Abstract
Object-sensitivity is regarded as arguably the best context abstraction for pointer analysis in object-oriented languages. However, a k-object-sensitive pointer analysis, which uses a sequence of k allocation sites (as k context elements) to represent a calling context of a method call, may end up using some context elements redundantly without inducing a finer partition of the space of (concrete) calling contexts for the method call. In this paper, we introduce Bean, a general approach for improving the precision of any k-object-sensitive analysis, denoted \(k\)-obj, by still using a k-limiting context abstraction. The novelty is to identify allocation sites that are redundant context elements in \(k\)-obj from an Object Allocation Graph (OAG), which is built based on a pre-analysis (e.g., a context-insensitive Andersen’s analysis) performed initially on a program and then avoid them in the subsequent k-object-sensitive analysis for the program. Bean is generally more precise than \(k\)-obj, with a precision that is guaranteed to be as good as \(k\)-obj in the worst case. We have implemented Bean as an open-source tool and applied it to refine two state-of-the-art whole-program pointer analyses in Doop. For two representative clients (may-alias and may-fail-cast) evaluated on a set of nine large Java programs from the DaCapo benchmark suite, Bean has succeeded in making both analyses more precise for all these benchmarks under each client at only small increases in analysis cost.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI 2014 (2014)
Blackburn, S.M., Garner, R., Hoffmann, C., Khang, A.M., McKinley, K.S., Bentzur, R., Diwan, A., Feinberg, D., Frampton, D., Guyer, S.Z., Hirzel, M., Hosking, A., Jump, M., Lee, H., Moss, J.E.B., Phansalkar, A., Stefanović, D., VanDrunen, T., von Dincklage, D., Wiedermann, B.: The DaCapo benchmarks: Java benchmarking development and analysis. In: OOPSLA 2006 (2006)
Blackshear, S., Chang, B.Y.E., Sridharan, M.: Selective control-flow abstraction via jumping. In: OOPSLA 2015 (2015)
Bravenboer, M., Smaragdakis, Y.: Strictly declarative specification of sophisticated points-toanalyses. In: OOPSLA 2009 (2009)
Chord. A program analysis platform for Java. http://www.cc.gatech.edu/~naik/chord.html
Das, M., Liblit, B., Fähndrich, M., Rehof, J.: Estimating the impact of scalable pointer analysis on optimization. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, pp. 260–278. Springer, Heidelberg (2001)
DOOP. A sophisticated framework for Java pointer analysis. http://doop.program-analysis.org
Feng, Y., Wang, X., Dillig, I., Dillig, T.: Bottom-up context-sensitive pointer analysis for java. In: Feng, X., Park, S. (eds.) APLAS 2015. LNCS, vol. 9458, pp. 465–484. Springer, Heidelberg (2015). doi:10.1007/978-3-319-26529-2_25
Fink, S.J., Yahav, E., Dor, N., Ramalingam, G., Geay, E.: Effective typestate verification in the presence of aliasing. ACM Trans. Softw. Eng. Methodol. 17(2), 1–34 (2008)
Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of android applications in droidsafe. In: NDSS 2015 (2015)
Hardekopf, B., Lin, C.: Flow-sensitive pointer analysis for millions of lines of code. In: CGO 2011 (2011)
Hind, M.: Pointer analysis: Haven’t we solved this problem yet? In: PASTE 2001 (2001)
Huang, W., Dong, Y., Milanova, A., Dolby, J.: Scalable and precise taint analysis for android. In: ISSTA 2015 (2015)
Kastrinis, G., Smaragdakis, Y.: Hybrid context-sensitivity for points-to analysis. In: PLDI 2013 (2013)
Lhoták, O.: Program Analysis using Binary Decision Diagrams. Ph.D. thesis (2006)
