Skip to main content
SpringerLink
Log in

Alias Analysis for Object-Oriented Programs

  • Chapter
Aliasing in Object-Oriented Programming. Types, Analysis and Verification

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7850))

Abstract

We present a high-level survey of state-of-the-art alias analyses for object-oriented programs, based on a years-long effort developing industrial-strength static analyses for Java. We first present common variants of points-to analysis, including a discussion of key implementation techniques. We then describe flow-sensitive techniques based on tracking of access paths, which can yield greater precision for certain clients. We also discuss how whole-program alias analysis has become less useful for modern Java programs, due to increasing use of reflection in libraries and frameworks. We have found that for real-world programs, an under-approximate alias analysis based on access-path tracking often provides the best results for a variety of practical clients.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agesen, O.: The Cartesian Product Algorithm: Simple and Precise Type Inference of Parametric Polymorphism. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 2–26. Springer, Heidelberg (1995)

    Google Scholar 

  2. Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, & Tools with Gradiance, 2nd edn. Addison-Wesley Publishing Company, USA (2007)

    Google Scholar 

  3. Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, DIKU (1994)

    Google Scholar 

  4. Bacon, D., Sweeney, P.: Fast static analysis of C++ virtual function calls. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), San Jose, CA (October 1996)

    Google Scholar 

  5. Balakrishnan, G., Reps, T.: Recency-Abstraction for Heap-Allocated Storage. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 221–239. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Berndl, M., Lhoták, O., Qian, F., Hendren, L., Umanee, N.: Points-to analysis using BDDs. In: Conference on Programming Language Design and Implementation (PLDI) (June 2003)

    Google Scholar 

  7. Bravenboer, M., Smaragdakis, Y.: Strictly declarative specification of sophisticated points-to analyses. In: Proceeding of the 24th ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2009, pp. 243–262. ACM, New York (2009)

    Chapter  Google Scholar 

  8. Chase, D.R., Wegman, M., Zadeck, F.: Analysis of pointers and structures. In: Conference on Programming Language Design and Implementation (PLDI), pp. 296–310. ACM Press, New York (1990)

    Google Scholar 

  9. Choi, J.-D., Burke, M., Carini, P.: Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects. In: POPL, pp. 232–245 (1993)

    Google Scholar 

  10. Clarke, E.M.: Model Checking. In: Ramesh, S., Sivakumar, G. (eds.) FST TCS 1997. LNCS, vol. 1346, pp. 54–56. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  11. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 269–282. ACM Press, New York (1979)

    Google Scholar 

  12. Das, M., Lerner, S., Seigle, M.: ESP: path-sensitive program verification in polynomial time. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, PLDI 2002, pp. 57–68. ACM, New York (2002)

    Chapter  Google Scholar 

  13. Dean, J., Grove, D., Chambers, C.: Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 77–101. Springer, Heidelberg (1995)

    Google Scholar 

  14. Dor, N., Adams, S., Das, M., Yang, Z.: Software validation via scalable path-sensitive value flow analysis. In: ISSTA, pp. 12–22 (2004)

    Google Scholar 

  15. Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: PLDI 1994: Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation, pp. 242–256. ACM Press, New York (1994)

    Chapter  Google Scholar 

  16. Fähndrich, M., Rehof, J., Das, M.: Scalable context-sensitive flow analysis using instantiation constraints. In: Conference on Programming Language Design and Implementation (PLDI) (2000)

    Google Scholar 

  17. Fändrich, M., Foster, J.S., Su, Z., Aiken, A.: Partial online cycle elimination in inclusion constraint graphs. In: Conference on Programming Language Design and Implementation (PLDI), Montreal, Canada (June 1998)

    Google Scholar 

  18. Fecht, C., Seidl, H.: Propagating differences: an efficient new fixpoint algorithm for distributive constraint systems. Nordic J. of Computing 5(4), 304–329 (1998)

