skip to main content
article

Efficient and precise points-to analysis: modeling the heap by merging equivalent automata

Published:14 June 2017Publication History
Skip Abstract Section

Abstract

Mainstream points-to analysis techniques for object-oriented languages rely predominantly on the allocation-site abstraction to model heap objects. We present MAHJONG, a novel heap abstraction that is specifically developed to address the needs of an important class of type-dependent clients, such as call graph construction, devirtualization and may-fail casting. By merging equivalent automata representing type-consistent objects that are created by the allocation-site abstraction, MAHJONG enables an allocation-site-based points-to analysis to run significantly faster while achieving nearly the same precision for type-dependent clients.

MAHJONG is simple conceptually, efficient, and drops easily on any allocation-site-based points-to analysis. We demonstrate its effectiveness by discussing some insights on why it is a better alternative of the allocation-site abstraction for type-dependent clients and evaluating it extensively on 12 large real-world Java programs with five context-sensitive points-to analyses and three widely used type-dependent clients. MAHJONG is expected to provide significant benefits for many program analyses where call graphs are required.

Skip Supplemental Material Section

Supplemental Material

References

  1. J. Adamek and V. Trnkova. Automata and Algebras in Categories. Kluwer Academic Publishers, 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools (2Nd Edition). Addison-Wesley, Boston, MA, USA, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. K. Ali and O. Lhoták. Averroes: Whole-program analysis without the whole program. ECOOP, pages 378–400, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. L. Andersen. Program analysis and specialization for the C programming language. PhD thesis, DIKU, University of Copenhagen, 1994.Google ScholarGoogle Scholar
  5. S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. PLDI, pages 259–269, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. S. Blackshear, B.-Y. E. Chang, and M. Sridharan. Selective control-flow abstraction via jumping. OOPSLA, pages 163– 182, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. S. Blackshear, A. Gendreau, and B.-Y. E. Chang. Droidel: A general approach to Android framework modeling. SOAP, pages 19–25, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. E. Bodden, A. Sewe, J. Sinschek, H. Oueslati, and M. Mezini. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. ICSE, pages 241–250, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. OOPSLA, pages 243–262, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Chord. A program analysis platform for Java. http://www. cis.upenn.edu/~mhnaik/chord.html.Google ScholarGoogle Scholar
  11. T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein. Introduction to Algorithms. The MIT Press, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. DaCapo. Java benchmark. http://www.dacapobench.org.Google ScholarGoogle Scholar
  13. J. Dean, D. Grove, and C. Chambers. Optimization of object-oriented programs using static class hierarchy analysis. ECOOP, pages 77–101, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. DOOP. A sophisticated framework for Java pointer analysis. http://doop.program-analysis.org.Google ScholarGoogle Scholar
  15. Y. Feng, X. Wang, I. Dillig, and T. Dillig. Bottom-up contextsensitive pointer analysis for Java. APLAS, pages 465–484, 2015.Google ScholarGoogle Scholar
  16. S. J. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective typestate verification in the presence of aliasing. ACM Trans. Softw. Eng. Methodol., 17(2), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. M. Hind. Pointer analysis: Haven’t we solved this problem yet? PASTE, pages 54–61, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. J. E. Hopcroft and R. M. Karp. A linear algorithm for testing equivalence of finite automata. Technical Report 71-114, Cornell University, 1971.Google ScholarGoogle Scholar
  19. V. Kanvar and U. P. Khedker. Heap abstractions for static analysis. ACM Comput. Surv., 49(2):29:1–29:47, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. PLDI, pages 423–434, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. O. Lhoták and L. Hendren. Scaling Java points-to analysis using Spark. CC, pages 153–169, 2003.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. O. Lhoták and L. Hendren. Context-sensitive points-to analysis: is it worth it? CC, pages 47–64, 2006.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. O. Lhoták and L. Hendren. Evaluating the benefits of contextsensitive points-to analysis using a bdd-based implementation. ACM TOSEM., 18(1):3:1–3:53, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Y. Li, T. Tan, Y. Sui, and J. Xue. Self-inferencing reflection resolution for Java. ECOOP, pages 27–53, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Y. Li, T. Tan, and J. Xue. Effective soundness-guided reflection analysis. SAS, pages 162–180, 2015.Google ScholarGoogle ScholarCross RefCross Ref
  26. Y. Li, T. Tan, Y. Zhang, and J. Xue. Program tailoring: Slicing by sequential criteria. ECOOP, pages 15:1–15:27, 2016.Google ScholarGoogle Scholar
