Abstract
We present a high-level survey of state-of-the-art alias analyses for object-oriented programs, based on a years-long effort developing industrial-strength static analyses for Java. We first present common variants of points-to analysis, including a discussion of key implementation techniques. We then describe flow-sensitive techniques based on tracking of access paths, which can yield greater precision for certain clients. We also discuss how whole-program alias analysis has become less useful for modern Java programs, due to increasing use of reflection in libraries and frameworks. We have found that for real-world programs, an under-approximate alias analysis based on access-path tracking often provides the best results for a variety of practical clients.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agesen, O.: The Cartesian Product Algorithm: Simple and Precise Type Inference of Parametric Polymorphism. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 2–26. Springer, Heidelberg (1995)
Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, & Tools with Gradiance, 2nd edn. Addison-Wesley Publishing Company, USA (2007)
Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, DIKU (1994)
Bacon, D., Sweeney, P.: Fast static analysis of C++ virtual function calls. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), San Jose, CA (October 1996)
Balakrishnan, G., Reps, T.: Recency-Abstraction for Heap-Allocated Storage. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 221–239. Springer, Heidelberg (2006)
Berndl, M., Lhoták, O., Qian, F., Hendren, L., Umanee, N.: Points-to analysis using BDDs. In: Conference on Programming Language Design and Implementation (PLDI) (June 2003)
Bravenboer, M., Smaragdakis, Y.: Strictly declarative specification of sophisticated points-to analyses. In: Proceeding of the 24th ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2009, pp. 243–262. ACM, New York (2009)
Chase, D.R., Wegman, M., Zadeck, F.: Analysis of pointers and structures. In: Conference on Programming Language Design and Implementation (PLDI), pp. 296–310. ACM Press, New York (1990)
Choi, J.-D., Burke, M., Carini, P.: Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects. In: POPL, pp. 232–245 (1993)
Clarke, E.M.: Model Checking. In: Ramesh, S., Sivakumar, G. (eds.) FST TCS 1997. LNCS, vol. 1346, pp. 54–56. Springer, Heidelberg (1997)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 269–282. ACM Press, New York (1979)
Das, M., Lerner, S., Seigle, M.: ESP: path-sensitive program verification in polynomial time. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, PLDI 2002, pp. 57–68. ACM, New York (2002)
Dean, J., Grove, D., Chambers, C.: Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 77–101. Springer, Heidelberg (1995)
Dor, N., Adams, S., Das, M., Yang, Z.: Software validation via scalable path-sensitive value flow analysis. In: ISSTA, pp. 12–22 (2004)
Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: PLDI 1994: Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation, pp. 242–256. ACM Press, New York (1994)
Fähndrich, M., Rehof, J., Das, M.: Scalable context-sensitive flow analysis using instantiation constraints. In: Conference on Programming Language Design and Implementation (PLDI) (2000)
Fändrich, M., Foster, J.S., Su, Z., Aiken, A.: Partial online cycle elimination in inclusion constraint graphs. In: Conference on Programming Language Design and Implementation (PLDI), Montreal, Canada (June 1998)
Fecht, C., Seidl, H.: Propagating differences: an efficient new fixpoint algorithm for distributive constraint systems. Nordic J. of Computing 5(4), 304–329 (1998)
Feldthaus, A., Millstein, T., Møller, A., Schäfer, M., Tip, F.: Tool-supported refactoring for JavaScript. In: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2011, pp. 119–138. ACM, New York (2011)
Fink, S.J., Yahav, E., Dor, N., Ramalingam, G., Geay, E.: Effective typestate verification in the presence of aliasing. ACM Transactions on Software Engineering and Methodology 17(2), 1–34 (2008)
Grove, D., Chambers, C.: A framework for call graph construction algorithms. ACM Trans. Program. Lang. Syst. 23(6), 685–746 (2001)
Guyer, S.Z., Lin, C.: Client-Driven Pointer Analysis. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 214–236. Springer, Heidelberg (2003)
Hardekopf, B., Lin, C.: The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In: PLDI, pp. 290–299 (2007)
