Field Flow Sensitive Pointer and Escape Analysis for Java Using Heap Array SSA
Context sensitive pointer analyses based on Whaley and Lam’s bddbddb system have been shown to scale to large Java programs. We provide a technique to incorporate flow sensitivity for Java fields into one such analysis and obtain an escape analysis based on it. First, we express an intraprocedural field flow sensitive analysis, using Fink et al.’s Heap Array SSA form in Datalog. We then extend this analysis interprocedurally by introducing two new φ functions for Heap Array SSA Form and adding deduction rules corresponding to them. Adding a few more rules gives us an escape analysis. We describe two types of field flow sensitivity: partial (PFFS) and full (FFFS), the former without strong updates to fields and the latter with strong updates. We compare these analyses with two different (field flow insensitive) versions of Whaley-Lam analysis: one of which is flow sensitive for locals (FS) and the other, flow insensitive for locals (FIS). We have implemented this analysis on the bddbddb system while using the SOOT open source framework as a front end. We have run our analysis on a set of 15 Java programs. Our experimental results show that the time taken by our field flow sensitive analyses is comparable to that of the field flow insensitive versions while doing much better in some cases. Our PFFS analysis achieves average reductions of about 23% and 30% in the size of the points-to sets at load and store statements respectively and discovers 71% more “caller-captured” objects than FIS.
Unable to display preview. Download preview PDF.
- 1.Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Programming language design and implementation, pp. 131–144 (2004)Google Scholar
- 2.Fink, S.J., Knobe, K., Sarkar, V.: Unified analysis of array and object references in strongly typed languages. In: Static Analysis Symposium, pp. 155–174 (2000)Google Scholar
- 4.Hasti, R., Horwitz, S.: Using static single assignment form to improve flow-insensitive pointer analysis. In: Programming language design and implementation, pp. 97–105 (1998)Google Scholar
- 5.Knobe, K., Sarkar, V.: Array SSA form and its use in parallelization. In: Symposium on Principles of Programming Languages, pp. 107–120 (1998)Google Scholar
- 6.Reps, T.W.: Program analysis via graph reachability. In: International Logic Programming Symposium, pp. 5–19 (1997)Google Scholar
- 7.Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen (May 1994)Google Scholar
- 8.Whaley, J., Rinard, M.: Compositional pointer and escape analysis for Java programs. In: Object-oriented programming, systems, languages, and applications, pp. 187–206 (1999)Google Scholar
- 9.Choi, J.D., Gupta, M., Serrano, M., Sreedhar, V.C., Midkiff, S.: Escape analysis for Java. In: Object-oriented programming, systems, languages, and applications, pp. 1–19 (1999)Google Scholar
- 10.Sagonas, K., Swift, T., Warren, D.S.: XSB as an efficient deductive database engine. In: International conference on Management of data, pp. 442–453 (1994)Google Scholar
- 13.Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3–valued logic. In: Symposium on Principles of Programming Languages, pp. 105–118 (1999)Google Scholar
- 15.Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: Programming language design and implementation, pp. 242–256 (1994)Google Scholar
- 16.Sridharan, M., Bodík, R.: Refinement-based context-sensitive points-to analysis for Java. In: Programming language design and implementation, pp. 387–400 (2006)Google Scholar
- 17.Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to and side-effect analyses for Java. In: International Symposium on Software testing and analysis, pp. 1–11 (2002)Google Scholar