Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Context-sensitive program analysis as database queries
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Program analysis using binary decision diagrams
Program analysis using binary decision diagrams
Defining and continuous checking of structural program dependencies
Proceedings of the 30th international conference on Software engineering
Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Exception analysis and points-to analysis: better together
Proceedings of the eighteenth international symposium on Software testing and analysis
Strictly declarative specification of sophisticated points-to analyses
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Pick your contexts well: understanding object-sensitivity
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Using datalog with binary decision diagrams for program analysis
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
CodeQuest: scalable source code queries with datalog
ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming
Hi-index | 0.00 |
Our recent work introduced the Doop framework for points-to analysis of Java programs. Although Datalog has been used for points-to analyses before, Doop is the first implementation to express full end-to-end context-sensitive analyses in Datalog. This includes key elements such as call-graph construction as well as the logic dealing with various semantic complexities of the Java language (native methods, reflection, threading, etc.). The findings from the Doop research effort have been surprising. We set out to create a framework that would be highly complete and elegant without sacrificing performance "too much". By the time Doop reached maturity, it was a full order-of-magnitude faster than Lhot$#225;k and Hendren's Paddle--the state-of-the-art framework for context-sensitive points-to analyses. For the exact same logical points-to definitions (and, consequently, identical precision) Doop is more than 15x faster than Paddle for a 1-call-site sensitive analysis, with lower but still substantial speedups for other important analyses. Additionally, Doop scales to very precise analyses that are impossible with prior frameworks, directly addressing open problems in past literature. Finally, our implementation is modular and can be easily configured to analyses with a wide range of characteristics, largely due to its declarativeness. Although this performance difference is largely attributable to architectural choices (e.g., the use of an explicit representation vs. BDDs), we believe that our ability to efficiently optimize our implementation was largely due to the declarative specifications of analyses. Working at the Datalog level eliminated much of the artificial complexity of a points-to analysis implementation, allowing us to concentrate on indexing optimizations and on the algorithmic essence of each analysis.