Abstract
An interleaved-Dyck (InterDyck) language consists of the interleaving of two or more Dyck languages, where each Dyck language represents a set of strings of balanced parentheses.InterDyck-reachability is a fundamental framework for program analyzers that simultaneously track multiple properly-matched pairs of actions such as call/return, lock/unlock, or write-data/read-data.Existing InterDyck-reachability algorithms are based on the well-known tabulation technique.
This paper presents a new perspective on solving InterDyck-reachability. Our key observation is that for the single-source-single-target InterDyck-reachability variant, it is feasible to summarize all paths from the source node to the target node based on path expressions. Therefore, InterDyck-reachability becomes an InterDyck-path-recognition problem over path expressions. Instead of computing summary edges as in traditional tabulation algorithms, this new perspective enables us to express InterDyck-reachability as a parenthesis-counting problem, which can be naturally formulated via integer linear programming (ILP).
We implemented our ILP-based algorithm and performed extensive evaluations based on two client analyses (a reachability analysis for concurrent programs and a taint analysis). In particular, we evaluated our algorithm against two types of algorithms: (1) the general all-pairs InterDyck-reachability algorithms based on linear conjunctive language (LCL) reachability and synchronized pushdown system (SPDS) reachability, and (2) two domain-specific algorithms for both client analyses. The experimental results are encouraging. Our algorithm achieves 1.42×, 28.24×, and 11.76× speedup for the concurrency-analysis benchmarks compared to all-pair LCL-reachability, SPDS-reachability, and domain-specific tools, respectively; 1.2×, 69.9×, and 0.98× speedup for the taint-analysis benchmarks. Moreover, the algorithm also provides precision improvements, particularly for taint analysis, where it achieves 4.55%, 11.1%, and 6.8% improvement, respectively.
- Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’14, Edinburgh, United Kingdom - June 09 - 11, 2014, Michael F. P. O’Boyle and Keshav Pingali (Eds.). ACM, 259–269. https://doi.org/10.1145/2594291.2594299
Google Scholar
Digital Library
- Michael Blondin, Matthias Englert, Alain Finkel, Stefan Göller, Christoph Haase, Ranko Lazic, Pierre McKenzie, and Patrick Totzke. 2021. The Reachability Problem for Two-Dimensional Vector Addition Systems with States. J. ACM, 68, 5 (2021), 34:1–34:43. https://doi.org/10.1145/3464794
Google Scholar
Digital Library
- Matthias Englert, Ranko Lazic, and Patrick Totzke. 2016. Reachability in Two-Dimensional Unary Vector Addition Systems with States is NL-Complete. In Proceedings of the 31st Annual ACM/IEEE Symposium on Logic in Computer Science, LICS ’16, New York, NY, USA, July 5-8, 2016, Martin Grohe, Eric Koskinen, and Natarajan Shankar (Eds.). ACM, 477–484. https://doi.org/10.1145/2933575.2933577
Google Scholar
Digital Library
- Javier Esparza. 1997. Petri Nets, Commutative Context-Free Grammars, and Basic Parallel Processes. Fundam. Informaticae, 31, 1 (1997), 13–25. https://doi.org/10.3233/FI-1997-3112
Google Scholar
Cross Ref
- Yu Feng, Xinyu Wang, Isil Dillig, and Thomas Dillig. 2015. Bottom-Up Context-Sensitive Pointer Analysis for Java. In Programming Languages and Systems - 13th Asian Symposium, APLAS 2015, Pohang, South Korea, November 30 - December 2, 2015, Proceedings, Xinyu Feng and Sungwoo Park (Eds.) (Lecture Notes in Computer Science, Vol. 9458). Springer, 465–484. https://doi.org/10.1007/978-3-319-26529-2_25
Google Scholar
Cross Ref
- Moses Ganardi, Rupak Majumdar, Andreas Pavlogiannis, Lia Schütze, and Georg Zetzsche. 2022. Reachability in Bidirected Pushdown VASS. In 49th International Colloquium on Automata, Languages, and Programming, ICALP 2022, July 4-8, 2022, Paris, France, Mikolaj Bojanczyk, Emanuela Merelli, and David P. Woodruff (Eds.) (LIPIcs, Vol. 229). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 124:1–124:20. https://doi.org/10.4230/LIPIcs.ICALP.2022.124
Google Scholar
Cross Ref
- E. Goto. 1974. Monocopy and Associative Algorithms in an Extended LISP. Information Science Laboratory, Univ. of Tokyo.
Google Scholar
- Gurobi Optimization, LLC. 2021. Gurobi Optimizer Reference Manual. https://www.gurobi.com
Google Scholar
- Nevin Heintze and Olivier Tardieu. 2001. Demand-driven pointer analysis. ACM SIGPLAN Notices, 36, 5 (2001), 24–34.