    MathSciNet  MATH  Google Scholar 

  19. Feldthaus, A., Millstein, T., Møller, A., Schäfer, M., Tip, F.: Tool-supported refactoring for JavaScript. In: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2011, pp. 119–138. ACM, New York (2011)

    Chapter  Google Scholar 

  20. Fink, S.J., Yahav, E., Dor, N., Ramalingam, G., Geay, E.: Effective typestate verification in the presence of aliasing. ACM Transactions on Software Engineering and Methodology 17(2), 1–34 (2008)

    Article  Google Scholar 

  21. Grove, D., Chambers, C.: A framework for call graph construction algorithms. ACM Trans. Program. Lang. Syst. 23(6), 685–746 (2001)

    Article  Google Scholar 

  22. Guyer, S.Z., Lin, C.: Client-Driven Pointer Analysis. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 214–236. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  23. Hardekopf, B., Lin, C.: The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In: PLDI, pp. 290–299 (2007)

    Google Scholar 

  24. Heintze, N.: Analysis of Large Code Bases: The Compile-Link-Analyze Model (Draft of November 12, 1999)

    Google Scholar 

  25. Heintze, N., McAllester, D.: Linear-time subtransitive control flow analysis. SIGPLAN Not. 32(5), 261–272 (1997)

    Article  Google Scholar 

  26. Heintze, N., Tardieu, O.: Demand-driven pointer analysis. In: Conference on Programming Language Design and Implementation (PLDI), Snowbird, Utah (June 2001)

    Google Scholar 

  27. Heintze, N., Tardieu, O.: Ultra-fast aliasing analysis using CLA: A million lines of C code in a second. In: Conference on Programming Language Design and Implementation (PLDI) (June 2001)

    Google Scholar 

  28. Huang, S.S., Smaragdakis, Y.: Morphing: Structurally shaping a class by reflecting on others. ACM Trans. Program. Lang. Syst. 33, 6:1–6:44 (2011)

    Article  MATH  Google Scholar 

  29. Kidd, N., Reps, T.W., Dolby, J., Vaziri, M.: Finding concurrency-related bugs using random isolation. STTT 13(6), 495–518 (2011)

    Article  Google Scholar 

  30. Landi, W., Ryder, B.G.: A safe approximate algorithm for interprocedural aliasing. In: PLDI 1992: Proceedings of the ACM SIGPLAN 1992 Conference on Programming Language Design and Implementation, pp. 235–248. ACM Press, New York (1992)

    Chapter  Google Scholar 

  31. Lattner, C., Lenharth, A., Adve, V.: Making context-sensitive points-to analysis with heap cloning practical for the real world. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2007, pp. 278–289. ACM, New York (2007)

    Chapter  Google Scholar 

  32. Lhoták, O., Hendren, L.: Scaling Java points-to analysis using Spark. In: International Conference on Compiler Construction (CC), Warsaw, Poland (April 2003)

    Google Scholar 

  33. Lhoták, O., Hendren, L.: Jedd: a BDD-based relational extension of Java. In: Conference on Programming Language Design and Implementation, PLDI (2004)

    Google Scholar 

  34. Lhoták, O., Hendren, L.: Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Trans. Softw. Eng. Methodol. 18, 3:1–3:53 (2008)

    Article  Google Scholar 

  35. Lhoták, O., Hendren, L.: Relations as an abstraction for BDD-based program analysis. ACM Trans. Program. Lang. Syst. 19, 19:1–19:63 (2008)

    Article  Google Scholar 

  36. Liang, P., Naik, M.: Scaling abstraction refinement via pruning. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, pp. 590–601. ACM, New York (2011)

    Chapter  Google Scholar 

  37. Liang, P., Tripp, O., Naik, M.: Learning minimal abstractions. In: Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, pp. 31–42. ACM, New York (2011)

    Google Scholar 

  38. Liang, P., Tripp, O., Naik, M., Sagiv, M.: A dynamic evaluation of the precision of static heap abstractions. In: Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2010, pp. 411–427. ACM, New York (2010)

