Scalable propagation-based call graph construction algorithms

Propagation-based call graph construction algorithms have been studied intensively in the 199Os, and differ primarily in the number of sets that are used to approximate run-time values of expressions. In practice, algorithms such as RTA that use a single set for the whole program scale well. The scalability of algorithms such as 0-CFA that use one set per expression remains doubtful.In this paper, we investigate the design space between RTA and 0-CFA. We have implemented various novel algorithms in the context of Jax, an application extractor for Java, and shown that they all scale to a 325,000-line program. A key property of these algorithms is that they do not analyze values on the run-time stack, which makes them efficient and easy to implement. Surprisingly, for detecting unreachable methods, the inexpensive RTA algorithm does almost as well as the seemingly more powerful algorithms. However, for determining call sites with a single target, one of our new algorithms obtains the current best tradeoff between speed and precision.

[1]  TipFrank,et al.  Practical experience with an application extractor for Java , 1999 .

[2]  Suresh Jagannathan,et al.  A unified treatment of flow analysis in higher-order languages , 1995, POPL '95.

[3]  R. Nigel Horspool,et al.  Efficient type inclusion tests , 1997, OOPSLA '97.

[4]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[5]  David Robson,et al.  Smalltalk-80: The Language and Its Implementation , 1983 .

[6]  Frank Tip,et al.  Practical experience with an application extractor for Java , 1999, OOPSLA '99.

[7]  Alexander Aiken,et al.  Projection merging: reducing redundancies in inclusion constraint graphs , 2000, POPL '00.

[8]  David F. Bacon,et al.  Fast static analysis of C++ virtual function calls , 1996, OOPSLA '96.

[9]  Neil D. Jones,et al.  A flexible approach to interprocedural data flow analysis and programs with recursive data structures , 1982, POPL '82.

[10]  Lars Ole Andersen,et al.  Self-applicable C Program Specialization , 1992, PEPM.

[11]  David Grove,et al.  Fast interprocedural class analysis , 1998, POPL '98.

[12]  David F. Bacon,et al.  Fast and effective optimization of statically typed object-oriented languages , 1997 .

[13]  Jens Palsberg,et al.  Object-oriented type inference , 1991, OOPSLA '91.

[14]  Fritz Henglein Dynamic Typing , 1992, ESOP.

[15]  R. Nigel Horspool,et al.  E cient Type Inclusion Tests , 1997 .

[16]  Alexander Aiken,et al.  Partial online cycle elimination in inclusion constraint graphs , 1998, PLDI.

[17]  Toshiaki Yasue,et al.  A study of devirtualization techniques for a Java Just-In-Time compiler , 2000, OOPSLA '00.

[18]  Nevin Heintze,et al.  Set-based analysis of ML programs , 1994, LFP '94.

[19]  David Grove,et al.  Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis , 1995, ECOOP.

[20]  David Grove,et al.  Call graph construction in object-oriented languages , 1997, OOPSLA '97.

[21]  Jens Palsberg,et al.  Making Type Inference Practical , 1992, ECOOP.

[22]  David A. Schmidt Natural-Semantics-Based Abstract Interpretation (Preliminary Version) , 1995, SAS.

[23]  Ole Agesen,et al.  Concrete type inference: delivering object-oriented applications , 1995 .

[24]  Frank Tip,et al.  Extracting library-based object-oriented applications , 2000, SIGSOFT '00/FSE-8.

[25]  Jens Palsberg,et al.  Object-oriented type systems , 1994, Wiley professional computing.

[26]  Toshiaki Yasue,et al.  Design, implementation, and evaluation of optimizations in a just-in-time compiler , 1999, JAVA '99.

[27]  Alexander Aiken,et al.  Program Analysis Using Mixed Term and Set Constraints , 1997, SAS.

[28]  Dan C. Stefanescu,et al.  An equational framework for the flow analysis of higher order functional programs , 1994, LFP '94.

[29]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[30]  Amitabh Srivastava,et al.  Unreachable procedures in object-oriented programming , 1992, LOPL.

[31]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[32]  Susan Horwitz,et al.  Fast and accurate flow-insensitive points-to analysis , 1997, POPL '97.

[33]  Suresh Jagannathan,et al.  Effective Flow Analysis for Avoiding Run-Time Checks , 1995, SAS.

[34]  Ole Agesen Constraint-Based Type Inference and Parametric Polymorphism , 1994, SAS.

[35]  Dirk Grunwald,et al.  Reducing indirect function call overhead in C++ programs , 1994, POPL '94.

[36]  Laurie J. Hendren,et al.  Optimizing Java Bytecode Using the Soot Framework: Is It Feasible? , 2000, CC.

[37]  J. Michael Ashley,et al.  A practical and flexible flow analysis for higher-order languages , 1998, TOPL.

[38]  Alexander Aiken,et al.  Polymorphic versus Monomorphic Flow-Insensitive Points-to Analysis for C , 2000, SAS.

[39]  Laurie J. Hendren,et al.  Practical virtual method call resolution for Java , 2000, OOPSLA '00.

[40]  Charles Consel,et al.  A tour of Schism: a partial evaluation system for higher-order applicative languages , 1993, PEPM '93.

[41]  Flemming Nielson,et al.  Infinitary control flow analysis: a collecting semantics for closure analysis , 1997, POPL '97.