skip to main content
research-article
Free Access

Practical Integrated Analysis of Pointers, Dataflow and Control Flow

Published:01 April 2013Publication History
Skip Abstract Section

Abstract

This article presents a family of static analyses to determine pointer targets, control flow, and dataflow in combination. The integrated solution to these mutually dependent problems approaches the result from the optimistic side. It is a general strategy for static program analysis and does not need any upfront approximation for one of the problems to overcome the mutual dependencies. A degenerated case yields Andersen’s famous pointer analysis; otherwise, the analyses are flow-sensitive and can support direct and indirect strong updates, within the same cubic asymptotic complexity as known for Andersen, albeit with larger constants.

Surprisingly, the ideas behind the integrated analysis are intuitive. The strategy we describe naturally evolves from considering the mutual dependencies between the three problems, or from generalizing Andersen’s analysis to flow sensitivity. Such a flow-sensitive Andersen analysis not only computes pointer targets with higher precision than the original analysis, but it also creates an interprocedural SSA form at the same time.

Our extensive experimental evaluation shows that the integrated solution is practical as it can be applied to reasonably large real-world programs within a few seconds or minutes. This uses some optimizations which together achieve a speedup of more than 100 for several programs. We compare several members of the family of analyses, from flow- and field-insensitive to flow- and field-sensitive with strong updates, both with and without optimizations. This gives some insights into the effects of these dimensions of precision on the results. It also sheds new light on the benefits of flow sensitivity versus the costs associated with it.

