Advertisement

Scaling CFL-Reachability-Based Points-To Analysis Using Context-Sensitive Must-Not-Alias Analysis

  • Guoqing Xu
  • Atanas Rountev
  • Manu Sridharan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5653)

Abstract

Pointer analyses derived from a Context-Free-Language (CFL) reachability formulation achieve very high precision, but they do not scale well to compute the points-to solution for an entire large program. Our goal is to increase significantly the scalability of the currently most precise points-to analysis for Java. This CFL-reachability analysis depends on determining whether two program variables may be aliases. We propose an efficient but less precise pre-analysis that computes context-sensitive must-not-alias information for all pairs of variables. Later, these results can be used to quickly filter out infeasible CFL-paths during the more precise points-to analysis. Several novel techniques are employed to achieve precision and efficiency, including a new approximate CFL-reachability formulation of alias analysis, as well as a carefully-chosen trade-off in context sensitivity. The approach effectively reduces the search space of the points-to analysis: the modified points-to analysis is more than three times faster than the original analysis.

Keywords

Context Sensitivity Call Graph Match Edge Call Site Program Language Design 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Das, M., Lerner, S., Seigle, M.: ESP: Path-sensitive program verification in polynomial time. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 57–68 (2002)Google Scholar
  2. 2.
    Fink, S., Yahav, E., Dor, N., Ramalingam, G., Geay, E.: Effective typestate verification in the presence of aliasing. In: ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 133–144 (2006)Google Scholar
  3. 3.
    Naik, M., Aiken, A., Whaley, J.: Effective static race detection for Java. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 308–319 (2006)Google Scholar
  4. 4.
    Voung, J.W., Jhala, R., Lerner, S.: RELAY: Static race detection on millions of lines of code. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 205–214 (2007)Google Scholar
  5. 5.
    Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM Transactions on Programming Languages and Systems 12(1), 26–60 (1990)CrossRefGoogle Scholar
  6. 6.
    Sridharan, M., Bodik, R.: Refinement-based context-sensitive points-to analysis for Java. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 387–400 (2006)Google Scholar
  7. 7.
    Zheng, X., Rugina, R.: Demand-driven alias analysis for C. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 197–208 (2008)Google Scholar
  8. 8.
    Reps, T.: Program analysis via graph reachability. Information and Software Technology 40(11-12), 701–726 (1998)CrossRefGoogle Scholar
  9. 9.
  10. 10.
    Kahlon, V.: Bootstrapping: A technique for scalable flow and context-sensitive pointer alias analysis. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 249–259 (2008)Google Scholar
  11. 11.
    Lhoták, O., Hendren, L.: Context-sensitive points-to analysis: Is it worth it? In: International Conference on Compiler Construction, pp. 47–64 (2006)Google Scholar
  12. 12.
    Xu, G., Rountev, A.: Merging equivalent contexts for scalable heap-cloning-based context-sensitive points-to analysis. In: ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 225–235 (2008)Google Scholar
  13. 13.
    Kodumal, J., Aiken, A.: The set constraint/CFL reachability connection in practice. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 207–218 (2004)Google Scholar
  14. 14.
  15. 15.
    Vallée-Rai, R., Gagnon, E., Hendren, L., Lam, P., Pominville, P., Sundaresan, V.: Optimizing Java bytecode using the Soot framework: Is it feasible? In: International Conference on Compiler Construction, pp. 18–34 (2000)Google Scholar
  16. 16.
    Sridharan, M., Gopan, D., Shan, L., Bodik, R.: Demand-driven points-to analysis for Java. In: ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 59–76 (2005)Google Scholar
  17. 17.
    Chatterjee, R., Ryder, B.G., Landi, W.: Relevant context inference. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 133–146 (1999)Google Scholar
  18. 18.
    Wilson, R., Lam, M.: Efficient context-sensitive pointer analysis for C programs. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 1–12 (1995)Google Scholar
  19. 19.
    Cheng, B., Hwu, W.: Modular interprocedural pointer analysis using access paths. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 57–69 (2000)Google Scholar
  20. 20.
    Whaley, J., Rinard, M.: Compositional pointer and escape analysis for Java programs. In: ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 187–206 (1999)Google Scholar
  21. 21.
    Melski, D., Reps, T.: Interconvertibility of a class of set constraints and context-free-language reachability. Theoretical Computer Science 248, 29–98 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Rehof, J., Fähndrich, M.: Type-based flow analysis: From polymorphic subtyping to CFL-reachability. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 54–66 (2001)Google Scholar
  23. 23.
    Kodumal, J., Aiken, A.: Regularly annotated set constraints. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 331–341 (2007)Google Scholar
  24. 24.
    Nystrom, E., Kim, H., Hwu, W.: Importance of heap specialization in pointer analysis. In: PASTE, pp. 43–48 (2004)Google Scholar
  25. 25.
    Lattner, C., Lenharth, A., Adve, V.: Making context-sensitive points-to analysis with heap cloning practical for the real world. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 278–289 (2007)Google Scholar
  26. 26.
    Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Muchnick, S., Jones, N. (eds.) Program Flow Analysis: Theory and Applications, pp. 189–234. Prentice-Hall, Englewood Cliffs (1981)Google Scholar
  27. 27.
    Lhoták, O., Hendren, L.: Scaling java points-to analysis using SPARK. In: Hedin, G. (ed.) CC 2003. LNCS, vol. 2622, pp. 153–169. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Hind, M.: Pointer analysis: Haven’t we solved this problem yet? In: PASTE, pp. 54–61 (2001)Google Scholar
  29. 29.
    Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 49–61 (1995)Google Scholar
  30. 30.
    Horwitz, S., Reps, T., Sagiv, M.: Demand interprocedural dataflow analysis. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 104–115 (1995)Google Scholar
  31. 31.
    Reps, T.: Solving demand versions of interprocedural analysis problems. In: Fritzson, P.A. (ed.) CC 1994. LNCS, vol. 786, pp. 389–403. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  32. 32.
    Reps, T., Horwitz, S., Sagiv, M., Rosay, G.: Speeding up slicing. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 11–20 (1994)Google Scholar
  33. 33.
    Naik, M., Aiken, A.: Conditional must not aliasing for static race detection. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 327–338 (2007)Google Scholar
  34. 34.
    Rountev, A., Chandra, S.: Off-line variable substitution for scaling points-to analysis. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 47–56 (2000)Google Scholar
  35. 35.
    Hardekopf, B., Lin, C.: The ant and the grasshopper: Fast and accurate pointer analysis for millions of lines of code. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 290–299 (2007)Google Scholar
  36. 36.
    Berndl, M., Lhoták, O., Qian, F., Hendren, L., Umanee, N.: Points-to analysis using BDDs. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 103–114 (2003)Google Scholar
  37. 37.
    Lhoták, O., Hendren, L.: Jedd: A BDD-based relational extension of Java. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 158–169 (2004)Google Scholar
  38. 38.
    Whaley, J., Lam, M.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 131–144 (2004)Google Scholar
  39. 39.
    Zhu, J., Calman, S.: Symbolic pointer analysis revisited. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 145–157 (2004)Google Scholar
  40. 40.
    Bravenboer, M., Smaragdakis, Y.: Doop framework for Java pointer analysis (2009), doop.program-analysis.org

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Guoqing Xu
    • 1
  • Atanas Rountev
    • 1
  • Manu Sridharan
    • 2
  1. 1.Ohio State UniversityColumbusUSA
  2. 2.IBM T.J. Watson Research CenterHawthorneUSA

Personalised recommendations