Pointer analysis for programs with structures and casting

Type casting allows a program to access an object as if it had a type different from its declared type. This complicates the design of a pointer-analysis algorithm that treats structure fields as separate objects; therefore, some previous pointer-analysis algorithms "collapse" a structure into a single variable. The disadvantage of this approach is that it can lead to very imprecise points-to information. Other algorithms treat each field as a separate object based on its offset and size. While this approach leads to more precise results, the results are not portable because the memory layout of structures is implementation dependent.This paper first describes the complications introduced by type casting, then presents a tunable pointer-analysis framework for handling structures in the presence of casting. Different instances of this framework produce algorithms with different levels of precision, portability, and efficiency. Experimental results from running our implementations of four instances of this framework show that (i) it is important to distinguish fields of structures in pointer analysis, but (ii) making conservative approximations when casting is involved usually does not cost much in terms of time, space, or the precision of the results.

[1]  Barbara G. Ryder,et al.  Comparing flow and context sensitivity on the modification-side-effects problem , 1998, ISSTA '98.

[2]  Susan Horwitz,et al.  The Effects of the Precision of Pointer Analysis , 1997, SAS.

[3]  Barbara G. Ryder,et al.  Interprocedural modification side effect analysis with pointer aliasing , 1993, PLDI '93.

[4]  M. Burke,et al.  Eecient Flow-sensitive Interprocedural Computation of Pointer-induced Aliases and Side Eeects , 1993 .

[5]  Giuliano Antoniol,et al.  Points to analysis for program understanding , 1997, Proceedings Fifth International Workshop on Program Comprehension. IWPC'97.

[6]  Susan Horwitz,et al.  Fast and accurate flow-insensitive points-to analysis , 1997, POPL '97.

[7]  Todd M. Austin,et al.  Efficient detection of all pointer and array access errors , 1994, PLDI '94.

[8]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[9]  GhiyaRakesh,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994 .

[10]  International standard ISO / IEC 9899 Programming languages C - reference number ISO/IEC 9899:1999(E), Second Edition 1999-12-01 , 1999 .

[11]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[12]  Bjarne Steensgaard Points-to Analysis by Type Inference of Programs with Structures and Unions , 1996, CC.

[13]  Herbert Schildt,et al.  The annotated ANSI C Standard American National Standard for Programming Languages—C: ANSI/ISO 9899-1990 , 1990 .

[14]  Erik Ruf,et al.  Context-insensitive alias analysis reconsidered , 1995, PLDI '95.

[15]  Steven W. K. Tjiang,et al.  SUIF: an infrastructure for research on parallelizing and optimizing compilers , 1994, SIGP.

[16]  Jong-Deok Choi,et al.  Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects , 1993, POPL '93.

[17]  Jong-Deok Choi,et al.  Flow-Insensitive Interprocedural Alias Analysis in the Presence of Pointers , 1994, LCPC.