skip to main content
research-article

Hybrid context-sensitivity for points-to analysis

Authors Info & Claims
Published:16 June 2013Publication History
Skip Abstract Section

Abstract

Context-sensitive points-to analysis is valuable for achieving high precision with good performance. The standard flavors of context-sensitivity are call-site-sensitivity (kCFA) and object-sensitivity. Combining both flavors of context-sensitivity increases precision but at an infeasibly high cost. We show that a selective combination of call-site- and object-sensitivity for Java points-to analysis is highly profitable. Namely, by keeping a combined context only when analyzing selected language features, we can closely approximate the precision of an analysis that keeps both contexts at all times. In terms of speed, the selective combination of both kinds of context not only vastly outperforms non-selective combinations but is also faster than a mere object-sensitive analysis. This result holds for a large array of analyses (e.g., 1-object-sensitive, 2-object-sensitive with a context-sensitive heap, type-sensitive) establishing a new set of performance/precision sweet spots.

Skip Supplemental Material Section

Supplemental Material

References

  1. K. Ali and O. Lhoták. Application-only call graph construction. In European Conf. on Object-Oriented Programming (ECOOP), 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994.Google ScholarGoogle Scholar
  3. M. Berndl, O. Lhoták, F. Qian, L. J. Hendren, and N. Umanee. Points-to analysis using BDDs. In Conf. on Programming Language Design and Implementation (PLDI), 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In Conf. on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. M. Eichberg, S. Kloppenburg, K. Klose, and M. Mezini. Defining and continuous checking of structural program dependencies. In Int. Conf. on Software engineering (ICSE), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. S. Guarnieri and B. Livshits. GateKeeper: mostly static enforcement of security and reliability policies for Javascript code. In Proceedings of the 18th USENIX Security Symposium, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. E. Hajiyev, M. Verbaere, and O. de Moor. Codequest: Scalable source code queries with Datalog. In European Conf. on Object-Oriented Programming (ECOOP), 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. B. Hardekopf and C. Lin. The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In Conf. on Programming Language Design and Implementation (PLDI), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. B. Hardekopf and C. Lin. Semi-sparse flow-sensitive pointer analysis. In Symposium on Principles of Programming Languages (POPL), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. N. Heintze and O. Tardieu. Demand-driven pointer analysis. In Conf. on Programming Language Design and Implementation (PLDI), 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. M. S. Lam, J. Whaley, V. B. Livshits, M. C. Martin, D. Avots, M. Carbin, and C. Unkel. Context-sensitive program analysis as database queries. In Symposium on Principles of Database Systems (PODS), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. O. Lhoták. Program Analysis using Binary Decision Diagrams. PhD thesis, McGill University, 2006.Google ScholarGoogle Scholar
  13. O. Lhoták and K.-C. A. Chung. Points-to analysis with efficient strong updates. In Symposium on Principles of Programming Languages (POPL), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. O. Lhoták and L. Hendren. Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Trans. Softw. Eng. Methodol., 18(1):1--53, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. P. Liang and M. Naik. Scaling abstraction refinement via pruning. In Conf. on Programming Language Design and Implementation (PLDI), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. M. Madsen, B. Livshits, and M. Fanning. Practical static analysis of Javascript applications in the presence of frameworks and libraries. Technical Report MSR-TR-2012--66, Microsoft Research, 2012.Google ScholarGoogle Scholar
  17. M. Might, Y. Smaragdakis, and D. Van Horn. Resolving and exploiting the k-CFA paradox: Illuminating functional vs. object-oriented program analysis. In Conf. on Programming Language Design and Implementation (PLDI), 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for Java. In International Symposium on Software Testing and Analysis (ISSTA), 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol., 14(1):1--41, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. T. Reps. Demand interprocedural program analysis using logic databases. In Applications of Logic Databases, 1994.Google ScholarGoogle Scholar
  21. T. W. Reps. Solving demand versions of interprocedural analysis problems. In Int. Conf. on Compiler Construction (CC), 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In Program Flow Analysis, 1981.Google ScholarGoogle Scholar
  23. O. Shivers. Control-Flow Analysis of Higher-Order Languages. PhD thesis, Carnegie Mellon University, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: Understanding object-sensitivity (the making of a precise and scalable pointer analysis). In Symposium on Principles of Programming Languages (POPL), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. M. Sridharan and R. Bodík. Refinement-based context-sensitive points-to analysis for Java. In Conf. on Programming Language Design and Implementation (PLDI), 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. M. Sridharan, D. Gopan, L. Shan, and R. Bodík. Demand-driven points-to analysis for Java. In Conf. on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. Taj: effective taint analysis of web applications. In Conf. on Programming Language Design and Implementation (PLDI), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. R. Vallée-Rai, E. Gagnon, L. J. Hendren, P. Lam, P. Pominville, and V. Sundaresan. Optimizing Java bytecode using the Soot framework: Is it feasible? In Int. Conf. on Compiler Construction (CC), 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. R. Vallée-Rai, L. Hendren, V. Sundaresan, P. Lam, E. Gagnon, and P. Co. Soot - a Java optimization framework. In Proceedings of CASCON 1999, 1999.Google ScholarGoogle Scholar
  30. J. Whaley, D. Avots, M. Carbin, and M. S. Lam. Using Datalog with binary decision diagrams for program analysis. In APLAS, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In Conf. on Programming Language Design and Implementation (PLDI), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. X. Zheng and R. Rugina. Demand-driven alias analysis for c. In Symposium on Principles of Programming Languages (POPL), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Hybrid context-sensitivity for points-to analysis

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM SIGPLAN Notices
          ACM SIGPLAN Notices  Volume 48, Issue 6
          PLDI '13
          June 2013
          515 pages
          ISSN:0362-1340
          EISSN:1558-1160
          DOI:10.1145/2499370
          Issue’s Table of Contents
          • cover image ACM Conferences
            PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation
            June 2013
            546 pages
            ISBN:9781450320146
            DOI:10.1145/2491956

          Copyright © 2013 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 16 June 2013

          Check for updates

          Qualifiers

          • research-article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!