research-article

Open Access

Generalized Points-to Graphs: A Precise and Scalable Abstraction for Points-to Analysis

Authors:
Pritam M. Gharat

Indian Institute of Technology Bombay, India

Indian Institute of Technology Bombay, India
View Profile

,
Uday P. Khedker

Indian Institute of Technology Bombay, India

Indian Institute of Technology Bombay, India
View Profile

,
Alan Mycroft

University of Cambridge, UK

University of Cambridge, UK

0000-0001-7013-8572
View Profile

ACM Transactions on Programming Languages and Systems Volume 42 Issue 2Article No.: 8pp 1–78https://doi.org/10.1145/3382092

Published:19 May 2020Publication History

ACM Transactions on Programming Languages and Systems

Abstract

Computing precise (fully flow- and context-sensitive) and exhaustive (as against demand-driven) points-to information is known to be expensive. Top-down approaches require repeated analysis of a procedure for separate contexts. Bottom-up approaches need to model unknown pointees accessed indirectly through pointers that may be defined in the callers and hence do not scale while preserving precision. Therefore, most approaches to precise points-to analysis begin with a scalable but imprecise method and then seek to increase its precision. We take the opposite approach in that we begin with a precise method and increase its scalability. In a nutshell, we create naive but possibly non-scalable procedure summaries and then use novel optimizations to compact them while retaining their soundness and precision.

For this purpose, we propose a novel abstraction called the generalized points-to graph (GPG), which views points-to relations as memory updates and generalizes them using the counts of indirection levels leaving the unknown pointees implicit. This allows us to construct GPGs as compact representations of bottom-up procedure summaries in terms of memory updates and control flow between them. Their compactness is ensured by strength reduction (which reduces the indirection levels), control flow minimization (which removes control flow edges while preserving soundness and precision), and call inlining (which enhances the opportunities of these optimizations).

The effectiveness of GPGs lies in the fact that they discard as much control flow as possible without losing precision. This is the reason GPGs are very small even for main procedures that contain the effect of the entire program. This allows our implementation to scale to 158 kLoC for C programs.

At a more general level, GPGs provide a convenient abstraction to represent and transform memory in the presence of pointers. Future investigations can try to combine it with other abstractions for static analyses that can benefit from points-to information.

Supplemental Material

Available for Download

zip

gharat.zip (821.6 KB)

Supplemental movie, appendix, image and software files for, Exploring the Needs, Preferences, and Concerns of Persons with Visual Impairments Regarding Autonomous Vehicles

