Abstract
In this paper, we propose a novel method for context-sensitive pointer analysis using the value flow graph (VFG) formulation. We achieve context-sensitivity by simultaneously applying function cloning and computing context-free language reachability (CFL-reachability) in a novel way. In contrast to existing clone-based and CFL-based approaches, flow-sensitivity is easily integrated in our approach by using a flow-sensitive VFG where each value flow edge is computed in a flow-sensitive manner. We apply context-sensitivity to both local variables and heap objects and propose a new approximation for heap cloning.
We prove that our approach can achieve context-sensitivity without loss of precision, i.e., it is as precise as inlining all function calls. We develop an efficient algorithm and implement a context-, flow-, and field-sensitive pointer analysis with heap cloning support in LLVM. We evaluate the efficiency and precision of our implementation using standard SPEC CPU2006 benchmarks. Our experimental results show that the analysis is much faster than existing approaches, it scales well to large real-world applications, and it enables more effective compiler optimizations.
- M. Berndl, O. Lhoták, F. Qian, L. Hendren, and N. Umanee. Points-to analysis using BDDs. In Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation, PLDI '03, pages 103--114. ACM, 2003. Google Scholar
Digital Library
- R. Bodik. Path-sensitive, value-flow optimizations of programs. PhD thesis, University of Pittsburgh, 1999. Google Scholar
Digital Library
- R. Bodik and S. Anik. Path-sensitive value-flow analysis. In Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '98, pages 237--251. ACM, 1998. Google Scholar
Digital Library
- M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In Proceeding of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications, OOPSLA '09, pages 243--262. ACM, 2009. Google Scholar
Digital Library
- R. Chatterjee, B. G. Ryder, and W. A. Landi. Relevant context inference. In Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '99, pages 133--146. ACM, 1999. Google Scholar
Digital Library
- S. Cherem, L. Princehouse, and R. Rugina. Practical memory leak detection using guarded value-flow analysis. In Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation, PLDI '07, pages 480--491. ACM, 2007. Google Scholar
Digital Library
- C. Cifuentes, N. Keynes, L. Li, N. Hawes, M. Valdiviezo, A. Browne, J. Zimmermann, A. Craik, D. Teoh, and C. Hoermann. Static deep error checking in large system applications using parfait. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering, ESEC/FSE '11, pages 432--435, New York, NY, USA, 2011. ACM. Google Scholar
Digital Library
- A. Deutsch. Interprocedural may-alias analysis for pointers: beyond k-limiting. In Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, PLDI '94, pages 230--241. ACM, 1994. Google Scholar
Digital Library
- N. Dor, S. Adams, M. Das, and Z. Yang. Software validation via scalable path-sensitive value flow analysis. In Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, ISSTA '04, pages 12--22. ACM, 2004. Google Scholar
Digital Library
- V. D'silva, D. Kroening, and G. Weissenbacher. A survey of automated techniques for formal software verification. Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, 27(7):1165--1178, 2008. Google Scholar
Digital Library
- M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, PLDI '94, pages 242--256. ACM, 1994. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. Semi-sparse flow-sensitive pointer analysis. In Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '09, pages 226--238. ACM, 2009. Google Scholar
Digital Library
- B. C. Hardekopf. Pointer analysis: building a foundation for effective program analysis. PhD thesis, University of Texas at Austin, 2009. Google Scholar
Digital Library
- V. Kahlon. Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis. In Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation, PLDI '08, pages 249--259. ACM, 2008. Google Scholar
Digital Library
- W. Landi and B. G. Ryder. A safe approximate algorithm for interprocedural aliasing. In Proceedings of the ACM SIGPLAN 1992 conference on Programming language design and implementation, PLDI '92, pages 235--248. ACM, 1992. Google Scholar
Digital Library
- C. Lattner and V. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization, CGO '04, pages 75--, Washington, DC, USA, 2004. IEEE Computer Society. Google Scholar
Digital Library
- C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation, PLDI '07, pages 278--289. ACM, 2007. Google Scholar
Digital Library
- O. Lhoták and K.-C. A. Chung. Points-to analysis with efficient strong updates. In Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '11, pages 3--16. ACM, 2011. Google Scholar
Digital Library
- L. Li, C. Cifuentes, and N. Keynes. Practical and effective symbolic analysis for buffer overflow detection. In Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering, FSE '10, pages 317--326. ACM, 2010. Google Scholar
Digital Library
- L. Li, C. Cifuentes, and N. Keynes. Boosting the performance of flow-sensitive points-to analysis using value flow. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering, ESEC/FSE '11, pages 343--353. ACM, 2011. Google Scholar
Digital Library
- L. Li, H. Feng, and J. Xue. Compiler-directed scratchpad memory management via graph coloring. ACM Transactions on Architecture Code Optimization, 6(3):9:1--9:17, Oct. 2009. Google Scholar
Digital Library
- L. Li, J. Xue, and J. Knoop. Scratchpad memory allocation for data aggregates via interval coloring in superperfect graphs. ACM Transactions on Embedded Computing Systems, 10(2):28:1--28:42, Jan. 2011. Google Scholar
