Data structures and network algorithms
Data structures and network algorithms
Efficient type inference for higher-order binding-time analysis
Proceedings of the 5th ACM conference on Functional programming languages and computer architecture
A safe approximate algorithm for interprocedural aliasing
PLDI '92 Proceedings of the ACM SIGPLAN 1992 conference on Programming language design and implementation
Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects
POPL '93 Proceedings of the 20th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Context-sensitive interprocedural points-to analysis in the presence of function pointers
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Efficient context-sensitive pointer analysis for C programs
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Fast and accurate flow-insensitive points-to analysis
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Partial online cycle elimination in inclusion constraint graphs
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Effective whole-program analysis in the presence of pointers
SIGSOFT '98/FSE-6 Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Aggregate structure identification and its application to program analysis
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Pointer analysis for programs with structures and casting
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Efficient points-to analysis for whole-program analysis
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
Projection merging: reducing redundancies in inclusion constraint graphs
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Off-line variable substitution for scaling points-to analysis
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Scalable context-sensitive flow analysis using instantiation constraints
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
The Effects of the Precision of Pointer Analysis
SAS '97 Proceedings of the 4th International Symposium on Static Analysis
Points-to Analysis by Type Inference of Programs with Structures and Unions
CC '96 Proceedings of the 6th International Conference on Compiler Construction
Understanding class hierarchies using concept analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Calpa: a tool for automating selective dynamic compilation
Proceedings of the 33rd annual ACM/IEEE international symposium on Microarchitecture
Demand-driven pointer analysis
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
On the importance of points-to analysis and other memory disambiguation methods for C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Ultra-fast aliasing analysis using CLA: a million lines of C code in a second
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Pointer analysis: haven't we solved this problem yet?
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Extending and evaluating flow-insenstitive and context-insensitive points-to analyses for Java
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Bebop: a path-sensitive interprocedural dataflow engine
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
A schema for interprocedural modification side-effect analysis with pointer aliasing
ACM Transactions on Programming Languages and Systems (TOPLAS)
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Parameterized object sensitivity for points-to and side-effect analyses for Java
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Evaluating the precision of static reference analysis using profiling
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Automatic generation of program specifications
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Aliasing analysis for a million lines of C
ASIA-PEPM '02 Proceedings of the ASIAN symposium on Partial evaluation and semantics-based program manipulation
Searching for points-to analysis
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Improving program slicing with dynamic points-to data
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Run-time support for distributed sharing in safe languages
ACM Transactions on Computer Systems (TOCS)
Pointer analysis for structured parallel programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Searching for points-to analysis
ACM SIGSOFT Software Engineering Notes
Improving program slicing with dynamic points-to data
ACM SIGSOFT Software Engineering Notes
Locating Features in Source Code
IEEE Transactions on Software Engineering
Speeding Up Dataflow Analysis Using Flow-Insensitive Pointer Analysis
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Efficient Computation of Parameterized Pointer Information for Interprocedural Analyses
SAS '01 Proceedings of the 8th International Symposium on Static Analysis
Estimating the Impact of Scalable Pointer Analysis on Optimization
SAS '01 Proceedings of the 8th International Symposium on Static Analysis
Points-to and Side-Effect Analyses for Programs Built with Precompiled Libraries
CC '01 Proceedings of the 10th International Conference on Compiler Construction
Improving the Precision of Equality-Based Dataflow Analyses
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
An efficient static analysis algorithm to detect redundant memory operations
Proceedings of the 2002 workshop on Memory system performance
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Checking and inferring local non-aliasing
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Compiler support for speculative multithreading architecture with probabilistic points-to analysis
Proceedings of the ninth ACM SIGPLAN symposium on Principles and practice of parallel programming
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications
Precise Call Graphs for C Programs with Function Pointers
Automated Software Engineering
