research-article

Open access

Precision-preserving yet fast object-sensitive pointer analysis with partial context sensitivity

Authors:

Jingling XueAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 3, Issue OOPSLA

Article No.: 148, Pages 1 - 29

https://doi.org/10.1145/3360574

Published: 10 October 2019 Publication History

Abstract

Object-sensitivity is widely used as a context abstraction for computing the points-to information context-sensitively for object-oriented languages like Java. Due to the combinatorial explosion of contexts in large programs, k-object-sensitive pointer analysis (under k-limiting), denoted k-obj, is scalable only for small values of k, where k⩽2 typically. A few recent solutions attempt to improve its efficiency by instructing k-obj to analyze only some methods in the program context-sensitively, determined heuristically by a pre-analysis. While already effective, these heuristics-based pre-analyses do not provide precision guarantees, and consequently, are limited in the efficiency gains achieved. We introduce a radically different approach, Eagle, that makes k-obj run significantly faster than the prior art while maintaining its precision. The novelty of Eagle is to enable k-obj to analyze a method with partial context-sensitivity, i.e., context-sensitively for only some of its selected variables/allocation sites. Eagle makes these selections during a lightweight pre-analysis by reasoning about context-free-language (CFL) reachability at the level of variables/objects in the program, based on a new CFL-reachability formulation of k-obj. We demonstrate the advances made by Eagle by comparing it with the prior art in terms of a set of popular Java benchmarks and applications.

Supplementary Material

a148-lu (a148-lu.webm)

Presentation at OOPSLA '19

Download
68.53 MB

References

[1]

Karim Ali and Ondřej Lhoták. 2012. Application-Only Call Graph Construction. In ECOOP 2012 – Object-Oriented Programming, James Noble (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 688–712.

[2]

Karim Ali and Ondřej Lhoták. 2013. Averroes: Whole-Program Analysis without the Whole Program. In ECOOP 2013 – Object-Oriented Programming, Giuseppe Castagna (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 378–400.

Digital Library

[3]

Lars Ole Andersen. 1994. Program analysis and specialization for the C programming language. Ph.D. Dissertation.

[4]

Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, and Mira Mezini. 2011. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In Proceedings of the 33rd International Conference on Software Engineering . ACM, 241–250.

Digital Library

[5]

Cheng Cai, Qirun Zhang, Zhiqiang Zuo, Khanh Nguyen, Guoqing Xu, and Zhendong Su. 2018. Calling-to-reference context translation via constraint-guided CFL-reachability. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation . ACM, 196–210.

Digital Library

[6]

Swarat Chaudhuri. 2008. Subcubic Algorithms for Recursive State Machines. In Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’08) . ACM, New York, NY, USA, 159–169.

Digital Library

[7]

Behnaz Hassanshahi, Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Bernhard Scholz, and Yi Lu. 2017. An efficient tunable selective points-to analysis for large codebases. In Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis . ACM, 13–18.

Digital Library

[8]

Minseok Jeon, Sehun Jeong, and Hakjoo Oh. 2018. Precise and scalable points-to analysis via data-driven context tunneling. Proceedings of the ACM on Programming Languages 2, OOPSLA (2018), 140.

Digital Library

[9]

Sehun Jeong, Minseok Jeon, Sungdeok Cha, and Hakjoo Oh. 2017. Data-driven context-sensitivity for points-to analysis. Proceedings of the ACM on Programming Languages 1, OOPSLA (2017), 100.

Digital Library

[10]

John Kodumal and Alex Aiken. 2004. The Set Constraint/CFL Reachability Connection in Practice. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation (PLDI ’04) . ACM, New York, NY, USA, 207–218.

Digital Library

[11]

Ondřej Lhoták and Laurie Hendren. 2003. Scaling Java points-to analysis using Spark. In International Conference on Compiler Construction . Springer, 153–169.

[12]

Ondřej Lhoták and Laurie Hendren. 2008. Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Transactions on Software Engineering and Methodology (TOSEM) 18, 1 (2008), 3.

Digital Library

[13]

Yue Li, Tian Tan, Anders Møller, and Yannis Smaragdakis. 2018. Precision-guided context sensitivity for pointer analysis. Proceedings of the ACM on Programming Languages 2, OOPSLA (2018), 141.

