Context Static analysis exploits techniques that parse program source code or bytecode,
often traversing program paths to check some program properties. Static analysis …

Security threats are escalating exponentially posing a serious challenge to mobile platforms,
specifically Android. In recent years the number of attacks has not only increased but each …

Mainstream points-to analysis techniques for object-oriented languages rely predominantly
on the allocation-site abstraction to model heap objects. We present MAHJONG, a novel …

Researchers have reported that static analysis tools rarely achieve a false-positive rate that
would make them attractive to developers. We overcome this problem by a technique that …

The control flows of Android apps are largely driven by the protocols that govern how
callback APIs are invoked in response to various events. When these callback APIs evolve …

Object-sensitivity is regarded as arguably the best context abstraction for pointer analysis in
object-oriented languages. However, ak-object-sensitive pointer analysis, which uses a …

Java reflection has been widely used in a variety of applications and frameworks. It allows a
software system to inspect and change the behaviour of its classes, interfaces, methods, and …

Heap data is potentially unbounded and seemingly arbitrary. Hence, unlike stack and static
data, heap data cannot be abstracted in terms of a fixed set of program variables. This …

We present Graphick, a new technique for automatically learning graph-based heuristics for
pointer analysis. Striking a balance between precision and scalability of pointer analysis …

We present context tunneling, a new approach for making k-limited context-sensitive points-
to analysis precise and scalable. As context-sensitivity holds the key to the development of …