Abstract
Context-sensitive points-to analysis is valuable for achieving high precision with good performance. The standard flavors of context-sensitivity are call-site-sensitivity (kCFA) and object-sensitivity. Combining both flavors of context-sensitivity increases precision but at an infeasibly high cost. We show that a selective combination of call-site- and object-sensitivity for Java points-to analysis is highly profitable. Namely, by keeping a combined context only when analyzing selected language features, we can closely approximate the precision of an analysis that keeps both contexts at all times. In terms of speed, the selective combination of both kinds of context not only vastly outperforms non-selective combinations but is also faster than a mere object-sensitive analysis. This result holds for a large array of analyses (e.g., 1-object-sensitive, 2-object-sensitive with a context-sensitive heap, type-sensitive) establishing a new set of performance/precision sweet spots.
Supplemental Material
Available for Download
Included here are the .pdf files for the plots used in the main pldi246-kastrinis.tex file
- K. Ali and O. Lhoták. Application-only call graph construction. In European Conf. on Object-Oriented Programming (ECOOP), 2012. Google Scholar
Digital Library
- L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994.Google Scholar
- M. Berndl, O. Lhoták, F. Qian, L. J. Hendren, and N. Umanee. Points-to analysis using BDDs. In Conf. on Programming Language Design and Implementation (PLDI), 2003. Google Scholar
Digital Library
- M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In Conf. on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2009. Google Scholar
Digital Library
- M. Eichberg, S. Kloppenburg, K. Klose, and M. Mezini. Defining and continuous checking of structural program dependencies. In Int. Conf. on Software engineering (ICSE), 2008. Google Scholar
Digital Library
- S. Guarnieri and B. Livshits. GateKeeper: mostly static enforcement of security and reliability policies for Javascript code. In Proceedings of the 18th USENIX Security Symposium, 2009. Google Scholar
Digital Library
- E. Hajiyev, M. Verbaere, and O. de Moor. Codequest: Scalable source code queries with Datalog. In European Conf. on Object-Oriented Programming (ECOOP), 2006. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In Conf. on Programming Language Design and Implementation (PLDI), 2007. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. Semi-sparse flow-sensitive pointer analysis. In Symposium on Principles of Programming Languages (POPL), 2009. Google Scholar
Digital Library
- N. Heintze and O. Tardieu. Demand-driven pointer analysis. In Conf. on Programming Language Design and Implementation (PLDI), 2001. Google Scholar
Digital Library
- M. S. Lam, J. Whaley, V. B. Livshits, M. C. Martin, D. Avots, M. Carbin, and C. Unkel. Context-sensitive program analysis as database queries. In Symposium on Principles of Database Systems (PODS), 2005. Google Scholar
Digital Library
- O. Lhoták. Program Analysis using Binary Decision Diagrams. PhD thesis, McGill University, 2006.Google Scholar
- O. Lhoták and K.-C. A. Chung. Points-to analysis with efficient strong updates. In Symposium on Principles of Programming Languages (POPL), 2011. Google Scholar
Digital Library
- O. Lhoták and L. Hendren. Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Trans. Softw. Eng. Methodol., 18(1):1--53, 2008. Google Scholar
Digital Library
- P. Liang and M. Naik. Scaling abstraction refinement via pruning. In Conf. on Programming Language Design and Implementation (PLDI), 2011. Google Scholar
Digital Library
- M. Madsen, B. Livshits, and M. Fanning. Practical static analysis of Javascript applications in the presence of frameworks and libraries. Technical Report MSR-TR-2012--66, Microsoft Research, 2012.Google Scholar
- M. Might, Y. Smaragdakis, and D. Van Horn. Resolving and exploiting the k-CFA paradox: Illuminating functional vs. object-oriented program analysis. In Conf. on Programming Language Design and Implementation (PLDI), 2010. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for Java. In International Symposium on Software Testing and Analysis (ISSTA), 2002. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol., 14(1):1--41, 2005. Google Scholar
Digital Library
- T. Reps. Demand interprocedural program analysis using logic databases. In Applications of Logic Databases, 1994.Google Scholar
- T. W. Reps. Solving demand versions of interprocedural analysis problems. In Int. Conf. on Compiler Construction (CC), 1994. Google Scholar
Digital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In Program Flow Analysis, 1981.Google Scholar
- O. Shivers. Control-Flow Analysis of Higher-Order Languages. PhD thesis, Carnegie Mellon University, 1991. Google Scholar
Digital Library
- Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: Understanding object-sensitivity (the making of a precise and scalable pointer analysis). In Symposium on Principles of Programming Languages (POPL), 2011. Google Scholar
Digital Library
- M. Sridharan and R. Bodík. Refinement-based context-sensitive points-to analysis for Java. In Conf. on Programming Language Design and Implementation (PLDI), 2006. Google Scholar
Digital Library
- M. Sridharan, D. Gopan, L. Shan, and R. Bodík. Demand-driven points-to analysis for Java. In Conf. on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2005. Google Scholar
Digital Library
- O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. Taj: effective taint analysis of web applications. In Conf. on Programming Language Design and Implementation (PLDI), 2009. Google Scholar
Digital Library
- R. Vallée-Rai, E. Gagnon, L. J. Hendren, P. Lam, P. Pominville, and V. Sundaresan. Optimizing Java bytecode using the Soot framework: Is it feasible? In Int. Conf. on Compiler Construction (CC), 2000. Google Scholar
Digital Library
- R. Vallée-Rai, L. Hendren, V. Sundaresan, P. Lam, E. Gagnon, and P. Co. Soot - a Java optimization framework. In Proceedings of CASCON 1999, 1999.Google Scholar
- J. Whaley, D. Avots, M. Carbin, and M. S. Lam. Using Datalog with binary decision diagrams for program analysis. In APLAS, 2005. Google Scholar
Digital Library
- J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In Conf. on Programming Language Design and Implementation (PLDI), 2004. Google Scholar
Digital Library
- X. Zheng and R. Rugina. Demand-driven alias analysis for c. In Symposium on Principles of Programming Languages (POPL), 2008. Google Scholar
Digital Library
Index Terms
Hybrid context-sensitivity for points-to analysis
Recommendations
Pick your contexts well: understanding object-sensitivity
POPL '11: Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesObject-sensitivity has emerged as an excellent context abstraction for points-to analysis in object-oriented languages. Despite its practical success, however, object-sensitivity is poorly understood. For instance, for a context depth of 2 or higher, ...
Hybrid context-sensitivity for points-to analysis
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationContext-sensitive points-to analysis is valuable for achieving high precision with good performance. The standard flavors of context-sensitivity are call-site-sensitivity (kCFA) and object-sensitivity. Combining both flavors of context-sensitivity ...
Introspective analysis: context-sensitivity, across the board
PLDI '14: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and ImplementationContext-sensitivity is the primary approach for adding more precision to a points-to analysis, while hopefully also maintaining scalability. An oft-reported problem with context-sensitive analyses, however, is that they are bi-modal: either the analysis ...







Comments