    Chapter  Google Scholar 

  39. Livshits, B., Whaley, J., Lam, M.S.: Reflection Analysis for Java. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 139–160. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  40. Loginov, A., Yahav, E., Chandra, S., Fink, S., Rinetzky, N., Nanda, M.G.: Verifying dereference safety via expanding-scope analysis. In: ISSTA 2008: International Symposium on Software Testing and Analysis (2008)

    Google Scholar 

  41. Might, M., Smaragdakis, Y., Van Horn, D.: Resolving and exploiting the k-CFA paradox: illuminating functional vs. object-oriented program analysis. In: Proceedings of the 2010 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2010, pp. 305–315. ACM, New York (2010)

    Chapter  Google Scholar 

  42. Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol. 14(1), 1–41 (2005)

    Article  Google Scholar 

  43. Naik, M., Aiken, A., Whaley, J.: Effective static race detection for Java. In: PLDI, pp. 308–319 (2006)

    Google Scholar 

  44. O’Callahan, R.: Generalized Aliasing as a Basis for Program Analysis Tools. PhD thesis, Carnegie Mellon University (November 2000)

    Google Scholar 

  45. Palsberg, J., Schwartzbach, M.I.: Object-oriented type inference. In: Conference Proceedings on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA 1991, pp. 146–161. ACM, New York (1991)

    Chapter  Google Scholar 

  46. Pearce, D.J.: Some directed graph algorithms and their application to pointer analysis. PhD thesis, Imperial College of Science, Technology and Medicine, University of London (2005)

    Google Scholar 

  47. Pearce, D.J., Kelly, P.H.J., Hankin, C.: Online cycle detection and difference propagation for pointer analysis. In: Proceedings of the Third International IEEE Workshop on Source Code Analysis and Manipulation (2003)

    Google Scholar 

  48. Reps, T.: Solving demand versions of interprocedural analysis problems. In: International Conference on Compiler Construction (CC), Edinburgh, Scotland (April 1994)

    Google Scholar 

  49. Reps, T.: Program analysis via graph reachability. Information and Software Technology 40(11-12), 701–726 (1998)

    Article  Google Scholar 

  50. Reps, T.: Undecidability of context-sensitive data-independence analysis. ACM Trans. Program. Lang. Syst. 22(1), 162–186 (2000)

    Article  MathSciNet  Google Scholar 

  51. Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: ACM Symposium on Principles of Programming Languages (POPL) (1995)

    Google Scholar 

  52. Rountev, A., Milanova, A., Ryder, B.G.: Points-to analysis for Java using annotated constraints. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), Tampa Bay, Florida (October 2001)

    Google Scholar 

  53. Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24, 217–298 (2002)

    Article  Google Scholar 

  54. Schäfer, M., Sridharan, M., Dolby, J., Tip, F.: Refactoring Java programs for flexible locking. In: Proceeding of the 33rd International Conference on Software Engineering, ICSE 2011, pp. 71–80. ACM, New York (2011)

    Google Scholar 

  55. Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis, ch. 7, pp. 189–233. Prentice-Hall (1981)

    Google Scholar 

  56. Shivers, O.: Control flow analysis in Scheme. In: Conference on Programming Language Design and Implementation, PLDI (1988)

    Google Scholar 

  57. Shoham, S., Yahav, E., Fink, S., Pistoia, M.: Static specification mining using automata-based abstractions. In: Proceedings of the 2007 International Symposium on Software Testing and Analysis, ISSTA 2007, pp. 174–184. ACM, New York (2007)

    Chapter  Google Scholar 

  58. Smaragdakis, Y., Bravenboer, M., Lhoták, O.: Pick your contexts well: understanding object-sensitivity. In: POPL, pp. 17–30 (2011)