  27. P. Liang and M. Naik. Scaling abstraction refinement via pruning. PLDI, pages 590–601, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. A. Marino. Analysis and Enumeration: Algorithms for Biological Graphs. Atlantis Publishing Corporation, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for Java. ISSTA, pages 1–11, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol., 14(1):1–41, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. Naik, A. Aiken, and J. Whaley. Effective static race detection for Java. PLDI, pages 308–319, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. M. Naik, C. Park, K. Sen, and D. Gay. Effective static deadlock detection. ICSE, pages 386–396, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. H. Oh, W. Lee, K. Heo, H. Yang, and K. Yi. Selective contextsensitivity guided by impact pre-analysis. PLDI, pages 475– 484, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. R. C. Read and R. E. Tarjan. Bounds on backtrack algorithms for listing cycles, paths, and spanning trees. Networks, 5(3): 237–252, 1975.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. B. G. Ryder. Dimensions of precision in reference analysis of object-oriented programming languages. CC, pages 126–137, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. L. Shang, X. Xie, and J. Xue. On-demand dynamic summarybased points-to analysis. In CGO, pages 264–274, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. O. G. Shivers. Control-flow Analysis of Higher-order Languages of Taming Lambda. PhD thesis, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Y. Smaragdakis and G. Balatsouras. Pointer analysis. Found. Trends Program. Lang., pages 1–69, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: understanding object-sensitivity. POPL, pages 17–30, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Y. Smaragdakis, G. Kastrinis, and G. Balatsouras. Introspective analysis: Context-sensitivity, across the board. PLDI, pages 485–495, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. J. Späth, L. N. Q. Do, K. Ali, and E. Bodden. Boomerang: Demand-driven flow- and context-sensitive pointer analysis for Java. ECOOP, pages 22:1–22:26, 2016.Google ScholarGoogle Scholar
  42. M. Sridharan and R. Bod´ık. Refinement-based contextsensitive points-to analysis for Java. PLDI, pages 387–400, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. M. Sridharan, S. J. Fink, and R. Bodik. Thin slicing. PLDI, pages 112–122, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. M. Sridharan, S. Chandra, J. Dolby, S. J. Fink, and E. Yahav. Aliasing in object-oriented programming. chapter Alias Analysis for Object-oriented Programs, pages 196–232. 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Y. Sui and J. Xue. On-demand strong update analysis via value-flow refinement. In FSE, pages 460–473, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Y. Sui, Y. Li, and J. Xue. Query-directed adaptive heap cloning for optimizing compilers. CGO, pages 1–11, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. V. Sundaresan, L. Hendren, C. Razafimahefa, R. Vallée-Rai, P. Lam, E. Gagnon, and C. Godin. Practical virtual method call resolution for java. OOPSLA, pages 264–280, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. T. Tan, Y. Li, and J. Xue. Making k-object-sensitive pointer analysis more precise with still k-limiting. SAS, pages 489– 510, 2016.Google ScholarGoogle ScholarCross RefCross Ref
  49. R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan. Soot - a Java bytecode optimization framework. CASCON, pages 1–13, 1999.Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. WALA. Watson libraries for analysis. wala.sf.net.Google ScholarGoogle Scholar
  51. J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. PLDI, pages 131–144, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. H. Yu, J. Xue, W. Huo, X. Feng, and Z. Zhang. Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code. CGO, pages 218–229, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Q. Zhang and Z. Su. Context-sensitive data-dependence analysis via linear conjunctive language reachability. POPL, pages 344–358, 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. X. Zhang, R. Mangal, R. Grigore, M. Naik, and H. Yang. On abstraction refinement for program analyses in Datalog. PLDI, pages 239–248, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Y. Zhang, T. Tan, Y. Li, and J. Xue. Ripple: Reflection analysis for android apps in incomplete information environments. 2017.Google ScholarGoogle Scholar

Index Terms

  1. Efficient and precise points-to analysis: modeling the heap by merging equivalent automata

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 52, Issue 6
      PLDI '17
      June 2017
      708 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/3140587
      Issue’s Table of Contents
      • cover image ACM Conferences
        PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation
        June 2017
        708 pages
        ISBN:9781450349888
        DOI:10.1145/3062341

      Copyright © 2017 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 14 June 2017

      Check for updates

      Qualifiers

      • article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!