skip to main content
article

The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code

Published:10 June 2007Publication History
Skip Abstract Section

Abstract

Pointer information is a prerequisite for most program analyses, and the quality of this information can greatly affect their precision and performance. Inclusion-based (i.e. Andersen-style) pointer analysis is an important point in the space of pointer analyses, offering a potential sweet-spot in the trade-off between precision and performance. However, current techniques for inclusion-based pointer analysis can have difficulties delivering on this potential.

We introduce and evaluate two novel techniques for inclusion-based pointer analysis---one lazy, one eager1---that significantly improve upon the current state-of-the-art without impacting precision. These techniques focus on the problem of online cycle detection, a critical optimization for scaling such analyses. Using a suite of six open-source C programs, which range in size from 169K to 2.17M LOC, we compare our techniques against the three best inclusion-based analyses--described by Heintze and Tardieu [11], by Pearce et al. [21], and by Berndl et al. [4]. The combination of our two techniques results in an algorithm which is on average 3.2 xfaster than Heintze and Tardieu's algorithm, 6.4 xfaster than Pearce et al.'s algorithm, and 20.6 faster than Berndl et al.'s algorithm.

We also investigate the use of different data structures to represent points-to sets, examining the impact on both performance and memory consumption. We compare a sparse-bitmap implementation used in the GCC compiler with a BDD-based implementation, and we find that the BDD implementation is on average 2x slower than using sparse bitmaps but uses 5.5x less memory.

References

  1. Aesop. The Ant and the Grasshopper, rm from Aesop's Fables. Greece, 6th century BC.Google ScholarGoogle Scholar
  2. Lars Ole Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, May 1994.Google ScholarGoogle Scholar
  3. Dzintars Avots, Michael Dalton, VBenjamin Livshits, and Monica S. Lam. Improving software security with a C pointer analysis. In 27th International Conference on Software Engineering (ICSE), pages 332--341, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Marc Berndl, Ondrej Lhotak, Feng Qian, Laurie Hendren, and Navindra Umanee. Points-to analysis using BDDs. In Programming Language Design and Implementation (PLDI), pages 103--114, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Randal E. Bryant. Graph-based algorithms for Boolean function manipulation. IEEE Transactions on Computers, C-35(8):677--691, August 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Jong-Deok Choi, Michael Burke, and Paul Carini. Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects. In Principles of Programming Languages (POPL), pages 232--245, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Manuvir Das. Unification-based pointer analysis with directional assignments. In Programming Language Design and Implementation (PLDI), pages 35--46, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Maryam Emami, Rakesh Ghiya, and Laurie J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In Programming Language Design and Implementation (PLDI), pages 242--256, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Manuel Faehndrich, Jeffrey S. Foster, Zhendong Su, and Alexander Aiken. Partial online cycle elimination in inclusion constraint graphs. In Programming Language Design and Implementation (PLDI), pages 85--96, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Samuel Z. Guyer and Calvin Lin. Error checking with client-driven pointer analysis. Science of Computer Programming, 58(1-2):83--114, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Nevin Heintze and Olivier Tardieu. Ultra-fast aliasing analysis using CLA: A million lines of C code in a second. In Programming Language Design and Implementation (PLDI), pages 24--34, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Michael Hind. Pointer analysis: haven't we solved this problem yet? In Workshop on Program Analysis for Software Tools and Engineering (PASTE), pages 54--61, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Michael Hind, Michael Burke, Paul Carini, and Jong-Deok Choi. Interprocedural pointer alias analysis. ACM Transactions on Programming Languages and Systems, 21(4):848--894, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. William Landi and Barbara G. Ryder. Pointer-induced aliasing: a problem taxonomy. In Symposium on Principles of Programming Languages (POPL), pages 93--103, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. William Landi and Barbara G. Ryder. A safe approximate algorithm for interprocedural pointer aliasing. In Programming Language Design and Implementation (PLDI), pages 235--248, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. J. Lind-Nielson. BuDDy, a binary decision package. http://www.itu.dk/research/buddy/.Google ScholarGoogle Scholar
  17. George C. Necula, Scott McPeak, Shree Prakash Rahul, and Westley Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Computational Complexity, pages 213--228, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. F. Nielson, H. R. Nielson, and C. L. Hankin. Principles of Program Analysis. Springer-Verlag, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Esko Nuutila and Eljas Soisalon-Soininen. On finding the strong components in a directed graph. Technical Report TKO-B94, Helsinki University of Technology, Laboratory of Information Processing Science, 1995.Google ScholarGoogle Scholar
  20. Erik M. Nystrom, Hong-Seok Kim, and Wen mei WHwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. In International Symposium on Static Analysis, pages 165--180, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  21. David Pearce, Paul Kelly, and Chris Hankin. Efficient field-sensitive pointer analysis for C. In ACM workshop on Program Analysis for Software Tools and Engineering (PASTE), pages 37--42, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. David J. Pearce, Paul H. J. Kelly, and Chris Hankin. Online cycle detection and difference propagation for pointer analysis. In 3rd International IEEE Workshop on Source Code Analysis and Manipulation (SCAM), pages 3--12, 2003.Google ScholarGoogle ScholarCross RefCross Ref
  23. Atanas Rountev and Satish Chandra. Off-line variable substitution for scaling points-to analysis. In Programming Language Design and Implementation (PLDI), pages 47--56, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. M. Shapiro and S. Horwitz. The effects of the precision of pointer analysis. Lecture Notes in Computer Science, 1302:16--34, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Bjarne Steensgaard. Points-to analysis in almost linear time. In Symposium on Principles of Programming Languages (POPL), pages 32--41, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Robert Tarjan. Depth-first search and linear graph algorithms. SIAM J. Comput., 1(2):146--160, June 1972.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Teck Bok Tok, Samuel Z. Guyer, and Calvin Lin. Efficient flow-sensitive interprocedural data-flow analysis in the presence of pointers. In 15th International Conference on Compiler Construction (CC), pages 17--31, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. John Whaley and Monica S. Lam. Cloning-based context-sensitive pointer alias analysis. In Programming Language Design and Implementation (PLDI), pages 131--144, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Robert P. Wilson and Monica S. Lam. Efficient context-sensitive pointer analysis for c programs. In Programming Language Design and Implementation (PLDI), pages 1--12, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Jianwen Zhu and Silvian Calman. Symbolic pointer analysis revisited. In Programming Language Design and Implementation (PLDI), pages 145--157, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 42, Issue 6
        Proceedings of the 2007 PLDI conference
        June 2007
        491 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/1273442
        Issue’s Table of Contents
        • cover image ACM Conferences
          PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation
          June 2007
          508 pages
          ISBN:9781595936332
          DOI:10.1145/1250734

        Copyright © 2007 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 10 June 2007

        Check for updates

        Author Tags

        Qualifiers

        • article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!