Abstract
Mainstream points-to analysis techniques for object-oriented languages rely predominantly on the allocation-site abstraction to model heap objects. We present MAHJONG, a novel heap abstraction that is specifically developed to address the needs of an important class of type-dependent clients, such as call graph construction, devirtualization and may-fail casting. By merging equivalent automata representing type-consistent objects that are created by the allocation-site abstraction, MAHJONG enables an allocation-site-based points-to analysis to run significantly faster while achieving nearly the same precision for type-dependent clients.
MAHJONG is simple conceptually, efficient, and drops easily on any allocation-site-based points-to analysis. We demonstrate its effectiveness by discussing some insights on why it is a better alternative of the allocation-site abstraction for type-dependent clients and evaluating it extensively on 12 large real-world Java programs with five context-sensitive points-to analyses and three widely used type-dependent clients. MAHJONG is expected to provide significant benefits for many program analyses where call graphs are required.
Supplemental Material
Available for Download
This artifact is provided to enable the results of all two research questions (RQ1 and RQ2) in our companion paper, i.e., the results in Figure 8, Figure 9, Table 1 and Table 2, to be reproduced. In RQ1, we show that MAHJONG is lightweight for large programs and how MAHJONG can alleviate the heap over-partitioning problem suffered by the allocation-site abstraction effectively for type-dependent clients. In RQ2, we show that MAHJONG can significantly accelerate different types of mainstream context-sensitive points-to analyses while achieving nearly the same precision as the allocation-site abstraction for type-dependent clients. The artifact contains MAHJONG and Doop (a state-of-the-art whole-program points-to analysis framework for Java) to reproduce the results. Size of the artifact: 115MB MD5 sum of the artifact: 619a2d64be9fa61b158f2b04ad55e4a0
- J. Adamek and V. Trnkova. Automata and Algebras in Categories. Kluwer Academic Publishers, 1990. Google Scholar
Digital Library
- A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools (2Nd Edition). Addison-Wesley, Boston, MA, USA, 2006. Google Scholar
Digital Library
- K. Ali and O. Lhoták. Averroes: Whole-program analysis without the whole program. ECOOP, pages 378–400, 2013. Google Scholar
Digital Library
- L. Andersen. Program analysis and specialization for the C programming language. PhD thesis, DIKU, University of Copenhagen, 1994.Google Scholar
- S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. PLDI, pages 259–269, 2014. Google Scholar
Digital Library
- S. Blackshear, B.-Y. E. Chang, and M. Sridharan. Selective control-flow abstraction via jumping. OOPSLA, pages 163– 182, 2015. Google Scholar
Digital Library
- S. Blackshear, A. Gendreau, and B.-Y. E. Chang. Droidel: A general approach to Android framework modeling. SOAP, pages 19–25, 2015. Google Scholar
Digital Library
- E. Bodden, A. Sewe, J. Sinschek, H. Oueslati, and M. Mezini. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. ICSE, pages 241–250, 2011. Google Scholar
Digital Library
- M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. OOPSLA, pages 243–262, 2009. Google Scholar
Digital Library
- Chord. A program analysis platform for Java. http://www. cis.upenn.edu/~mhnaik/chord.html.Google Scholar
- T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein. Introduction to Algorithms. The MIT Press, 2009. Google Scholar
Digital Library
- DaCapo. Java benchmark. http://www.dacapobench.org.Google Scholar
- J. Dean, D. Grove, and C. Chambers. Optimization of object-oriented programs using static class hierarchy analysis. ECOOP, pages 77–101, 1995. Google Scholar
Digital Library
- DOOP. A sophisticated framework for Java pointer analysis. http://doop.program-analysis.org.Google Scholar
- Y. Feng, X. Wang, I. Dillig, and T. Dillig. Bottom-up contextsensitive pointer analysis for Java. APLAS, pages 465–484, 2015.Google Scholar
- S. J. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective typestate verification in the presence of aliasing. ACM Trans. Softw. Eng. Methodol., 17(2), 2008. Google Scholar
Digital Library
- M. Hind. Pointer analysis: Haven’t we solved this problem yet? PASTE, pages 54–61, 2001. Google Scholar
Digital Library
- J. E. Hopcroft and R. M. Karp. A linear algorithm for testing equivalence of finite automata. Technical Report 71-114, Cornell University, 1971.Google Scholar
- V. Kanvar and U. P. Khedker. Heap abstractions for static analysis. ACM Comput. Surv., 49(2):29:1–29:47, 2016. Google Scholar
Digital Library
- G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. PLDI, pages 423–434, 2013. Google Scholar
Digital Library
- O. Lhoták and L. Hendren. Scaling Java points-to analysis using Spark. CC, pages 153–169, 2003.Google Scholar
Digital Library
- O. Lhoták and L. Hendren. Context-sensitive points-to analysis: is it worth it? CC, pages 47–64, 2006.Google Scholar
Digital Library
- O. Lhoták and L. Hendren. Evaluating the benefits of contextsensitive points-to analysis using a bdd-based implementation. ACM TOSEM., 18(1):3:1–3:53, 2008. Google Scholar
Digital Library
- Y. Li, T. Tan, Y. Sui, and J. Xue. Self-inferencing reflection resolution for Java. ECOOP, pages 27–53, 2014. Google Scholar
Digital Library
- Y. Li, T. Tan, and J. Xue. Effective soundness-guided reflection analysis. SAS, pages 162–180, 2015.Google Scholar
Cross Ref
- Y. Li, T. Tan, Y. Zhang, and J. Xue. Program tailoring: Slicing by sequential criteria. ECOOP, pages 15:1–15:27, 2016.Google Scholar
- P. Liang and M. Naik. Scaling abstraction refinement via pruning. PLDI, pages 590–601, 2011. Google Scholar
Digital Library
- A. Marino. Analysis and Enumeration: Algorithms for Biological Graphs. Atlantis Publishing Corporation, 2015. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for Java. ISSTA, pages 1–11, 2002. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol., 14(1):1–41, 2005. Google Scholar
Digital Library
- M. Naik, A. Aiken, and J. Whaley. Effective static race detection for Java. PLDI, pages 308–319, 2006. Google Scholar
Digital Library
- M. Naik, C. Park, K. Sen, and D. Gay. Effective static deadlock detection. ICSE, pages 386–396, 2009. Google Scholar
Digital Library
- H. Oh, W. Lee, K. Heo, H. Yang, and K. Yi. Selective contextsensitivity guided by impact pre-analysis. PLDI, pages 475– 484, 2014. Google Scholar
Digital Library
- R. C. Read and R. E. Tarjan. Bounds on backtrack algorithms for listing cycles, paths, and spanning trees. Networks, 5(3): 237–252, 1975.Google Scholar
Digital Library
- B. G. Ryder. Dimensions of precision in reference analysis of object-oriented programming languages. CC, pages 126–137, 2003. Google Scholar
Digital Library
- L. Shang, X. Xie, and J. Xue. On-demand dynamic summarybased points-to analysis. In CGO, pages 264–274, 2012. Google Scholar
Digital Library
- O. G. Shivers. Control-flow Analysis of Higher-order Languages of Taming Lambda. PhD thesis, 1991. Google Scholar
Digital Library
- Y. Smaragdakis and G. Balatsouras. Pointer analysis. Found. Trends Program. Lang., pages 1–69, 2015. Google Scholar
Digital Library
- Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: understanding object-sensitivity. POPL, pages 17–30, 2011. Google Scholar
Digital Library
- Y. Smaragdakis, G. Kastrinis, and G. Balatsouras. Introspective analysis: Context-sensitivity, across the board. PLDI, pages 485–495, 2014. Google Scholar
Digital Library
- J. Späth, L. N. Q. Do, K. Ali, and E. Bodden. Boomerang: Demand-driven flow- and context-sensitive pointer analysis for Java. ECOOP, pages 22:1–22:26, 2016.Google Scholar
- M. Sridharan and R. Bod´ık. Refinement-based contextsensitive points-to analysis for Java. PLDI, pages 387–400, 2006. Google Scholar
Digital Library
- M. Sridharan, S. J. Fink, and R. Bodik. Thin slicing. PLDI, pages 112–122, 2007. Google Scholar
Digital Library
- M. Sridharan, S. Chandra, J. Dolby, S. J. Fink, and E. Yahav. Aliasing in object-oriented programming. chapter Alias Analysis for Object-oriented Programs, pages 196–232. 2013. Google Scholar
Digital Library
- Y. Sui and J. Xue. On-demand strong update analysis via value-flow refinement. In FSE, pages 460–473, 2016. Google Scholar
Digital Library
- Y. Sui, Y. Li, and J. Xue. Query-directed adaptive heap cloning for optimizing compilers. CGO, pages 1–11, 2013. Google Scholar
Digital Library
- V. Sundaresan, L. Hendren, C. Razafimahefa, R. Vallée-Rai, P. Lam, E. Gagnon, and C. Godin. Practical virtual method call resolution for java. OOPSLA, pages 264–280, 2000. Google Scholar
Digital Library
- T. Tan, Y. Li, and J. Xue. Making k-object-sensitive pointer analysis more precise with still k-limiting. SAS, pages 489– 510, 2016.Google Scholar
Cross Ref
- R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan. Soot - a Java bytecode optimization framework. CASCON, pages 1–13, 1999.Google Scholar
Digital Library
- WALA. Watson libraries for analysis. wala.sf.net.Google Scholar
- J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. PLDI, pages 131–144, 2004. Google Scholar
Digital Library
- H. Yu, J. Xue, W. Huo, X. Feng, and Z. Zhang. Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code. CGO, pages 218–229, 2010. Google Scholar
Digital Library
- Q. Zhang and Z. Su. Context-sensitive data-dependence analysis via linear conjunctive language reachability. POPL, pages 344–358, 2017. Google Scholar
Digital Library
- X. Zhang, R. Mangal, R. Grigore, M. Naik, and H. Yang. On abstraction refinement for program analyses in Datalog. PLDI, pages 239–248, 2014. Google Scholar
Digital Library
- Y. Zhang, T. Tan, Y. Li, and J. Xue. Ripple: Reflection analysis for android apps in incomplete information environments. 2017.Google Scholar
Index Terms
Efficient and precise points-to analysis: modeling the heap by merging equivalent automata
Recommendations
Efficient and precise points-to analysis: modeling the heap by merging equivalent automata
PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and ImplementationMainstream points-to analysis techniques for object-oriented languages rely predominantly on the allocation-site abstraction to model heap objects. We present MAHJONG, a novel heap abstraction that is specifically developed to address the needs of an ...
Merging equivalent contexts for scalable heap-cloning-based context-sensitive points-to analysis
ISSTA '08: Proceedings of the 2008 international symposium on Software testing and analysisA context-sensitive points-to analysis maintains separate points-to relationships for each possible (abstract) calling context of a method. Previous work has shown that a large number of equivalence classes exists in the representation of calling ...
Fast and precise points-to analysis
Many software engineering applications require points-to analysis. These client applications range from optimizing compilers to integrated program development environments (IDEs) and from testing environments to reverse-engineering tools. Moreover, ...






Comments