Lhoták, O., Chung, K.C.A.: Points-to analysis with efficient strong updates. In: POPL 2011 (2011)
Lhoták, O., Hendren, L.: Context-sensitive points-to analysis: is it worth it? In: Mycroft, A., Zeller, A. (eds.) CC 2006. LNCS, vol. 3923, pp. 47–64. Springer, Heidelberg (2006)
Lhoták, O., Hendren, L.: Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Trans. Softw. Eng. Methodol. 18(1), 1–53 (2008)
Li, Y., Tan, T., Sui, Y., Xue, J.: Self-inferencing reflection resolution for java. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 27–53. Springer, Heidelberg (2014)
Li, Y., Tan, T., Xue, J.: Effective soundness-guided reflection analysis. In: Blazy, S., Jensen, T. (eds.) SAS 2015. LNCS, vol. 9291, pp. 162–180. Springer, Heidelberg (2015)
Li, Y., Tan, T., Zhang, Y., Xue, J.: Program tailoring: Slicing by sequential criteria. In: ECOOP 2016 (2016)
Mangal, R., Zhang, X., Nori, A.V., Naik, M.: A user-guided approach to program analysis. In: FSE 2015 (2015)
Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to and side-effect analyses for java. In: ISSTA 2002 (2002)
Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol. 14(1), 1–41 (2005)
Naik, M., Aiken, A., Whaley, J.: Effective static race detection for java. In: PLDI 2006 (2006)
Oh, H., Lee, W., Heo, K., Yang, H., Yi, K.: Selective context-sensitivity guided by impact pre-analysis. In: PLDI 2014 (2014)
Shivers, O.G.: Control-flow Analysis of Higher-order Languages of Taming Lambda. Ph.D. thesis (1991)
Smaragdakis, Y., Balatsouras, G.: Pointer analysis. Found. Trends Program. Lang. 2, 1–69 (2015)
Smaragdakis, Y., Bravenboer, M., Lhoták, O.: Pick your contexts well: understanding object-sensitivity. In: POPL 2011 (2011)
Sridharan, M., Bodík, R.: Refinement-based context-sensitive points-to analysis for Java. In: PLDI 2006 (2006)
Sridharan, M., Chandra, S., Dolby, J., Fink, S.J., Yahav, E.: Alias analysis for object-oriented programs. In: Noble, J., Wrigstad, T., Clarke, D. (eds.) Aliasing in Object-Oriented Programming. LNCS, vol. 7850, pp. 196–232. Springer, Heidelberg (2013)
Sui, Y., Di, P., Xue, J.: Sparse flow-sensitive pointer analysis for multithreaded programs. In: CGO 2016 (2016)
Sui, Y., Li, Y., Xue, Y.: Query-directed adaptive heap cloning for optimizing compilers. In: CGO 2013 (2013)
Sui, Y., Ye, D., Xue, J.: Static memory leak detection using full-sparse value-flow analysis. In: ISSTA 2012 (2012)
Sui, Y., Ye, D., Xue, J.: Detecting memory leaks statically with full-sparse value-flow analysis. IEEE Trans. Softw. Eng. 40(2), 107–122 (2014)
Wala, T.J.: Watson libraries for analysis. http://wala.sf.net
Yu, H., Xue, J., Huo, W., Feng, X., Zhang, Z.: Level by level: making flow- and context-sensitive pointer analysisscalable for millions of lines of code. In: CGO 2010 (2010)
Zhang, X., Mangal, R., Grigore, R., Naik, M., Yang, H.: On abstraction refinement for program analyses in datalog. In: PLDI 2014 (2014)
Acknowledgement
The authors wish to thank the anonymous reviewers for their valuable comments. This work is supported by Australian Research Grants, DP130101970 and DP150102109.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag GmbH Germany
About this paper
Cite this paper
Tan, T., Li, Y., Xue, J. (2016). Making k-Object-Sensitive Pointer Analysis More Precise with Still k-Limiting. In: Rival, X. (eds) Static Analysis. SAS 2016. Lecture Notes in Computer Science(), vol 9837. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-53413-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-662-53413-7_24
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-53412-0
Online ISBN: 978-3-662-53413-7
eBook Packages: Computer ScienceComputer Science (R0)