Abstract
Sophisticated static analysis techniques often have complicated implementations, much of which provides logic for tuning and scaling rather than basic analysis functionalities.This tight coupling of basic algorithms with special treatments for scalability makes an analysis implementation hard to (1) make correct, (2) understand/work with, and (3) reuse for other clients.
本文: Chianina
目的:large-scale C程序的context-sensitve & flow-sensitive analysis
允许客户只实现基础算法,让框架来做调优和scaling
关键:
- 流敏感性的演化图公式
- 利用核外磁盘支持
目的:处理内存爆炸
实验:
将3个上下文和流敏感的分析拓展到大型C程序如Linux(17M行代码)