Abstract
A points-to analysis computes a sound abstraction of heap memory conventionally using a name-based abstraction that summarizes runtime memory by grouping locations using the names of allocation sites: All concrete heap locations allocated by the same statement are grouped together. The locations in the same group are treated alike i.e., a pointer to any one location of the group is assumed to point to every location in the group leading to an over-approximation of points-to relations.
We propose an access-based abstraction that partitions each name-based group of locations into equivalence classes at every program point using an additional criterion of the sets of access paths (chains of pointer indirections) reaching the locations in the memory. The intuition is that the locations that are both allocated and accessed alike should be grouped into the same equivalence class. Since the access paths in the memory could reach different locations at different program points, our groupings change flow sensitively unlike the name-based groupings. This creates a more precise view of the memory. Theoretically, it is strictly more precise than the name-based abstraction except in some trivial cases; practically it is far more precise.
Our empirical measurements show the benefits of our tool Access-Based Heap Analyzer (ABHA) on SPEC CPU 2006 and heap manipulating SV-COMP benchmarks. ABHA, which is field-, flow-, and context-sensitive, scales to 20 kLoC and can improve the precision even up to 99% (in terms of the number of aliases). Additionally, ABHA allows any user-defined summarization of an access path to be plugged in; we have implemented and evaluated four summarization techniques. ABHA can also act as a front-end to TVLA, a parametrized shape analyzer, in order to automate its parametrization by generating predicates that capture the program behaviour more accurately.
- G. Balakrishnan and T. Reps. Recency-abstraction for heap-allocated storage. In Proceedings of the 13th International Conference on Static Analysis, SAS’06, pages 221–239, Berlin, Heidelberg, 2006. Springer-Verlag. Google Scholar
Digital Library
- I. Bogudlov, T. Lev-Ami, T. Reps, and M. Sagiv. Revamping tvla: Making parametric shape analysis competitive. In Proceedings of the 19th International Conference on Computer Aided Verification, CAV’07, pages 221–225, Berlin, Heidelberg, 2007. Springer-Verlag. Google Scholar
Digital Library
- M. Bozga, R. Iosif, and Y. Lakhnech. Static Analysis: 11th International Symposium, SAS 2004, Verona, Italy, August 26-28, 2004. Proceedings, chapter On Logics of Aliasing, pages 344–360. Springer Berlin Heidelberg, Berlin, Heidelberg, 2004.Google Scholar
- D. R. Chase, M. Wegman, and F. K. Zadeck. Analysis of pointers and structures. In Proceedings of the ACM SIGPLAN 1990 Conference on Programming Language Design and Implementation, PLDI ’90, pages 296–310, New York, NY, USA, 1990. ACM. Google Scholar
Digital Library
- D. Distefano, P. W. O’Hearn, and H. Yang. A local shape analysis based on separation logic. In Proceedings of the 12th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS’06, pages 287–302, Berlin, Heidelberg, 2006. Springer-Verlag. Google Scholar
Digital Library
- A. Gotsman, J. Berdine, and B. Cook. Interprocedural shape analysis with separated heap abstractions. In Proceedings of the 13th International Conference on Static Analysis, SAS’06, pages 240–260, Berlin, Heidelberg, 2006. Springer-Verlag. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. Flow-sensitive pointer analysis for millions of lines of code. In Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO ’11, pages 289–298, Washington, DC, USA, 2011. IEEE Computer Society. Google Scholar
Digital Library
- M. Hind, M. Burke, P. Carini, and J.-D. Choi. Interprocedural pointer alias analysis. ACM Trans. Program. Lang. Syst., 21(4):848–894, July 1999. Google Scholar
Digital Library
- M. Hirzel, A. Diwan, and J. Henkel. On the usefulness of type and liveness accuracy for garbage collection and leak detection. ACM Trans. Program. Lang. Syst., 24(6):593–624, Nov. 2002. Google Scholar
Digital Library
- V. Kanvar and U. P. Khedker. Heap abstractions for static analysis. ACM Comput. Surv., 49(2):29:1–29:47, June 2016. Google Scholar
Digital Library
- U. Khedker, A. Sanyal, and A. Karkare. Heap reference analysis using access graphs. ACM Trans. Program. Lang. Syst., 30(1), Nov. 2007. Google Scholar
Digital Library
- U. Khedker, A. Sanyal, and B. Karkare. Data Flow Analysis: Theory and Practice. CRC Press, Inc., Boca Raton, USA, 1st edition, 2009. Google Scholar
Digital Library
- U. P. Khedker and B. Karkare. Efficiency, precision, simplicity, and generality in interprocedural data flow analysis: Resurrecting the classical call strings method. In Proceedings of the Joint European Conferences on Theory and Practice of Software 17th International Conference on Compiler Construction, CC’08/ETAPS’08, pages 213– 228, Berlin, Heidelberg, 2008. Springer-Verlag. Google Scholar
Digital Library
- U. P. Khedker, A. Mycroft, and P. S. Rawat. Liveness-based pointer analysis. In Proceedings of the 19th International Conference on Static Analysis, SAS’12, pages 265–282, Deauville, France, 2012. Springer-Verlag. Google Scholar
