Precision vs. scalability: Context sensitive analysis with prefix approximation

Context sensitive inter-procedural dataflow analysis is a precise approach for static analysis of programs. It is very expensive in its full form. We propose a prefix approximation for context sensitive analysis, wherein a prefix of the full context stack is used to tag dataflow facts. Our technique, which is in contrast with suffix approximation that has been widely used in the literature, is designed to be more scalable when applied to programs with modular structure. We describe an instantiation of our technique in the setting of the classical call-strings approach for inter-procedural analysis. We analyzed several large enterprise programs using an implementation of our technique, and compared it with the fully context sensitive, context insensitive, as well as suffix-approximated variants of the call-strings approach. The precision of our technique was in general less than that of suffix approximation when measured on entire programs. However, the precision that it offered for outer-level procedures, which typically contain key business logic, was better, and its performance was much better.

[1]  Satish Chandra,et al.  Dependent Types for Program Understanding , 2005, TACAS.

[2]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[3]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[4]  Shrawan Kumar,et al.  Static program analysis of large embedded code base: an experience , 2011, ISEC.

[5]  Florian Martin Experimental Comparison of call string and functional Approaches to Interprocedural Analysis , 1999, CC.

[6]  Uday P. Khedker,et al.  Efficiency, Precision, Simplicity, and Generality in Interprocedural Data Flow Analysis: Resurrecting the Classical Call Strings Method , 2008, CC.

[7]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[8]  Sandrine Blazy,et al.  SFAC, a tool for program comprehension by specialization , 1994, Proceedings 1994 IEEE 3rd Workshop on Program Comprehension- WPC '94.

[9]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[10]  Jeffrey G. Gray,et al.  Pattern transformation for two-dimensional separation of concerns , 2005, ACM SIGSOFT Softw. Eng. Notes.

[11]  Lori L. Pollock,et al.  The Construction of Contextual Def-Use Associations for Object-Oriented Systems , 2003, IEEE Trans. Software Eng..

[12]  Baowen Xu,et al.  A brief survey of program slicing , 2005, SOEN.

[13]  Raghavan Komondoor,et al.  Recovering Data Models via Guarded Dependences , 2007, 14th Working Conference on Reverse Engineering (WCRE 2007).

[14]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[15]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[16]  Helen J. Wang,et al.  Tupni: automatic reverse engineering of input formats , 2008, CCS.

[17]  Thomas W. Reps,et al.  Extracting Output Formats from Executables , 2006, 2006 13th Working Conference on Reverse Engineering.

[18]  Thomas W. Reps,et al.  WYSINWYX: What you see is not what you eXecute , 2005, TOPL.