Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis
作者: Ding Ye , Yulei Sui , Jingling Xue
关键词: Value (computer science) 、 A priori and a posteriori 、 Parallel computing 、 Binary number 、 Overhead (computing) 、 Graph (abstract data type) 、 Instrumentation (computer programming) 、 Computer science 、 Reachability 、 Pointer analysis
摘要: Uninitialized variables can cause system crashes when used and security vulnerabilities exploited. With source rather than binary instrumentation, dynamic analysis tools such as MSan detect uninitialized memory uses at significantly reduced overhead but are still costly.In this paper, we introduce a static value-flow analysis, called Usher, to guide accelerate the performed by tools. Usher reasons about definedness of values using graph (VFG) that captures def-use chains for both top-level address-taken interprocedurally removes unnecessary instrumentation solving reachability problem. works well with any pointer (done priori) facilitates advanced instrumentation-reducing optimizations (with two demonstrated here). Implemented in LLVM evaluated all 15 SPEC2000 C programs, reduce slowdown from 212% -- 302% 123% 140% number configurations tested.
acm.org
sci-hub.se 参考文章(37)
Yulei Sui, Sen Ye, Jingling Xue, Pen-Chung Yew, SPAS: scalable path-sensitive pointer analysis on full-sparse SSA asian symposium on programming languages and systems. pp. 155- 171 ,(2011) , 10.1007/978-3-642-25318-8_14
Julian Seward, Nicholas Nethercote, Using Valgrind to detect undefined value errors with bit-precision usenix annual technical conference. pp. 2- 2 ,(2005)
Silvian Calman, Jianwen Zhu, Increasing the Scope and Resolution of Interprocedural Static Single Assignment static analysis symposium. pp. 154- 170 ,(2009) , 10.1007/978-3-642-03237-0_12
Yulei Sui, Sen Ye, Jingling Xue, Jie Zhang, Making context-sensitive inclusion-based pointer analysis practical for compilers using parameterised summarisation Software - Practice and Experience. ,vol. 44, pp. 1485- 1510 ,(2014) , 10.1002/SPE.2214
Weihaw Chuang, Satish Narayanasamy, Brad Calder, Ranjit Jhala, Bounds Checking with Taint-Based Analysis High Performance Embedded Architectures and Compilers. pp. 71- 86 ,(2007) , 10.1007/978-3-540-69338-3_6
Fred Chow, Sun Chan, Shin -Ming Liu, Raymond Lo, Mark Streich, Effective representation of aliases and indirect memory operations in SSA form Lecture Notes in Computer Science. pp. 253- 267 ,(1996) , 10.1007/3-540-61053-7_66
Yi Lu, Lei Shang, Xinwei Xie, Jingling Xue, An incremental points-to analysis with CFL-Reachability compiler construction. pp. 61- 81 ,(2013) , 10.1007/978-3-642-37051-9_4
Jason D. Hiser, Clark L. Coleman, Michele Co, Jack W. Davidson, MEDS: The Memory Error Detection System engineering secure software and systems. pp. 164- 179 ,(2009) , 10.1007/978-3-642-00199-4_14
Thi Viet Nga Nguyen, François Irigoin, Corinne Ancourt, Fabien Coelho, Automatic detection of uninitialized variables compiler construction. pp. 217- 231 ,(2003) , 10.1007/3-540-36579-6_16
Qin Zhao, Rodric Rabbah, Saman Amarasinghe, Larry Rudolph, Weng-Fai Wong, How to do a million watchpoints: efficient debugging using dynamic instrumentation compiler construction. pp. 147- 162 ,(2008) , 10.1007/978-3-540-78791-4_10