References

  1. Andersen, L. O. 1994. Program analysis and specialization for the C programming language. Ph.D. dissertation. DIKU, University of Copenhagen.Google ScholarGoogle Scholar
  2. Chang, W., Streiff, B., and Lin, C. 2008. Efficient and extensible security enforcement using dynamic data flow analysis. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS’08). ACM Press, New York, 39--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Chase, D. R., Wegman, M., and Zadeck, F. K. 1990. Analysis of pointers and structures. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’90). ACM Press, New York, 296--310. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Chatterjee, R., Ryder, B. G., and Landi, W. A. 1999. Relevant context inference. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’99). ACM Press, New York, 133--146. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Choi, J.-D., Burke, M., and Carini, P. 1993. Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects. In Proceedings of the 20th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’93). ACM Press, New York, 232--245. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Cytron, R., Ferrante, J., Rosen, B. K., Wegman, M. N., and Zadeck, F. K. 1991. Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst. 13, 4, 451--490. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Fahndrich, M., Foster, J. S., Su, Z., and Aiken, A. 1998. Partial online cycle elimination in inclusion constraint graphs. SIGPLAN Not. 33, 5, 85--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Fink, S. J., Yahav, E., Dor, N., Ramalingam, G., and Geay, E. 2008. Effective typestate verification in the presence of aliasing. ACM Trans. Softw. Engin. Methodol. 17, 2, 9:1--9:34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Goyal, D. 2005. Transformational derivation of an improved alias analysis algorithm. Higher-Order Symbol. Comput. 18, 1--2, 15--49. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Gutzmann, T., Lundberg, J., and Lowe, W. 2007. Towards path-sensitive points-to analysis. In Proceedings of the 7th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM’07). 59--68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Guyer, S. Z. and Lin, C. 2005. Error checking with client-driven pointer analysis. Sci. Comput. Program. 58, 1-2, 83--114. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Hardekopf, B. and Lin, C. 2007. The ant and the grasshopper: Fast and accurate pointer analysis for millions of lines of code. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’07). ACM Press, New York, 290--299. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Hardekopf, B. and Lin, C. 2009. Semi-sparse flow-sensitive pointer analysis. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’09). 226--238. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Hardekopf, B. and Lin, C. 2011. Flow-sensitive pointer analysis for millions of lines of code. In Proceedings of the International Symposium on Code Generation and Optimization (CGO’11). 289--298. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Hasti, R. and Horwitz, S. 1998. Using static single assignment form to improve flow-insensitive pointer analysis. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’98). 97--105. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Heintze, N. and Tardieu, O. 2001. Ultra-fast aliasing analysis using CLA: A million lines of C code in a second. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’01). ACM Press, New York, 254--263. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Hind, M. 2001. Pointer analysis: Haven’t we solved this problem yet? In Proceedings of the ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE’01). ACM Press, New York, 54--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Hind, M., Burke, M., Carini, P., and Choi, J. D. 1999. Interprocedural pointer alias analysis. ACM Trans. Program. Lang. Syst. 21, 4, 848--894. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Hind, M. and Pioli, A. 1998. Assessing the effects of flow-sensitivity on pointer alias analyses. In Proceedings of the 5th International Symposium on Static Analysis (SAS’98). Lecture Notes in Computer Science, vol. 1503, Springer, 57--81. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Hind, M. and Pioli, A. 2000. Which pointer analysis should I use? In Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’00). ACM Press, New York, 113--123. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Kahlon, V. 2008. Bootstrapping: A technique for scalable flow and context-sensitive pointer alias analysis. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’08). ACM Press, New York, 249--259. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Landi, W. and Ryder, B. G. 1992. A safe approximate algorithm for interprocedural pointer aliasing. SIGPLAN Not. 27, 7, 235--248. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Lhotak, O. 2006. Program analysis using binary decision diagrams. Ph.D. dissertation, McGill University, Montreal, Quebec, Canada. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Lhotak, O. and Chung, A. K.-C. 2011. Points-to analysis with efficient strong updates. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’11). ACM Press, New York, 3--16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Lhotak, O. and Hendren, L. 2006. Context-sensitive points-to analysis: Is it worth it? In Proceedings of the Conference on Compiler Construction (CC’06). Lecture Notes in Computer Science, vol. 3923, Springer, 47--64. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Lhotak, O. and Hendren, L. 2008. Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Trans. Softw. Engin. Methodol. 18, 1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Lindenmaier, G., Beck, M., Boesler, B., and Geiß, R. 2005. Firm, an intermediate language for compiler research. Tech. rep. 2005-8, University of Karlsruhe.Google ScholarGoogle Scholar
  28. Lundberg, J. and Lowe, W. 2007. A scalable flow-sensitive points-to analysis. In Compiler Construction Advances and Applications, Festschrift on the Occasion of the Retirement of Prof. Dr. H. C. Gerhard Goos. Springer. http://w3.msi.vxu.se/_jonasl/goos07.pdf.Google ScholarGoogle Scholar
  29. Pearce, D. J. 2005. Some directed graph algorithms and their application to pointer analysis. Ph.D. dissertation, University of London.Google ScholarGoogle Scholar
  30. Pearce, D. J., Kelly, P. H. J., and Hankin, C. 2007. Efficient field-sensitive pointer analysis of C. ACM Trans. Program. Lang. Syst. 30, 1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Raza, A., Vogel, G., and Pldereder, E. 2006. Bauhaus -- A tool suite for program analysis and reverse engineering. In Proceedings of the 11th Ada-Europe International Conference on Reliable Software Technologies. Lecture Notes in Computer Science, vol. 4006, Springer, 71--82. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Reps, T., Horwitz, S., and Sagiv, M. 1995. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’95). ACM Press, New York, 49--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Rountev, A., Milanova, A., and Ryder, B. G. 2001. Points-to analysis for java using annotated constraints. SIGPLAN Not. 36, 11, 43--55. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Ruf, E. 1995. Context-insensitive alias analysis reconsidered. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’95). ACM Press, New York, 13--22. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Ryder, B. G. 2003. Dimensions of precision in reference analysis of object-oriented programming languages. In Proceedings of the 12th International Conference on Compiler Construction (CC’03). Lecture Notes in Computer Science, vol. 2622, Springer, 126--137. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Salcianu, A. and Rinard, M. 2001. Pointer and escape analysis for multithreaded programs. In Proceedings of the 8th ACM SIGPLAN Symposium on Principles and Practices of Parallel Programming (PPoPP’01). ACM Press, New York, 12--23. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Shapiro, M. and Horwitz, S. 1997. Fast and accurate flow-insensitive points-to analysis. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’97). ACM Press, New York, 1--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Staiger-Stöhr, S. 2009. Kombinierte Statische Ermittlung von Zeigerzielen, Kontroll- und Datenfluss. Ph.D. dissertation, University of Stuttgart.Google ScholarGoogle Scholar
  39. Steensgaard, B. 1996. Points-to analysis in almost linear time. In Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’96). ACM Press, New York, 32--41. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Sui, Y., Ye, S., Xue, J., and Yew, P.-C. 2011. SPAS: Scalable path-sensitive pointer analysis on full-sparse SSA. In Proceedings of the 9th Asian Conference on Programming Languages and Systems (APLAS’11). Springer, 155--171. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Tarjan, R. E. 1972. Depth-first search and linear graph algorithms. SIAM J. Comput. 1, 2, 146--160.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Tok, T. B. 2007. Removing unimportant computations in interprocedural program analysis. Ph.D. dissertation, University of Texas. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Tok, T. B., Guyer, S. Z., and Lin, C. 2006. Efficient flow-sensitive interprocedural data-flow analysis in the presence of pointers. In Proceedings of the 15th International Conference on Compiler Construction (CC’06). Springer, 17--31. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Whaley, J. 2007. Context-sensitive pointer analysis using binary decision diagrams. Ph.D. dissertation, Stanford University, Stanford, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Whaley, J. and Lam, M. S. 2002. An efficient inclusion-based points-to analysis for strictly-typed languages. In Proceedings of the International Symposium on Static Analysis (SAS’02). Lecture Notes in Computer Science, vol. 2477, Springer, 180--195. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Wilson, R. P. 1997. Efficient, context-sensitive pointer analysis for C programs. Ph.D. dissertation, Stanford University. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Yu, H., Xue, J., Huo, W., Feng, X., and Zhang, Z. 2010. Level by level: Making flow and context-sensitive pointer analysis scalable for millions of lines of code. In Proceedings of the 8th Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO’10). ACM Press, New York, 218--229. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Zhu, J. 2005. Towards scalable flow and context sensitive pointer analysis. In Proceedings of the 42nd Annual Conference on Design Automation (DAC’05). ACM Press, New York, 831--836. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Practical Integrated Analysis of Pointers, Dataflow and Control Flow

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Programming Languages and Systems
        ACM Transactions on Programming Languages and Systems  Volume 35, Issue 1
        April 2013
        240 pages
        ISSN:0164-0925
        EISSN:1558-4593
        DOI:10.1145/2450136
        Issue’s Table of Contents

        Copyright © 2013 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 1 April 2013
        • Accepted: 1 January 2013
        • Revised: 1 December 2012
        • Received: 1 July 2011
        Published in toplas Volume 35, Issue 1

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!