Interprocedural and Intraprocedural Alias Analysis Algorithms
- DOI
- 10.2991/icamcs-16.2016.71How to use a DOI?
- Keywords
- Vulnerabilities Detection,Static Analysis,Parse Tree,Control Flow Graph,Alias Analysis.
- Abstract
The quantity and significance of web application increases quickly. Meanwhile, the influence of vulnerabilities in web application grows as well. Automated tools are urgently needed because manual code reviews are inefficient and fallible. However, previous static code detection tools lack of alias analysis between variables in codes, leading to possible false positives or false negatives. To solve this problem, we propose a set of sound and precise alias analysis algorithms which can conduct intraprocedural and interprocedural alias analysis. Then we apply them to a previous static detection system. Experiments on practical open source web applications and manually written test cases show that system with alias analysis can handle complex alias relationship accurately and detect vulnerabilities related to alias with greater precision. Moreover, alias analysis's impact on scanning speed of the system is negligible.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Shaotao Li AU - Yong Cai PY - 2016/06 DA - 2016/06 TI - Interprocedural and Intraprocedural Alias Analysis Algorithms BT - Proceedings of the 2016 5th International Conference on Advanced Materials and Computer Science PB - Atlantis Press SP - 333 EP - 338 SN - 2352-5401 UR - https://doi.org/10.2991/icamcs-16.2016.71 DO - 10.2991/icamcs-16.2016.71 ID - Li2016/06 ER -