Client-Driven Pointer Analysis

This paper presents a new client-driven pointer analysis algorithm that automatically adjusts its precision in response to the needs of client analyses. We evaluate our algorithm on 18 real C programs, using five significant error detection problems as clients. We compare the accuracy and performance of our algorithm against several commonly-used fixed-precision algorithms. We find that the client-driven approach effectively balances cost and precision, often producing results as accurate as fixed-precision algorithms that are many times more costly. Our algorithm works because many client problems only need a small amount of extra precision applied to the right places in each input program.

[1]  Susan Horwitz,et al.  The Effects of the Precision of Pointer Analysis , 1997, SAS.

[2]  Paul Barry,et al.  Programming Perl 3rd Edition , 2000 .

[3]  Erik Ruf,et al.  Context-insensitive alias analysis reconsidered , 1995, PLDI '95.

[4]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[5]  Calvin Lin,et al.  Optimizing the Use of High Performance Software Libraries , 2000, LCPC.

[6]  Mark N. Wegman,et al.  An efficient method of computing static single assignment form , 1989, POPL '89.

[7]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[8]  Amer Diwan,et al.  Using types to analyze and optimize object-oriented programs , 2001, TOPL.

[9]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[10]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[11]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[12]  Calvin Lin,et al.  An annotation language for optimizing software libraries , 1999, DSL '99.

[13]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[14]  Michael Hind,et al.  Pointer analysis: haven't we solved this problem yet? , 2001, PASTE '01.

[15]  S LamMonica,et al.  Efficient context-sensitive pointer analysis for C programs , 1995 .

[16]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[17]  Raymond Lo,et al.  Effective Representation of Aliases and Indirect Memory Operations in SSA Form , 1996, CC.

[18]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[19]  Alexander Aiken,et al.  Polymorphic versus Monomorphic Flow-Insensitive Points-to Analysis for C , 2000, SAS.

[20]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[21]  Olivier Tardieu,et al.  Demand-driven pointer analysis , 2001, PLDI '01.

[22]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[23]  Thomas W. Reps,et al.  Demand interprocedural dataflow analysis , 1995, SIGSOFT FSE.

[24]  Barbara G. Ryder,et al.  Comparing flow and context sensitivity on the modification-side-effects problem , 1998, ISSTA '98.

[25]  Barbara G. Ryder,et al.  Experiments with combined analysis for pointer aliasing , 1998, PASTE '98.

[26]  Michael Hind,et al.  Evaluating the effectiveness of pointer alias analyses , 2001, Sci. Comput. Program..

[27]  Manuvir Das,et al.  Unification-based pointer analysis with directional assignments , 2000, PLDI '00.

[28]  Andrew A. Chien,et al.  Precise Concrete Type Inference for Object-Oriented Languages , 1994, OOPSLA.