Abstract
This paper explores a sweet spot between flow-insensitive and flow-sensitive subset-based points-to analysis. Flow-insensitive analysis is efficient: it has been applied to million-line programs and even its worst-case requirements are quadratic space and cubic time. Flow-sensitive analysis is precise because it allows strong updates, so that points-to relationships holding in one program location can be removed from the analysis when they no longer hold in other locations. We propose a "Strong Update" analysis combining both features: it is efficient like flow-insensitive analysis, with the same worst-case bounds, yet its precision benefits from strong updates like flow-sensitive analysis. The key enabling insight is that strong updates are applicable when the dereferenced points-to set is a singleton, and a singleton set is cheap to analyze. The analysis therefore focuses flow sensitivity on singleton sets. Larger sets, which will not lead to strong updates, are modelled flow insensitively to maintain efficiency. We have implemented and evaluated the analysis as an extension of the standard flow-insensitive points-to analysis in the LLVM compiler infrastructure.
- L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, May 1994.(DIKU report 94/19).Google Scholar
- M. Berndl, O. Lhoták, F. Qian, L. Hendren, and N. Umanee. Points-to analysis using BDDs. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pages 103--114, 2003. Google Scholar
Digital Library
- M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In OOPSLA '09: Proceeding of the 24th ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications, pages 243--262, 2009. Google Scholar
Digital Library
- R. E. Bryant. Symbolic boolean manipulation with ordered binary-decision diagrams. ACM Comput. Surv., 24 (3): 293--318, 1992. Google Scholar
Digital Library
- J.-D. Choi, R. Cytron, and J. Ferrante. Automatic construction of sparse data flow evaluation graphs. In Proceedings of the 18th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 55--66, 1991. Google Scholar
Digital Library
- J.-D. Choi, M. Burke, and P. Carini. Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects. In Proceedings of the 20th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 232--245, 1993. Google Scholar
Digital Library
- J.-D. Choi, R. Cytron, and J. Ferrante. On the efficient engineering of ambitious program analysis. IEEE Trans. Software Eng., 20 (2): 105--114, 1994. Google Scholar
Digital Library
- F. Chow, S. Chan, S.-M. Liu, and R. Lo. Effective representation of aliases and indirect memory operations in SSA form. In Compiler Construction: 6th International Conference, CC'96, volume 1060 of phLecture Notes in Computer Science, pages 253--267, 1996. Google Scholar
Digital Library
- R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. An efficient method of computing static single assignment form. In Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 25--35, 1989. Google Scholar
Digital Library
- B. A. Davey and H. A. Priestly. Introduction to Lattices and Order. Cambridge Mathematical Textbooks. Cambridge University Press, first edition, 1990.Google Scholar
- M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In Proceedings of the ACM SIGPLAN '94 Conference on Programming Language Design and Implementation, pages 242--256, 1994. Google Scholar
Digital Library
- M. Fähndrich, J. S. Foster, Z. Su, and A. Aiken. Partial online cycle elimination in inclusion constraint graphs. In Proceedings of the ACM SIGPLAN '98 Conference on Programming Language Design and Implementation, pages 85--96, 1998. Google Scholar
Digital Library
- D. Goyal. Transformational derivation of an improved alias analysis algorithm. Higher Order Symbol. Comput., 18 (1--2): 15--49, 2005. Google Scholar
Digital Library
- B. Hardekopf. Pointer Analysis: Building a Foundation for Effective Program Analysis. PhD thesis, University of Texas at Austin, May 2009. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In PLDI '07: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 290--299, 2007. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. Exploiting pointer and location equivalence to optimize pointer analysis. In H. R. Nielson and G. Filé, editors, Static Analysis, 14th International Symposium, SAS 2007, volume 4634 of phLecture Notes in Computer Science, pages 265--280, 2007. Google Scholar
Digital Library
- B. Hardekopf, and C. Lin,. Semi-sparse flow-sensitive pointer analysis. In POPL '09: Proceedings of the 36th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 226--238, 2009. Google Scholar
Digital Library
- R. Hasti and S. Horwitz. Using static single assignment form to improve flow-insensitive pointer analysis. In Proceedings of the ACM SIGPLAN '98 Conference on Programming Language Design and Implementation, pages 97--105, 1998. Google Scholar
Digital Library
- N. Heintze and O. Tardieu. Ultra-fast aliasing analysis using CLA: a million lines of C code in a second. In Proceedings of the ACM SIGPLAN'01 Conference on Programming Language Design and Implementation, pages 254--263, 2001. Google Scholar
Digital Library
