Skip to main content
Springer Nature Link
Log in

Points-to Analysis as a System of Linear Equations

  • Conference paper
Static Analysis (SAS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6337))

Included in the following conference series:

Abstract

We propose a novel formulation of the points-to analysis as a system of linear equations. With this, the efficiency of the points-to analysis can be significantly improved by leveraging the advances in solution procedures for solving the systems of linear equations. However, such a formulation is non-trivial and becomes challenging due to various facts, namely, multiple pointer indirections, address-of operators and multiple assignments to the same variable. Further, the problem is exacerbated by the need to keep the transformed equations linear. Despite this, we successfully model all the pointer operations. We propose a novel inclusion-based context-sensitive points-to analysis algorithm based on prime factorization, which can model all the pointer operations. Experimental evaluation on SPEC 2000 benchmarks and two large open source programs reveals that our approach is competitive to the state-of-the-art algorithms. With an average memory requirement of mere 21MB, our context-sensitive points-to analysis algorithm analyzes each benchmark in 55 seconds on an average.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Andersen, L.O.: Program analysis and specialization for the C programming language. PhD Thesis, DIKU, University of Copenhagen (1994)

    Google Scholar 

  2. Berndl, M., Lhoták, O., Qian, F., Hendren, L., Umanee, N.: Points-to analysis using BDDs. In: PLDI, pp. 103–114 (2003)

    Google Scholar 

  3. Cormen, T.H., Leiserson, C.E., Rivest, R.L.: Introduction to algorithms. McGraw Hill, New York

    Google Scholar 

  4. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL, pp. 84–96 (1978)

    Google Scholar 

  5. Das, M.: Unification-based pointer analysis with directional assignments. In: PLDI, pp. 35–46 (2000)

    Google Scholar 

  6. Dor, N., Rodeh, M., Sagiv, M.: Cssv: towards a realistic tool for statically detecting all buffer overflows in c. In: PLDI (2003)

    Google Scholar 

  7. Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: PLDI, pp. 242–256 (1994)

    Google Scholar 

  8. Esparza, J., Kiefer, S., Michael, L.: Newtonian program analysis. In: ICALP (2008)

    Google Scholar 

  9. Fähndrich, M., Foster, J.S., Su, Z., Aiken, A.: Partial online cycle elimination in inclusion constraint graphs. In: PLDI (1998)

    Google Scholar 

  10. Fähndrich, M., Rehof, J., Das, M.: Scalable context-sensitive flow analysis using instantiation constraints. In: PLDI (2000)

    Google Scholar 

  11. Fecht, C., Seidl, H.: An even faster solver for general systems of equations. In: SAS, pp. 189–204 (1996)

    Google Scholar 

  12. Ganapathy, V., Jha, S., Chandler, D., Melski, D., Vitek, D.: Buffer overrun detection using linear programming and static analysis. In: CCS, pp. 345–354 (2003)

    Google Scholar 

  13. GNU-MP-Integer-Library, http://gmplib.org/

  14. Hardekopf, B., Lin, C.: The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In: PLDI, pp. 290–299 (2007)

    Google Scholar 

  15. Heintze, N., Tardieu, O.: Ultra-fast aliasing analysis using CLA: a million lines of C code in a second. In: PLDI, pp. 254–263 (2001)

    Google Scholar 

  16. Hind, M., Pioli, A.: Which pointer analysis should i use? In: ISSTA, pp. 113–123 (2000)

    Google Scholar 

  17. ILOG-Toolkit, http://www.ilog.com/

  18. Kahlon, V.: Bootstrapping: a technique for scalable flow and context-sensitive pointer alias analysis. In: PLDI, pp. 249–259 (2008)

    Google Scholar 

  19. Knuth, D.: The Art of Computer Programming. Seminumerical Algorithms, vol. 2. Addison-Wesley, Reading (1997)

    Google Scholar 

  20. Lattner, C., Lenharth, A., Adve, V.: Making context-sensitive points-to analysis with heap cloning practical for the real world. In: PLDI, pp. 278–289 (2007)

    Google Scholar 

  21. Lhotak, O., Hendren, L.: Scaling Java points-to analysis using spark. In: CC (2003)

    Google Scholar 

  22. Müller-Olm, M., Seidl, H.: Precise interprocedural analysis through linear algebra. In: POPL, pp. 330–341 (2004)

    Google Scholar 

  23. Nasre, R., Rajan, K., Ramaswamy, G., Khedker, U.P.: Scalable context-sensitive points-to analysis using multi-dimensional bloom filters. In: Hu, Z. (ed.) APLAS 2009. LNCS, vol. 5904, pp. 47–62. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Rountev, A., Chandra, S.: Off-line variable substitution for scaling points-to analysis. In: PLDI, pp. 47–56 (2000)

    Google Scholar 

  25. Rugina, R., Rinard, M.: Pointer analysis for multithreaded programs. In: PLDI, pp. 77–90 (1999)

    Google Scholar 

  26. Steensgaard, B.: Points-to analysis in almost linear time. In: POPL, pp. 32–41 (1996)

    Google Scholar 

  27. Whaley, J., Lam, M.S.: An efficient inclusion-based points-to analysis for strictly-typed languages. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, p. 180. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Automation, Indian Institute of Science, Bangalore, India

    Rupesh Nasre & Ramaswamy Govindarajan

Authors
  1. Rupesh Nasre
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ramaswamy Govindarajan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Départment d’Informatique, École normale supérieure, rue d’Ulm 45, 75230, Paris cedex, France

    Radhia Cousot

  2. ELIAUS-DALI Laboratory, Université de Perpignan Via Domitia, 52, avenue Paul Alduy, 66860, Perpignan cedex, France

    Matthieu Martel

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nasre, R., Govindarajan, R. (2010). Points-to Analysis as a System of Linear Equations. In: Cousot, R., Martel, M. (eds) Static Analysis. SAS 2010. Lecture Notes in Computer Science, vol 6337. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15769-1_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15769-1_26

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15768-4

  • Online ISBN: 978-3-642-15769-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics