Interprocedural may-alias analysis for pointers: beyond k-limiting
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Context-sensitive interprocedural points-to analysis in the presence of function pointers
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Efficient context-sensitive pointer analysis for C programs
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Connection analysis: a practical interprocedural heap analysis for C
International Journal of Parallel Programming - Special issue: selected papers from the eighth international workshop on languages and compilers for parallel computing
Lackwit: a program understanding tool based on type inference
ICSE '97 Proceedings of the 19th international conference on Software engineering
Solving shape-analysis problems in languages with destructive updating
ACM Transactions on Programming Languages and Systems (TOPLAS)
Efficient points-to analysis for whole-program analysis
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
Efficiency of a Good But Not Linear Set Union Algorithm
Journal of the ACM (JACM)
Unification-based pointer analysis with directional assignments
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Effective synchronization removal for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Scalable context-sensitive flow analysis using instantiation constraints
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Incrementalized pointer and escape analysis
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
On the importance of points-to analysis and other memory disambiguation methods for C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Pointer analysis: haven't we solved this problem yet?
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Polymorphic versus Monomorphic Flow-Insensitive Points-to Analysis for C
SAS '00 Proceedings of the 7th International Symposium on Static Analysis
Points-to Analysis by Type Inference of Programs with Structures and Unions
CC '96 Proceedings of the 6th International Conference on Compiler Construction
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Importance of heap specialization in pointer analysis
Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Region-based shape analysis with tracked locations
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Memory safety without garbage collection for embedded applications
ACM Transactions on Embedded Computing Systems (TECS)
Automatic pool allocation: improving performance by controlling data structure layout in the heap
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Transparent pointer compression for linked data structures
Proceedings of the 2005 workshop on Memory system performance
Macroscopic data structure analysis and optimization
Macroscopic data structure analysis and optimization
SAFECode: enforcing alias analysis for weakly typed languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Static analysis of accessed regions in recursive data structures
SAS'03 Proceedings of the 10th international conference on Static analysis
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Demand-driven alias analysis for C
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Conditional correlation analysis for safe region-based memory management
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Merging equivalent contexts for scalable heap-cloning-based context-sensitive points-to analysis
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
A Scalable Memory Model for Low-Level Code
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Identification of logically related heap regions
Proceedings of the 2009 international symposium on Memory management
Scaling CFL-Reachability-Based Points-To Analysis Using Context-Sensitive Must-Not-Alias Analysis
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Strictly declarative specification of sophisticated points-to analyses
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Automatic Inference of Frame Axioms Using Static Analysis
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Conditional weighted pushdown systems and applications
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Breadcrumbs: efficient context sensitivity for dynamic bug detection analyses
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
A novel analysis space for pointer analysis and its application for bug finding
Science of Computer Programming
The Paralax infrastructure: automatic parallelization with a helping hand
Proceedings of the 19th international conference on Parallel architectures and compilation techniques
Memory safety for low-level software/hardware interactions
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Modular inference of subprogram contracts for safety checking
Journal of Symbolic Computation
Alias analysis for optimization of dynamic languages
Proceedings of the 6th symposium on Dynamic languages
Points-to analysis as a system of linear equations
SAS'10 Proceedings of the 17th international conference on Static analysis
Source-level support for timing analysis
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part II
Contribution-based call stack abstraction for call string based pointer analysis
Information and Software Technology
Approximating inclusion-based points-to analysis
Proceedings of the 2011 ACM SIGPLAN Workshop on Memory Systems Performance and Correctness
Geometric encoding: forging the high performance context sensitive points-to analysis for Java
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Boosting the performance of flow-sensitive points-to analysis using value flow
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Prioritizing constraint evaluation for efficient points-to analysis
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Design and implementation of sparse global analyses for C-like languages
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Exploiting the structure of the constraint graph for efficient points-to analysis
Proceedings of the 2012 international symposium on Memory Management
Dynamically managed data for CPU-GPU architectures
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Efficient bottom-up heap analysis for symbolic path-based data access summaries
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Programming paradigm driven heap analysis
CC'12 Proceedings of the 21st international conference on Compiler Construction
Parallel replication-based points-to analysis
CC'12 Proceedings of the 21st international conference on Compiler Construction
Sambamba: a runtime system for online adaptive parallelization
CC'12 Proceedings of the 21st international conference on Compiler Construction
Modular heap analysis for higher-order programs
SAS'12 Proceedings of the 19th international conference on Static Analysis
Operating system kernel data disambiguation to support security analysis
NSS'12 Proceedings of the 6th international conference on Network and System Security
DeAliaser: alias speculation using atomic region support
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Precise and scalable context-sensitive pointer analysis via value flow graph
Proceedings of the 2013 international symposium on memory management
Sambamba: runtime adaptive parallel execution
Proceedings of the 3rd International Workshop on Adaptive Self-Tuning Computing Systems
Effective dynamic detection of alias analysis errors
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Fast condensation of the program dependence graph
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Sound input filter generation for integer overflow errors
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Alias analysis for object-oriented programs
Aliasing in Object-Oriented Programming
Hi-index | 0.00 |
Context-sensitive pointer analysis algorithms with full "heapcloning" are powerful but are widely considered to be too expensive to include in production compilers. This paper shows, for the first time, that a context-sensitive, field-sensitive algorithm with fullheap cloning (by acyclic call paths) can indeed be both scalable and extremely fast in practice. Overall, the algorithm is able to analyze programs in the range of 100K-200K lines of C code in 1-3 seconds,takes less than 5% of the time it takes for GCC to compile the code (which includes no whole-program analysis), and scales well across five orders of magnitude of code size. It is also able to analyze the Linux kernel (about 355K linesof code) in 3.1 seconds. The paper describes the major algorithmic and engineering design choices that are required to achieve these results, including (a) using flow-insensitive and unification-basedanalysis, which are essential to avoid exponential behavior in practice;(b) sacrificing context-sensitivity within strongly connected components of the call graph; and (c) carefully eliminating several kinds of O(N2) behaviors (largely without affecting precision). The techniques used for (b) and (c) eliminated several major bottlenecks to scalability, and both are generalizable to other context-sensitive algorithms. We show that the engineering choices collectively reduce analysis time by factors of up to 10x-15xin our larger programs, and have found that the savings grow strongly with program size. Finally, we briefly summarize results demonstrating the precision of the analysis.