    Google Scholar 

  59. Sridharan, M., Artzi, S., Pistoia, M., Guarnieri, S., Tripp, O., Berg, R.: F4F: taint analysis of framework-based web applications. In: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2011, pp. 1053–1068. ACM, New York (2011)

    Chapter  Google Scholar 

  60. Sridharan, M., Bodík, R.: Refinement-based context-sensitive points-to analysis for Java. In: Conference on Programming Language Design and Implementation, PLDI (2006)

    Google Scholar 

  61. Sridharan, M., Dolby, J., Chandra, S., Schäfer, M., Tip, F.: Correlation Tracking for Points-To Analysis of JavaScript. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 435–458. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  62. Sridharan, M., Fink, S.J.: The Complexity of Andersen’s Analysis in Practice. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 205–221. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  63. Sridharan, M., Fink, S.J., Bodik, R.: Thin slicing. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2007, pp. 112–122. ACM, New York (2007)

    Chapter  Google Scholar 

  64. Sridharan, M., Gopan, D., Shan, L., Bodík, R.: Demand-driven points-to analysis for Java. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA (2005)

    Google Scholar 

  65. Steensgaard, B.: Points-to analysis in almost linear time. In: ACM Symposium on Principles of Programming Languages, POPL (1996)

    Google Scholar 

  66. Tip, F., Palsberg, J.: Scalable propagation-based call graph construction algorithms. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), Minneapolis, MN (October 2000)

    Google Scholar 

  67. Torlak, E., Chandra, S.: Effective interprocedural resource leak detection. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering, ICSE 2010, pp. 535–544. ACM, New York (2010)

    Google Scholar 

  68. Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: effective taint analysis of web applications. In: PLDI (2009)

    Google Scholar 

  69. T.J. Watson Libraries for Analysis (WALA), http://wala.sf.net .

  70. Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using Datalog with Binary Decision Diagrams for Program Analysis. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 97–118. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  71. Whaley, J., Lam, M.S.: An Efficient Inclusion-Based Points-To Analysis for Strictly-Typed Languages. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 180–195. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  72. Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Conference on Programming Language Design and Implementation (PLDI) (2004)

    Google Scholar 

  73. Whaley, J., Rinard, M.: Compositional pointer and escape analysis for Java programs. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA) (November 1999)

    Google Scholar 

  74. Wilson, R.P., Lam, M.S.: Efficient context-sensitive pointer analysis for C programs. In: Conference on Programming Language Design and Implementation, PLDI (1995)

    Google Scholar 

  75. Yahav, E., Fink, S.: The SAFE experience. In: Engineering of Software, pp. 17–33. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  76. Zhu, J., Calman, S.: Symbolic pointer analysis revisited. In: Conference on Programming Language Design and Implementation (PLDI) (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM T.J. Watson Research Center, USA

    Manu Sridharan, Satish Chandra, Julian Dolby & Stephen J. Fink

  2. Technion, Israel

    Eran Yahav

Authors
  1. Manu Sridharan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Satish Chandra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Julian Dolby
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stephen J. Fink
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Eran Yahav
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Katholieke Universiteit Leuven, Celestijnenlaan 200A, 3001, Heverlee, Belgium

    Dave Clarke

  2. School of Engineering and Computer Science, Victoria University of Wellington, Cottn Building, Gate 6, Kelburn Parade, 6140, Wellington, New Zealand

    James Noble

  3. Department of Information Technology, Uppsala University, Lägerhyddsvägen 2, 75237, Uppsala, Sweden

    Tobias Wrigstad

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Sridharan, M., Chandra, S., Dolby, J., Fink, S.J., Yahav, E. (2013). Alias Analysis for Object-Oriented Programs. In: Clarke, D., Noble, J., Wrigstad, T. (eds) Aliasing in Object-Oriented Programming. Types, Analysis and Verification. Lecture Notes in Computer Science, vol 7850. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36946-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36946-9_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36945-2

  • Online ISBN: 978-3-642-36946-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation