Synchronized Pushdown Systems (SPDS) provide a highly precise, yet scalable static analysis by combining field-, context-, and flow-sensitivity. In the past, we have successfully used SPDS for the analysis of Java and Java-like applications, as evidenced for instance by our recent implementation in the commercial solution Contrast Scan. Motivated by these successes, we sought to provide a similarly effective solution for the analysis of C and C++, based on the LLVM compiler framework and its intermediate language LLVM IR. Little did we know that LLVM IR would provide us with a whole other set of challenges, though: it models field accesses through pointer arithmetics, and involves many type casts through void*-pointers. But how to reason about field sensitivity when fields as such do not even exist in the language? I will explain concrete instances of this challenge and our current solution attempt that models pointer arithmetics statically through an approximated linear arithmetic.

Eric Bodden is one of the leading experts on secure software engineering, with a specialty in building highly precise tools for automated program analysis. He is Professor for Software Engineering at Paderborn University and co-director of Fraunhofer IEM. Further, he is a member of the directorate of the Collaborative Research Center CROSSING at TU Darmstadt.

At Fraunhofer IEM, Bodden is heading the Attract-Group on Secure Software Engineering. In this function he is developing code analysis technology for security, in collaboration with the leading national and international software development companies. In 2014, the DFG awarded Bodden the Heinz Maier-Leibnitz-Preis. In 2013, BITKOM elected him into their mentoring program BITKOM Management Club.

Bodden is one of the chief maintainers of the Soot program analysis and optimization framework, a contributor to the AspectBench Compiler, the open research compiler for AspectJ, the inventor of the Clara and TamiFlex frameworks. Together with his research group, he has created the FlowDroid analysis framework for Android and the DroidBench benchmark suite.