Introspective analysis: context-sensitivity, across the board

Context-sensitivity is the primary approach for adding more precision to a points-to analysis, while hopefully also maintaining scalability. An oft-reported problem with context-sensitive analyses, however, is that they are bi-modal: either the analysis is precise enough that it manipulates only manageable sets of data, and thus scales impressively well, or the analysis gets quickly derailed at the first sign of imprecision and becomes orders-of-magnitude more expensive than would be expected given the program's size. There is currently no approach that makes precise context-sensitive analyses (of any flavor: call-site-, object-, or type-sensitive) scale across the board at a level comparable to that of a context-insensitive analysis. To address this issue, we propose introspective analysis: a technique for uniformly scaling context-sensitive analysis by eliminating its performance-detrimental behavior, at a small precision expense. Introspective analysis consists of a common adaptivity pattern: first perform a context-insensitive analysis, then use the results to selectively refine (i.e., analyze context-sensitively) program elements that will not cause explosion in the running time or space. The technical challenge is to appropriately identify such program elements. We show that a simple but principled approach can be remarkably effective, achieving scalability (often with dramatic speedup) for benchmarks previously completely out-of-reach for deep context-sensitive analyses.

[1]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[2]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[3]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[4]  Yannis Smaragdakis,et al.  Strictly declarative specification of sophisticated points-to analyses , 2009, OOPSLA '09.

[5]  Monica S. Lam,et al.  Using Datalog with Binary Decision Diagrams for Program Analysis , 2005, APLAS.

[6]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to and side-effect analyses for Java , 2002, ISSTA '02.

[7]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[8]  Manu Sridharan,et al.  Refinement-based context-sensitive points-to analysis for Java , 2006, PLDI '06.

[9]  Thomas W. Reps,et al.  Demand Interprocedural Program Analysis Using Logic Databases , 1993, Workshop on Programming with Logic Databases , ILPS.

[10]  Yannis Smaragdakis,et al.  Efficient and Effective Handling of Exceptions in Java Points-to Analysis , 2013, CC.

[11]  Benjamin Livshits,et al.  Practical static analysis of JavaScript applications in the presence of frameworks and libraries , 2013, ESEC/FSE 2013.

[12]  Calvin Lin,et al.  Client-Driven Pointer Analysis , 2003, SAS.

[13]  Michael Eichberg,et al.  Defining and continuous checking of structural program dependencies , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[14]  Xin Zheng,et al.  Demand-driven alias analysis for C , 2008, POPL '08.

[15]  Laurie J. Hendren,et al.  Optimizing Java Bytecode Using the Soot Framework: Is It Feasible? , 2000, CC.

[16]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[17]  Benjamin Livshits,et al.  GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code , 2009, USENIX Security Symposium.

[18]  Y. Smaragdakis Pick Your Contexts Well : Understanding Object-Sensitivity The Making of a Precise and Scalable Pointer Analysis , 2010 .

[19]  Manu Sridharan,et al.  Demand-driven points-to analysis for Java , 2005, OOPSLA '05.

[20]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.

[21]  Mayur Naik,et al.  Scaling abstraction refinement via pruning , 2011, PLDI '11.

[22]  Benjamin Livshits,et al.  Context-sensitive program analysis as database queries , 2005, PODS.

[23]  Olivier Tardieu,et al.  Demand-driven pointer analysis , 2001, PLDI '01.

[24]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[25]  Yannis Smaragdakis,et al.  Resolving and exploiting the k-CFA paradox: illuminating functional vs. object-oriented program analysis , 2010, PLDI '10.

[26]  Elnar Hajiyev,et al.  codeQuest: Scalable Source Code Queries with Datalog , 2006, ECOOP.

[27]  Manu Sridharan,et al.  TAJ: effective taint analysis of web applications , 2009, PLDI '09.

[28]  Yannis Smaragdakis,et al.  Hybrid context-sensitivity for points-to analysis , 2013, PLDI.

[29]  Ondrej Lhoták,et al.  Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation , 2008, TSEM.