Making k-Object-Sensitive Pointer Analysis More Precise with Still k-Limiting

  • Tian TanEmail author
  • Yue Li
  • Jingling Xue
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9837)


Object-sensitivity is regarded as arguably the best context abstraction for pointer analysis in object-oriented languages. However, a k-object-sensitive pointer analysis, which uses a sequence of k allocation sites (as k context elements) to represent a calling context of a method call, may end up using some context elements redundantly without inducing a finer partition of the space of (concrete) calling contexts for the method call. In this paper, we introduce Bean, a general approach for improving the precision of any k-object-sensitive analysis, denoted \(k\)-obj, by still using a k-limiting context abstraction. The novelty is to identify allocation sites that are redundant context elements in \(k\)-obj from an Object Allocation Graph (OAG), which is built based on a pre-analysis (e.g., a context-insensitive Andersen’s analysis) performed initially on a program and then avoid them in the subsequent k-object-sensitive analysis for the program. Bean is generally more precise than \(k\)-obj, with a precision that is guaranteed to be as good as \(k\)-obj in the worst case. We have implemented Bean as an open-source tool and applied it to refine two state-of-the-art whole-program pointer analyses in Doop. For two representative clients (may-alias and may-fail-cast) evaluated on a set of nine large Java programs from the DaCapo benchmark suite, Bean has succeeded in making both analyses more precise for all these benchmarks under each client at only small increases in analysis cost.


Pointer Analysis Method Call Java Program Context Element Call Site 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The authors wish to thank the anonymous reviewers for their valuable comments. This work is supported by Australian Research Grants, DP130101970 and DP150102109.


