Abstract
Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-sensitivity, and while there has been significant recent progress regarding scalable context-sensitive pointer analysis, relatively little progress has been made in improving the scalability of flow-sensitive pointer analysis.
This paper presents a new interprocedural, flow-sensitive pointer analysis algorithm that combines two ideas-semi-sparse analysis and a novel use of BDDs-that arise from a careful understanding of the unique challenges that face flow-sensitive pointer analysis. We evaluate our algorithm on 12 C benchmarks ranging from 11K to 474K lines of code. Our fastest algorithm is on average 197x faster and uses 4.6x less memory than the state of the art, and it can analyze programs that are an order of magnitude larger than the previous state of the art.
- J. Aycock and R. N. Horspool. Simple generation of static single-assignment form. In 9th International Conference on Compiler Construction (CC), pages 110--124, London, UK, 2000. Springer-Verlag. Google Scholar
Digital Library
- T. Ball, R. Majumdar, T. D. Millstein, and S. K. Rajamani. Automatic predicate abstraction of c programs. In Programming Language Design and Implementation (PLDI), pages 203--213, 2001. Google Scholar
Digital Library
- R. Barua, W. Lee, S. Amarasinghe, and A. Agarawal. Compiler support for scalable and efficient memory systems. IEEE Trans. Comput., 50(11):1234--1247, 2001. Google Scholar
Digital Library
- M. Berndl, O. Lhotak, F. Qian, L. Hendren, and N. Umanee. Points-to analysis using BDDs. In Programming Language Design and Implementation (PLDI), 2003,pages 103--114. Google Scholar
Digital Library
- G. Bilardi and K. Pingali. Algorithms for computing the static single assignment form. Journal of the ACM, 50(3):375--425, 2003. Google Scholar
Digital Library
- R. E. Bryant. Graph-based algorithms for Boolean function manipulation. IEEETC, C--35(8):677--691, Aug 1986. Google Scholar
Digital Library
- W. Chang, B. Streiff, and C. Lin. Efficient and extensible security enforcement using dynamic data flow analysis. In Computer and Communications Security (CCS), 2008,pages 39--50. Google Scholar
Digital Library
- D. R. Chase, M. Wegman, and F. K. Zadeck. Analysis of pointers and structures. In Programming Language Design and Implementation (PLDI), pages 296--310, 1990. Google Scholar
Digital Library
- P.-S. Chen, M.-Y. Hung, Y.-S. Hwang, R. D.-C. Ju, and J. K. Lee. Compiler support for speculative multithreading architecture with probabilistic points-to analysis. SIGPLAN Not., 38(10):25--36, 2003. Google Scholar
Digital Library
- B.-C. Cheng and W.-M. W. Hwu. Modular interprocedural pointer analysis using access paths: Design, implementation, and evaluation. ACM SIG-PLAN Notices, 35(5):57--69, 2000. Google Scholar
Digital Library
- J.-D. Choi, R. Cytron, and J. Ferrante. Automatic construction of sparse data flow evaluation graphs. In Symposium on Principles of Programming Languages (POPL), pages 55--66, New York, NY, USA, 1991. ACM Press. Google Scholar
Digital Library
- F. Chow, S. Chan, S.-M. Liu, R. Lo, and M. Streich. Effective representation of aliases and indirect memory operations in SSA form. In Compiler Construction, 1996, pages 253--267. Google Scholar
Cross Ref
- R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems, 13(4):451--490, 1991. Google Scholar
Digital Library
- R. Cytron and R. Gershbein. Efficient accommodation of may-alias information in SSA form. In Programming Language Design and Implementation (PLDI), June 1993, pages 36--45. Google Scholar
Digital Library
- R. K. Cytron and J. Ferrante. Efficiently computing Φ-nodes on-the-fly. ACM Trans. Program. Lang. Syst, 17(3):487--506, 1995. Google Scholar
Digital Library
- E. Duesterwald, R. Gupta, and M. L. Soffa. Reducing the cost of data flow analysis by congruence partitioning. In Compiler Construction, 1994, pages 357--373. Google Scholar
