Abstract
Object sensitivity analysis is a well-known form of context-sensitive points-to analysis. This analysis is parameterized by a bound on the names of symbolic objects associated with each allocation site. In this paper, we propose a novel approach based on object sensitivity analysis that takes as input a set of client queries, and tries to answer them using an initial round of inexpensive object sensitivity analysis that uses a low object-name length bound at all allocation sites. For the queries that are answered unsatisfactorily, the approach then pin points "bad" points-to facts, which are the ones that are responsible for the imprecision. It then employs a form of program slicing to identify allocation sites that are potentially causing these bad points-to facts to be generated. The approach then runs object sensitivity analysis once again, this time using longer names for just these allocation sites, with the objective of resolving the imprecision in this round. We describe our approach formally, prove its completeness, and describe a Datalog-based implementation of it on top of the Petablox framework. Our evaluation of our approach on a set of large Java benchmarks, using two separate clients, reveals that our approach is more precise than the baseline object sensitivity approach, by around 29% for one of the clients and by around 19% for the other client. Our approach is also more precise on most large benchmarks than a recently proposed approach that uses SAT solvers to identify allocation sites to refine.
Supplemental Material
- Michael Burke, Paul Carini, Jong-Deok Choi, and Michael Hind. 1994. Flow-insensitive interprocedural alias analysis in the presence of pointers. In International Workshop on Languages and Compilers for Parallel Computing. Springer, 234–250. Google Scholar
Digital Library
- G. Canfora, A. Cimitile, and A. De Lucia. 1998. Conditioned program slicing. Information and Software Technology 40, 11 (1998), 595–607.Google Scholar
Cross Ref
- Ramkrishna Chatterjee, Barbara G. Ryder, and William A. Landi. 1999. Relevant Context Inference. In Proc. ACM Symposium on Principles of Programming Languages (POPL ’99). ACM, 133–146. Google Scholar
Digital Library
- Zhenqiang Chen and Baowen Xu. 2001. Slicing Object-oriented Java Programs. SIGPLAN Not. 36, 4 (April 2001), 33–40. Google Scholar
Digital Library
- Maryam Emami, Rakesh Ghiya, and Laurie J. Hendren. 1994. Context-sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers. In Proc. ACM Conference on Programming Language Design and Implementation (PLDI ’94). ACM, 242–256. Google Scholar
Digital Library
- Jeanne Ferrante, Karl J Ottenstein, and Joe D Warren. 1987. The program dependence graph and its use in optimization. ACM Transactions on Programming Languages and Systems (TOPLAS) 9, 3 (1987), 319–349. Google Scholar
Digital Library
- John Field, G. Ramalingam, and Frank Tip. 1995. Parametric Program Slicing. In Proc. Int. Symp. on Principles of Prog. Langs. (POPL). 379–392. Google Scholar
Digital Library
- Samuel Z Guyer and Calvin Lin. 2003. Client-driven pointer analysis. In International Static Analysis Symposium (SAS). Springer, 214–236. Google Scholar
Digital Library
- Christian Haack, Erik Poll, Jan Schäfer, and Aleksy Schubert. 2007. Immutable objects for a Java-like language. In European Symposium on Programming. Springer, 347–362. Google Scholar
Digital Library
- Christian Hammer and Gregor Snelting. 2004. An Improved Slicer for Java. In Proc. 5th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE ’04). ACM, 17–22. Google Scholar
Digital Library
- M. Harman, R. Hierons, C. Fox, S. Danicic, and J. Howroyd. 2001. Pre/post conditioned slicing. In Proc. Int. Conf. on Software Maintenance (ICSM). 138–147. Google Scholar
Digital Library
- Susan Horwitz, Thomas Reps, and David Binkley. 1990. Interprocedural slicing using dependence graphs. ACM Transactions on Programming Languages and Systems (TOPLAS) 12, 1 (1990), 26–60. Google Scholar
Digital Library
- Vini Kanvar and Uday P Khedker. 2016. Heap abstractions for static analysis. ACM Computing Surveys (CSUR) 49, 2 (2016), 29. Google Scholar
Digital Library
- Ondřej Lhoták and Laurie Hendren. 2006. Context-sensitive points-to analysis: is it worth it?. In International Conference on Compiler Construction. Springer, 47–64. Google Scholar
Digital Library
- Donglin Liang and Mary Jean Harrold. 1998. Slicing objects using system dependence graphs. In Proc. International Conference on Software Maintenance. IEEE, 358–367. Google Scholar
Digital Library
- Percy Liang and Mayur Naik. 2011. Scaling Abstraction Refinement via Pruning. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’11). ACM, 590–601. Google Scholar
Digital Library
