Abstract
This paper presents a demand-driven, flow-insensitive analysisalgorithm for answering may-alias queries. We formulate thecomputation of alias queries as a CFL-reachability problem, and use this formulation to derive a demand-driven analysis algorithm. The analysis uses a worklist algorithm that gradually explores the program structure and stops as soon as enough evidence is gathered to answer the query. Unlike existing techniques, our approach does not require building or intersecting points-to sets.
Experiments show that our technique is effective at answering alias queries accurately and efficiently in a demand-driven fashion. For a set of alias queries from the SPEC2000 benchmarks, an implementation of our analysis is able to accurately answer 96% of the queries in 0.5 milliseconds per query on average, using only 65 KB of memory. Compared to a demand-driven points-to analysis that constructs and intersects points-to sets on the fly, our alias analysis can achieve better accuracy while running more than 30 times faster. The low run-time cost and low memory demands of the analysis make it a very good candidate not only for compilers, but also for interactive tools, such as program understanding tools or integrated development environments (IDEs).
- R. Alur and M. Yannakakis. Model checking of hierarchical state machines. In Proceedings of the 6th ACM SIGSOFT international Symposium on the Foundations of Software Engineering, Lake Buena Vista, FL, November 1998. Google Scholar
Digital Library
- R. Alur, K. Etessami, and M. Yannakakis. Analysis of recursive state machines. In Proceedings of the 13th International Conference on Computer Aided Verification, Paris, France, July 2001. Google Scholar
Digital Library
- Lars Ole Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, May 1994.Google Scholar
- M. Benedikt, P. Godefroid, and T. Reps. Model checking of unrestricted hierarchical state machines. In Proceedings of the Twenty--Eighth Interantional Colloquium on Automata, Languages, and Programming, Crete, Greece, July 2001. Google Scholar
Digital Library
- J. Choi, M. Burke, and P. Carini. Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects. In Conference Record of the Twentieth Annual Symposium on Principles of Programming Languages, Charleston, SC, January 1993. Google Scholar
Digital Library
- M. Das, B. Liblit, M. Fahndrich, and J. Rehof. Estimating the impact of scalable pointer analysis on optimization. In Proceedings of the International Static Analysis Symposium, Paris, France, July 2001. Google Scholar
Digital Library
- Manuvir Das. Unification-based pointer analysis with directional assignments. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation, Vancouver, Canada, June 2000. Google Scholar
Digital Library
- M. Fahndrich, J. Foster, Z. Su, and A. Aiken. Partial online cycle elimination in inclusion constraint graphs. In In Proceedings of the ACM SIGPLAN '98 Conference on Programming Language Design and Implementation, Montreal, Canada, June 1998. Google Scholar
Digital Library
- M. Fähndrich, J. Rehof, and M. Das. Scalable context-sensitive flow analysis using instantiation constraints. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation, Vancouver, Canada, June 2000. Google Scholar
Digital Library
- R. Ghiya, D. Lavery, and D. Sehr. On the importance of points-to analysis and other memory disambiguation methods for C programs. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, Snowbird, UT, June 2001. Google Scholar
Digital Library
- N. Heintze and O. Tardieu. Demand-driven pointer analysis. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, Snowbird, UT, June 2001. Google Scholar
Digital Library
- Michael Hind. Pointer analysis: Haven't we solved this problem yet? In Proceedings of the SIGPLAN-SIGSOFT '01 Workshop on Program Analysis for Software Tools and Engineering, Snowbird, UT, June 2001. Google Scholar
Digital Library
- B. Kernighan and D. Ritchie. The C Programming Language. Prentice-Hall, second edition, 1988. Google Scholar
Digital Library
- J. Kodumal and A. Aiken. The set constraint/CFL reachability connection in practice. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, Washington, DC, June 2004. Google Scholar
Digital Library
- J. Kodumal and A. Aiken. Banshee: A scalable constraint-based analysis toolkit. In In Proceedings of the International Static Analysis Symposium, London, UK, September 2005. Google Scholar
Digital Library
- W. Landi and B. Ryder. A safe approximation algorithm for interprocedural pointer aliasing. In Proceedings of the ACM SIGPLAN'92 Conference on Programming Language Design and Implementation, San Francisco, CA, June 1992. Google Scholar
Digital Library
- C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, San Diego, CA, June 2007. Google Scholar
Digital Library
- D. Maydan, J. Hennessy, and M. Lam. Efficient and exact data dependence analysis. In Proceedings of the ACM SIGPLAN 1991 Conference on Programming Language Design and Implementation, June 1991. Google Scholar
Digital Library
- T. Reps, S. Horowitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd Annual ACM Symposium on the Principles of Programming Languages, San Francisco, CA, January 1995. Google Scholar
Digital Library
- Thomas Reps. Program analysis via graph reachability. In Proceedings of the International Logic Programming Symposium, Port Jefferson, NY, October 1997. Google Scholar
Digital Library
- R. Rugina, M. Orlovich, and X. Zheng. Crystal: A program analysis system for C. URL: http://www.cs.cornell.edu/projects/crystal.Google Scholar
- D. Saha and C. R. Ramakrishnan. Incremental and demand-driven points-to analysis using logic programming. In Proceedings of the 7th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming, July 2005. Google Scholar
Digital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In S. Muchnick and N.D. Jones, editors, Program Flow Analysis: Theory and Applications. Prentice Hall Inc, 1981.Google Scholar
- M. Sridharan and R. Bodik. Refinement-based context-sensitive points-to analysis for Java. In Proceedings of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, Ottawa, Canada, June 2006. Google Scholar
Digital Library
- M. Sridharan, D. Gopan, L. Shan, and R. Bodik. Demand-driven points-to analysis for Java. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object--Oriented Programming, Systems, Languages, and Applications, San Diego, CA, October 2005. Google Scholar
Digital Library
- Bjarne Steensgaard. Points-to analysis in almost linear time. In Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, St. Petersburg Beach, FL, January 1996. Google Scholar
Digital Library
Index Terms
Demand-driven alias analysis for C
Recommendations
Demand-driven alias analysis for C
POPL '08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThis paper presents a demand-driven, flow-insensitive analysisalgorithm for answering may-alias queries. We formulate thecomputation of alias queries as a CFL-reachability problem, and use this formulation to derive a demand-driven analysis algorithm. ...
On-demand dynamic summary-based points-to analysis
CGO '12: Proceedings of the Tenth International Symposium on Code Generation and OptimizationStatic analyses can be typically accelerated by reducing redundancies. Modern demand-driven points-to or alias analysis techniques rest on the foundation of Context-Free Language (CFL) reachability. These techniques achieve high precision efficiently ...
Precise flow-insensitive may-alias analysis is NP-hard
Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...







Comments