss, J.E.B., Phansalkar, A., Stefanovic, D., VanDrunen, T., von Dincklage, D., Wiedermann, B.: The DaCapo benchmarks: Java benchmarking development and analysis. In: OOPSLA 2006, pp. 169–190 (2006)

    Google Scholar 

  4. Bodden, E., Tolêdo, T., Ribeiro, M., Brabrand, C., Borba, P., Mezini, M.: SPLLIFT - statically analyzing software product lines in minutes instead of years. In: Software Engineering 2014, pp. 81–82 (2014)

    Google Scholar 

  5. Fink, S., Dolby, J.: WALA – the TJ Watson libraries for analysis (2012). http://wala.sourceforge.net

  6. Guarnieri, S., Pistoia, M., Tripp, O., Dolby, J., Teilhet, S., Berg, R.: Saving the world wide web from vulnerable JavaScript. In: ISSTA 2011, pp. 177–187 (2011)

    Google Scholar 

  7. Knoop, J., Steffen, B.: The interprocedural coincidence theorem. In: CC 1992, pp. 125–140 (1992)

    Google Scholar 

  8. Knoop, J., Steffen, B., Vollmer, J.: Parallelism for free: efficient and optimal bitvector analyses for parallel programs. ACM Trans. Program. Lang. Syst. 3, 268–299 (1996)

    Article  Google Scholar 

  9. Kreiker, J., Reps, T., Rinetzky, N., Sagiv, M., Wilhelm, R., Yahav, E.: Interprocedural shape analysis for effectively cutpoint-free programs. In: Voronkov, A., Weidenbach, C. (eds.) Programming Logics. LNCS, vol. 7797, pp. 414–445. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. Lerch, J., Hermann, B., Bodden, E., Mezini, M.: FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases. In: FSE 2014, pp. 98–108 (2014)

    Google Scholar 

  11. Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol. 14(1), 1–41 (2005)

    Article  Google Scholar 

  12. Naeem, N.A., Lhoták, O.: Typestate-like analysis of multiple interacting objects. In: OOPSLA 2008, pp. 347–366 (2008)

    Google Scholar 

  13. Naeem, N.A., Lhoták, O., Rodriguez, J.: Practical extensions to the IFDS algorithm. In: CC 2010, pp. 124–144 (2010)

    Google Scholar 

  14. Odersky, M.: Essentials of Scala. In: LMO 2009, p. 2 (2009)

    Google Scholar 

  15. Rapoport, M., Lhoták, O., Tip, F.: Precise data flow analysis in the presence of correlated method calls. Technical report CS-2015-07, University of Waterloo (2015)

    Google Scholar 

  16. Reps, T.W., Horwitz, S., Sagiv, S.: Precise interprocedural dataflow analysis via graph reachability. In: POPL 1995, pp. 49–61 (1995)

    Google Scholar 

  17. Rodriguez, J.D.: A concurrent IFDS dataflow analysis algorithm using actors. Master’s thesis, University of Waterloo (2010)

    Google Scholar 

  18. Sagiv, S., Reps, T. W., and Horwitz, S.: Precise interprocedural dataflow analysis with applications to constant propagation. In: TAPSOFT 1995, pp. 651–665 (1995)

    Google Scholar 

  19. Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications, pp. 189–234 (1981)

    Google Scholar 

  20. Sridharan, M., Dolby, J., Chandra, S., Schäfer, M., Tip, F.: Correlation tracking for points-to analysis of JavaScript. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 435–458. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  21. Tip, F.: Infeasible paths in object-oriented programs. Sci. Comput. Program. 97, 91–97 (2015)

    Article  Google Scholar 

  22. Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: effective taint analysis of web applications. In: PLDI 2009, pp. 87–97 (2009)

    Google Scholar 

  23. Zhang, X., Mangal, R., Grigore, R., Naik, M., Yang, H.: On abstraction refinement for program analyses in Datalog. In: PLDI 2014, p. 27 (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Marianna Rapoport .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rapoport, M., Lhoták, O., Tip, F. (2015). Precise Data Flow Analysis in the Presence of Correlated Method Calls. In: Blazy, S., Jensen, T. (eds) Static Analysis. SAS 2015. Lecture Notes in Computer Science(), vol 9291. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48288-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-48288-9_4

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-48287-2

  • Online ISBN: 978-3-662-48288-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics