Fraunhofer-Institut für
Entwurfstechnik Mechatronik
Fraunhofer-Institut für
Entwurfstechnik Mechatronik

Assessing the Influence of Pointer Analyses on Static Data-Flow Analysis in C/C++

Final thesis in the field of Secure IoT systems; Location: Paderborn

Welcome to the Fraunhofer Institute for Mechatronic Design IEM!
At the »Zukunftsmeile« in Paderborn, Germany, we conduct practical research to develop innovative solutions for mechanical and plant engineering, the automotive industry and related sectors. The focus is on intelligent products, production systems, services and software applications.

Static analysis is an important tool for finding bugs and security vulnerabilities in software. However, static analyses are known for reporting many false positives or fail to report real bugs (false negatives).

Precise data-flow analyses make use of the analysis results from different helper analyses, e.g., call-graph analysis, alias analysis, or type-hierarchy analysis. Therefore, the performance and precision of the analysis results depends on the performance and precision of the helper-analyses' results. Hence, it is crucial to integrate helper analysis and client analysis in a way that does not artificially loose performance or precision. Especially for alias analysis integration, there are several problems: Often, alias analyses provide a binary predicate as interface, whereas a client analysis usually requires sets of aliasing pointers. The reconstruction of these alias sets from a binary alias predicate is non-trivial while being fast and retaining precision.

The goal of this thesis is two-fold:

  1. Improving the precision of PhASAR's alias sets by taking non-transitivity of alias information into account
  2. Improving the performance of PhASAR's taint analysis by clustering sets of aliasing pointers

What you will do

  • Implementing a variant of PhASAR's alias set implementation that takes non-transitivity of alias information into account
  • Developing and implementing a clustering algorithm for aliasing pointers
  • Integrate the clusters into PhASAR's taint analysis
  • Empirically evaluate the impact of the above modifications on performance and precision of a concrete taint analysis

What you bring to the table

  • Studies in Computer Science, or equivalent
  • Good C++ knowledge
  • Basic knowledge in static program analysis
  • Completed the course “Designing Code Analyses for Large Scale Software Systems” or equivalent [optional]

What you can expect

  • We take a strong team culture with flat hierarchies for granted. That means: high regard and trust
  • Professional supervision and expert support in the preparation of your research project/ thesis
  • Insight into current business challenges
  • Flexible working from home to combine studies and work in the best possible way