"What's in a name?" going beyond allocation site names in heap analysis

Citations Over Time

Abstract

A points-to analysis computes a sound abstraction of heap memory conventionally using a name-based abstraction that summarizes runtime memory by grouping locations using the names of allocation sites: All concrete heap locations allocated by the same statement are grouped together. The locations in the same group are treated alike i.e., a pointer to any one location of the group is assumed to point to every location in the group leading to an over-approximation of points-to relations.

Related Papers

• → Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java(2016)89 cited
• Automatic Techniques to Systematically Discover New Heap Exploitation Primitives(2020)
• → Automatic Techniques to Systematically Discover New Heap Exploitation Primitives(2019)13 cited
• Intraprocedural Alias Analysis for Pointer Array(1999)
• → Predicting Dynamic Properties of Heap Allocations using Neural Networks Trained on Static Code: An Intellectual Abstract(2023)