Alias analysis for optimization of dynamic languages

Dynamic languages such as Python allow programs to be written more easily using high-level constructs such as comprehensions for queries and using generic code. Efficient execution of programs then requires powerful optimizations - incrementalization of expensive queries and specialization of generic code. Effective incrementalization and specialization of dynamic languages require precise and scalable alias analysis. This paper describes the development and experimental evaluation of a may-alias analysis for a full dynamic object-oriented language, for program optimization by incrementalization and specialization. The analysis is flow-sensitive; we show that this is necessary for effective optimization of dynamic languages. It uses precise type analysis and a powerful form of context sensitivity, called trace sensitivity, to further improve analysis precision. It uses a compressed representation to significantly reduce the memory used by flow-sensitive analyses.We evaluate the effectiveness of this analysis and 17 variants of it for incrementalization and specialization of Python programs, and we evaluate the precision, memory usage, and running time of these analyses on programs of diverse sizes. The results show that our analysis has acceptable precision and efficiency and represents the best trade-off between them compared to the variants.

[1]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[2]  Manu Sridharan,et al.  Refinement-based context-sensitive points-to analysis for Java , 2006, PLDI '06.

[3]  Yannis Smaragdakis,et al.  Strictly declarative specification of sophisticated points-to analyses , 2009, OOPSLA '09.

[4]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[5]  Markus Mock,et al.  Improving program slicing with dynamic points-to data , 2002, SIGSOFT '02/FSE-10.

[6]  David F. Bacon,et al.  Fast static analysis of C++ virtual function calls , 1996, OOPSLA '96.

[7]  Jakob Rehof,et al.  Scalable context-sensitive flow analysis using instantiation constraints , 2000, PLDI '00.

[8]  Christopher Krügel,et al.  Precise alias analysis for static detection of web application vulnerabilities , 2006, PLAS '06.

[9]  Alexander Aiken,et al.  Polymorphic versus Monomorphic Flow-Insensitive Points-to Analysis for C , 2000, SAS.

[10]  Sophia Drossopoulou,et al.  Towards Type Inference for JavaScript , 2005, ECOOP.

[11]  Jeffrey S. Foster,et al.  Static type inference for Ruby , 2009, SAC '09.

[12]  R. Nigel Horspool,et al.  Compile-Time Analysis of Object-Oriented Programs , 1992, CC.

[13]  Susan Horwitz,et al.  Using static single assignment form to improve flow-insensitive pointer analysis , 1998, PLDI '98.

[14]  Jong-Deok Choi,et al.  A framework for interprocedural optimization in the presence of dynamic class loading , 2000, PLDI '00.

[15]  Shriram Krishnamurthi,et al.  Using static analysis for Ajax intrusion detection , 2009, WWW '09.

[16]  Amer Diwan,et al.  Type-based alias analysis , 1998, PLDI.

[17]  Michael Hind,et al.  Evaluating the effectiveness of pointer alias analyses , 2001, Sci. Comput. Program..

[18]  Armin Rigo,et al.  Representation-based just-in-time specialization and the psyco prototype for python , 2004, PEPM '04.

[19]  GoyalDeepak Transformational Derivation of an Improved Alias Analysis Algorithm , 2005 .

[20]  Benjamin Livshits,et al.  Context-sensitive program analysis as database queries , 2005, PODS.

[21]  Erik Ruf,et al.  Context-insensitive alias analysis reconsidered , 1995, PLDI '95.

[22]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[23]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[24]  Yanhong A. Liu,et al.  Analysis and Transformations for Efficient Query-Based Debugging , 2008, 2008 Eighth IEEE International Working Conference on Source Code Analysis and Manipulation.

[25]  Ben Hardekopf,et al.  Semi-sparse flow-sensitive pointer analysis , 2009, POPL '09.

[26]  Yanhong A. Liu,et al.  A language and framework for invariant-driven transformations , 2009, GPCE '09.

[27]  Yanhong A. Liu,et al.  Incrementalization across object abstraction , 2005, OOPSLA '05.

[28]  Olin Shivers,et al.  Control flow analysis in scheme , 1988, PLDI '88.

[29]  Calvin Lin,et al.  Error checking with client-driven pointer analysis , 2005, Sci. Comput. Program..

[30]  Michael Hind,et al.  Pointer analysis: haven't we solved this problem yet? , 2001, PASTE '01.

[31]  Jong-Deok Choi,et al.  Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects , 1993, POPL '93.

[32]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[33]  Vikram S. Adve,et al.  Making context-sensitive points-to analysis with heap cloning practical for the real world , 2007, PLDI '07.

[34]  Kwang-Moo Choe,et al.  Points-to analysis for JavaScript , 2009, SAC '09.

[35]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[36]  Christopher Krügel,et al.  Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[37]  G. Ramalingam,et al.  The undecidability of aliasing , 1994, TOPL.