Digital Library

[14]

Bozhen Liu, Jeff Huang, and Lawrence Rauchwerger. 2019. Rethinking Incremental and Parallel Pointer Analysis. ACM Trans. Program. Lang. Syst. 41, 1, Article 6 (March 2019), 31 pages.

Digital Library

[15]

Ana Milanova, Atanas Rountev, and Barbara G Ryder. 2005. Parameterized object sensitivity for points-to analysis for Java. ACM Transactions on Software Engineering and Methodology (TOSEM) 14, 1 (2005), 1–41.

Digital Library

[16]

Mukund Raghothaman, Sulekha Kulkarni, Kihong Heo, and Mayur Naik. 2018. User-guided program reasoning using Bayesian inference. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation . ACM, 722–735.

Digital Library

[17]

Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, and Eric Bodden. 2016. Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques. In NDSS.

[18]

Thomas Reps. 1998. Program analysis via graph reachability1. Information and software technology 40, 11-12 (1998), 701–726.

[19]

Thomas Reps. 2000. Undecidability of context-sensitive data-dependence analysis. ACM Transactions on Programming Languages and Systems (TOPLAS) 22, 1 (2000), 162–186.

Digital Library

[20]

Lei Shang, Xinwei Xie, and Jingling Xue. 2012. On-demand dynamic summary-based points-to analysis. In Proceedings of the Tenth International Symposium on Code Generation and Optimization . ACM, 264–274.

Digital Library

[21]

Olin Shivers. 1991. Control-flow analysis of higher-order languages. Ph.D. Dissertation. Citeseer.

Digital Library

[22]

Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhoták. 2011. Pick Your Contexts Well: Understanding Object-Sensitivity. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’11). Association for Computing Machinery, New York, NY, USA, 17–30.

Digital Library

[23]

Yannis Smaragdakis, George Kastrinis, and George Balatsouras. 2014. Introspective Analysis: Context-Sensitivity, across the Board. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’14) . Association for Computing Machinery, New York, NY, USA, 485–495.

Digital Library

[24]

Manu Sridharan and Rastislav Bodík. 2006. Refinement-Based Context-Sensitive Points-to Analysis for Java. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’06) . Association for Computing Machinery, New York, NY, USA, 387–400.

Digital Library

[25]

Manu Sridharan, Denis Gopan, Lexin Shan, and Rastislav Bodík. 2005. Demand-driven Points-to Analysis for Java. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA ’05) . ACM, New York, NY, USA, 59–76.

Digital Library

[26]

Tian Tan, Yue Li, and Jingling Xue. 2016. Making k-object-sensitive pointer analysis more precise with still k-limiting. In International Static Analysis Symposium . Springer, 489–510.

[27]

Tian Tan, Yue Li, and Jingling Xue. 2017. Efficient and Precise Points-to Analysis: Modeling the Heap by Merging Equivalent Automata. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2017) . Association for Computing Machinery, New York, NY, USA, 278–291.

Digital Library

[28]

Rei Thiessen and Ondřej Lhoták. 2017. Context Transformations for Pointer Analysis. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2017) . Association for Computing Machinery, New York, NY, USA, 263–277.

Digital Library

[29]

Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 2010. Soot: A Java bytecode optimization framework. In CASCON First Decade High Impact Papers. IBM Corp., 214–224.

Digital Library

[30]

Shiyi Wei and Barbara G Ryder. 2015. Adaptive context-sensitive analysis for JavaScript. In LIPIcs-Leibniz International Proceedings in Informatics, Vol. 37. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.

[31]

Guoqing Xu, Atanas Rountev, and Manu Sridharan. 2009. Scaling CFL-Reachability-Based Points-To Analysis Using ContextSensitive Must-Not-Alias Analysis. In Proceedings of the 23rd European Conference on ECOOP 2009 — Object-Oriented Programming (Genoa) . Springer-Verlag, Berlin, Heidelberg, 98–122.

Digital Library

[32]

Xin Zhang, Ravi Mangal, Radu Grigore, Mayur Naik, and Hongseok Yang. 2014. On Abstraction Refinement for Program Analyses in Datalog. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’14) . Association for Computing Machinery, New York, NY, USA, 239–248.

