Defensive Points-To Analysis: Effective Soundness via Laziness
We present a defensive may-point-to analysis approach, which offers soundness even in the presence of arbitrary opaque code: all non-empty points-to sets computed are guaranteed to be over-approximations of the sets of values arising at run time. A key design tenet of the analysis is laziness: the analysis computes points-to relationships only for variables or objects that are guaranteed to never escape into opaque code. This means that the analysis misses some valid inferences, yet it also never wastes work to compute sets of values that are not “complete”, i.e., that may be missing elements due to opaque code. Laziness enables great efficiency, allowing us to perform a highly precise points-to analysis (such as a 5-call-site-sensitive, flow-sensitive analysis).
Despite its conservative nature, our analysis yields sound, actionable results for a large subset of the program code, achieving (under worst-case assumptions) 34-74% of the program coverage of an unsound state-of-the-art analysis for real-world programs.
Sat 21 JulDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:00 - 12:40 | |||
11:00 25mResearch paper | Defensive Points-To Analysis: Effective Soundness via Laziness ECOOP Research Papers DOI | ||
11:25 25mResearch paper | Legato: An At-Most-Once Analysis with Applications to Dynamic Configuration Updates ECOOP Research Papers DOI Pre-print | ||
11:50 25mResearch paper | Definite Reference Mutability ECOOP Research Papers Ana Milanova Rensselaer Polytechnic Institute DOI | ||
12:15 25mResearch paper | Efficient Reflection String Analysis via Graph Coloring ECOOP Research Papers Neville Grech University of Athens, George Kastrinis University of Athens, Yannis Smaragdakis University of Athens DOI | ||