References

Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman. 2006. Compilers: Principles, Techniques, and Tools (2nd ed.). Addison Wesley Longman, Boston, MA.Google ScholarDigital Library
Thomas Ball and Sriram K. Rajamani. 2002. The SLAM project: Debugging system software via static analysis. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’02). ACM, New York, NY, 1--3. DOI:https://doi.org/10.1145/503272.503274Google ScholarDigital Library
A. J. Bernstein. 1996. Analysis of programs for parallel processing. IEEE Trans. Elec. Comp. EC-15, 5 (1996), 746--757. https://ci.nii.ac.jp/naid/10009998541/en/.Google Scholar
Marcio Buss, Daniel Brand, Vugranam Sreedhar, and Stephen A. Edwards. 2010. A novel analysis space for pointer analysis and its application for bug finding. Sci. Comput. Program. 75, 11 (Nov. 2010), 921--942. DOI:https://doi.org/10.1016/j.scico.2009.08.002Google ScholarDigital Library
Ramkrishna Chatterjee, Barbara G. Ryder, and William A. Landi. 1999. Relevant context inference. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’99). ACM, New York, NY, 133--146. DOI:https://doi.org/10.1145/292540.292554Google ScholarDigital Library
Ben-Chung Cheng and Wen-Mei W. Hwu. 2000. Modular interprocedural pointer analysis using access paths: Design, implementation, and evaluation. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation (PLDI’00). ACM, New York, NY, 57--69. DOI:https://doi.org/10.1145/349299.349311Google ScholarDigital Library
Isil Dillig, Thomas Dillig, and Alex Aiken. 2008. Sound, complete and scalable path-sensitive analysis. In Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’08). ACM, New York, NY. DOI:https://doi.org/10.1145/1375581.1375615Google ScholarDigital Library
Maryam Emami, Rakesh Ghiya, and Laurie J. Hendren. 1994. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation (PLDI’94). ACM, New York, NY, 242--256. DOI:https://doi.org/10.1145/178243.178264Google ScholarDigital Library
Yu Feng, Xinyu Wang, Isil Dillig, and Thomas Dillig. 2015. Bottom-up context-sensitive pointer analysis for Java. In Proceedings of the 13th Asian Symposium on Programming Languages and Systems (APLAS’15). DOI:https://doi.org/10.1007/978-3-319-26529-2_25Google ScholarCross Ref
Pritam M. Gharat. 2018. Generalized Points-to Graph: A New Abstraction of Memory in Presence of Pointers. Ph.D. Dissertation. Indian Institute of Technology Bombay, Mumbai, India.Google Scholar
Pritam M. Gharat, Uday P. Khedker, and Alan Mycroft. 2016. Flow- and context-sensitive points-to analysis using generalized points-to graphs. In Proceedings of the 23rd Static Analysis Symposium (SAS’16).Google ScholarCross Ref
Brian Hackett and Alex Aiken. 2006. How is aliasing used in systems software? In Proceedings of the 14th ACM SIGSOFT International Symposium on Foundations of Software Engineering (SIGSOFT’06/FSE-14). ACM, New York, NY. DOI:https://doi.org/10.1145/1181775.1181785Google ScholarDigital Library
Nevin Heintze and Olivier Tardieu. 2001. Demand-driven pointer analysis. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation (PLDI’01). ACM, New York, NY. DOI:https://doi.org/10.1145/378795.378802Google ScholarDigital Library
Michael Hind and Anthony Pioli. 1998. Assessing the effects of flow-sensitivity on pointer alias analyses. In Proceedings of the 5th International Symposium on Static Analysis (SAS’98). 57--81. DOI:https://doi.org/10.1007/3-540-49727-7_4Google ScholarCross Ref
Michael Hind and Anthony Pioli. 2000. Which pointer analysis should I use? In Proceedings of the 2000 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’00). ACM, New York, NY, 113--123. DOI:https://doi.org/10.1145/347324.348916Google ScholarDigital Library
Vineet Kahlon. 2008. Bootstrapping: A technique for scalable flow and context-sensitive pointer alias analysis. In Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’08). ACM, New York, NY, 249--259. DOI:https://doi.org/10.1145/1375581.1375613Google ScholarDigital Library