- Ravichandhran Madhavan, Ganesan Ramalingam, and Kapil Vaswani. 2012. Modular heap analysis for higher-order programs. In International Static Analysis Symposium. Springer, 370–387. Google Scholar
Digital Library
- D. Marinov and R. O’Callahan. 2003. Object equality profiling. In Proc. Conf. on Object-Oriented programing, Systems, languages, and applications. Google Scholar
Digital Library
- R. K. Medicherla and R. Komondoor. 2015. Precision vs. scalability: Context sensitive analysis with prefix approximation. In 2015 IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER). 281–290.Google Scholar
- Ana Milanova, Atanas Rountev, and Barbara G Ryder. 2005. Parameterized object sensitivity for points-to analysis for Java. ACM Transactions on Software Engineering and Methodology (TOSEM) 14, 1 (2005), 1–41. Google Scholar
Digital Library
- Hakjoo Oh, Wonchan Lee, Kihong Heo, Hongseok Yang, and Kwangkeun Yi. 2014. Selective Context-sensitivity Guided by Impact Pre-analysis. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’14). ACM, 475–484. Google Scholar
Digital Library
- Sara Porat, Marina Biberstein, Larry Koved, and Bilha Mendelson. 2000. Automatic Detection of Immutable Fields in Java. In Proc. of the 2000 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON ’00). IBM Press, 10–. Google Scholar
Digital Library
- Thomas W Reps. 1995. Demand interprocedural program analysis using logic databases. In Applications of Logic Databases. Springer, 163–196.Google Scholar
- Yannis Smaragdakis and George Balatsouras. 2015. Pointer Analysis. Foundations and TrendsÂő in Programming Languages 2, 1 (2015), 1–69. Google Scholar
Digital Library
- Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhoták. 2011. Pick Your Contexts Well: Understanding Object-sensitivity. In Proc. ACM Symposium on Principles of Programming Languages (POPL ’11). ACM, 17–30. Google Scholar
Digital Library
- Yannis Smaragdakis, George Kastrinis, and George Balatsouras. 2014. Introspective Analysis: Context-sensitivity, Across the Board. In Proc. ACM Conference on Programming Language Design and Implementation (PLDI ’14). ACM, 485–495. Google Scholar
Digital Library
- Manu Sridharan and Rastislav Bodík. 2006. Refinement-based Context-sensitive Points-to Analysis for Java. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’06). ACM, 387–400. Google Scholar
Digital Library
- Manu Sridharan, Satish Chandra, Julian Dolby, Stephen J Fink, and Eran Yahav. 2013. Alias analysis for object-oriented programs. In Aliasing in Object-Oriented Programming. Types, Analysis and Verification. Springer, 196–232. Google Scholar
Digital Library
- Manu Sridharan, Stephen J. Fink, and Rastislav Bodik. 2007. Thin slicing. In PLDI ’07: Proc. Conference on Programming Language Design and Implementation. 112–122. Google Scholar
Digital Library
- Tian Tan, Yue Li, and Jingling Xue. 2016. Making k-object-sensitive pointer analysis more precise with still k-limiting. In International Static Analysis Symposium. Springer, 489–510.Google Scholar
Cross Ref
- Mark Weiser. 1981. Program slicing. In Proc. International Conference On Software Engineering. IEEE Press, 439–449. Google Scholar
Digital Library
- John Whaley and Monica S Lam. 2004. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In PLDI ’04: Proc. Conference on Programming Language Design and Implementation. ACM, 131–144. Google Scholar
Digital Library
- Xin Zhang, Ravi Mangal, Radu Grigore, Mayur Naik, and Hongseok Yang. 2014. On Abstraction Refinement for Program Analyses in Datalog. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’14). ACM, 239–248. Google Scholar
Digital Library
Index Terms
Refinement in object-sensitivity points-to analysis via slicing
Recommendations
Parameterized object sensitivity for points-to analysis for Java
The goal of points-to analysis for Java is to determine the set of objects pointed to by a reference variable or a reference object field. We present object sensitivity, a new form of context sensitivity for flow-insensitive points-to analysis for Java. ...
Refinement-based context-sensitive points-to analysis for Java
Proceedings of the 2006 PLDI ConferenceWe present a scalable and precise context-sensitive points-to analysis with three key properties: (1) filtering out of unrealizable paths, (2) a context-sensitive heap abstraction, and (3) a context-sensitive call graph. Previous work [21] has shown ...
Demand-driven refinement of points-to analysis
ICSE '19: Proceedings of the 41st International Conference on Software Engineering: Companion ProceedingsWe present DynaSens, a demand-driven approach to points-to analysis that uses slicing to automatically adjust the analysis' context-sensitivity. Within a points-to analysis, heap-carried data flows are composed of loads and stores, and these heap-...






Comments