Merging equivalent contexts for scalable heap-cloning-based context-sensitive points-to analysis

A context-sensitive points-to analysis maintains separate points-to relationships for each possible (abstract) calling context of a method. Previous work has shown that a large number of equivalence classes exists in the representation of calling contexts. Such equivalent contexts provide opportunities for context-sensitive analyses based on binary decision diagrams (BDDs), in which BDDs automatically merge equivalent points-to relationships. However, the use of a BDD ``black box'' introduces additional overhead for analysis running time. Furthermore, with heap cloning (i.e., using context-sensitive object allocation sites), BDDs are not as effective because the number of equivalence classes increases significantly. A further step must be taken to look inside the BDD black box to investigate where the equivalence comes from, and what tradeoffs can be employed to enable practical large-scale heap cloning. This paper presents an analysis for Java that exploits equivalence classes in context representation. For a particular pointer variable or heap object, all abstract contexts within an equivalence class can be merged. This technique naturally results in a new non-BDD context-sensitive points-to analysis. Based on these equivalence classes,the analysis employs a last-k-substring merging approach to define scalability and precision tradeoffs. We show that small values for k can enable scalable heap cloning for large Java programs. The proposed analysis has been implemented and evaluated on a large set of Java programs. The experimental results show improvements over an existing 1-object-sensitive analysis with heap cloning, which is the most precise scalable analysis implemented in the state-of-the-art Paddle analysis framework. For computing a points-to solution for an entire program, our approach is an order of magnitude faster compared to this BDD-based analysis and to a related non-BDD refinement-based analysis.

[1]  Jong-Deok Choi,et al.  Escape analysis for Java , 1999, OOPSLA '99.

[2]  Manu Sridharan,et al.  Refinement-based context-sensitive points-to analysis for Java , 2006, PLDI '06.

[3]  Ondrej Lhoták,et al.  Points-to analysis using BDDs , 2003, PLDI '03.

[4]  Ben Hardekopf,et al.  The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code , 2007, PLDI '07.

[5]  Michael Hind,et al.  Pointer analysis: haven't we solved this problem yet? , 2001, PASTE '01.

[6]  Donglin Liang,et al.  Efficient Computation of Parameterized Pointer Information for Interprocedural Analyses , 2001, SAS.

[7]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to and side-effect analyses for Java , 2002, ISSTA '02.

[8]  Ondrej Lhoták,et al.  Jedd: a BDD-based relational extension of Java , 2004, PLDI '04.

[9]  Ondrej Lhoták,et al.  Program analysis using binary decision diagrams , 2006 .

[10]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI '06.

[11]  Calvin Lin,et al.  Client-Driven Pointer Analysis , 2003, SAS.

[12]  David Grove,et al.  A framework for call graph construction algorithms , 2001, TOPL.

[13]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[14]  Vineet Kahlon Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis , 2008, PLDI '08.

[15]  Martin C. Rinard,et al.  Compositional pointer and escape analysis for Java programs , 1999, OOPSLA '99.

[16]  Vikram S. Adve,et al.  Making context-sensitive points-to analysis with heap cloning practical for the real world , 2007, PLDI '07.

[17]  Hong-Seok Kim,et al.  Bottom-Up and Top-Down Context-Sensitive Summary-Based Pointer Analysis , 2004, SAS.

[18]  Uday P. Khedker,et al.  Efficiency, Precision, Simplicity, and Generality in Interprocedural Data Flow Analysis: Resurrecting the Classical Call Strings Method , 2008, CC.

[19]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[20]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[21]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[22]  Barbara G. Ryder Dimensions of Precision in Reference Analysis of Object-Oriented Programming Languages , 2003, CC.

[23]  Erik Ruf,et al.  Effective synchronization removal for Java , 2000, PLDI '00.

[24]  Hong-Seok Kim,et al.  Importance of heap specialization in pointer analysis , 2004, PASTE '04.

[25]  Manu Sridharan,et al.  Demand-driven points-to analysis for Java , 2005, OOPSLA '05.

[26]  Laurie J. Hendren,et al.  Optimizing Java Bytecode Using the Soot Framework: Is It Feasible? , 2000, CC.

[27]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[28]  David F. Bacon,et al.  Fast static analysis of C++ virtual function calls , 1996, OOPSLA '96.

[29]  Jianwen Zhu,et al.  Symbolic pointer analysis revisited , 2004, PLDI '04.