Digital Library
- Y. Lu, L. Shang, X. Xie, and J. Xue. An incremental points-to analysis with CFL-reachability. In R. Jhala and K. Bosschere, editors, Compiler Construction, volume 7791 of Lecture Notes in Computer Science, pages 61--81. Springer Berlin Heidelberg, 2013. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Transaction on Software Engineering Methodolology, 14(1):1--41, Jan. 2005. Google Scholar
Digital Library
- E. M. Nystrom, H. S. Kim, and W. M. Hwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. In SAS'04, pages 165--180, 2004.Google Scholar
Cross Ref
- E. M. Nystrom, H. S. Kim, and W. M. Hwu. Importance of heap specialization in pointer analysis. In Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, PASTE '04, pages 43--48. ACM, 2004. Google Scholar
Digital Library
- D. J. Pearce, P. H. Kelly, and C. Hankin. Efficient field-sensitive pointer analysis of C. ACM Transactions on Programming Languages and Systems, 30(1), Nov. 2007. Google Scholar
Digital Library
- J. H. Reif and H. R. Lewis. Symbolic evaluation and the global value graph. In Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, POPL '77, pages 104--118. ACM, 1977. Google Scholar
Digital Library
- T. Reps. Program analysis via graph reachability. In Proceedings of the 1997 international symposium on Logic programming, ILPS '97, pages 5--19. MIT Press, 1997. Google Scholar
Digital Library
- L. Shang, X. Xie, and J. Xue. On-demand dynamic summary-based points-to analysis. In Proceedings of the Tenth International Symposium on Code Generation and Optimization, CGO '12, pages 264--274, New York, NY, USA, 2012. ACM. Google Scholar
Digital Library
- Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: understanding object-sensitivity. In Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '11, pages 17--30. ACM, 2011. Google Scholar
Digital Library
- M. Sridharan and R. Bodık. Refinement-based context-sensitive points-to analysis for Java. In Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation, PLDI '06, pages 387--400. ACM, 2006. Google Scholar
Digital Library
- B. Steensgaard. Points-to analysis in almost linear time. In Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '96, pages 32--41. ACM, 1996. Google Scholar
Digital Library
- Y. Sui, D. Ye, and J. Xue. Static memory leak detection using full-sparse value-flow analysis. In Proceedings of the 2012 International Symposium on Software Testing and Analysis, ISSTA '12, pages 254--264, New York, NY, USA, 2012. ACM. Google Scholar
Digital Library
- Y. Sui, L. Yue, and J. Xue. Query-directed adaptive heap cloning for optimizing compilers. In Proceedings of the 2013 International Symposium on Code Generation and Optmization, CGO '13, New York, NY, USA, 2013. ACM.Google Scholar
Digital Library
- J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, PLDI '04, pages 131--144. ACM, 2004. Google Scholar
Digital Library
- D. A. Wheeler. SLOC Count User Guide. http://www.dwheeler.com/sloccount/. Last accessed: 11 Nov 2012.Google Scholar
- R. P. Wilson and M. S. Lam. Efficient context-sensitive pointer analysis for C programs. In Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation, PLDI '95, pages 1--12. ACM, 1995. Google Scholar
Digital Library
- G. Xu, A. Rountev, and M. Sridharan. Scaling CFL-reachability-based points-to analysis using context-sensitive must-not-alias analysis. In Proceedings of the 23rd European Conference on ECOOP 2009 -- Object-Oriented Programming, Genoa, pages 98--122. Springer-Verlag, 2009. Google Scholar
Digital Library
- H. Yu, J. Xue, W. Huo, X. Feng, and Z. Zhang. Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code. In Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization, CGO '10, pages 218--229. ACM, 2010. Google Scholar
Digital Library
- X. Zheng and R. Rugina. Demand-driven alias analysis for C. In Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '08, pages 197--208. ACM, 2008. Google Scholar
Digital Library
- J. Zhu. Towards scalable flow and context sensitive pointer analysis. In Proceedings of the 42nd annual Design Automation Conference, DAC '05, pages 831--836. ACM, 2005. Google Scholar
Digital Library
- J. Zhu and S. Calman. Symbolic pointer analysis revisited. In Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, PLDI '04, pages 145--157. ACM, 2004. Google Scholar
Digital Library
Index Terms
Precise and scalable context-sensitive pointer analysis via value flow graph
Recommendations
Precise and scalable context-sensitive pointer analysis via value flow graph
ISMM '13: Proceedings of the 2013 international symposium on memory managementIn this paper, we propose a novel method for context-sensitive pointer analysis using the value flow graph (VFG) formulation. We achieve context-sensitivity by simultaneously applying function cloning and computing context-free language reachability (...
Precise and scalable context-sensitive pointer analysis via value flow graph
ISMM '13: Proceedings of the 2013 international symposium on memory managementIn this paper, we propose a novel method for context-sensitive pointer analysis using the value flow graph (VFG) formulation. We achieve context-sensitivity by simultaneously applying function cloning and computing context-free language reachability (...
Demand-driven memory leak detection based on flow- and context-sensitive pointer analysis
We present a demand-driven approach to memory leak detection algorithm based on flow- and context-sensitive pointer analysis. The detection algorithm firstly assumes the presence of a memory leak at some program point and then runs a backward analysis ...







Comments