A Framework to Capture Dynamic Data Structures in Pointer-Based Codes
IEEE Transactions on Parallel and Distributed Systems
A Compiler Scheme for Reusing Intermediate Computation Results
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
A safe approximate algorithm for interprocedural pointer aliasing
ACM SIGPLAN Notices - Best of PLDI 1979-1999
Efficient field-sensitive pointer analysis for C
Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Importance of heap specialization in pointer analysis
Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
KISS: keep it simple and sequential
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Precise and efficient static array bound checking for large embedded C programs
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Software validation via scalable path-sensitive value flow analysis
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Online Cycle Detection and Difference Propagation: Applications to Pointer Analysis
Software Quality Control
Interprocedural Probabilistic Pointer Analysis
IEEE Transactions on Parallel and Distributed Systems
Memory overflow protection for embedded systems using run-time checks, reuse and compression
Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems
PSE: explaining program failures via postmortem static analysis
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Parameterized object sensitivity for points-to analysis for Java
ACM Transactions on Software Engineering and Methodology (TOSEM)
A brief survey of program slicing
ACM SIGSOFT Software Engineering Notes
Polymorphic predicate abstraction
ACM Transactions on Programming Languages and Systems (TOPLAS)
Automatic pool allocation: improving performance by controlling data structure layout in the heap
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Program Slicing with Dynamic Points-To Sets
IEEE Transactions on Software Engineering
Segment protection for embedded systems using run-time checks
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
Demand-driven points-to analysis for Java
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Using Static Analysis to Reduce Dynamic Analysis Overhead
Formal Methods in System Design
Verification of C Programs using Slicing Execution
QSIC '05 Proceedings of the Fifth International Conference on Quality Software
Effective typestate verification in the presence of aliasing
Proceedings of the 2006 international symposium on Software testing and analysis
On the parallelization of irregular and dynamic programs
Parallel Computing
Proceedings of the 5th international conference on Generative programming and component engineering
How is aliasing used in systems software?
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Logical characterizations of heap abstractions
ACM Transactions on Computational Logic (TOCL)
ACM Transactions on Programming Languages and Systems (TOPLAS)
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
An infrastructure to support interoperability in reverse engineering
Information and Software Technology
Heap data allocation to scratch-pad memory in embedded systems
Journal of Embedded Computing - Cache exploitation in embedded systems
Static Analysis of Object References in RMI-Based Java Software
IEEE Transactions on Software Engineering
Making context-sensitive points-to analysis with heap cloning practical for the real world
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Efficient field-sensitive pointer analysis of C
ACM Transactions on Programming Languages and Systems (TOPLAS)
Inferring aliasing and encapsulation properties for java
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Application-aware snoop filtering for low-power cache coherence in embedded multiprocessors
ACM Transactions on Design Automation of Electronic Systems (TODAES)
A tool chain for reverse engineering C++ applications
Science of Computer Programming
Demand-driven alias analysis for C
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Precise static type analysis in component based programming environment
ISEC '08 Proceedings of the 1st India software engineering conference
Effective typestate verification in the presence of aliasing
ACM Transactions on Software Engineering and Methodology (TOSEM)
Journal of Systems and Software
Flexible pointer analysis using assign-fetch graphs
Proceedings of the 2008 ACM symposium on Applied computing
Checking race freedom via linear programming
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Relations as an abstraction for BDD-based program analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Towards the Integration of Symbolic and Numerical Static Analysis
Verified Software: Theories, Tools, Experiments
RCanalyser: A Flexible Framework for the Detection of Data Races in Parallel Programs
Ada-Europe '08 Proceedings of the 13th Ada-Europe international conference on Reliable Software Technologies
Pointer Analysis, Conditional Soundness, and Proving the Absence of Errors
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
From generic to specific: off-line optimization for a general constraint solver
GPCE '08 Proceedings of the 7th international conference on Generative programming and component engineering
Abstracting access patterns of dynamic memory using regular expressions
ACM Transactions on Architecture and Code Optimization (TACO)
Elyze: enabling safe parallelism in event-driven servers
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Points-to analysis for JavaScript
Proceedings of the 2009 ACM symposium on Applied Computing
Mapping kernel objects to enable systematic integrity checking
Proceedings of the 16th ACM conference on Computer and communications security
Dynamic software updates: the state mapping problem
Proceedings of the 2nd International Workshop on Hot Topics in Software Upgrades
