Polymorphic versus Monomorphic Flow-Insensitive Points-to Analysis for C

We carry out an experimental analysis for two of the design dimensions of flow-insensitive points-to analysis for C: polymorphic versus monomorphic and equality-based versus inclusion-based. Holding other analysis parameters fixed, we measure the precision of the four design points on a suite of benchmarks of up to 90,000 abstract syntax tree nodes. Our experiments show that the benefit of polymorphism varies significantly with the underlying monomorphic analysis. For our equality-based analysis, adding polymorphism greatly increases precision, while for our inclusion-based analysis, adding polymorphism hardly makes any difference. We also gain some insight into the nature of polymorphism in points-to analysis of C. In particular, we find considerable polymorphism available in function parameters, but little or no polymorphism in function results, and we show how this observation explains our results.

[1]  Didier Rémy,et al.  Type checking records and variants in a natural extension of ML , 1989, POPL '89.

[2]  Barbara G. Ryder,et al.  Experiments with combined analysis for pointer aliasing , 1998, PASTE '98.

[3]  Christian Mossin,et al.  Flow analysis of typed higher-order programs , 1996, Technical report / University of Copenhagen / Datalogisk institut.

[4]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[5]  Michael Rodeh,et al.  Detecting memory errors via static pointer analysis , 1998 .

[6]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[7]  Alexander Aiken,et al.  Type inclusion constraints and type inference , 1993, FPCA '93.

[8]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[9]  Alexander Aiken,et al.  Solving systems of set constraints , 1992, [1992] Proceedings of the Seventh Annual IEEE Symposium on Logic in Computer Science.

[10]  Manuel Fähndrich,et al.  Bane: a library for scalable constraint-based program analysis , 1999 .

[11]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[12]  Robert O'Callahan,et al.  Lackwit: A Program Understanding Tool Based on Type Inference , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[13]  Andrew K. Wright Simple imperative polymorphism , 1995, LISP Symb. Comput..

[14]  A. Aiken,et al.  Flow-Insensitive Points-to Analysis with Term and Set Constraints , 1997 .

[15]  Erik Ruf,et al.  Context-insensitive alias analysis reconsidered , 1995, PLDI '95.

[16]  Alexander Aiken,et al.  Program Analysis Using Mixed Term and Set Constraints , 1997, SAS.

[17]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[18]  Michael Hind,et al.  Assessing the Effects of Flow-Sensitivity on Pointer Alias Analyses , 1998, SAS.

[19]  Martin Odersky,et al.  Type Inference with Constrained Types , 1999, Theory Pract. Object Syst..

[20]  Alexander Aiken,et al.  A Toolkit for Constructing Type- and Constraint-Based Program Analyses , 1998, Types in Compilation.

[21]  Susan Horwitz,et al.  Fast and accurate flow-insensitive points-to analysis , 1997, POPL '97.

[22]  Jakob Rehof,et al.  Scalable context-sensitive flow analysis using instantiation constraints , 2000, PLDI '00.

[23]  Joxan Jaffar,et al.  A decision procedure for a class of set constraints , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[24]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[25]  Alexander Aiken,et al.  Partial online cycle elimination in inclusion constraint graphs , 1998, PLDI.

[26]  Barbara G. Ryder,et al.  A safe approximate algorithm for interprocedural aliasing , 1992, PLDI '92.

[27]  GhiyaRakesh,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994 .

[28]  Manuvir Das,et al.  Unification-based pointer analysis with directional assignments , 2000, PLDI '00.

[29]  Alexander Aiken,et al.  Projection merging: reducing redundancies in inclusion constraint graphs , 2000, POPL '00.

[30]  Thomas W. Reps,et al.  Pointer analysis for programs with structures and casting , 1999, PLDI '99.

[31]  Michael Rodeh,et al.  Detecting memory errors via static pointer analysis (preliminary experience) , 1998, PASTE '98.

[32]  Xavier Leroy,et al.  Types in Compilation , 1998, Lecture Notes in Computer Science.

[33]  Jong-Deok Choi,et al.  Flow-Insensitive Interprocedural Alias Analysis in the Presence of Pointers , 1994, LCPC.

[34]  Barbara G. Ryder,et al.  Program decomposition for pointer aliasing: a step toward practical analyses , 1996, SIGSOFT '96.

[35]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[36]  Saumya K. Debray,et al.  Alias analysis of executable code , 1998, POPL '98.