Does Phasar have Field Sensitive Pointer Analysis or how to provide one to it?

[Luweicai]

I want to write a field sensitive taint analysis in Phasar. It seems that the pointer analysis provided by phasar is not field sensitive. Is there any explaination about the format of precomputed points_to Info that phasar can recognize?

[MMory]

Hi @Luweicai, currently there is no field-sensitive pointer analysis publicly available in phasar. In fact, I am working on one, but it is not ready to make it public yet. I am not sure whether I understand your intention correctly. Would you like to integrate a different tool in phasar that performs the points-to analysis or do you want to serialize some points-to information and read it in from the phasar side?

[Luweicai]

Hi@MMory, thank you for your reply. I want to provide serialize some points-to information and read it from the phasar side. As I am working on write a taint analysis which need the results of field sensitive pointer analysis. May I ask your for the code about pointer analysis? It will help me a lot in learning how to organize the analysis. I find it a little bit bothersome to try to import the result of external pointer analysis tools into phasar.

[MMory]

Hi @Luweicai, the analysis is part of not yet published research, which is why I don't want to release it yet. Also my analysis is demand-driven: it only computes the points-to information that is requested by the client analysis (which is your taint analysis for example). It sounds more like that you intend to first compute whole-program points-to info and then proceed to perform your taint analysis? My analysis wouldn't really serve that need.

For integrating some points-to analysis or its result into phasar, you essentially have to implement the PointsToInfo interface.

Side question: Why are the taint analyses that are already part of phasar not sufficient for your purposes? Maybe it would be better to extend those instead of writing a completely new one?

[Luweicai]

Hi, @MMory . I understand that you can not release it yet. (By the way, in fact the on demand pointer analysis will be better for me. As the pointer analysis is expensive and I want to query it only when necessary.)

I indeed have built a taint analysis based on the template taint analysis of phasar. But I find part of the analysis result is "field insensitive" and the cause is that the pointer analysis provided by phasar is field insensitive. So I try to imporve the accuracy of the analysis. That is why I propose this issue.