Lazy Pointer Analysis

Flow- and context-sensitive pointer analysis is generally considered too expensive for large programs; most tools relax one or both of the require- ments for scalability. We formulate a flow- and context-sens itive points-to anal- ysis that is lazy in the following sense: points-to informat ion is computed only for live pointers and its propagation is sparse (restricted to live ranges of respec- tive pointers). Our analysis also: ( i) uses strong liveness, effectively including dead code elimination; (ii) afterwards calculates must-points-to information from may-points-to information instead of using a mutual fixed-p oint; (iii) uses value- based termination of call strings during interprocedural a nalysis (which reduces the number of call strings significantly). A naive implementation of our analysis within GCC-4.6.0 gave analysis time and size of points-to measurements for SPEC2006. Using liveness reduced the amount of points-to information by an order of magnitude with no loss of pre- cision. For all programs under 30kLoC we found that the results were much more precise than gcc's analysis. What comes as a pleasant su rprise however, is the fact that below this cross-over point, our naive linke d-list implementation is faster than a flow- and context-insensitive analysis whic h is primarily used for efficiency. We speculate that lazy flow- and context-sensiti ve analyses may be not only more precise, but also more efficient, than current appr oaches.

[1]  Amitabha Sanyal,et al.  Data Flow Analysis - Theory and Practice , 2009 .

[2]  Aditya Kanade,et al.  Heterogeneous Fixed Points with Application to Points-To Analysis , 2005, APLAS.

[3]  Erik Ruf Context-insensitive Alias Analysis Reconsidered Context-insensitive Alias Analysis Reconsidered , 1995 .

[4]  Michael Hind,et al.  Assessing the Effects of Flow-Sensitivity on Pointer Alias Analyses , 1998, SAS.

[5]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[6]  Susan Horwitz,et al.  The Effects of the Precision of Pointer Analysis , 1997, SAS.

[7]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[8]  Uday P. Khedker,et al.  Efficiency, Precision, Simplicity, and Generality in Interprocedural Data Flow Analysis: Resurrecting the Classical Call Strings Method , 2008, CC.

[9]  Vineet Kahlon Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis , 2008, PLDI '08.

[10]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[11]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[12]  Neil D. Jones,et al.  Program Flow Analysis: Theory and Application , 1981 .

[13]  Uday P. Khedker,et al.  An improved bound for call strings based interprocedural analysis of bit vector frameworks , 2007, TOPL.

[14]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[15]  Susan Horwitz,et al.  Using static single assignment form to improve flow-insensitive pointer analysis , 1998, PLDI '98.

[16]  Jeffrey D. Ullman,et al.  Monotone data flow analysis frameworks , 1977, Acta Informatica.

[17]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[18]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[19]  Matthew S. Hecht,et al.  Flow Analysis of Computer Programs , 1977 .

[20]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[21]  Hongtao Yu,et al.  Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code , 2010, CGO '10.