Demand-Driven Pointer Analysis with Strong Updates via Value-Flow Refinement
نویسندگان
چکیده
We present a new demand-driven flowand context-sensitive pointer analysis with strong updates for C programs, called SUPA, that enables computing points-to information via value-flow refinement, in environments with small time and memory budgets such as IDEs. We formulate SUPA by solving a graphreachability problem on an inter-procedural value-flow graph representing a program’s def-use chains, which are pre-computed efficiently but over-approximately. To answer a client query (a request for a variable’s points-to set), SUPA reasons about the flow of values along the pre-computed def-use chains sparsely (rather than across all program points), by performing only the work necessary for the query (rather than analyzing the whole program). In particular, strong updates are performed to filter out spurious def-use chains through value-flow refinement as long as the total budget is not exhausted. SUPA facilitates efficiency and precision tradeoffs by applying different pointer analyses in a hybrid multi-stage analysis framework. We have implemented SUPA in LLVM (3.5.0) and evaluate it by choosing uninitialized pointer detection as a major client on 18 open-source C programs. As the analysis budget increases, SUPA achieves improved precision, with its single-stage flow-sensitive analysis reaching 97.4% of that achieved by whole-program flow-sensitive analysis by consuming about 0.18 seconds and 65KB of memory per query, on average (with a budget of at most 10000 value-flow edges per query). With context-sensitivity also considered, SUPA’s twostage analysis becomes more precise for some programs but also incurs more analysis times. SUPA is also amenable to parallelization. A parallel implementation of its single-stage flow-sensitive analysis achieves a speedup of up to 6.9x with an average of 3.05x a 8-core machine with respect its sequential version.
منابع مشابه
Demand-driven Pointer Analysis on Explicit Dependence Graphs
In this thesis I present a demand-driven pointer analysis for Java that aims at applications which require memory and time efficiency of the pointer analysis, such as tools for IDEs or JIT compilers. It furthermore allows clients to specify the precision needed and is context-sensitive and flow-sensitive. The demand-driven aspect of my approach allows the analysis to ignore irrelevant parts of ...
متن کاملScalable Flow-Sensitive Pointer Analysis for Java with Strong Updates
The ability to perform strong updates is the main contributor to the precision of flow-sensitive pointer analysis algorithms. Traditional flow-sensitive pointer analyses cannot strongly update pointers residing in the heap. This is a severe restriction for Java programs. In this paper, we propose a new flow-sensitive pointer analysis algorithm for Java that can perform strong updates on heap-ba...
متن کاملBoomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java
Many current program analyses require highly precise pointer information about small, targeted parts of a given program. This motivates the need for demand-driven pointer analyses that compute information only where required. Pointer analyses generally compute points-to sets of program variables or answer boolean alias queries. However, many client analyses require richer pointer information. F...
متن کاملFully Automatic Verification of Absence of Errors via Interprocedural Integer Analysis
We present a interprocedural C String Static Verifier (iCSSV), a whole program analysis algorithm for verifying the safety of string operations in C programs. The algorithm automatically proves linear relationships among pointer expressions. The algorithm is conservative, i.e., it infers only valid relationships although it may fail to detect some of them. The algorithm is targeted to programs ...
متن کاملPoints-To Analysis with Efficient Strong Updates1
This paper explores a sweet spot between flow-insensitive and flowsensitive subset-based points-to analysis. Flow-insensitive analysis is efficient: it has been applied to million-line programs and even its worst-case requirements are quadratic space and cubic time. Flowsensitive analysis is precise because it allows strong updates, so that points-to relationships holding in one program locatio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1701.05650 شماره
صفحات -
تاریخ انتشار 2017