Practical Points-to Analysis for Programs Built with Libraries

Traditional whole-program analysis cannot be directly applied to programs that include precompiled libraries. Such programs could be analyzed separately from the included libraries by using precomputed summary information about each library. This paper describes one such separate analysis derived from Andersen’s wholeprogram points-to analysis [2]. The analysis uses a summary which is a compact representation of the points-to effects of all statements in the library. The summary is generated by substituting some of the library variables with placeholder variables. By replacing many variables with the same placeholder, we can reduce the size of the summary and the cost of the separate analysis. We use a substitution which summarizes the library effects without losing precision or exposing the internals of the library. Our experiments show that the cost of computing and storing the summary is practical, and that the substitution technique significantly reduces the cost of the separate analysis.

[1]  Donglin Liang,et al.  Equivalence analysis: a general technique to improve the efficiency of data-flow analyses in the presence of pointers , 1999, PASTE '99.

[2]  Barbara G. Ryder,et al.  Comparing flow and context sensitivity on the modification-side-effects problem , 1998, ISSTA '98.

[3]  Bowen Alpern,et al.  Detecting equality of variables in programs , 1988, POPL '88.

[4]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[5]  Barbara G. Ryder,et al.  Program decomposition for pointer aliasing: a step toward practical analyses , 1996, SIGSOFT '96.

[6]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[7]  Barbara G. Ryder,et al.  Data-flow analysis of program fragments , 1999, ESEC/FSE-7.

[8]  Erik Ruf,et al.  Context-insensitive alias analysis reconsidered , 1995, PLDI '95.

[9]  Elaine J. Weyuker,et al.  Testing Component-Based Software: A Cautionary Tale , 1998, IEEE Softw..

[10]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[11]  Barbara G. Ryder,et al.  An efficient hybrid algorithm for incremental data flow analysis , 1989, POPL '90.

[12]  Susan Horwitz,et al.  The Effects of the Precision of Pointer Analysis , 1997, SAS.

[13]  Atanas Rountev,et al.  Off-line variable substitution for scaling points-to analysis , 2000, PLDI '00.

[14]  Donglin Liang,et al.  Efficient points-to analysis for whole-program analysis , 1999, ESEC/FSE-7.

[15]  Jong-Deok Choi,et al.  Interprocedural pointer alias analysis , 1999, TOPL.

[16]  Alexander Aiken,et al.  Partial online cycle elimination in inclusion constraint graphs , 1998, PLDI.

[17]  Susan Horwitz,et al.  Fast and accurate flow-insensitive points-to analysis , 1997, POPL '97.

[18]  Gregg Rothermel,et al.  Separate Computation of Alias Information for Reuse , 1996, IEEE Trans. Software Eng..

[19]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[20]  Barbara G. Ryder,et al.  A safe approximate algorithm for interprocedural aliasing , 1992, PLDI '92.

[21]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[22]  Alexander Aiken,et al.  Projection merging: reducing redundancies in inclusion constraint graphs , 2000, POPL '00.

[23]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.