Refinement in object-sensitivity points-to analysis via slicing

Object sensitivity analysis is a well-known form of context-sensitive points-to analysis. This analysis is parameterized by a bound on the names of symbolic objects associated with each allocation site. In this paper, we propose a novel approach based on object sensitivity analysis that takes as input a set of client queries, and tries to answer them using an initial round of inexpensive object sensitivity analysis that uses a low object-name length bound at all allocation sites. For the queries that are answered unsatisfactorily, the approach then pin points "bad" points-to facts, which are the ones that are responsible for the imprecision. It then employs a form of program slicing to identify allocation sites that are potentially causing these bad points-to facts to be generated. The approach then runs object sensitivity analysis once again, this time using longer names for just these allocation sites, with the objective of resolving the imprecision in this round. We describe our approach formally, prove its completeness, and describe a Datalog-based implementation of it on top of the Petablox framework. Our evaluation of our approach on a set of large Java benchmarks, using two separate clients, reveals that our approach is more precise than the baseline object sensitivity approach, by around 29% for one of the clients and by around 19% for the other client. Our approach is also more precise on most large benchmarks than a recently proposed approach that uses SAT solvers to identify allocation sites to refine.

[1]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.

[2]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[3]  Huang Bo Context Sensitive Interprocedural Pointer Analysis , 2000 .

[4]  Aniello Cimitile,et al.  Conditioned program slicing , 1998, Inf. Softw. Technol..

[5]  Uday P. Khedker,et al.  Heap Abstractions for Static Analysis , 2014, ACM Comput. Surv..

[6]  Donglin Liang,et al.  Slicing objects using system dependence graphs , 1998, Proceedings. International Conference on Software Maintenance (Cat. No. 98CB36272).

[7]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[8]  Eran Yahav,et al.  Alias Analysis for Object-Oriented Programs , 2013, Aliasing in Object-Oriented Programming.

[9]  Takeo Kanade,et al.  Aliasing in object-oriented programming: types, analysis and verification , 2013 .

[10]  Manu Sridharan,et al.  Refinement-based context-sensitive points-to analysis for Java , 2006, PLDI '06.

[11]  Thomas W. Reps,et al.  Demand Interprocedural Program Analysis Using Logic Databases , 1993, Workshop on Programming with Logic Databases , ILPS.

[12]  Jong-Deok Choi,et al.  Flow-Insensitive Interprocedural Alias Analysis in the Presence of Pointers , 1994, LCPC.

[13]  Raghavan Komondoor,et al.  Precision vs. scalability: Context sensitive analysis with prefix approximation , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[14]  Manu Sridharan,et al.  Thin slicing , 2007, PLDI '07.

[15]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[16]  Xin Zhang,et al.  On abstraction refinement for program analyses in Datalog , 2014, PLDI 2014.

[17]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[18]  Yannis Smaragdakis,et al.  Introspective analysis: context-sensitivity, across the board , 2014, PLDI.

[19]  Baowen Xu,et al.  Slicing object-oriented java programs , 2001, SIGP.

[20]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[21]  Gregor Snelting,et al.  An improved slicer for Java , 2004, PASTE.

[22]  Mayur Naik,et al.  Scaling abstraction refinement via pruning , 2011, PLDI '11.

[23]  Calvin Lin,et al.  Client-Driven Pointer Analysis , 2003, SAS.

[24]  Ravichandhran Madhavan,et al.  Modular Heap Analysis for Higher-Order Programs , 2012, SAS.

[25]  David A. Padua,et al.  Proceedings of the 5th International Workshop on Languages and Compilers for Parallel Computing , 1991 .

[26]  Mark Harman,et al.  Pre/post conditioned slicing , 2001, Proceedings IEEE International Conference on Software Maintenance. ICSM 2001.

[27]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[28]  Bilha Mendelson,et al.  Automatic detection of immutable fields in Java , 2000, CASCON.

[29]  Hongseok Yang,et al.  Selective context-sensitivity guided by impact pre-analysis , 2014, PLDI.

[30]  Jingling Xue,et al.  Making k-Object-Sensitive Pointer Analysis More Precise with Still k-Limiting , 2016, SAS.

[31]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[32]  Erik Poll,et al.  Immutable Objects for a Java-Like Language , 2007, ESOP.

[33]  Amer Diwan,et al.  The DaCapo benchmarks: java benchmarking development and analysis , 2006, OOPSLA '06.

[34]  Yannis Smaragdakis,et al.  Pointer Analysis , 2015, Found. Trends Program. Lang..

[35]  Darko Marinov,et al.  Object equality profiling , 2003, OOPSLA.

[36]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[37]  Frank Tip,et al.  Parametric program slicing , 1995, POPL '95.