Vini Kanvar and Uday P. Khedker. 2016. Heap abstractions for static analysis. ACM Comput. Surv. 49, 2 (June 2016), Article 29, 47 pages. DOI:https://doi.org/10.1145/2931098Google ScholarDigital Library
Owen Kaser, C. R. Ramakrishnan, and Shaunak Pawagi. 1993. On the conversion of indirect to direct recursion. ACM Lett. Program. Lang. Syst. 2, 1-4 (March 1993), 151--164. DOI:https://doi.org/10.1145/176454.176510Google ScholarDigital Library
Ken Kennedy and John R. Allen. 2002. Optimizing Compilers for Modern Architectures: A Dependence-Based Approach. Morgan Kaufmann, San Francisco, CA.Google ScholarDigital Library
Uday P. Khedker and Bageshri Karkare. 2008. Efficiency, precision, simplicity, and generality in interprocedural data flow analysis: Resurrecting the classical call strings method. In Proceedings of the Joint European Conferences on Theory and Practice of Software and the 17th International Conference on Compiler Construction (CC’08/ETAPS’08).Google Scholar
Uday P. Khedker, Alan Mycroft, and Prashant Singh Rawat. 2012. Liveness-based pointer analysis. In Proceedings of the 19th International Static Analysis Symposium (SAS’12). DOI:https://doi.org/10.1007/978-3-642-33125-1_19Google ScholarCross Ref
U. P. Khedker, A. Sanyal, and B. Sathe. 2009. Data Flow Analysis: Theory and Practice. Taylor 8 Francis (CRC Press), Boca Raton, FL.Google Scholar
Chris Lattner, Andrew Lenharth, and Vikram Adve. 2007. Making context-sensitive points-to analysis with heap cloning practical for the real world. In Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’07). ACM, New York, NY, 278--289. DOI:https://doi.org/10.1145/1250734.1250766Google ScholarDigital Library
Ondrej Lhotak, Yannis Smaragdakis, and Manu Sridharan. 2013. Pointer analysis (Dagstuhl seminar 13162). Dagstuhl Reports 3, 4 (2013), 91--113. DOI:https://doi.org/10.4230/DagRep.3.4.91Google ScholarCross Ref
Lian Li, Cristina Cifuentes, and Nathan Keynes. 2013. Precise and scalable context-sensitive pointer analysis via value flow graph. In Proceedings of the 2013 International Symposium on Memory Management (ISMM’13). ACM, New York, NY. DOI:https://doi.org/10.1145/2464157.2466483Google ScholarDigital Library
Ravichandhran Madhavan, G. Ramalingam, and Kapil Vaswani. 2012. Modular heap analysis for higher-order programs. In Proceedings of the 19th International Conference on Static Analysis (SAS’12). DOI:https://doi.org/10.1007/978-3-642-33125-1_25Google ScholarDigital Library
Ravichandhran Madhavan, G. Ramalingam, and Kapil Vaswani. 2015. A framework for efficient modular heap analysis. Found. Trends Program. Lang. 1, 4 (Jan. 2015), 269--381. DOI:https://doi.org/10.1561/2500000020Google ScholarDigital Library
Steven S. Muchnick. 1997. Advanced Compiler Design and Implementation. Morgan Kaufmann, San Francisco, CA.Google ScholarDigital Library
Rohan Padhye and Uday P. Khedker. 2013. Interprocedural data flow analysis in SOOT using value contexts. In Proceedings of the 2nd ACM SIGPLAN International Workshop on State of the Art in Java Program Analysis (SOAP’13). ACM, New York, NY. DOI:https://doi.org/10.1145/2487568.2487569Google ScholarDigital Library
Thomas Reps, Susan Horwitz, and Mooly Sagiv. 1995. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’95). ACM, New York, NY. DOI:https://doi.org/10.1145/199448.199462Google ScholarDigital Library
Barbara G. Ryder, William A. Landi, Philip A. Stocks, Sean Zhang, and Rita Altucher. 2001. A schema for interprocedural modification side-effect analysis with pointer aliasing. ACM Trans. Program. Lang. Syst. 23, 2 (March 2001), 105--186. DOI:https://doi.org/10.1145/383043.381532Google ScholarDigital Library
Mooly Sagiv, Thomas Reps, and Susan Horwitz. 1996. Precise interprocedural dataflow analysis with applications to constant propagation. In Selected Papers from the 6th International Joint Conference on Theory and Practice of Software Development (TAPSOFT’95). Elsevier Science Publishers B. V., Amsterdam, The Netherlands. http://dl.acm.org/citation.cfm?id=243753.243762Google Scholar