  1. 1.
    Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI 2014 (2014)Google Scholar
  2. 2.
    Blackburn, S.M., Garner, R., Hoffmann, C., Khang, A.M., McKinley, K.S., Bentzur, R., Diwan, A., Feinberg, D., Frampton, D., Guyer, S.Z., Hirzel, M., Hosking, A., Jump, M., Lee, H., Moss, J.E.B., Phansalkar, A., Stefanović, D., VanDrunen, T., von Dincklage, D., Wiedermann, B.: The DaCapo benchmarks: Java benchmarking development and analysis. In: OOPSLA 2006 (2006)Google Scholar
  3. 3.
    Blackshear, S., Chang, B.Y.E., Sridharan, M.: Selective control-flow abstraction via jumping. In: OOPSLA 2015 (2015)Google Scholar
  4. 4.
    Bravenboer, M., Smaragdakis, Y.: Strictly declarative specification of sophisticated points-toanalyses. In: OOPSLA 2009 (2009)Google Scholar
  5. 5.
    Chord. A program analysis platform for Java.
  6. 6.
    Das, M., Liblit, B., Fähndrich, M., Rehof, J.: Estimating the impact of scalable pointer analysis on optimization. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, pp. 260–278. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    DOOP. A sophisticated framework for Java pointer analysis.
  8. 8.
    Feng, Y., Wang, X., Dillig, I., Dillig, T.: Bottom-up context-sensitive pointer analysis for java. In: Feng, X., Park, S. (eds.) APLAS 2015. LNCS, vol. 9458, pp. 465–484. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-26529-2_25 CrossRefGoogle Scholar
  9. 9.
    Fink, S.J., Yahav, E., Dor, N., Ramalingam, G., Geay, E.: Effective typestate verification in the presence of aliasing. ACM Trans. Softw. Eng. Methodol. 17(2), 1–34 (2008)CrossRefGoogle Scholar
  10. 10.
    Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of android applications in droidsafe. In: NDSS 2015 (2015)Google Scholar
  11. 11.
    Hardekopf, B., Lin, C.: Flow-sensitive pointer analysis for millions of lines of code. In: CGO 2011 (2011)Google Scholar
  12. 12.
    Hind, M.: Pointer analysis: Haven’t we solved this problem yet? In: PASTE 2001 (2001)Google Scholar
  13. 13.
    Huang, W., Dong, Y., Milanova, A., Dolby, J.: Scalable and precise taint analysis for android. In: ISSTA 2015 (2015)Google Scholar
  14. 14.
    Kastrinis, G., Smaragdakis, Y.: Hybrid context-sensitivity for points-to analysis. In: PLDI 2013 (2013)Google Scholar
  15. 15.
    Lhoták, O.: Program Analysis using Binary Decision Diagrams. Ph.D. thesis (2006)Google Scholar
  16. 16.
    Lhoták, O., Chung, K.C.A.: Points-to analysis with efficient strong updates. In: POPL 2011 (2011)Google Scholar
  17. 17.
    Lhoták, O., Hendren, L.: Context-sensitive points-to analysis: is it worth it? In: Mycroft, A., Zeller, A. (eds.) CC 2006. LNCS, vol. 3923, pp. 47–64. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Lhoták, O., Hendren, L.: Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Trans. Softw. Eng. Methodol. 18(1), 1–53 (2008)CrossRefGoogle Scholar
  19. 19.
    Li, Y., Tan, T., Sui, Y., Xue, J.: Self-inferencing reflection resolution for java. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 27–53. Springer, Heidelberg (2014)Google Scholar
  20. 20.
    Li, Y., Tan, T., Xue, J.: Effective soundness-guided reflection analysis. In: Blazy, S., Jensen, T. (eds.) SAS 2015. LNCS, vol. 9291, pp. 162–180. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  21. 21.
    Li, Y., Tan, T., Zhang, Y., Xue, J.: Program tailoring: Slicing by sequential criteria. In: ECOOP 2016 (2016)Google Scholar
  22. 22.
    Mangal, R., Zhang, X., Nori, A.V., Naik, M.: A user-guided approach to program analysis. In: FSE 2015 (2015)Google Scholar
  23. 23.
    Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to and side-effect analyses for java. In: ISSTA 2002 (2002)Google Scholar
  24. 24.
    Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol. 14(1), 1–41 (2005)CrossRefGoogle Scholar
  25. 25.
    Naik, M., Aiken, A., Whaley, J.: Effective static race detection for java. In: PLDI 2006 (2006)Google Scholar
  26. 26.
    Oh, H., Lee, W., Heo, K., Yang, H., Yi, K.: Selective context-sensitivity guided by impact pre-analysis. In: PLDI 2014 (2014)Google Scholar
  27. 27.
    Shivers, O.G.: Control-flow Analysis of Higher-order Languages of Taming Lambda. Ph.D. thesis (1991)Google Scholar
  28. 28.
    Smaragdakis, Y., Balatsouras, G.: Pointer analysis. Found. Trends Program. Lang. 2, 1–69 (2015)CrossRefGoogle Scholar
  29. 29.
    Smaragdakis, Y., Bravenboer, M., Lhoták, O.: Pick your contexts well: understanding object-sensitivity. In: POPL 2011 (2011)Google Scholar
  30. 30.
    Sridharan, M., Bodík, R.: Refinement-based context-sensitive points-to analysis for Java. In: PLDI 2006 (2006)Google Scholar
  31. 31.
    Sridharan, M., Chandra, S., Dolby, J., Fink, S.J., Yahav, E.: Alias analysis for object-oriented programs. In: Noble, J., Wrigstad, T., Clarke, D. (eds.) Aliasing in Object-Oriented Programming. LNCS, vol. 7850, pp. 196–232. Springer, Heidelberg (2013)Google Scholar
  32. 32.
    Sui, Y., Di, P., Xue, J.: Sparse flow-sensitive pointer analysis for multithreaded programs. In: CGO 2016 (2016)Google Scholar
  33. 33.
    Sui, Y., Li, Y., Xue, Y.: Query-directed adaptive heap cloning for optimizing compilers. In: CGO 2013 (2013)Google Scholar
  34. 34.
    Sui, Y., Ye, D., Xue, J.: Static memory leak detection using full-sparse value-flow analysis. In: ISSTA 2012 (2012)Google Scholar
  35. 35.
    Sui, Y., Ye, D., Xue, J.: Detecting memory leaks statically with full-sparse value-flow analysis. IEEE Trans. Softw. Eng. 40(2), 107–122 (2014)CrossRefGoogle Scholar
  36. 36.
    Wala, T.J.: Watson libraries for analysis.
  37. 37.
    Yu, H., Xue, J., Huo, W., Feng, X., Zhang, Z.: Level by level: making flow- and context-sensitive pointer analysisscalable for millions of lines of code. In: CGO 2010 (2010)Google Scholar
  38. 38.
    Zhang, X., Mangal, R., Grigore, R., Naik, M., Yang, H.: On abstraction refinement for program analyses in datalog. In: PLDI 2014 (2014)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany 2016

Authors and Affiliations

  1. 1.School of Computer Science and EngineeringUNSW AustraliaSydneyAustralia
  2. 2.Advanced Innovation Center for Imaging TechnologyCNUBeijingChina

Personalised recommendations