Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about applying SVF to real world large programs #1505

Open
shoong98 opened this issue Jul 25, 2024 · 4 comments
Open

Question about applying SVF to real world large programs #1505

shoong98 opened this issue Jul 25, 2024 · 4 comments

Comments

@shoong98
Copy link

shoong98 commented Jul 25, 2024
edited
Loading

Hello, I'm a student studying program analysis.
I'm really appreciate that these tools and learning materials are helping me a lot.

I'd like to ask a question about applying SVF to large programs, such as Chromium and Firefox.

I am currently building the chromium code as a single bitcode and applying SVF's wpa tool (with AndersenWaveDiff), but the analysis does not end for a very long time.

Is there a way to analyze such a large program by applying pointer analysis?

I searched for related materials and found that @yuleisui wrote a paper like the one below and tested it with Chromium.

https://yuleisui.github.io/publications/issta17.pdf

Is there any way to apply this to current SVF?

Thank you in advance for reading and answering my question.
@zz-fz-john
Copy link

Applying andersenWaveDiff analysis on large program will spend long time and use large memory ,I recently use SVF to analysis arducopter on a server equiped with 192 GB memory and 24 core.It spent about 1 hour to get final result .So, I think that the analysis does not end for a very long time is nomal.

@shoong98
Copy link
Author

Thanks for your reply, @zz-fz-john .
I expected that it would take a long time if I used Andersen's pointer analysis as is, and indeed my server machine has 512GB of memory, but the analysis failed.
So I'm looking for a way to apply pointer analysis to Chromium while maintaining scalability and ensuring a certain level of precision. (to resolve indirect calls)
So is there no way to achieve this for large applications like chromium in SVF?
Or, if there is a way to perform partial analysis on the pointers involved when an indirect call occurs, I would appreciate it.

@yuleisui
Copy link
Collaborator

you could try to reduce the number of Andersen's iterations by limiting the indirect call edges during solving. This will lead to less sound results.
wpa -ander -ind-call-limit=0 *.bc

@shoong98
Copy link
Author

shoong98 commented Aug 4, 2024
edited
Loading

Thanks for the answer.

I have some more questions about this large program analysis.

  1. I also need to use value flow graph (SVFG) to trace some flow from specific point (e.g., return value of a function). Then, can I use the option -ind-call-limit=0 for this case? If not possible, can I make it do pointer analysis for only the parts I want, rather than the entire program?

  2. What do you think about using type-based pointer analysis in my case rather than andersen's pointer analysis?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yuleisui @zz-fz-john @shoong98