article

Error checking with client-driven pointer analysis

Authors:

Samuel Z. Guyer,

Calvin LinAuthors Info & Claims

Science of Computer Programming, Volume 58, Issue 1-2

Pages 83 - 114

https://doi.org/10.1016/j.scico.2005.02.005

Published: 01 October 2005 Publication History

Abstract

This paper presents a new client-driven pointer analysis algorithm that automatically adjusts its precision in response to the needs of client analyses. Using five significant error detection problems as clients, we evaluate our algorithm on 18 real C programs. We compare the accuracy and performance of our algorithm against several commonly used fixed-precision algorithms. We find that the client-driven approach effectively balances cost and precision, often producing results as accurate as fixed-precision algorithms that are many times more costly. Our algorithm works because many client problems only need a small amount of extra precision applied to selected portions of each input program.

References

[1]

{1} L. Andersen, Program analysis and specialization for the C programming language, Ph.D. Thesis, University of Copenhagen, DIKU, DIKU Report 94/19, 1994.]]

[2]

{2} T. Ball, S.K. Rajamani, Automatically validating temporal safety properties of interfaces, in: International SPIN Workshop on Model Checking of Software, May 2001.]]

Digital Library

[3]

{3} D. Brylow, J. Palsberg, Deadline analysis of interrupt-driven software, in: ACM SIGSOFT Symposium on the Foundations of Software Engineering, September 2003, pp. 198-207.]]

Digital Library

[4]

{4} D.R. Chase, M. Wegman, F.K. Zadeck, Analysis of pointers and structures, ACM SIGPLAN Notices 25 (6) (1990) 296-310.]]

Digital Library

[5]

{5} J.-D. Choi, M. Burke, P. Carini, Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects, in: ACM (Ed.), Twentieth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1993, pp. 232-245.]]

Digital Library

[6]

{6} R. Cytron, J. Ferrante, B.K. Rosen, M.K. Wegman, F.K. Zadeck, An efficient method of computing static single assignment form, in: 16th Annual ACM Symposium on Principles of Programming Languages, 1989, pp. 25-35.]]

Digital Library

[7]

{7} M. Das, S. Lerner, M. Seigle, ESP: path-sensitive program verification in polynomial time, in: ACM SIGPLAN Conference on Programming Language Design and Implementation, vol. 37 (5) 2002, pp. 57-68.]]

Digital Library

[8]

{8} A. Diwan, K.S. McKinley, J.E.B. Moss, Using types to analyze and optimize object-oriented programs, ACM Transactions on Programming Languages and Systems 23 (2001).]]

Digital Library

[9]

{9} M. Emami, R. Ghiya, L.J. Hendren, Context-sensitive interprocedural points-to analysis in the presence of function pointers, in: Proceedings of the ACM SIGPLAN'94 Conference on Programming Language Design and Implementation, 20-24 June 1994, Orlando, FL, pp. 242-256.]]

Digital Library

[10]

{10} J.S. Foster, M. Fahndrich, A. Aiken, Polymorphic versus monomorphic flow-insensitive points-to analysis for C, in: Static Analysis Symposium, 2000, pp. 175-198.]]

Digital Library

[11]

{11} J.S. Foster, T. Terauchi, A. Aiken, Flow-sensitive type qualifiers, in: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, ACM SIGPLAN Notices 37 (5) (2002) 1-12.]]

Digital Library

[12]

{12} R. Ghiya, L.J. Hendren, Connection analysis: A practical interprocedural heap analysis for C, International Journal of Parallel Programming 24 (6) (1996) 547-578.]]

Digital Library

[13]

{13} S.Z. Guyer, E. Berger, C. Lin, Detecting errors with configurable whole-program dataflow analysis, Technical Report TR 02-04, Dept. of Computer Sciences, University of Texas at Austin, February 2002.]]

[14]

{14} S.Z. Guyer, C. Lin, An annotation language for optimizing software libraries, in: Second Conference on Domain Specific Languages, October 1999, pp. 39-52.]]

Digital Library

[15]

{15} S.Z. Guyer, C. Lin, Optimizing the use of high performance software libraries, in: Languages and Compilers for Parallel Computing, August 2000, pp. 221-238.]]

Digital Library

[16]

{16} S.Z. Guyer, C. Lin, Client-driven pointer analysis, in: 10th Annual International Static Analysis Symposium, June 2003, pp. 214-236.]]

[17]

{17} N. Heintze, O. Tardieu, Demand-driven pointer analysis, in: ACM SIGPLAN Conference on Programming Language Design and Implementation, 2001, pp. 24-34.]]

