The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-Based Static Analyses (and how to master them)
In this talk I report on experiences gained from more than five years of extensively designing static code analysis tools— in particular such ones with a focus on security—to scale to real-world projects within an industrial context. Within this time frame, my team and I were able to design static-analysis algorithms that yield both largely improved precision and performance compared to previous approaches. I will give a number of insights regarding important design decisions that made this possible. In particular, I argue that summary-based static-analysis techniques for distributive problems, such as IFDS, IDE and WPDS have been unduly under-appreciated. As my experience shows, those techniques can tremendously benefit both precision and performance, if one uses them in a well-informed way, using carefully designed abstract domains. As one example, I will explain how in previous work on Boomerang we were able to decompose pointer analysis, a static analysis problem that is actually not distributive, into sub-problems that are distributive. This yields an implementation that is both highly precise and efficient. This breakthrough, along with the use of a demand-driven program-analysis design, has recently allowed us to implement practical static analysis tools such as the crypto-misuse checker CogniCrypt, which can analyze the entire Maven-Central repository with more than 200.000 binaries in under five days, although its analysis is flow-sensitive, field- sensitive, and fully context-sensitive.
Fri 20 JulDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
16:00 - 17:30 | |||
16:00 50mTalk | The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-Based Static Analyses (and how to master them) SOAP Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM Link to publication DOI Pre-print Media Attached | ||
17:00 15mTalk | Redesigning Soot's Data-flow Analysis Framework for Abstract Interpretation SOAP Elena Sherman Boise State University Link to publication DOI File Attached | ||
17:15 15mTalk | Lattice Based Modularization of Static Analyses SOAP Michael Eichberg TU Darmstadt, Germany, Florian Kübler TU Darmstadt, Germany, Dominik Helm TU Darmstadt, Germany, Michael Reif TU Darmstadt, Germany, Guido Salvaneschi TU Darmstadt, Mira Mezini TU Darmstadt Link to publication DOI Media Attached |