Access-Path Abstraction: Scaling Field-Sensitive Data-Flow Analysis with Unbounded Access Paths

AutorLerch, Johannes; Späth, Johannes; Bodden, Eric; Mezini, Mira
ArtConference Proceedings
AbstraktPrecise data-flow analyses frequently model field accesses through access paths with varying length. While using longer access paths increases precision, their size must be bounded to assure termination, and should anyway be small to enable a scalable analysis. We present Access-Path Abstraction, which for the first time combines efficiency with maximal precision. At control-flow merge points Access-Path Abstraction represents all those access paths that are rooted at the same base variable through this base variable only. The full access paths are reconstructed on demand where required. This makes it unnecessary to bound access paths to a fixed maximal length. Experiments with Stanford SecuriBench and the Java Class Library compare our open-source implementation against a field-based approach and against a field-sensitive approach that uses bounded access paths. The results show that the proposed approach scales as well as a field-based approach, whereas the approach using bounded access paths runs out of memory.
KonferenzAutomated Software Engineering (ASE), 2015 30th IEEE/ACM International Conference on
InProceedings of the 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), p.619-629
PublisherIEEE Computer Society