Abstract
This paper addresses scalability and accuracy of summary-based context-sensitive pointer analysis formulated as a two-phase computation. The first phase, or bottom-up phase, propagates procedure summaries from callees to callers. Then, the second phase, or top-down phase, computes the actual pointer information. These two phases can be independently context-sensitive. Having observed the problems that procedural side effects cause, we developed a bottom-up phase that constructs concise procedure summaries in a manner that permits their subsequent removal. This transformation results in an efficient two-phase pointer analysis in the style of Andersen [1] that is simultaneously bottom-up and top-down context-sensitive. Context sensitivity becomes inherent to even a context-insensitive analysis allowing for an accurate and efficient top-down phase. The implemented context-sensitive analysis exhibits scalability comparable to that of its context-insensitive counterpart. For instance, to analyze 176.gcc, the largest C benchmark in SPEC 2000, our analysis takes 190 seconds as opposed to 44 seconds for the context-insensitive analysis. Given the common practice of treating recursive subgraphs context-insensitively, its accuracy is equivalent to an analysis which completely inlines all procedure calls.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Andersen, L.O.: Program analysis and specialization for the C programming language. Ph.D thesis, DIKU, Unversity of Copenhagen (1994)
Chatterjee, R., Ryder, B.G., Landi, W.A.: Relevant context inference. In: POPL (1999)
Cheng, B.-C., Hwu, W.W.: Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation. In: PLDI (2000)
Choi, J.-D., Gupta, M., Serrano, M.J., Sreedhar, V.C., Midkiff, S.P.: Stack allocation and synchronization optimizations for java using escape analysis. TOPLAS (2003)
Clarke, E., Grunmberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. Journal of the ACM (1997)
Das, M.: Unification-based pointer analysis with directional assignments. In: PLDI (2000)
Das, M., Liblit, B., Fähndrich, M., Rehof, J.: Estimating the impact of scalable pointer analysis on optimization. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, p. 260. Springer, Heidelberg (2001)
Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural pointsto analysis in the presence of function pointers. In: PLDI (1994)
Fähndrich, M., Foster, J.S., Su, Z., Aiken, A.: Partial online cycle elimination in inclusion constraint graphs. In: PLDI (1998)
Fähndrich, M., Rehof, J., Das, M.: Scalable context-sensitive flow analysis using instantiation constraints. In: PLDI (2000)
Flanagan, C., Felleisen, M.: Componential set-based analysis. In: PLDI (1997)
Foster, J.S., Fähndrich, M., Aiken, A.: Polymorphic versus monomorphic flowinsensitive points-to analysis for C. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, pp. 175–199. Springer, Heidelberg (2000)
Guyer, S.Z., Lin, C.: Client-driven pointer analysis. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, Springer, Heidelberg (2003)
Heintze, N., Tardieu, O.: Ultra-fast aliasing analysis using CLA: a million lines of C code in a second. In: PLDI (2001)
Hind, M.: Pointer analysis: Haven’t we solved this problem yet?. In: PASTE (2001)
Hind, M., Burke, M., Carini, P., Choi, J.-D.: Interprocedural pointer alias analysis. TOPLAS 21(4), 848–894 (1999)
Hopcroft, J.E.: An nlogn algorithm for minimizing the states of a finite automaton. The Theory of Machines and Computations, 189–196 (1971)
Kim, H.-S., Nystrom, E.M., Hwu, W.W.: Bottom-up and top-down contextsensitive summary-based pointer analysis. Technical report, IMPACT research group, University of Illinois (2004)
Landi, W., Ryder, B.G.: A safe approximation algorithm for interprocedural pointer aliasing. In: PLDI (1992)
Lattner, C., Adve, V.: Data structure analysis: a fast and scalable contextsensitive heap analysis. Technical report, CS Dept., University of Illinois (2003)
Liang, D., Harrold, M.J.: Efficient points-to analysis for whole-program analysis. In: FSE (1999)
McAllester, D.A.: On the complexity analysis of static analysis. In: Cortesi, A., Filé, G. (eds.) SAS 1999. LNCS, vol. 1694, p. 312. Springer, Heidelberg (1999)
Rehof, J.: Minimal typings in atomic subtyping. In: POPL (1997)
Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL (1995)
Ruf, E.: Context-insensitive alias analysis reconsidered. In: PLDI (1995)
Steensgaard, B.: Points-to analysis in almost linear time. In: POPL (1996)
Wilson, R.P., Lam, M.S.: Efficient context-sensitive pointer analysis for C programs. In: PLDI (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nystrom, E.M., Kim, HS., Hwu, Wm.W. (2004). Bottom-Up and Top-Down Context-Sensitive Summary-Based Pointer Analysis. In: Giacobazzi, R. (eds) Static Analysis. SAS 2004. Lecture Notes in Computer Science, vol 3148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27864-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-27864-1_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22791-5
Online ISBN: 978-3-540-27864-1
eBook Packages: Springer Book Archive