Sparse Dataflow Analysis with Pointers and Reachability

Many static analyzers exploit sparseness techniques to reduce the amount of information being propagated and stored during analysis. Although several variations are described in the literature, no existing technique is suitable for analyzing JavaScript code. In this paper, we point out the need for a sparse analysis framework that supports pointers and reachability.We present such a framework, which uses static single assignment form for heap addresses and computes def-use information on-the-fly.We also show that essential information about dominating definitions can be maintained efficiently using quadtrees. The framework is presented as a systematic modification of a traditional dataflow analysis algorithm.

[1]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[2]  Mark N. Wegman,et al.  Analysis of pointers and structures (with retrospective) , 1990 .

[3]  Keshav Pingali,et al.  Dependence-based program analysis , 1993, PLDI '93.

[4]  Peter Thiemann,et al.  Interprocedural Analysis with Lazy Propagation , 2010, SAS.

[5]  Ben Hardekopf,et al.  Semi-sparse flow-sensitive pointer analysis , 2009, POPL '09.

[6]  Peter Thiemann,et al.  Type Analysis for JavaScript , 2009, SAS.

[7]  Raymond Lo,et al.  Effective Representation of Aliases and Indirect Memory Operations in SSA Form , 1996, CC.

[8]  Jeffrey D. Ullman,et al.  Monotone data flow analysis frameworks , 1977, Acta Informatica.

[9]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[10]  Ben Hardekopf,et al.  Flow-sensitive pointer analysis for millions of lines of code , 2011, International Symposium on Code Generation and Optimization (CGO 2011).

[11]  John H. Reif,et al.  Symbolic evaluation and the global value graph , 1977, POPL.

[12]  Thomas W. Reps,et al.  Recency-Abstraction for Heap-Allocated Storage , 2006, SAS.

[13]  Hakjoo Oh,et al.  Design and implementation of sparse global analyses for C-like languages , 2012, PLDI.

[14]  Frank Tip,et al.  Dynamic determinacy analysis , 2013, PLDI.

[15]  M. Wegman,et al.  Global value numbers and redundant computations , 1988, POPL '88.

[16]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[17]  Calvin Lin,et al.  Efficient Flow-Sensitive Interprocedural Data-Flow Analysis in the Presence of Pointers , 2006, CC.

[18]  Mark N. Wegman,et al.  Constant propagation with conditional branches , 1985, POPL.

[19]  Stefan Staiger-Stöhr Practical Integrated Analysis of Pointers, Dataflow and Control Flow , 2013, TOPL.

[20]  Sariel Har-Peled Geometric Approximation Algorithms , 2011 .

[21]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.

[22]  Mark de Berg,et al.  Computational geometry: algorithms and applications , 1997 .