Digital Library
- S. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective typestate verification in the presence of aliasing. In International Symposium on Software Testing and Analysis, pages 133--144, 2006. Google Scholar
Digital Library
- R. Ghiya. Putting pointer analysis to work. In Principles of Programming Languages (POPL), 1998,pages 121--133. Google Scholar
Digital Library
- D. Goyal. An improved intra-procedural may-alias analysis algorithm. Technical report TR1999--777, New York University, 1999. Google Scholar
Digital Library
- S. Z. Guyer and C. Lin. Error checking with client-driven pointer analysis. Science of Computer Programming, 58(1-2):83--114, 2005. Google Scholar
Digital Library
- B. Hackett and R. Rugina. Region-based shape analysis with tracked locations. In Symposium on Principles of Programming Languages, pages 310--323, 2005. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. The Ant and the Grasshopper: Fast and accurate pointer analysis for millions of lines of code. In Programming Language Design and Implementation (PLDI), pages 290--299, San Diego, CA, USA, 2007. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. Exploiting pointer and location equivalence to optimize pointer analysis. In International Static Analysis Symposium (SAS), pages 265--280, 2007. Google Scholar
Digital Library
- R. Hasti and S. Horwitz. Using static single assignment form to improve flow-insensitive pointer analysis. In Programming Language Design and Implementation (PLDI), 1998,pages 97--105. Google Scholar
Digital Library
- N. Heintze and O. Tardieu. Ultra-fast aliasing analysis using CLA: A million lines of C code in a second. In Programming Language Design and Implementation (PLDI), pages 23--34, 2001. Google Scholar
Digital Library
- M. Hind. Pointer analysis: haven't we solved this problem yet? In Workshop on Program Analysis for Software Tools and Engineering (PASTE), pages 54--61, New York, NY, USA, 2001. ACM Press. Google Scholar
Digital Library
- M. Hind, M. Burke, P. Carini, and J.-D. Choi. Interprocedural pointer alias analysis. ACM Transactions on Programming Languages and Systems, 21(4):848--894, 1999. Google Scholar
Digital Library
- M. Hind and A. Pioli. Assessing the effects of flow-sensitivity on pointer alias analyses. In Static Analysis Symposium, pages 57--81, 1998. Google Scholar
Digital Library
- V. Kahlon. Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis. In Programming language design and implementation, pages 249--259, 2008. Google Scholar
Digital Library
- H.-S. Kim, E. M. Nystrom, R. D. Barnes, and W.-M. W. Hwu. Compaction algorithm for precise modular context-sensitive points--to analysis. Technical report IMPACT-03-03, Center for Reliable and High Performance Computing, University of Illinois, Urbana-Champaign, 2003.Google Scholar
- C. Lapkowski and L. J. Hendren. Extended SSA numbering: introducing SSA properties to languages with multi-level pointers. In CASCON '96: Proceedings of the 1996 conference of the Centre for Advanced Studies on Collaborative research, page 23, 1996. Google Scholar
Digital Library
- C. Lattner. LLVM: An infrastructure for multi-stage optimization. Master's thesis, Computer Science Dept., University of Illinois at Urbana-Champaign, Dec 2002.Google Scholar
- C. Lattner and V. Adve. Data structure analysis: An efficient context-sensitive heap analysis. Technical Report UIUCDCS-R-2003-2340, Computer Science Dept, University of Illinois at Urbana-Champaign, 2003.Google Scholar
- O. Lhotak, S. Curial, and J. Amaral. Using ZBDDs in points-to analysis. In Workshops on Languages and Compilers for Parallel Computing (LCPC), 2007.Google Scholar
Digital Library
- J. Lind-Nielson. BuDDy, a binary decision package.Google Scholar
