Abstract
This paper describes a new bottom-up, subset-based, and context-sensitive pointer analysis for Java. The main novelty of our technique is the constraint-based handling of virtual method calls and instantiation of method summaries. Since our approach generates polymorphic method summaries, it can be context-sensitive without reanalyzing the same method multiple times. We have implemented this algorithm in a tool called Scuba, and we compare it with k-CFA and k-obj algorithms on Java applications from the DaCapo and Ashes benchmarks. Our results show that the new algorithm achieves better or comparable precision to k-CFA and k-obj analyses at only a fraction of the cost.
This work is supported in part by the Air Force Research Laboratory under agreement numbers FA8750-14-2-0270 and FA8750-15-2-0096 and in part by NSF Awards #1453386.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Bottom-up algorithms only re-analyze methods that belong to SCCs in the callgraph.
- 2.
A strong update to memory location o kills the existing points-to facts for o, while a weak update does not.
- 3.
We manually inspected a randomly selected subset of the may-alias queries that could only be discharged by Scuba and confirmed that these are not false negatives.
- 4.
Since most benchmarks use the same libraries, this strategy avoids double counting. Furthermore, clients are typically interested in finding defects in the application.
References
Ashes benchmark suite. http://www.sable.mcgill.ca/software/#ashessuitecollection
Dacapo benchmarks. http://www.dacapobench.org/
Chatterjee, R., Ryder, B.G., Landi, W.A.: Relevant context inference (1999)
Cheng, B.-C., Hwu, W.-M.W.: Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation. In: PLDI (2000)
de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)
Dillig, I., Dillig, T., Aiken, A., Sagiv, M.: Precise and compact modular procedure summaries for heap manipulating programs. In: PLDI (2011)
Fähndrich, M., Rehof, J., Das, M.: Scalable context-sensitive flow analysis using instantiation constraints. In: PLDI 2000 (2000)
Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969)
Kastrinis, G., Smaragdakis, Y.: Hybrid context-sensitivity for points-to analysis. In: PLDI, pp. 423–434 (2013)
Lattner, C., Lenharth, A., Adve, V.: Making context-sensitive points-to analysis with heap cloning practical for the real world. In: PLDI (2007)
Lhoták, O.: Program analysis using binary decision diagrams. Ph.D. thesis, McGill University (2006)
Lhoták, O., Hendren, L.: Context-sensitive points-to analysis: is it worth it? In: Mycroft, A., Zeller, A. (eds.) CC 2006. LNCS, vol. 3923, pp. 47–64. Springer, Heidelberg (2006)
Liang, D., Harrold, M.J.: Efficient points-to analysis for whole-program analysis. In: Wang, J., Lemoine, M. (eds.) ESEC 1999 and ESEC-FSE 1999. LNCS, vol. 1687, p. 199. Springer, Heidelberg (1999)
Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to and side-effect analyses for Java. In: ISSTA (2002)
Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. TOSEM 4, 1–41 (2005)
Naik, M.: Chord framework. http://pag.gatech.edu/chord
Nystrom, E.M., Kim, H.-S., Hwu, W.W.: Bottom-up and top-down context-sensitive summary-based pointer analysis. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 165–180. Springer, Heidelberg (2004)
O‘Callahan, R.: Generalized aliasing as a basis for program analysis tools. Ph.D. thesis, Carnegie Mellon University (2001)
Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL, pp. 49–61 (1995)
Sagiv, S., Reps, T.W., Horwitz, S.: Precise interprocedural dataflow analysis with applications to constant propagation. In: TAPSOFT 1995 (1996)
Sharir, M., Pnueli, A.: Two Approaches to Interprocedural Data Flow Analysis, Chap. 7, pp. 189–234. Prentice-Hall, Englewood Cliffs (1981)
Shivers, O.: Control-flow analysis of higher-order languages. Technical report (1991)
Smaragdakis, Y., Bravenboer, M., Lhoták, O.: Pick your contexts well: understanding object-sensitivity. In POPL (2011)
Sridharan, M., BodÃk, R.: Refinement-based context-sensitive points-to analysis for Java. In: PLDI, pp. 387–400 (2006)
Whaley, J.: Joeq: a virtual machine and compiler infrastructure. In: IVME, pp. 58–66. ACM (2003)
Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: PLDI, pp. 131–144 (2004)
Whaley, J., Rinard, M.: Compositional pointer and escape analysis for Java programs. In: OOPSLA, pp. 187–206 (1999)
Xu, G., Rountev, A.: Merging equivalent contexts for scalable heap-cloning-based context-sensitive points-to analysis. In ISSTA (2008)
Yorsh, G., Yahav, E., Chandra, S.: Generating precise and concise procedure summaries. In: POPL, pp. 221–234 (2008)
Zhang, X., Mangal, R., Naik, M., Yang, H.: Hybrid top-down and bottom-up interprocedural analysis. In: PLDI, p. 28 (2014)
Zhu, J., Calman, S.: Symbolic pointer analysis revisited. In: PLDI (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Feng, Y., Wang, X., Dillig, I., Dillig, T. (2015). Bottom-Up Context-Sensitive Pointer Analysis for Java. In: Feng, X., Park, S. (eds) Programming Languages and Systems. APLAS 2015. Lecture Notes in Computer Science(), vol 9458. Springer, Cham. https://doi.org/10.1007/978-3-319-26529-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-26529-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26528-5
Online ISBN: 978-3-319-26529-2
eBook Packages: Computer ScienceComputer Science (R0)