Pointer Analysis Notes

Static analysis forms an important basis for the kind of work we, security folks do. But unfortunately, it doesn’t seem to be our strong suit. These are the notes I made while I was working SVF’s pointer analysis framework.

(Insert suitable disclaimers about the correctness of the material here!)

Andersen’s Algorithm

Translation of C language to LLVM IR

SVF Implementation of Andersen’s Analysis

Equivalence of analysis in C Source Code and IR

Cycles in the Constraint Graph

Field Sensitive Pointer Analysis

SVF’s Field-Sensitivity: Handling of GEP Edges

Cycles in Field Sensitive Pointer Analysis

SVF: Cycle Handling in Field Sensitive Analysis

Variant GEP

Andersen Wave Diff

Pointer Analysis and Undefined Behavior