- M. Hind and A. Pioli. Assessing the effects of flow-sensitivity on pointer alias analyses. In Static analysis: 5th International Symposium, SAS '98, volume 1503 of Lecture Notes in Computer Science, pages 57--81, 1998. Google Scholar
Digital Library
- M. Hind and A. Pioli. Which pointer analysis should I use? In Proceedings of the 2000 ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 113--123, 2000. Google Scholar
Digital Library
- V. Kahlon. Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis. In PLDI '08: Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 249--259, 2008. Google Scholar
Digital Library
- J. B. Kam and J. D. Ullman. Monotone data flow analysis frameworks. Acta Inf., 7: 305--317, 1977.Google Scholar
Digital Library
- C. Lattner and V. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In CGO '04: Proceedings of the International Symposium on Code Generation and Optimization, page 75, 2004. Google Scholar
Digital Library
- O. Lhoták and L. Hendren. Scaling Java points-to analysis using Spark. In G. Hedin, editor, Compiler Construction, 12th International Conference, volume 2622 of LNCS, pages 153--169, Apr. 2003. Google Scholar
Digital Library
- D. J. Pearce, P. H. J. Kelly, and C. Hankin. Online cycle detection and difference propagation: Applications to pointer analysis. Software Quality Journal, 12 (4): 311--337, 2004. Google Scholar
Digital Library
- F. M. Q. Pereira and D. Berlin. Wave propagation and deep propagation for pointer analysis. In CGO '09: Proceedings of the 2009 International Symposium on Code Generation and Optimization, pages 126--135, 2009. Google Scholar
Digital Library
- A. Rountev and S. Chandra. Off-line variable substitution for scaling points-to analysis. In Proceedings of the ACM SIGPLAN '00 Conference on Programming Language Design and Implementation, pages 47--56, 2000. Google Scholar
Digital Library
- A. Salcianu. Pointer Analysis for Java Programs: Novel Techniques and Applications. PhD thesis, Massachusetts Institute of Technology, Sept. 2006. Google Scholar
Digital Library
- M. Sridharan and S. J. Fink. The complexity of andersen's analysis in practice. In J. Palsberg and Z. Su, editors, Static Analysis, 16th International Symposium, SAS 2009, volume 5673 of phLecture Notes in Computer Science, pages 205--221, 2009. Google Scholar
Digital Library
- S. Staiger-Stöhr. Implementing sparse flow-sensitive andersen analysis. Technical Report 2009/03, Universität Stuttgart, 2009.Google Scholar
- S. Staiger-Stöhr. Kombinierte statische Ermittlung von Zeigerzielen, Kontroll-und Datenfluss. PhD thesis, Universität Stuttgart, 2009.Google Scholar
- Standard Performance Evaluation Corporation. URL http://www.spec.org/.Google Scholar
- T. B. Tok, S. Z. Guyer, and C. Lin. Efficient flow-sensitive interprocedural data-flow analysis in the presence of pointers. In A. Mycroft and A. Zeller, editors, Compiler Construction, 15th International Conference, CC 2006, volume 3923 of Lecture Notes in Computer Science, pages 17--31, 2006. Google Scholar
Digital Library
- F. Vivien and M. Rinard. Incrementalized pointer and escape analysis. In Proceedings of the ACM SIGPLAN'01 Conference on Programming Language Design and Implementation, pages 35--46, 2001. Google Scholar
Digital Library
- J. Whaley and M. Rinard. Compositional pointer and escape analysis for Java programs. In Proceedings of the 1999 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications, pages 187--206, 1999. Google Scholar
Digital Library
- R. P. Wilson and M. S. Lam. Efficient context-sensitive pointer analysis for C programs. In Proceedings of the Conference on Programming Language Design and Implementation, pages 1--12, 1995. Google Scholar
Digital Library
- J. Zhu. Towards scalable flow and context sensitive pointer analysis. In DAC '05: Proceedings of the 42nd Annual Conference on Design automation, pages 831--836, 2005. Google Scholar
Digital Library
Index Terms
Points-to analysis with efficient strong updates
Recommendations
Points-to analysis with efficient strong updates
POPL '11: Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThis paper explores a sweet spot between flow-insensitive and flow-sensitive subset-based points-to analysis. Flow-insensitive analysis is efficient: it has been applied to million-line programs and even its worst-case requirements are quadratic space ...
On-demand strong update analysis via value-flow refinement
FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software EngineeringWe present a new Strong UPdate Analysis for C programs, called Supa, that enables computing points-to information on-demand via value-flow refinement, in environments with small time and memory budgets such as IDEs. We formulate Supa by solving a graph-...
EagerMerge: an optimistic technique for efficient points-to analysis
ISSTA 2016: Proceedings of the 25th International Symposium on Software Testing and AnalysisWe present an information-merging technique for efficient computation of points-to information for C programs. Invalid use of pointers can lead to hard-to-find bugs and may expose security vulnerabilities. Thus, analyzing them is critical for software ...







Comments