DFI: An Interprocedural Value-Flow Analysis Framework that Scales to Large Codebases

TL;DR

This paper introduces DFI, a scalable interprocedural value-flow analysis framework that efficiently handles large codebases by leveraging graph reachability and a novel IR extension, outperforming existing tools in speed and memory usage.

Contribution

The paper presents a new graph-based approach and IR extension for scalable value-flow analysis, enabling analysis of large codebases with reduced memory and runtime.

Findings

DFI completes analysis of large projects like OpenSSL and FFmpeg, unlike prior tools.

DFI uses only 1.5% to 6.4% of the memory of state-of-the-art frameworks.

DFI achieves 23x to 57x speedup over existing frameworks.

Abstract

Context- and flow-sensitive value-flow information is an important building block for many static analysis tools. Unfortunately, current approaches to compute value-flows do not scale to large codebases, due to high memory and runtime requirements. This paper proposes a new scalable approach to compute value-flows via graph reachability. To this end, we develop a new graph structure as an extension of LLVM IR that contains two additional operations which significantly simplify the modeling of pointer aliasing. Further, by processing nodes in the opposite direction of SSA def-use chains, we are able to minimize the tree width of the resulting graph. This allows us to employ efficient tree traversal algorithms in order to resolve graph reachability. We present a value-flow analysis framework,DFI, implementing our approach. We compare DFI against two state-of-the-art value-flow analysis frameworks, Phasar and SVF, to extract value-flows from 4 real-world software projects. Given 32GB of memory, Phasar and SVF are unable to complete analysis of larger projects such as OpenSSL or FFmpeg, while DFI is able to complete all evaluations. For the subset of benchmarks that Phasar and SVF do handle, DFI requires significantly less memory (1.5% of Phasar's, 6.4% of SVF's memory footprint on average) and runs significantly faster (23x speedup over Phasar, 57x compared to SVF). Our analysis shows that, in contrast to previous approaches, DFI's memory and runtime requirements scale almost linearly with the number of analyzed instructions.