Filtering false alarms of buffer overflow analysis using SMT solvers
Information and Software Technology
Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming
Scalable Context-Sensitive Points-to Analysis Using Multi-dimensional Bloom Filters
APLAS '09 Proceedings of the 7th Asian Symposium on Programming Languages and Systems
Electronic Notes in Theoretical Computer Science (ENTCS)
Dimensions of precision in reference analysis of object-oriented programming languages
CC'03 Proceedings of the 12th international conference on Compiler construction
Scaling Java points-to analysis using SPARK
CC'03 Proceedings of the 12th international conference on Compiler construction
Probabilistic points-to analysis
LCPC'01 Proceedings of the 14th international conference on Languages and compilers for parallel computing
IDE dataflow analysis in the presence of large object-oriented libraries
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
A novel analysis space for pointer analysis and its application for bug finding
Science of Computer Programming
Static analysis for detecting taint-style vulnerabilities in web applications
Journal of Computer Security
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Points-to analysis as a system of linear equations
SAS'10 Proceedings of the 17th international conference on Static analysis
Approximating inclusion-based points-to analysis
Proceedings of the 2011 ACM SIGPLAN Workshop on Memory Systems Performance and Correctness
Detecting high-level synchronization errors in parallel programs
Ada-Europe'11 Proceedings of the 16th Ada-Europe international conference on Reliable software technologies
Unleashing the power of static analysis
SAS'06 Proceedings of the 13th international conference on Static Analysis
Existential label flow inference via CFL reachability
SAS'06 Proceedings of the 13th international conference on Static Analysis
Recency-Abstraction for heap-allocated storage
SAS'06 Proceedings of the 13th international conference on Static Analysis
Path-Sensitive dataflow analysis with iterative refinement
SAS'06 Proceedings of the 13th international conference on Static Analysis
Provably correct runtime enforcement of non-interference properties
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Bauhaus: a tool suite for program analysis and reverse engineering
Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies
Detecting memory access errors with flow-sensitive conditional range analysis
ICESS'05 Proceedings of the Second international conference on Embedded Software and Systems
Optimizing c multithreaded memory management using thread-local storage
CC'05 Proceedings of the 14th international conference on Compiler Construction
Banshee: a scalable constraint-based analysis toolkit
SAS'05 Proceedings of the 12th international conference on Static Analysis
Polymorphism, subtyping, whole program analysis and accurate data types in usage analysis
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
Interprocedural dataflow analysis in the presence of large libraries
CC'06 Proceedings of the 15th international conference on Compiler Construction
Control-flow analysis of functional programs
ACM Computing Surveys (CSUR)
Prioritizing constraint evaluation for efficient points-to analysis
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Flow-sensitive pointer analysis for millions of lines of code
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Exploiting the structure of the constraint graph for efficient points-to analysis
Proceedings of the 2012 international symposium on Memory Management
Rethinking Soot for summary-based whole-program analysis
Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis
Parallel replication-based points-to analysis
CC'12 Proceedings of the 21st international conference on Compiler Construction
Exploiting pointer and location equivalence to optimize pointer analysis
SAS'07 Proceedings of the 14th international conference on Static Analysis
Precise range analysis on large industry code
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Extending Type Inference to Variational Programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Parallel flow-sensitive pointer analysis by graph-rewriting
PACT '13 Proceedings of the 22nd international conference on Parallel architectures and compilation techniques
| Hi-index | 0.00 |
This paper describes a new algorithm for flow and context insensitive pointer analysis of C programs. Our studies show that the most common use of pointers in C programs is in passing the addresses of composite objects or updateable values as arguments to procedures. Therefore, we have designed a low-cost algorithm that handles this common case accurately. In terms of both precision and running time, this algorithm lies between Steensgaard's algorithm, which treats assignments bi-directionally using unification, and Andersen's algorithm, which treats assignments directionally using subtyping. Our “one level flow” algorithm uses a restricted form of subtyping to avoid unification of symbols at the top levels of pointer chains in the points-to graph, while using unification elsewhere in the graph. The method scales easily to large programs. For instance, we are able to analyze a 1.4 MLOC (million lines of code) program in two minutes, using less than 200MB of memory. At the same time, the precision of our algorithm is very close to that of Andersen's algorithm. On all of the integer benchmark programs from SPEC95, the one level flow algorithm and Andersen's algorithm produce either identical or essentially identical points-to information. Therefore, we claim that our algorithm provides a method for obtaining precise flow-insensitive points-to information for large C programs.