Document Open Access Logo

Field-Sensitive Over-Tainting Reduction in IFDS Taint Analysis via CFL-Reachability (Artifact)

Authors Yujiang Gui , Yonggang Tao , Jingling Xue

PDF

Artifact Description

Thumbnail PDF
PDF
DARTS.12.1.20.pdf
  • Filesize: 0.59 MB
  • 4 pages

Document Identifiers

Subject Classification

ACM Subject Classification
  • Theory of computation → Program analysis
Keywords
  • Taint Analysis
  • CFL-Reachability
  • Access Path
  • Field Sensitivity
  • Pointer Analysis.

Metrics

Artifact

Artifact Evaluation Policy

The artifact has been evaluated as described in the ECOOP 2026 Call for Artifacts and the ACM Artifact Review and Badging Policy.

Abstract

Our related paper presents TnFix, a CFL (context-free language)-reachability-based technique for mitigating over-tainting in IFDS taint analysis. The approach addresses a common source of imprecision introduced by k-limiting: it prunes spurious access paths by checking candidate field sequences against per-object DFAs (deterministic finite automata). To build these DFAs, TnFix first solves a lightweight, field-sensitive CFL-reachability problem to construct a Field Points-to Graph (FPG) that integrates flows from taint sources and library summaries, and then transforms the FPG into object-specific DFAs used during analysis to reject infeasible field-access sequences.
This artifact bundles the implementation of TnFix (including field-sensitive CFL-reachability solving, per-object DFA construction, and DFA-based filtering), together with the evaluation harness used in the paper. It provides scripts to run TnFix and FlowDroid under identical settings and to reproduce the reported performance and precision results on the Android app set used in our evaluation.

Cite As Get BibTex

Yujiang Gui, Yonggang Tao, and Jingling Xue. Field-Sensitive Over-Tainting Reduction in IFDS Taint Analysis via CFL-Reachability (Artifact). In Special Issue of the 40th European Conference on Object-Oriented Programming (ECOOP 2026). Dagstuhl Artifacts Series (DARTS), Volume 12, Issue 1, pp. 20:1-20:4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026) https://doi.org/10.4230/DARTS.12.1.20

Author Details

Yujiang Gui
  • University of New South Wales, Sydney, Australia
Yonggang Tao
  • University of New South Wales, Sydney, Australia
Jingling Xue
  • University of New South Wales, Sydney, Australia

Funding

Australian Research Council Grants DP240103194.

Acknowledgements

{We thank the anonymous reviewers for their constructive comments.}

Related Article

  • Yujiang Gui, Yonggang Tao, and Jingling Xue, "Field-Sensitive Over-Tainting Reduction in IFDS Taint Analysis via CFL-Reachability", in 40th European Conference on Object-Oriented Programming (ECOOP 2026), LIPIcs, Vol. 372, pp. 10:1-10:30, 2026. https://doi.org/10.4230/LIPIcs.ECOOP.2026.10

References

  1. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Michael F. P. O'Boyle and Keshav Pingali, editors, ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, Edinburgh, United Kingdom - June 09 - 11, 2014, pages 259-269. ACM, 2014. URL: https://doi.org/10.1145/2594291.2594299.
  2. Yujiang Gui, Dongjie He, and Jingling Xue. Merge-Replay: Efficient IFDS-Based Taint Analysis by Consolidating Equivalent Value Flows. In 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023, Luxembourg, September 11-15, 2023, pages 319-331. IEEE, 2023. URL: https://doi.org/10.1109/ASE56229.2023.00027.
  3. Dongjie He, Haofeng Li, Lei Wang, Haining Meng, Hengjie Zheng, Jie Liu, Shuangwei Hu, Lian Li, and Jingling Xue. Performance-Boosting Sparsification of the IFDS Algorithm with Applications to Taint Analysis. In 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019, San Diego, CA, USA, November 11-15, 2019, pages 267-279, New York, NY, USA, 2019. IEEE. URL: https://doi.org/10.1109/ASE.2019.00034.
  4. Haofeng Li, Haining Meng, Hengjie Zheng, Liqing Cao, Jie Lu, Lian Li, and Lin Gao. Scaling Up the IFDS Algorithm with Efficient Disk-Assisted Computing. In Jae W. Lee, Mary Lou Soffa, and Ayal Zaks, editors, IEEE/ACM International Symposium on Code Generation and Optimization, CGO 2021, Seoul, South Korea, February 27 - March 3, 2021, pages 236-247, New York, NY, USA, 2021. IEEE. URL: https://doi.org/10.1109/CGO51591.2021.9370311.
Any Issues?
X

Feedback on the Current Page

CAPTCHA

Thanks for your feedback!

Feedback submitted to Dagstuhl Publishing

Could not send message

Please try again later or send an E-mail
© 2023-2026 Schloss Dagstuhl – LZI GmbH Schloss Dagstuhl – LZI GmbH About DROPS Imprint Privacy Contact