skip to main content
research-article

Precise and scalable context-sensitive pointer analysis via value flow graph

Published:20 June 2013Publication History
Skip Abstract Section

Abstract

In this paper, we propose a novel method for context-sensitive pointer analysis using the value flow graph (VFG) formulation. We achieve context-sensitivity by simultaneously applying function cloning and computing context-free language reachability (CFL-reachability) in a novel way. In contrast to existing clone-based and CFL-based approaches, flow-sensitivity is easily integrated in our approach by using a flow-sensitive VFG where each value flow edge is computed in a flow-sensitive manner. We apply context-sensitivity to both local variables and heap objects and propose a new approximation for heap cloning.

We prove that our approach can achieve context-sensitivity without loss of precision, i.e., it is as precise as inlining all function calls. We develop an efficient algorithm and implement a context-, flow-, and field-sensitive pointer analysis with heap cloning support in LLVM. We evaluate the efficiency and precision of our implementation using standard SPEC CPU2006 benchmarks. Our experimental results show that the analysis is much faster than existing approaches, it scales well to large real-world applications, and it enables more effective compiler optimizations.

References

  1. M. Berndl, O. Lhoták, F. Qian, L. Hendren, and N. Umanee. Points-to analysis using BDDs. In Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation, PLDI '03, pages 103--114. ACM, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. R. Bodik. Path-sensitive, value-flow optimizations of programs. PhD thesis, University of Pittsburgh, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. R. Bodik and S. Anik. Path-sensitive value-flow analysis. In Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '98, pages 237--251. ACM, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In Proceeding of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications, OOPSLA '09, pages 243--262. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. R. Chatterjee, B. G. Ryder, and W. A. Landi. Relevant context inference. In Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '99, pages 133--146. ACM, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. S. Cherem, L. Princehouse, and R. Rugina. Practical memory leak detection using guarded value-flow analysis. In Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation, PLDI '07, pages 480--491. ACM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. C. Cifuentes, N. Keynes, L. Li, N. Hawes, M. Valdiviezo, A. Browne, J. Zimmermann, A. Craik, D. Teoh, and C. Hoermann. Static deep error checking in large system applications using parfait. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering, ESEC/FSE '11, pages 432--435, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. A. Deutsch. Interprocedural may-alias analysis for pointers: beyond k-limiting. In Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, PLDI '94, pages 230--241. ACM, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. N. Dor, S. Adams, M. Das, and Z. Yang. Software validation via scalable path-sensitive value flow analysis. In Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, ISSTA '04, pages 12--22. ACM, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. V. D'silva, D. Kroening, and G. Weissenbacher. A survey of automated techniques for formal software verification. Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, 27(7):1165--1178, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, PLDI '94, pages 242--256. ACM, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. B. Hardekopf and C. Lin. Semi-sparse flow-sensitive pointer analysis. In Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '09, pages 226--238. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. B. C. Hardekopf. Pointer analysis: building a foundation for effective program analysis. PhD thesis, University of Texas at Austin, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. V. Kahlon. Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis. In Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation, PLDI '08, pages 249--259. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. W. Landi and B. G. Ryder. A safe approximate algorithm for interprocedural aliasing. In Proceedings of the ACM SIGPLAN 1992 conference on Programming language design and implementation, PLDI '92, pages 235--248. ACM, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. C. Lattner and V. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization, CGO '04, pages 75--, Washington, DC, USA, 2004. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation, PLDI '07, pages 278--289. ACM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. O. Lhoták and K.-C. A. Chung. Points-to analysis with efficient strong updates. In Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '11, pages 3--16. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. L. Li, C. Cifuentes, and N. Keynes. Practical and effective symbolic analysis for buffer overflow detection. In Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering, FSE '10, pages 317--326. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. L. Li, C. Cifuentes, and N. Keynes. Boosting the performance of flow-sensitive points-to analysis using value flow. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering, ESEC/FSE '11, pages 343--353. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. L. Li, H. Feng, and J. Xue. Compiler-directed scratchpad memory management via graph coloring. ACM Transactions on Architecture Code Optimization, 6(3):9:1--9:17, Oct. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. L. Li, J. Xue, and J. Knoop. Scratchpad memory allocation for data aggregates via interval coloring in superperfect graphs. ACM Transactions on Embedded Computing Systems, 10(2):28:1--28:42, Jan. 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Y. Lu, L. Shang, X. Xie, and J. Xue. An incremental points-to analysis with CFL-reachability. In R. Jhala and K. Bosschere, editors, Compiler Construction, volume 7791 of Lecture Notes in Computer Science, pages 61--81. Springer Berlin Heidelberg, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Transaction on Software Engineering Methodolology, 14(1):1--41, Jan. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. E. M. Nystrom, H. S. Kim, and W. M. Hwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. In SAS'04, pages 165--180, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  26. E. M. Nystrom, H. S. Kim, and W. M. Hwu. Importance of heap specialization in pointer analysis. In Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, PASTE '04, pages 43--48. ACM, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. D. J. Pearce, P. H. Kelly, and C. Hankin. Efficient field-sensitive pointer analysis of C. ACM Transactions on Programming Languages and Systems, 30(1), Nov. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. J. H. Reif and H. R. Lewis. Symbolic evaluation and the global value graph. In Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, POPL '77, pages 104--118. ACM, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. T. Reps. Program analysis via graph reachability. In Proceedings of the 1997 international symposium on Logic programming, ILPS '97, pages 5--19. MIT Press, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. L. Shang, X. Xie, and J. Xue. On-demand dynamic summary-based points-to analysis. In Proceedings of the Tenth International Symposium on Code Generation and Optimization, CGO '12, pages 264--274, New York, NY, USA, 2012. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: understanding object-sensitivity. In Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '11, pages 17--30. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. M. Sridharan and R. Bodık. Refinement-based context-sensitive points-to analysis for Java. In Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation, PLDI '06, pages 387--400. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. B. Steensgaard. Points-to analysis in almost linear time. In Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '96, pages 32--41. ACM, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Y. Sui, D. Ye, and J. Xue. Static memory leak detection using full-sparse value-flow analysis. In Proceedings of the 2012 International Symposium on Software Testing and Analysis, ISSTA '12, pages 254--264, New York, NY, USA, 2012. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Y. Sui, L. Yue, and J. Xue. Query-directed adaptive heap cloning for optimizing compilers. In Proceedings of the 2013 International Symposium on Code Generation and Optmization, CGO '13, New York, NY, USA, 2013. ACM.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, PLDI '04, pages 131--144. ACM, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. D. A. Wheeler. SLOC Count User Guide. http://www.dwheeler.com/sloccount/. Last accessed: 11 Nov 2012.Google ScholarGoogle Scholar
  38. R. P. Wilson and M. S. Lam. Efficient context-sensitive pointer analysis for C programs. In Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation, PLDI '95, pages 1--12. ACM, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. G. Xu, A. Rountev, and M. Sridharan. Scaling CFL-reachability-based points-to analysis using context-sensitive must-not-alias analysis. In Proceedings of the 23rd European Conference on ECOOP 2009 -- Object-Oriented Programming, Genoa, pages 98--122. Springer-Verlag, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. H. Yu, J. Xue, W. Huo, X. Feng, and Z. Zhang. Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code. In Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization, CGO '10, pages 218--229. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. X. Zheng and R. Rugina. Demand-driven alias analysis for C. In Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '08, pages 197--208. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. J. Zhu. Towards scalable flow and context sensitive pointer analysis. In Proceedings of the 42nd annual Design Automation Conference, DAC '05, pages 831--836. ACM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. J. Zhu and S. Calman. Symbolic pointer analysis revisited. In Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, PLDI '04, pages 145--157. ACM, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Precise and scalable context-sensitive pointer analysis via value flow graph

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!