Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code

We present a practical and scalable method for flow- and context-sensitive (FSCS) pointer analysis for C programs. Our method analyzes the pointers in a program level by level in terms of their points-to levels, allowing the points-to relations of the pointers at a particular level to be discovered based on the points-to relations of the pointers at this level and higher levels. This level-by-level strategy can enhance the scalability of the FSCS pointer analysis in two fundamental ways, by enabling (1) fast and accurate flow-sensitive analysis on full sparse SSA form using a flow-insensitive algorithm and (2) fast and accurate context-sensitive analysis using a full transfer function and a meet function for each procedure. Our level-by-level algorithm, LevPA, gives rises to (1) a precise and compact SSA representation for subsequent program analysis and optimization tasks and (2) a flow- and context-sensitive MAY/MUST mod (modification) set and read set for each procedure. Our preliminary results show that LevPA can analyze some programs with over a million lines of C code in minutes, faster than the state-of-the-art FSCS methods.

[1]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[2]  Ondrej Lhoták,et al.  Efficient alias set analysis using SSA form , 2009, ISMM '09.

[3]  Vineet Kahlon Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis , 2008, PLDI '08.

[4]  Yu Hong An Aggressively Field-Sensitive Unification-Based Pointer Analysis , 2009 .

[5]  Taisook Han,et al.  A bottom-up pointer analysis using the update history , 2009, Inf. Softw. Technol..

[6]  Raymond Lo,et al.  Effective Representation of Aliases and Indirect Memory Operations in SSA Form , 1996, CC.

[7]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[8]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[9]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[10]  Barbara G. Ryder,et al.  A safe approximate algorithm for interprocedural aliasing , 1992, PLDI '92.

[11]  Jianwen Zhu,et al.  Towards scalable flow and context sensitive pointer analysis , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[12]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[13]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[14]  Bjarne Steensgaard Points-to Analysis by Type Inference of Programs with Structures and Unions , 1996, CC.

[15]  Benjamin Livshits,et al.  Tracking pointers with path and context sensitivity for bug detection in C programs , 2003, ESEC/FSE-11.

[16]  Alexander Aiken,et al.  How is aliasing used in systems software? , 2006, SIGSOFT '06/FSE-14.

[17]  Calvin Lin,et al.  Efficient Flow-Sensitive Interprocedural Data-Flow Analysis in the Presence of Pointers , 2006, CC.

[18]  Jong-Deok Choi,et al.  Interprocedural pointer alias analysis , 1999, TOPL.

[19]  Ben Hardekopf,et al.  Semi-sparse flow-sensitive pointer analysis , 2009, POPL '09.

[20]  Susan Horwitz,et al.  Using static single assignment form to improve flow-insensitive pointer analysis , 1998, PLDI '98.

[21]  Wen-mei W. Hwu,et al.  Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation , 2000, PLDI '00.

[22]  Welf Löwe,et al.  A Scalable Flow-Sensitive Points-to Analysis , 2006 .

[23]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[24]  GhiyaRakesh,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994 .

[25]  Jong-Deok Choi,et al.  Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects , 1993, POPL '93.

[26]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[27]  Pen-Chung Yew,et al.  A Hierarchical Approach to Context-Sensitive Interprocedural Alias Analysis , 1999 .

[28]  Barbara G. Ryder,et al.  A schema for interprocedural modification side-effect analysis with pointer aliasing , 2001, TOPL.

[29]  Sofia Cassel,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 2012 .