Active learning of points-to specifications

When analyzing programs, large libraries pose significant
challenges to static points-to analysis. A popular solution
is to have a human analyst provide points-to specifications
that summarize relevant behaviors of library code, which
can substantially improve precision and handle missing code
such as native code. We propose Atlas, a tool that automatically infers points-to specifications. Atlas synthesizes unit
tests that exercise the library code, and then infers points-to
specifications based on observations from these executions.
Atlas automatically infers specifications for the Java standard library, and produces better results for a client static
information flow analysis on a benchmark of 46 Android
apps compared to using existing handwritten specifications.