Digital Library

[18]

{18} M. Hind, Pointer analysis: Haven't we solved this problem yet?, in: Proceedings of the 2001 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engeneering, PASTE-01, 2001, pp. 54-61.]]

Digital Library

[19]

{19} M. Hind, A. Pioli, Evaluating the effectiveness of pointer alias analyses, Science of Computer Programming 39 (1) (2001) 31-55.]]

Digital Library

[20]

{20} S. Horwitz, T. Reps, M. Sagiv, Demand interprocedural dataflow analysis, in: Proceedings of SIGSOFT'95 Third ACM SIGSOFT Symposium on the Foundations of Software Engineering, October 1995, pp. 104-115.]]

Digital Library

[21]

{21} G.A. Kildall, A unified approach to global program optimization, in: Conference Record of the ACM Symposium on Principles of Programming Languages, 1973, pp. 194-206.]]

Digital Library

[22]

{22} W. Landi, B.G. Ryder, A safe approximation algorithm for interprocedural pointer aliasing, in: Proceedings of the ACM SIGPLAN'96 Programming Language Design and Implementation of Programming Languages, June 1992.]]

Digital Library

[23]

{23} O. Lhotak, L. Hendren, Jedd: A BDD-based relational extension of java, in: SIGPLAN Conference on Programming Language Design and Implementation, June 2004, pp. 158-169.]]

Digital Library

[24]

{24} V.B. Livshits, M.S. Lam, Tracking pointers with path and context sensitivity for bug detection in C programs, in: ACM SIGSOFT Symposium on the Foundations of Software Engineering, September 2003, pp. 317-326.]]

Digital Library

[25]

{25} J. Plevyak, A.A. Chien, Precise concrete type inference for object-oriented languages, ACM SIGPLAN Notices 29 (10) (1994) 324-340.]]

Digital Library

[26]

{26} E. Ruf, Context-insensitive alias analysis reconsidered, in: SIGPLAN Conference on Programming Language Design and Implementation, 1995, pp. 13-22.]]

Digital Library

[27]

{27} U. Shankar, K. Talwar, J.S. Foster, D. Wagner, Detecting format string vulnerabilities with type qualifiers, in: Proceedings of the 10th USENIX Security Symposium, 2001.]]

Digital Library

[28]

{28} M. Shapiro, S. Horwitz, The effects of the precision of pointer analysis, in: Lecture Notes in Computer Science, vol. 1302, 1997.]]

Digital Library

[29]

{29} B. Steensgaard, Points-to analysis in almost linear time, in: Proceedings of the ACM SIGPLAN'96 Symposium on Principles of Programming Languages, 1996, pp. 32-41.]]

Digital Library

[30]

{30} P. Stocks, B.G. Ryder, W. Landi, S. Zhang, Comparing flow and context sensitivity on the modification-side-effects problem, in: International Symposium on Software Testing and Analysis, 1998, pp. 21-31.]]

Digital Library

[31]

{31} E. Stoltz, M. Wolfe, M.P. Gerlek, Constant propagation: a fresh, demand-driven look, in: Proceedings of the 1994 ACM Symposium on Applied Computing, ACM Press, 1994, pp. 400-404.]]

Digital Library

[32]

{32} R. Strom, S. Yemini, Typestate: A programming language concept for enhancing software reliabiity, IEEE Transactions on Software Engineering 12 (1) (1986) 157-171.]]

Digital Library

[33]

{33} L. Wall, T. Christiansen, J. Orwant, Programming Perl, 3rd edition, O'Reilly, 2000.]]

Digital Library

[34]

{34} J. Whaley, M.S. Lam, Cloning-based context-sensitive pointer alias analysis using binary decision diagrams, in: SIGPLAN Conference on Programming Language Design and Implementation, June 2004, pp. 131-144.]]

Digital Library

[35]

{35} R.P. Wilson, M.S. Lam, Efficient context-sensitive pointer analysis for C programs, in: Proceedings of the ACM SIGPLAN'95 Conference on Programming Language Design and Implementation, 1995, pp. 1-12.]]

Digital Library

[36]

{36} S. Zhang, B.G. Ryder, W.A. Landi, Experiments with combined analysis for pointer aliasing, ACM SIGPLAN Notices 33 (7) (1998) 11-18.]]

