Context-Sensitive Points-to Analysis: Is It Worth It?

We present the results of an empirical study evaluating the precision of subset-based points-to analysis with several variations of context sensitivity on Java benchmarks of significant size. We compare the use of call site strings as the context abstraction, object sensitivity, and the BDD-based context-sensitive algorithm proposed by Zhu and Calman, and by Whaley and Lam. Our study includes analyses that context-sensitively specialize only pointer variables, as well as ones that also specialize the heap abstraction. We measure both characteristics of the points-to sets themselves, as well as effects on the precision of client analyses. To guide development of efficient analysis implementations, we measure the number of contexts, the number of distinct contexts, and the number of distinct points-to sets that arise with each context sensitivity variation. To evaluate precision, we measure the size of the call graph in terms of methods and edges, the number of devirtualizable call sites, and the number of casts statically provable to be safe. The results of our study indicate that object-sensitive analysis implementations are likely to scale better and more predictably than the other approaches; that object-sensitive analyses are more precise than comparable variations of the other approaches; that specializing the heap abstraction improves precision more than extending the length of context strings; and that the profusion of cycles in Java call graphs severely reduces precision of analyses that forsake context sensitivity in cyclic regions.

[1]  Donglin Liang,et al.  Evaluating the impact of context-sensitivity on Andersen's algorithm for Java programs , 2005, PASTE '05.

[2]  Jianwen Zhu,et al.  Symbolic pointer analysis revisited , 2004, PLDI '04.

[3]  Michael R. Clarkson,et al.  Polyglot: An Extensible Compiler Framework for Java , 2003, CC.

[4]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to and side-effect analyses for Java , 2002, ISSTA '02.

[5]  ZhuJianwen,et al.  Symbolic pointer analysis revisited , 2004 .

[6]  David Grove,et al.  Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis , 1995, ECOOP.

[7]  Nevin Heintze,et al.  Analysis of Large Code Bases: The Compile-Link-Analyze Model , 1999 .

[8]  Hong-Seok Kim,et al.  Importance of heap specialization in pointer analysis , 2004, PASTE '04.

[9]  Bruno Dufour,et al.  OBJECTIVE QUANTIFICATION OF PROGRAM BEHAVIOUR USING DYNAMIC METRICS , 2004 .

[10]  Ondrej Lhoták,et al.  Jedd: a BDD-based relational extension of Java , 2004, PLDI '04.

[11]  Michael Hind,et al.  Pointer analysis: haven't we solved this problem yet? , 2001, PASTE '01.

[12]  S LamMonica,et al.  Efficient context-sensitive pointer analysis for C programs , 1995 .

[13]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[14]  Scott F. Smith,et al.  Precise Constraint-Based Type Inference for Java , 2001, ECOOP.

[15]  Oscar Nierstrasz,et al.  Software Engineering - ESEC/FSE '99 , 1999 .

[16]  Xavier Leroy,et al.  Types in Compilation , 1998, Lecture Notes in Computer Science.

[17]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[18]  Barbara G. Ryder Dimensions of Precision in Reference Analysis of Object-Oriented Programming Languages , 2003, CC.

[19]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[20]  Olin Shivers,et al.  Control flow analysis in scheme , 1988, PLDI '88.

[21]  Ole Agesen The Cartesian Product Algorithm: Simple and Precise Type Inference Of Parametric Polymorphism , 1995, ECOOP.

[22]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[23]  Alexander Aiken,et al.  A Toolkit for Constructing Type- and Constraint-Based Program Analyses , 1998, Types in Compilation.

[24]  Ondrej Lhoták,et al.  Points-to analysis using BDDs , 2003, PLDI '03.

[25]  Ondrej Lhoták,et al.  Program analysis using binary decision diagrams , 2006 .

[26]  Donglin Liang,et al.  Efficient points-to analysis for whole-program analysis , 1999, ESEC/FSE-7.

[27]  Jong-Deok Choi,et al.  Interprocedural pointer alias analysis , 1999, TOPL.

[28]  Erik Ruf,et al.  Context-insensitive alias analysis reconsidered , 1995, PLDI '95.

[29]  Barbara G. Ryder,et al.  Points-to analysis for Java using annotated constraints , 2001, OOPSLA '01.

[30]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[31]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[32]  Jørgen Lindskov Knudsen ECOOP 2001 — Object-Oriented Programming , 2001, Lecture Notes in Computer Science.