Heintze, N.: Analysis of Large Code Bases: The Compile-Link-Analyze Model (Draft of November 12, 1999)
Heintze, N., McAllester, D.: Linear-time subtransitive control flow analysis. SIGPLAN Not. 32(5), 261–272 (1997)
Heintze, N., Tardieu, O.: Demand-driven pointer analysis. In: Conference on Programming Language Design and Implementation (PLDI), Snowbird, Utah (June 2001)
Heintze, N., Tardieu, O.: Ultra-fast aliasing analysis using CLA: A million lines of C code in a second. In: Conference on Programming Language Design and Implementation (PLDI) (June 2001)
Huang, S.S., Smaragdakis, Y.: Morphing: Structurally shaping a class by reflecting on others. ACM Trans. Program. Lang. Syst. 33, 6:1–6:44 (2011)
Kidd, N., Reps, T.W., Dolby, J., Vaziri, M.: Finding concurrency-related bugs using random isolation. STTT 13(6), 495–518 (2011)
Landi, W., Ryder, B.G.: A safe approximate algorithm for interprocedural aliasing. In: PLDI 1992: Proceedings of the ACM SIGPLAN 1992 Conference on Programming Language Design and Implementation, pp. 235–248. ACM Press, New York (1992)
Lattner, C., Lenharth, A., Adve, V.: Making context-sensitive points-to analysis with heap cloning practical for the real world. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2007, pp. 278–289. ACM, New York (2007)
Lhoták, O., Hendren, L.: Scaling Java points-to analysis using Spark. In: International Conference on Compiler Construction (CC), Warsaw, Poland (April 2003)
Lhoták, O., Hendren, L.: Jedd: a BDD-based relational extension of Java. In: Conference on Programming Language Design and Implementation, PLDI (2004)
Lhoták, O., Hendren, L.: Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Trans. Softw. Eng. Methodol. 18, 3:1–3:53 (2008)
Lhoták, O., Hendren, L.: Relations as an abstraction for BDD-based program analysis. ACM Trans. Program. Lang. Syst. 19, 19:1–19:63 (2008)
Liang, P., Naik, M.: Scaling abstraction refinement via pruning. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, pp. 590–601. ACM, New York (2011)
Liang, P., Tripp, O., Naik, M.: Learning minimal abstractions. In: Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, pp. 31–42. ACM, New York (2011)
Liang, P., Tripp, O., Naik, M., Sagiv, M.: A dynamic evaluation of the precision of static heap abstractions. In: Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2010, pp. 411–427. ACM, New York (2010)
Livshits, B., Whaley, J., Lam, M.S.: Reflection Analysis for Java. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 139–160. Springer, Heidelberg (2005)
Loginov, A., Yahav, E., Chandra, S., Fink, S., Rinetzky, N., Nanda, M.G.: Verifying dereference safety via expanding-scope analysis. In: ISSTA 2008: International Symposium on Software Testing and Analysis (2008)
Might, M., Smaragdakis, Y., Van Horn, D.: Resolving and exploiting the k-CFA paradox: illuminating functional vs. object-oriented program analysis. In: Proceedings of the 2010 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2010, pp. 305–315. ACM, New York (2010)
Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol. 14(1), 1–41 (2005)
Naik, M., Aiken, A., Whaley, J.: Effective static race detection for Java. In: PLDI, pp. 308–319 (2006)
O’Callahan, R.: Generalized Aliasing as a Basis for Program Analysis Tools. PhD thesis, Carnegie Mellon University (November 2000)
Palsberg, J., Schwartzbach, M.I.: Object-oriented type inference. In: Conference Proceedings on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA 1991, pp. 146–161. ACM, New York (1991)
Pearce, D.J.: Some directed graph algorithms and their application to pointer analysis. PhD thesis, Imperial College of Science, Technology and Medicine, University of London (2005)
Pearce, D.J., Kelly, P.H.J., Hankin, C.: Online cycle detection and difference propagation for pointer analysis. In: Proceedings of the Third International IEEE Workshop on Source Code Analysis and Manipulation (2003)
Reps, T.: Solving demand versions of interprocedural analysis problems. In: International Conference on Compiler Construction (CC), Edinburgh, Scotland (April 1994)
Reps, T.: Program analysis via graph reachability. Information and Software Technology 40(11-12), 701–726 (1998)
Reps, T.: Undecidability of context-sensitive data-independence analysis. ACM Trans. Program. Lang. Syst. 22(1), 162–186 (2000)
Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: ACM Symposium on Principles of Programming Languages (POPL) (1995)
Rountev, A., Milanova, A., Ryder, B.G.: Points-to analysis for Java using annotated constraints. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), Tampa Bay, Florida (October 2001)
Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24, 217–298 (2002)
Schäfer, M., Sridharan, M., Dolby, J., Tip, F.: Refactoring Java programs for flexible locking. In: Proceeding of the 33rd International Conference on Software Engineering, ICSE 2011, pp. 71–80. ACM, New York (2011)
Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis, ch. 7, pp. 189–233. Prentice-Hall (1981)
Shivers, O.: Control flow analysis in Scheme. In: Conference on Programming Language Design and Implementation, PLDI (1988)
Shoham, S., Yahav, E., Fink, S., Pistoia, M.: Static specification mining using automata-based abstractions. In: Proceedings of the 2007 International Symposium on Software Testing and Analysis, ISSTA 2007, pp. 174–184. ACM, New York (2007)
Smaragdakis, Y., Bravenboer, M., Lhoták, O.: Pick your contexts well: understanding object-sensitivity. In: POPL, pp. 17–30 (2011)
Sridharan, M., Artzi, S., Pistoia, M., Guarnieri, S., Tripp, O., Berg, R.: F4F: taint analysis of framework-based web applications. In: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2011, pp. 1053–1068. ACM, New York (2011)
Sridharan, M., BodÃk, R.: Refinement-based context-sensitive points-to analysis for Java. In: Conference on Programming Language Design and Implementation, PLDI (2006)
Sridharan, M., Dolby, J., Chandra, S., Schäfer, M., Tip, F.: Correlation Tracking for Points-To Analysis of JavaScript. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 435–458. Springer, Heidelberg (2012)
Sridharan, M., Fink, S.J.: The Complexity of Andersen’s Analysis in Practice. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 205–221. Springer, Heidelberg (2009)
Sridharan, M., Fink, S.J., Bodik, R.: Thin slicing. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2007, pp. 112–122. ACM, New York (2007)
Sridharan, M., Gopan, D., Shan, L., BodÃk, R.: Demand-driven points-to analysis for Java. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA (2005)
Steensgaard, B.: Points-to analysis in almost linear time. In: ACM Symposium on Principles of Programming Languages, POPL (1996)
Tip, F., Palsberg, J.: Scalable propagation-based call graph construction algorithms. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), Minneapolis, MN (October 2000)
Torlak, E., Chandra, S.: Effective interprocedural resource leak detection. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering, ICSE 2010, pp. 535–544. ACM, New York (2010)
Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: effective taint analysis of web applications. In: PLDI (2009)
T.J. Watson Libraries for Analysis (WALA), http://wala.sf.net .
Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using Datalog with Binary Decision Diagrams for Program Analysis. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 97–118. Springer, Heidelberg (2005)
Whaley, J., Lam, M.S.: An Efficient Inclusion-Based Points-To Analysis for Strictly-Typed Languages. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 180–195. Springer, Heidelberg (2002)
Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Conference on Programming Language Design and Implementation (PLDI) (2004)
Whaley, J., Rinard, M.: Compositional pointer and escape analysis for Java programs. In: Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA) (November 1999)
Wilson, R.P., Lam, M.S.: Efficient context-sensitive pointer analysis for C programs. In: Conference on Programming Language Design and Implementation, PLDI (1995)
Yahav, E., Fink, S.: The SAFE experience. In: Engineering of Software, pp. 17–33. Springer, Heidelberg (2011)
Zhu, J., Calman, S.: Symbolic pointer analysis revisited. In: Conference on Programming Language Design and Implementation (PLDI) (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Sridharan, M., Chandra, S., Dolby, J., Fink, S.J., Yahav, E. (2013). Alias Analysis for Object-Oriented Programs. In: Clarke, D., Noble, J., Wrigstad, T. (eds) Aliasing in Object-Oriented Programming. Types, Analysis and Verification. Lecture Notes in Computer Science, vol 7850. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36946-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-36946-9_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36945-2
Online ISBN: 978-3-642-36946-9
eBook Packages: Computer ScienceComputer Science (R0)