Digital Library
- V. Kuncak, P. Lam, K. Zee, and M. C. Rinard. Modular pluggable analyses for data structure consistency. IEEE Trans. Softw. Eng., 32 (12):988–1005, Dec. 2006. Google Scholar
Digital Library
- W. Landi and B. G. Ryder. A safe approximate algorithm for interprocedural aliasing. In Proceedings of the ACM SIGPLAN 1992 Conference on Programming Language Design and Implementation, PLDI ’92, pages 235–248, New York, NY, USA, 1992. ACM. Google Scholar
Digital Library
- J. R. Larus and P. N. Hilfinger. Detecting conflicts between structure accesses. In Proceedings of the ACM SIGPLAN 1988 Conference on Programming Language Design and Implementation, PLDI ’88, pages 24–31, New York, NY, USA, 1988. ACM. Google Scholar
Digital Library
- C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’07, pages 278–289, New York, NY, USA, 2007. ACM. Google Scholar
Digital Library
- T. Lev-Ami, N. Immerman, and M. Sagiv. Abstraction for shape analysis with fast and precise transformers. In Proceedings of the 18th International Conference on Computer Aided Verification, CAV’06, pages 547–561, Berlin, Heidelberg, 2006. Springer-Verlag. Google Scholar
Digital Library
- A. Loginov, T. Reps, and M. Sagiv. Automated verification of the deutsch-schorr-waite tree-traversal algorithm. In Proceedings of the 13th International Conference on Static Analysis, SAS’06, pages 261– 279, Berlin, Heidelberg, 2006. Springer-Verlag. Google Scholar
Digital Library
- R. Manevich. Tvla: 3-valued logic analysis engine, tvla3+hedec, June 2011.Google Scholar
- R. Manevich, M. Sagiv, G. Ramalingam, and J. Field. Partially Disjunctive Heap Abstraction, pages 265–279. Springer Berlin Heidelberg, Berlin, Heidelberg, 2004.Google Scholar
- I. Matosevic and T. S. Abdelrahman. Efficient bottom-up heap analysis for symbolic path-based data access summaries. In Proceedings of the Tenth International Symposium on Code Generation and Optimization, CGO ’12, pages 252–263, New York, NY, USA, 2012. ACM. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for java. SIGSOFT Softw. Eng. Notes, 27(4):1–11, July 2002. Google Scholar
Digital Library
- A. Møller and M. I. Schwartzbach. The pointer assertion logic engine. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, PLDI ’01, pages 221–231, New York, NY, USA, 2001. ACM. Google Scholar
Digital Library
- R. Padhye and U. P. Khedker. Interprocedural data flow analysis in soot using value contexts. In Proceedings of the 2Nd ACM SIGPLAN International Workshop on State Of the Art in Java Program Analysis, SOAP ’13, pages 31–36, New York, NY, USA, 2013. ACM. Google Scholar
Digital Library
- J. Reineke. Shape analysis of sets. Master’s thesis, Universität des Saarlandes, Germany, June 2005.Google Scholar
- N. Rinetzky, M. Sagiv, and E. Yahav. Interprocedural shape analysis for cutpoint-free programs. In Proceedings of the 12th International Conference on Static Analysis, SAS’05, pages 284–302, Berlin, Heidelberg, 2005. Springer-Verlag. Google Scholar
Digital Library
- M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’99, pages 105–118, New York, NY, USA, 1999. ACM. Google Scholar
Digital Library
- Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: Understanding object-sensitivity. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’11, pages 17–30, New York, NY, USA, 2011. ACM. Google Scholar
Digital Library
- M. Sridharan, S. Chandra, J. Dolby, S. J. Fink, and E. Yahav. Aliasing in object-oriented programming. In D. Clarke, J. Noble, and T. Wrigstad, editors, Alias Analysis for Object-oriented Programs, pages 196–232. Springer-Verlag, Berlin, Heidelberg, 2013. Google Scholar
Digital Library
- E. Yahav and G. Ramalingam. Verifying safety properties using separation and heterogeneous abstractions. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, PLDI ’04, pages 25–34, NY, USA, 2004. ACM. Google Scholar
Digital Library
Index Terms
"What's in a name?" going beyond allocation site names in heap analysis
Recommendations
"What's in a name?" going beyond allocation site names in heap analysis
ISMM 2017: Proceedings of the 2017 ACM SIGPLAN International Symposium on Memory ManagementA points-to analysis computes a sound abstraction of heap memory conventionally using a name-based abstraction that summarizes runtime memory by grouping locations using the names of allocation sites: All concrete heap locations allocated by the same ...
Efficient and precise points-to analysis: modeling the heap by merging equivalent automata
PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and ImplementationMainstream points-to analysis techniques for object-oriented languages rely predominantly on the allocation-site abstraction to model heap objects. We present MAHJONG, a novel heap abstraction that is specifically developed to address the needs of an ...
Efficient and precise points-to analysis: modeling the heap by merging equivalent automata
PLDI '17Mainstream points-to analysis techniques for object-oriented languages rely predominantly on the allocation-site abstraction to model heap objects. We present MAHJONG, a novel heap abstraction that is specifically developed to address the needs of an ...






Comments