Precise and scalable context-sensitive pointer analysis via value flow graph

In this paper, we propose a novel method for context-sensitive pointer analysis using the value flow graph (VFG) formulation. We achieve context-sensitivity by simultaneously applying function cloning and computing context-free language reachability (CFL-reachability) in a novel way. In contrast to existing clone-based and CFL-based approaches, flow-sensitivity is easily integrated in our approach by using a flow-sensitive VFG where each value flow edge is computed in a flow-sensitive manner. We apply context-sensitivity to both local variables and heap objects and propose a new approximation for heap cloning. We prove that our approach can achieve context-sensitivity without loss of precision, i.e., it is as precise as inlining all function calls. We develop an efficient algorithm and implement a context-, flow-, and field-sensitive pointer analysis with heap cloning support in LLVM. We evaluate the efficiency and precision of our implementation using standard SPEC CPU2006 benchmarks. Our experimental results show that the analysis is much faster than existing approaches, it scales well to large real-world applications, and it enables more effective compiler optimizations.

[1]  Jingling Xue,et al.  Static memory leak detection using full-sparse value-flow analysis , 2012, ISSTA 2012.

[2]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.

[3]  Manu Sridharan,et al.  Scaling CFL-Reachability-Based Points-To Analysis Using Context-Sensitive Must-Not-Alias Analysis , 2009, ECOOP.

[4]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[5]  Hong-Seok Kim,et al.  Importance of heap specialization in pointer analysis , 2004, PASTE '04.

[6]  Chris Hankin,et al.  Efficient field-sensitive pointer analysis of C , 2007, TOPL.

[7]  Lian Li,et al.  Static deep error checking in large system applications using parfait , 2011, ESEC/FSE '11.

[8]  Thomas W. Reps,et al.  Program analysis via graph reachability , 1997, Inf. Softw. Technol..

[9]  Sigmund Cherem,et al.  Practical memory leak detection using guarded value-flow analysis , 2007, PLDI '07.

[10]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[11]  Zhe Yang,et al.  Software validation via scalable path-sensitive value flow analysis , 2004, ISSTA '04.

[12]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[13]  Yi Lu,et al.  An Incremental Points-to Analysis with CFL-Reachability , 2013, CC.

[14]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[15]  Jingling Xue,et al.  Query-directed adaptive heap cloning for optimizing compilers , 2013, Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[16]  Manu Sridharan,et al.  Refinement-based context-sensitive points-to analysis for Java , 2006, PLDI '06.

[17]  Ondrej Lhoták,et al.  Points-to analysis using BDDs , 2003, PLDI '03.

[18]  Vikram S. Adve,et al.  Making context-sensitive points-to analysis with heap cloning practical for the real world , 2007, PLDI '07.

[19]  Barbara G. Ryder,et al.  A safe approximate algorithm for interprocedural aliasing , 1992, PLDI '92.

[20]  Jianwen Zhu,et al.  Towards scalable flow and context sensitive pointer analysis , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[21]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[22]  Vineet Kahlon Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis , 2008, PLDI '08.

[23]  Lian Li,et al.  Boosting the performance of flow-sensitive points-to analysis using value flow , 2011, ESEC/FSE '11.

[24]  Jingling Xue,et al.  On-demand dynamic summary-based points-to analysis , 2012, CGO '12.

[25]  Rastislav Bodík,et al.  Path-sensitive value-flow analysis , 1998, POPL '98.

[26]  Xin Zheng,et al.  Demand-driven alias analysis for C , 2008, POPL '08.

[27]  Ben Hardekopf,et al.  Semi-sparse flow-sensitive pointer analysis , 2009, POPL '09.

[28]  Calvin Lin,et al.  Pointer analysis: building a foundation for effective program analysis , 2009 .

[29]  Hui Feng,et al.  Compiler-directed scratchpad memory management via graph coloring , 2009, TACO.

[30]  Rastislav Bodik,et al.  PATH-SENSITIVE, VALUE-FLOW OPTIMIZATIONS OF PROGRAMS , 2006 .

[31]  Hong-Seok Kim,et al.  Bottom-Up and Top-Down Context-Sensitive Summary-Based Pointer Analysis , 2004, SAS.

[32]  Yannis Smaragdakis,et al.  Strictly declarative specification of sophisticated points-to analyses , 2009, OOPSLA '09.

[33]  Daniel Kroening,et al.  A Survey of Automated Techniques for Formal Software Verification , 2008, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[34]  Jens Knoop,et al.  Scratchpad memory allocation for data aggregates via interval coloring in superperfect graphs , 2010, TECS.

[35]  Lian Li,et al.  Practical and effective symbolic analysis for buffer overflow detection , 2010, FSE '10.

[36]  John H. Reif,et al.  Symbolic evaluation and the global value graph , 1977, POPL.

[37]  Jianwen Zhu,et al.  Symbolic pointer analysis revisited , 2004, PLDI '04.

[38]  Rajiv Gupta,et al.  Path-sensitive, value-flow optimizations of programs (program analysis) , 1999 .

[39]  Ondrej Lhoták,et al.  Points-to analysis with efficient strong updates , 2011, POPL '11.

[40]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[41]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[42]  Hongtao Yu,et al.  Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code , 2010, CGO '10.

[43]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.