Blogs (61) >>
Sun 15 - Sat 21 July 2018 Amsterdam, Netherlands
Fri 20 Jul 2018 16:00 - 16:50 at Hamburg - Design of Static Analysis

In this talk I report on experiences gained from more than five years of extensively designing static code analysis tools— in particular such ones with a focus on security—to scale to real-world projects within an industrial context. Within this time frame, my team and I were able to design static-analysis algorithms that yield both largely improved precision and performance compared to previous approaches. I will give a number of insights regarding important design decisions that made this possible. In particular, I argue that summary-based static-analysis techniques for distributive problems, such as IFDS, IDE and WPDS have been unduly under-appreciated. As my experience shows, those techniques can tremendously benefit both precision and performance, if one uses them in a well-informed way, using carefully designed abstract domains. As one example, I will explain how in previous work on Boomerang we were able to decompose pointer analysis, a static analysis problem that is actually not distributive, into sub-problems that are distributive. This yields an implementation that is both highly precise and efficient. This breakthrough, along with the use of a demand-driven program-analysis design, has recently allowed us to implement practical static analysis tools such as the crypto-misuse checker CogniCrypt, which can analyze the entire Maven-Central repository with more than 200.000 binaries in under five days, although its analysis is flow-sensitive, field- sensitive, and fully context-sensitive.

Fri 20 Jul

16:00 - 17:30: SOAP - Design of Static Analysis at Hamburg
SOAP-2018-papers153209520000016:00 - 16:50
Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM
Pre-print Media Attached
SOAP-2018-papers153209880000017:00 - 17:15
Elena ShermanBoise State University
File Attached
SOAP-2018-papers153209970000017:15 - 17:30
Michael EichbergTU Darmstadt, Germany, Florian KüblerTU Darmstadt, Germany, Dominik HelmTU Darmstadt, Germany, Michael ReifTU Darmstadt, Germany, Guido SalvaneschiTU Darmstadt, Mira MeziniTU Darmstadt
Media Attached