A Scalable Nonuniform Pointer Analysis for Embedded Programs

In this paper we present a scalable pointer analysis for embedded applications that is able to distinguish between instances of recursively defined data structures and elements of arrays. The main contribution consists of an efficient yet precise algorithm that can handle multithreaded programs. We first perform an inexpensive flow-sensitive analysis of each function in the program that generates semantic equations describing the effect of the function on the memory graph. These equations bear numerical constraints that describe nonuniform points-to relationships. We then iteratively solve these equations in order to obtain an abstract storage graph that describes the shape of data structures at every point of the program for all possible thread interleavings. We bring experimental evidence that this approach is tractable and precise for real-size embedded applications.

[1]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[2]  Alexander Aiken,et al.  Partial online cycle elimination in inclusion constraint graphs , 1998, PLDI.

[3]  Olivier Tardieu,et al.  Ultra-fast aliasing analysis using CLA: a million lines of C code in a second , 2001, PLDI '01.

[4]  Arnaud Venet,et al.  Automatic Analysis of Pointer Aliasing for Untyped Programs , 1999, Sci. Comput. Program..

[5]  Monica S. Lam,et al.  An Efficient Inclusion-Based Points-To Analysis for Strictly-Typed Languages , 2002, SAS.

[6]  Arnaud Venet,et al.  Abstract Cofibered Domains: Application to the Alias Analysis of Untyped Programs , 1996, SAS.

[7]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software, invited chapter , 2002 .

[8]  Arnaud Venet,et al.  Nonuniform Alias Analysis of Recursive Data Structures and Arrays , 2002, SAS.

[9]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[10]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[11]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[12]  Patrick Cousot,et al.  Formal language, grammar and set-constraint-based program analysis by abstract interpretation , 1995, FPCA '95.

[13]  Manuvir Das,et al.  Unification-based pointer analysis with directional assignments , 2000, PLDI '00.

[14]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[15]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[16]  Neil D. Jones,et al.  Program Flow Analysis: Theory and Application , 1981 .

[17]  Patrick Cousot,et al.  Semantic foundations of program analysis , 1981 .

[18]  A. Deutsch,et al.  A storeless model of aliasing and its abstractions using finite representations of right-regular equivalence relations , 1992, Proceedings of the 1992 International Conference on Computer Languages.

[19]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[20]  Satish Chandra,et al.  Physical type checking for C , 1999, PASTE '99.

[21]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[22]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[23]  Philippe Granger,et al.  Static Analysis of Linear Congruence Equalities among Variables of a Program , 1991, TAPSOFT, Vol.1.

[24]  David A. Schmidt,et al.  The Essence of Computation , 2002 .

[25]  Bjarne Steensgaard Points-to Analysis by Type Inference of Programs with Structures and Unions , 1996, CC.

[26]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[27]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[28]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .