Fast and precise points-to analysis

Many software engineering applications require points-to analysis. These client applications range from optimizing compilers to integrated program development environments (IDEs) and from testing environments to reverse-engineering tools. Moreover, software engineering applications used in an edit-compile cycle need points-to analysis to be fast and precise. In this article, we present a new context- and flow-sensitive approach to points-to analysis where calling contexts are distinguished by the points-to sets analyzed for their call target expressions. Compared to other well-known context-sensitive techniques it is faster in practice, on average, twice as fast as the call string approach and by an order of magnitude faster than the object-sensitive technique. In fact, it shows to be only marginally slower than a context-insensitive baseline analysis. At the same time, it provides higher precision than the call string technique and is similar in precision to the object-sensitive technique. We confirm these statements with experiments using a number of abstract precision metrics and a concrete client application: escape analysis.

[1]  David Grove,et al.  Call graph construction in object-oriented languages , 1997, OOPSLA '97.

[2]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to and side-effect analyses for Java , 2002, ISSTA '02.

[3]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[4]  Martin Trapp,et al.  Optimierung objektorientierter Programme , 2001 .

[5]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[6]  Ali Shokoufandeh,et al.  Scenariographer: a tool for reverse engineering class usage scenarios from method invocation sequences , 2005, 21st IEEE International Conference on Software Maintenance (ICSM'05).

[7]  Barbara G. Ryder,et al.  Constructing precise object relation diagrams , 2002, International Conference on Software Maintenance, 2002. Proceedings..

[8]  Bruno Blanchet,et al.  Escape analysis for JavaTM: Theory and practice , 2003, TOPL.

[9]  Jürgen Wolff von Gudenberg,et al.  Pattern-based design recovery of Java software , 1998, SIGSOFT '98/FSE-6.

[10]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[11]  Michael Hind,et al.  Pointer analysis: haven't we solved this problem yet? , 2001, PASTE '01.

[12]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[13]  Barbara G. Ryder Dimensions of Precision in Reference Analysis of Object-Oriented Programming Languages , 2003, CC.

[14]  Emden R. Gansner,et al.  Bunch: a clustering tool for the recovery and maintenance of software system structures , 1999, Proceedings IEEE International Conference on Software Maintenance - 1999 (ICSM'99). 'Software Maintenance for Business Change' (Cat. No.99CB36360).

[15]  David Gay,et al.  Fast Escape Analysis and Stack Allocation for Object-Based Programs , 2000, CC.

[16]  Neil D. Jones,et al.  Program Flow Analysis: Theory and Application , 1981 .

[17]  Bruno Blanchet,et al.  Escape analysis for object-oriented languages: application to Java , 1999, OOPSLA '99.

[18]  Urs Hölzle,et al.  Removing unnecessary synchronization in Java , 1999, OOPSLA '99.

[19]  Paolo Tonella,et al.  Reverse engineering of the interaction diagrams from C++ code , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[20]  Chris F. Kemerer,et al.  A Metrics Suite for Object Oriented Design , 2015, IEEE Trans. Software Eng..

[21]  Jong-Deok Choi,et al.  Escape analysis for Java , 1999, OOPSLA '99.

[22]  Barbara G. Ryder,et al.  Properties of data flow frameworks , 1990, Acta Informatica.

[23]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[24]  Ondrej Lhoták,et al.  Context-Sensitive Points-to Analysis: Is It Worth It? , 2006, CC.

[25]  David W. Binkley,et al.  Application of the pointer state subgraph to static program slicing , 1996, J. Syst. Softw..

[26]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[27]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[28]  Robert O'Callahan,et al.  Generalized aliasing as a basis for program analysis tools , 2001 .

[29]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[30]  Lars Clausen A Java bytecode optimizer using side‐effect analysis , 1997 .

[31]  Erik Ruf,et al.  Effective synchronization removal for Java , 2000, PLDI '00.

[32]  Toshiaki Yasue,et al.  A study of devirtualization techniques for a Java Just-In-Time compiler , 2000, OOPSLA '00.

[33]  Susan Horwitz,et al.  Using static single assignment form to improve flow-insensitive pointer analysis , 1998, PLDI '98.

[34]  Robert V. Binder,et al.  Testing Object-Oriented Systems: Models, Patterns, and Tools , 1999 .

[35]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[36]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[37]  Martin C. Rinard,et al.  Compositional pointer and escape analysis for Java programs , 1999, OOPSLA '99.

[38]  Brian Henderson-Sellers,et al.  Object-Oriented Metrics , 1995, TOOLS.