Digital Library

Cited By

Wimmer CStancu CKozak DWürthinger T(2024)Scaling Type-Based Points-to Analysis with SaturationProceedings of the ACM on Programming Languages10.1145/36564178:PLDI(990-1013)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656417
Liu BLiu PLi YTsai CDa Silva DHuang JFreund SYahav E(2021)When threads meet events: efficient and precise static race detection with originsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454073(725-739)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454073
Shi QXiao XWu RZhou JFan GZhang C(2018)Pinpoint: fast and precise sparse value flow analysis for million lines of codeACM SIGPLAN Notices10.1145/3296979.319241853:4(693-706)Online publication date: 11-Jun-2018
https://dl.acm.org/doi/10.1145/3296979.3192418
Show More Cited By

Index Terms

Error checking with client-driven pointer analysis

Recommendations

Improving software security with a C pointer analysis
ICSE '05: Proceedings of the 27th international conference on Software engineering

This paper presents a context-sensitive, inclusion-based, field-sensitive points-to analysis for C and uses the analysis to detect and prevent security vulnerabilities in programs. In addition to a conservative analysis, we propose an optimistic ...
Demand-driven memory leak detection based on flow- and context-sensitive pointer analysis

We present a demand-driven approach to memory leak detection algorithm based on flow- and context-sensitive pointer analysis. The detection algorithm firstly assumes the presence of a memory leak at some program point and then runs a backward analysis to ...
Semi-sparse flow-sensitive pointer analysis
POPL '09

Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-...

Comments

Information & Contributors

Information

Published In

cover image Science of Computer Programming

Science of Computer Programming Volume 58, Issue 1-2

Special issue: Static analysis symposium (SAS 2003)

October 2005

289 pages

ISSN:0167-6423

Issue’s Table of Contents

Publisher

Elsevier North-Holland, Inc.

United States

Publication History

Published: 01 October 2005

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wimmer CStancu CKozak DWürthinger T(2024)Scaling Type-Based Points-to Analysis with SaturationProceedings of the ACM on Programming Languages10.1145/36564178:PLDI(990-1013)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656417
Liu BLiu PLi YTsai CDa Silva DHuang JFreund SYahav E(2021)When threads meet events: efficient and precise static race detection with originsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454073(725-739)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454073
Shi QXiao XWu RZhou JFan GZhang C(2018)Pinpoint: fast and precise sparse value flow analysis for million lines of codeACM SIGPLAN Notices10.1145/3296979.319241853:4(693-706)Online publication date: 11-Jun-2018
https://dl.acm.org/doi/10.1145/3296979.3192418
Shi QXiao XWu RZhou JFan GZhang CFoster JGrossman D(2018)Pinpoint: fast and precise sparse value flow analysis for million lines of codeProceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3192366.3192418(693-706)Online publication date: 11-Jun-2018
https://dl.acm.org/doi/10.1145/3192366.3192418
Zhao JBurke MSarkar VDubach CXue J(2018)Parallel sparse flow-sensitive points-to analysisProceedings of the 27th International Conference on Compiler Construction10.1145/3178372.3179517(59-70)Online publication date: 24-Feb-2018
https://dl.acm.org/doi/10.1145/3178372.3179517
Nagaraj VGovindarajan ROlukotun KSmith AHundt RMars J(2015)Approximating flow-sensitive pointer analysis using frequent itemset miningProceedings of the 13th Annual IEEE/ACM International Symposium on Code Generation and Optimization10.5555/2738600.2738629(225-234)Online publication date: 7-Feb-2015
https://dl.acm.org/doi/10.5555/2738600.2738629
Streit KDoerfert JHammacher CZeller AHack S(2015)Generalized Task ParallelismACM Transactions on Architecture and Code Optimization10.1145/272316412:1(1-25)Online publication date: 2-Apr-2015
https://dl.acm.org/doi/10.1145/2723164
Nagaraj VGovindarajan RFensch CO'Boyle MSeznec ABodin F(2013)Parallel flow-sensitive pointer analysis by graph-rewritingProceedings of the 22nd international conference on Parallel architectures and compilation techniques10.5555/2523721.2523728(19-28)Online publication date: 7-Oct-2013
https://dl.acm.org/doi/10.5555/2523721.2523728
Nasre R(2013)Time- and space-efficient flow-sensitive points-to analysisACM Transactions on Architecture and Code Optimization10.1145/2541228.255529610:4(1-27)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1145/2541228.2555296
Blackshear SChang BSridharan M(2013)ThresherACM SIGPLAN Notices10.1145/2499370.246218648:6(275-286)Online publication date: 16-Jun-2013
https://dl.acm.org/doi/10.1145/2499370.2462186
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents