An on-demand pointer analysis integrated with symbolic execution that is instantiated with an abstraction of the dynamic state on which it is invoked.
We propose a novel fine-grained integration of pointer analysis with dynamic analysis, including dynamic symbolic execution. This is achieved via past-sensitive pointer analysis, an on-demand pointer analysis instantiated with an abstraction of the dynamic state on which it is invoked. We evaluate our technique in three application scenarios: chopped symbolic execution, symbolic pointer resolution, and write integrity testing. Our preliminary results show that the approach can have a significant impact in these scenarios, by effectively improving the precision of standard pointer analysis with only a modest performance overhead.
The artefact page is available here.
Source code is available here.
Past-Sensitive Pointer Analysis for Symbolic Execution
David Trabish, Timotej Kapus, Noam Rinetzky, Cristian Cadar
European Software Engineering Conference / ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2020)