Google Scholar
Digital Library
- John E. Hopcroft and Jean-Jacques Pansiot. 1979. On the Reachability Problem for 5-Dimensional Vector Addition Systems. Theor. Comput. Sci., 8 (1979), 135–159. https://doi.org/10.1016/0304-3975(79)90041-0
Google Scholar
Cross Ref
- Wei Huang, Yao Dong, Ana L. Milanova, and Julian Dolby. 2015. Scalable and precise taint analysis for Android. In Proceedings of the 2015 International Symposium on Software Testing and Analysis, ISSTA 2015, Baltimore, MD, USA, July 12-17, 2015, Michal Young and Tao Xie (Eds.). ACM, 106–117. https://doi.org/10.1145/2771783.2771803
Google Scholar
Digital Library
- Adam Husted Kjelstrøm and Andreas Pavlogiannis. 2022. The decidability and complexity of interleaved bidirected Dyck reachability. Proc. ACM Program. Lang., 6, POPL (2022), 1–26. https://doi.org/10.1145/3498673
Google Scholar
Digital Library
- John Kodumal and Alexander Aiken. 2004. The set constraint/CFL reachability connection in practice. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation 2004, Washington, DC, USA, June 9-11, 2004, William W. Pugh and Craig Chambers (Eds.). ACM, 207–218. https://doi.org/10.1145/996841.996867
Google Scholar
Digital Library
- Yuanbo Li, Qirun Zhang, and Thomas W. Reps. 2020. Fast graph simplification for interleaved Dyck-reachability. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020, Alastair F. Donaldson and Emina Torlak (Eds.). ACM, 780–793. https://doi.org/10.1145/3385412.3386021
Google Scholar
Digital Library
- Yuanbo Li, Qirun Zhang, and Thomas W. Reps. 2021. On the complexity of bidirected interleaved Dyck-reachability. Proc. ACM Program. Lang., 5, POPL (2021), 1–28. https://doi.org/10.1145/3434340
Google Scholar
Digital Library
- Peizun Liu and Thomas Wahl. 2018. CUBA: interprocedural Context-UnBounded Analysis of concurrent programs. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, Philadelphia, PA, USA, June 18-22, 2018, Jeffrey S. Foster and Dan Grossman (Eds.). ACM, 105–119. https://doi.org/10.1145/3192366.3192419
Google Scholar
Digital Library
- David Melski and Thomas W. Reps. 2000. Interconvertibility of a class of set constraints and context-free-language reachability. Theor. Comput. Sci., 248, 1-2 (2000), 29–98. https://doi.org/10.1016/S0304-3975(00)00049-9
Google Scholar
Digital Library
- Rohit Parikh. 1966. On Context-Free Languages. J. ACM, 13, 4 (1966), 570–581. https://doi.org/10.1145/321356.321364
Google Scholar
Digital Library
- T. Reps. 1998. Program Analysis via Graph Reachability. Inf. and Softw. Tech., 40, 11–12 (1998), 701–726.
Google Scholar
Cross Ref
- Thomas W. Reps. 2000. Undecidability of context-sensitive data-independence analysis. ACM Trans. Program. Lang. Syst., 22, 1 (2000), 162–186. https://doi.org/10.1145/345099.345137
Google Scholar
Digital Library
- Thomas W. Reps, Susan Horwitz, and Shmuel Sagiv. 1995. Precise Interprocedural Dataflow Analysis via Graph Reachability. In Conference Record of POPL’95: 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Francisco, California, USA, January 23-25, 1995, Ron K. Cytron and Peter Lee (Eds.). ACM Press, 49–61. https://doi.org/10.1145/199448.199462
Google Scholar
Digital Library
- Shmuel Sagiv, Thomas W. Reps, and Susan Horwitz. 1995. Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation. In TAPSOFT’95: Theory and Practice of Software Development, 6th International Joint Conference CAAP/FASE, Aarhus, Denmark, May 22-26, 1995, Proceedings, Peter D. Mosses, Mogens Nielsen, and Michael I. Schwartzbach (Eds.) (Lecture Notes in Computer Science, Vol. 915). Springer, 651–665. https://doi.org/10.1007/3-540-59293-8_226
Google Scholar
Cross Ref
- Sylvain Schmitz. 2016. The complexity of reachability in vector addition systems. ACM SIGLOG News, 3, 1 (2016), 4–21. https://doi.org/10.1145/2893582.2893585
Google Scholar
Digital Library
- Alexander Schrijver. 1998. Theory of linear and integer programming. John Wiley & Sons.