- A. Milanova and B. G. Ryder. Annotated inclusion constraints for precise flow analysis. In ICSM '05: Proceedings of the 21st IEEE International Conference on Software Maintenance (ICSM'05), pages 187--196, 2005. Google Scholar
Digital Library
- M. Mock, D. Atkinson, C. Chambers, and S. Eggers. Improving program slicing with dynamic points-to data. In Foundations of Software Engineering, pages 71--80, 2002. Google Scholar
Digital Library
- D. Novillo. Design and implementation of Tree SSA, 2004.Google Scholar
- E. M. Nystrom, H.-S. Kim, and W. mei W. Hwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. In International Symposium on Static Analysis, pages 165--180, 2004.Google Scholar
Cross Ref
- D. Pearce, P. Kelly, and C. Hankin. Efficient field-sensitive pointer analysis for C. In ACM Workshop on Program Analysis for Software Tools and Engineering (PASTE), pages 37--42, 2004. Google Scholar
Digital Library
- D. J. Pearce, P. H. J. Kelly, and C. Hankin. Online cycle detection and difference propagation for pointer analysis. In 3rd International IEEE Workshop on Source Code Analysis and Manipulation (SCAM), pages 3--12, 2003.Google Scholar
Cross Ref
- G. Ramalingam. On sparse evaluation representations. Theoretical Computer Science, 277(1-2):119--147, 2002. Google Scholar
Digital Library
- J. H. Reif and H. R. Lewis. Symbolic evaluation and the global value graph. In Principles of programming languages (POPL), pages 104--118, 1977. Google Scholar
Digital Library
- A. Rountev and S. Chandra. Off-line variable substitution for scaling points-to analysis. ACM SIGPLAN Notices, 35(5):47--56, 2000. Google Scholar
Digital Library
- A. Salcianu and M. Rinard. Pointer and escape analysis for multithreaded programs. In PPoPP '01: Proceedings of the Eighth ACM SIGPLAN Symposium on Principles and Practices of Parallel Programming, pages 12--23, 2001. Google Scholar
Digital Library
- M. Shapiro and S. Horwitz. The effects of the precision of pointer analysis. Lecture Notes in Computer Science, 1302:16--34, 1997. Google Scholar
Digital Library
- T. B. Tok, S. Z. Guyer, and C. Lin. Efficient flow-sensitive interprocedural data-flow analysis in the presence of pointers. In 15th International Conference on Compiler Construction (CC), pages 17--31, 2006. Google Scholar
Digital Library
- J. Whaley and M. S. Lam. Cloning--based context-sensitive pointer alias analysis. In Programming Language Design and Implementation (PLDI), pages 131--144, 2004. Google Scholar
Digital Library
- R. P. Wilson and M. S. Lam. Efficient context-sensitive pointer analysis for C programs. In Programming Language Design and Implementation (PLDI), pages 1--12, 1995. Google Scholar
Digital Library
- J. Zhu. Symbolic pointer analysis. In International Conference on Computer-Aided Design (ICCAD), pages 150---157, New York, NY, USA, 2002. ACM Press. Google Scholar
Digital Library
- J. Zhu. Towards scalable flow and context sensitive pointer analysis. In DAC '05: Proceedings of the 42nd Annual Conference on Design Automation, pages 831--836, 2005. Google Scholar
Digital Library
- J. Zhu and S. Calman. Symbolic pointer analysis revisited. In Programming Language Design and Implementation (PLDI), pages 145--157, New York, NY, USA, 2004. ACM Press. Google Scholar
Digital Library
Index Terms
Semi-sparse flow-sensitive pointer analysis
Recommendations
Semi-sparse flow-sensitive pointer analysis
POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesPointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-...
Precise flow-insensitive may-alias analysis is NP-hard
Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...
Demand-driven alias analysis for C
POPL '08This paper presents a demand-driven, flow-insensitive analysisalgorithm for answering may-alias queries. We formulate thecomputation of alias queries as a CFL-reachability problem, and use this formulation to derive a demand-driven analysis algorithm. ...









Comments