Towards Comparing and Combining Points-to Analyses

Points-to information is the basis for many analyses and transformations, e.g., for program understanding and optimization. To justify new analysis techniques, they need to be compared to the state of the art regarding their accuracy and efficiency. Usually, benchmark suites are used to experimentally compare the different techniques. In this paper, we show that the accuracy of two analyses can only be compared in restricted cases, as there is no benchmark suite with exact Points-to information, no Gold Standard, and it is hard to construct one for realistic programs. We discuss the challenges and possible traps that may arise when comparing different Points-to analyses directly with each other, and with over- and under-approximations of a Gold Standard. Moreover, we discuss how different Points-to analyses can be combined to a more precise one. We complement the paper with experiments comparing and combining different static and dynamic Points-to analyses.

[1]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[2]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[3]  Atanas Rountev,et al.  Evaluating the imprecision of static analysis , 2004, PASTE '04.

[4]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[5]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[6]  Marcelo Cintra,et al.  Quantifying Uncertainty in Points-To Relations , 2006, LCPC.

[7]  Amer Diwan,et al.  Fast online pointer analysis , 2007, TOPL.

[8]  Jingling Xue,et al.  Interprocedural Side-Effect Analysis and Optimisation in the Presence of Dynamic Class Loading , 2005, ACSC.

[9]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[10]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[11]  Welf Löwe,et al.  A Scalable Flow-Sensitive Points-to Analysis , 2006 .

[12]  Ondrej Lhoták,et al.  Comparing call graphs , 2007, PASTE '07.

[13]  Barbara G. Ryder Dimensions of Precision in Reference Analysis of Object-Oriented Programming Languages , 2003, CC.

[14]  Atanas Rountev,et al.  Static and dynamic analysis of call chains in java , 2004, ISSTA '04.

[15]  Markus Mock,et al.  Dynamic points-to sets: a comparison with static analyses and potential applications in program understanding and optimization , 2001, PASTE '01.

[16]  Susan Horwitz,et al.  Using static single assignment form to improve flow-insensitive pointer analysis , 1998, PLDI '98.

[17]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[18]  Welf Löwe,et al.  Fast and Precise Points-to Analysis , 2008, 2008 Eighth IEEE International Working Conference on Source Code Analysis and Manipulation.