Digital Library

Cited By

Conrado GKjelstrøm Avan de Pol JPavlogiannis A(2025)Program Analysis via Multiple Context Free Language ReachabilityProceedings of the ACM on Programming Languages10.1145/37048549:POPL(509-538)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704854
Li HShi CLu JLi LXue J(2024)Boosting the Performance of Alias-Aware IFDS Analysis with CFL-Based Environment TransformersProceedings of the ACM on Programming Languages10.1145/36898048:OOPSLA2(2633-2661)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689804
Zou CHe DSui YXue J(2024)TIPS: Tracking Integer-Pointer Value Flows for C++ Member Function PointersProceedings of the ACM on Software Engineering10.1145/36607791:FSE(1609-1631)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660779
Show More Cited By

Index Terms

Precision-preserving yet fast object-sensitive pointer analysis with partial context sensitivity
1. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis

Recommendations

Semi-sparse flow-sensitive pointer analysis
POPL '09

Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-...
Semi-sparse flow-sensitive pointer analysis
POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-...
Demand-driven alias analysis for C
POPL '08

This paper presents a demand-driven, flow-insensitive analysisalgorithm for answering may-alias queries. We formulate thecomputation of alias queries as a CFL-reachability problem, and use this formulation to derive a demand-driven analysis algorithm. ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 3, Issue OOPSLA

October 2019

2077 pages

EISSN:2475-1421

DOI:10.1145/3366395

Issue’s Table of Contents

Copyright © 2019 Owner/Author.

This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 October 2019

Published in PACMPL Volume 3, Issue OOPSLA

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
1,311
Total Downloads

Downloads (Last 12 months)226
Downloads (Last 6 weeks)46

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Conrado GKjelstrøm Avan de Pol JPavlogiannis A(2025)Program Analysis via Multiple Context Free Language ReachabilityProceedings of the ACM on Programming Languages10.1145/37048549:POPL(509-538)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704854
Li HShi CLu JLi LXue J(2024)Boosting the Performance of Alias-Aware IFDS Analysis with CFL-Based Environment TransformersProceedings of the ACM on Programming Languages10.1145/36898048:OOPSLA2(2633-2661)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689804
Zou CHe DSui YXue J(2024)TIPS: Tracking Integer-Pointer Value Flows for C++ Member Function PointersProceedings of the ACM on Software Engineering10.1145/36607791:FSE(1609-1631)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660779
Wimmer CStancu CKozak DWürthinger T(2024)Scaling Type-Based Points-to Analysis with SaturationProceedings of the ACM on Programming Languages10.1145/36564178:PLDI(990-1013)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656417
Yao PZhou JXiao XShi QWu RZhang C(2024)Falcon: A Fused Approach to Path-Sensitive Sparse Data Dependence AnalysisProceedings of the ACM on Programming Languages10.1145/36564008:PLDI(567-592)Online publication date: 20-Jun-2024
https://doi.org/10.1145/3656400
Zhang YShi YZhang X(2024)Learning Abstraction Selection for Bayesian Program AnalysisProceedings of the ACM on Programming Languages10.1145/36498458:OOPSLA1(954-982)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649845
Nougrahiya ANandivada V(2024)Homeostasis: Design and Implementation of a Self-Stabilizing CompilerACM Transactions on Programming Languages and Systems10.1145/364930846:2(1-58)Online publication date: 1-May-2024
https://dl.acm.org/doi/10.1145/3649308
Li WHe DGui YChen WXue JRodríguez GSadayappan PSukumaran-Rajam A(2024)A Context-Sensitive Pointer Analysis Framework for Rust and Its Application to Call Graph ConstructionProceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction10.1145/3640537.3641574(60-72)Online publication date: 17-Feb-2024
https://dl.acm.org/doi/10.1145/3640537.3641574
Krishna SLal APavlogiannis ATuppe O(2024)On-the-Fly Static Analysis via Dynamic Bidirected Dyck ReachabilityProceedings of the ACM on Programming Languages10.1145/36328848:POPL(1239-1268)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632884
Li HTan TLi YLu JMeng HCao LHuang YLi LGao LDi PLin LCui C(2024)Generic Sensitivity: Generics-Guided Context Sensitivity for Pointer AnalysisIEEE Transactions on Software Engineering10.1109/TSE.2024.337764550:5(1144-1162)Online publication date: May-2024
https://doi.org/10.1109/TSE.2024.3377645
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents