Field-Sensitive Value Analysis of Embedded C Programs with Union Types and Pointer Arithmetics
Antoine Min\'e (LIENS)
TL;DR
This paper introduces a novel memory abstraction for static analysis of embedded C programs that handles union types, pointer casts, and pointer arithmetics, improving analysis coverage and accuracy.
Contribution
It presents a dynamic mapping scheme for field-sensitive value analysis that overcomes static type limitations and accounts for byte-level aliases in C programs.
Findings
Enables analysis of more complex C programs with unions and pointer casts.
Integrates with Astrée static analyzer for safety-critical software.
Maintains low computational overhead.
Abstract
We propose a memory abstraction able to lift existing numerical static analyses to C programs containing union types, pointer casts, and arbitrary pointer arithmetics. Our framework is that of a combined points-to and data-value analysis. We abstract the contents of compound variables in a field-sensitive way, whether these fields contain numeric or pointer values, and use stock numerical abstract domains to find an overapproximation of all possible memory states--with the ability to discover relationships between variables. A main novelty of our approach is the dynamic mapping scheme we use to associate a flat collection of abstract cells of scalar type to the set of accessed memory locations, while taking care of byte-level aliases - i.e., C variables with incompatible types allocated in overlapping memory locations. We do not rely on static type information which can be misleading in…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.