Tim Lange, M.Sc.

Open Theses

Deferring Flow-Sensitivity of Alias-Aware IFDS Algorithms to the Path Reconstruction Phase

Aliasing (multiple references to the same memory location) poses a significant challenge to static vulnerability scanners. Ignoring aliases will result in many false negatives even for seemingly simple programs. On the other hand, computing the aliasing relations in a flow-sensitive manner is computationally too expensive in the general case. In the special case of IFDS, an additional IFDS-based alias analysis can be used to on-demand compute aliases and return the computed aliases back to the main analysis asynchronously. However, to be fully flow-sensitive, one needs to ensure that the alias is only valid after the memory write. Traditionally, this has been done by annotating aliases with the write statement, which has the downside that alias propagations can't make use of summaries.
A recent paper suggests the annotation can be omitted and replaced with a smarter path reconstruction algorithm. We want to validate their claims and make a working implementation available to the research community. Strong Java programming skill is required for this topic.