Google Scholar
Digital Library
- Helmut Seidl, Thomas Schwentick, Anca Muscholl, and Peter Habermehl. 2004. Counting in Trees for Free. In Automata, Languages and Programming: 31st International Colloquium, ICALP 2004, Turku, Finland, July 12-16, 2004. Proceedings, Josep Díaz, Juhani Karhumäki, Arto Lepistö, and Donald Sannella (Eds.) (Lecture Notes in Computer Science, Vol. 3142). Springer, 1136–1149. https://doi.org/10.1007/978-3-540-27836-8_94
Google Scholar
Cross Ref
- Johannes Späth, Karim Ali, and Eric Bodden. 2019. Context-, flow-, and field-sensitive data-flow analysis using synchronized Pushdown systems. Proc. ACM Program. Lang., 3, POPL (2019), 48:1–48:29. https://doi.org/10.1145/3290361
Google Scholar
Digital Library
- Manu Sridharan, Denis Gopan, Lexin Shan, and Rastislav Bodík. 2005. Demand-driven points-to analysis for Java. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2005, October 16-20, 2005, San Diego, CA, USA, Ralph E. Johnson and Richard P. Gabriel (Eds.). ACM, 59–76. https://doi.org/10.1145/1094811.1094817
Google Scholar
Digital Library
- Robert Endre Tarjan. 1981. Fast Algorithms for Solving Path Problems. J. ACM, 28, 3 (1981), 594–614. https://doi.org/10.1145/322261.322273
Google Scholar
Digital Library
- Kumar Neeraj Verma, Helmut Seidl, and Thomas Schwentick. 2005. On the Complexity of Equational Horn Clauses. In Automated Deduction - CADE-20, 20th International Conference on Automated Deduction, Tallinn, Estonia, July 22-27, 2005, Proceedings, Robert Nieuwenhuis (Ed.) (Lecture Notes in Computer Science, Vol. 3632). Springer, 337–352. https://doi.org/10.1007/11532231_25
Google Scholar
Digital Library
- Thomas Witkowski, Nicolas Blanc, Daniel Kroening, and Georg Weissenbacher. 2007. Model checking concurrent Linux device drivers. In Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering. 501–504. https://doi.org/10.1145/1321631.1321719
Google Scholar
Digital Library
- Dacong Yan, Guoqing Xu, and Atanas Rountev. 2011. Demand-driven context-sensitive alias analysis for Java. In Proceedings of the 20th International Symposium on Software Testing and Analysis, ISSTA 2011, Toronto, ON, Canada, July 17-21, 2011, Matthew B. Dwyer and Frank Tip (Eds.). ACM, 155–165. https://doi.org/10.1145/2001420.2001440
Google Scholar
Digital Library
- Mihalis Yannakakis. 1990. Graph-Theoretic Methods in Database Theory. In Proceedings of the Ninth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, April 2-4, 1990, Nashville, Tennessee, USA, Daniel J. Rosenkrantz and Yehoshua Sagiv (Eds.). ACM Press, 230–242. https://doi.org/10.1145/298514.298576
Google Scholar
Digital Library
- Qirun Zhang, Michael R. Lyu, Hao Yuan, and Zhendong Su. 2013. Fast algorithms for Dyck-CFL-reachability with applications to alias analysis. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’13, Seattle, WA, USA, June 16-19, 2013, Hans-Juergen Boehm and Cormac Flanagan (Eds.). ACM, 435–446. https://doi.org/10.1145/2491956.2462159
Google Scholar
Digital Library
- Qirun Zhang and Zhendong Su. 2017. Context-sensitive data-dependence analysis via linear conjunctive language reachability. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017, Giuseppe Castagna and Andrew D. Gordon (Eds.). ACM, 344–358. https://doi.org/10.1145/3009837.3009848
Google Scholar
Digital Library
- Qirun Zhang, Xiao Xiao, Charles Zhang, Hao Yuan, and Zhendong Su. 2014. Efficient subcubic alias analysis for C. In Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2014, part of SPLASH 2014, Portland, OR, USA, October 20-24, 2014, Andrew P. Black and Todd D. Millstein (Eds.). ACM, 829–845. https://doi.org/10.1145/2660193.2660213
Google Scholar
Digital Library
- Xin Zheng and Radu Rugina. 2008. Demand-driven alias analysis for C. In Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2008, San Francisco, California, USA, January 7-12, 2008, George C. Necula and Philip Wadler (Eds.). ACM, 197–208. https://doi.org/10.1145/1328438.1328464
Google Scholar
Digital Library
Index Terms
Single-Source-Single-Target Interleaved-Dyck Reachability via Integer Linear Programming
Recommendations
Context-sensitive data-dependence analysis via linear conjunctive language reachability
POPL '17Many program analysis problems can be formulated as graph reachability problems. In the literature, context-free language (CFL) reachability has been the most popular formulation and can be computed in subcubic time. The context-sensitive data-...
Context-sensitive data-dependence analysis via linear conjunctive language reachability
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesMany program analysis problems can be formulated as graph reachability problems. In the literature, context-free language (CFL) reachability has been the most popular formulation and can be computed in subcubic time. The context-sensitive data-...
Reachability analysis of program variables
Reachability from a program variable v to a program variable w states that from v, it is possible to follow a path of memory locations that leads to the object bound to w. We present a new abstract domain for the static analysis of possible reachability ...






Comments