Lei Shang, Xinwei Xie, and Jingling Xue. 2012. On-demand dynamic summary-based points-to analysis. In Proceedings of the 10th International Symposium on Code Generation and Optimization (CGO’12). ACM, New York, NY. DOI:https://doi.org/10.1145/2259016.2259050Google ScholarDigital Library
M. Sharir and A. Pneuli. 1981. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, S. S. Muchnick and N. D. Jones (Eds.). Prentice Hall, 189–234.Google Scholar
Yannis Smaragdakis and George Balatsouras. 2015. Pointer analysis. Foundations and Trends® in Programming Languages 2, 1 (2015), 1--69. DOI:https://doi.org/10.1561/2500000014Google ScholarDigital Library
Johannes Späth, Lisa Nguyen, Karim Ali, and Eric Bodden. 2016. Boomerang: Demand-driven flow- and context-sensitive pointer analysis for Java. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP’16).Google Scholar
Manu Sridharan, Denis Gopan, Lexin Shan, and Rastislav Bodík. 2005. Demand-driven points-to analysis for Java. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA’05). ACM, New York, NY. DOI:https://doi.org/10.1145/1094811.1094817Google ScholarDigital Library
Stefan Staiger-Stöhr. 2013. Practical integrated analysis of pointers, dataflow and control flow. ACM Trans. Program. Lang. Syst. 35, 1 (2013), Article 5, 48 pages. DOI:https://doi.org/10.1145/2450136.2450140Google ScholarDigital Library
Alexandru Sălcianu and Martin Rinard. 2005. Purity and side effect analysis for Java programs. In Proceedings of the 6th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’05). DOI:https://doi.org/10.1007/978-3-540-30579-8_14Google ScholarDigital Library
Yulei Sui and Jingling Xue. 2016. On-demand strong update analysis via value-flow refinement. In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE’16). ACM, New York, NY, 460--473. DOI:https://doi.org/10.1145/2950290.2950296Google ScholarDigital Library
Yulei Sui and Jingling Xue. 2016. SVF: Interprocedural static value-flow analysis in LLVM. In Proceedings of the 25th International Conference on Compiler Construction (CC’16). ACM, New York, NY, 265--266. DOI:https://doi.org/10.1145/2892208.2892235Google ScholarDigital Library
John Whaley and Martin Rinard. 1999. Compositional pointer and escape analysis for Java programs. In Proceedings of the 14th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA’99). ACM, New York, NY. DOI:https://doi.org/10.1145/320384.320400Google ScholarDigital Library
R. P. Wilson and M. S. Lam. 1995. Efficient context-sensitive pointer analysis for C programs. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’95). citeseer.ist.psu.edu/wilson95efficient.htmlGoogle Scholar
Dacong Yan, Guoqing Xu, and Atanas Rountev. 2012. Rethinking SOOT for summary-based whole-program analysis. In Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program Analysis (SOAP’12). ACM, New York, NY. DOI:https://doi.org/10.1145/2259051.2259053Google ScholarDigital Library
Greta Yorsh, Eran Yahav, and Satish Chandra. 2008. Generating precise and concise procedure summaries. In Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’08). ACM, New York, NY. DOI:https://doi.org/10.1145/1328438.1328467Google ScholarDigital Library
Hongtao Yu, Jingling Xue, Wei Huo, Xiaobing Feng, and Zhaoqing Zhang. 2010. Level by level: Making flow- and context-sensitive pointer analysis scalable for millions of lines of code. In Proceedings of the 8th Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO’10). ACM, New York, NY, 218--229. DOI:https://doi.org/10.1145/1772954.1772985Google ScholarDigital Library
Xin Zhang, Ravi Mangal, Mayur Naik, and Hongseok Yang. 2014. Hybrid top-down and bottom-up interprocedural analysis. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’14). ACM, New York, NY. DOI:https://doi.org/10.1145/2594291.2594328Google ScholarDigital Library
Jianwen Zhu and Silvian Calman. 2005. Context sensitive symbolic pointer analysis. IEEE Trans. Comput. Aided Des. Integr. Circ. Syst. 24 (May 2005), 516--531. DOI:https://doi.org/10.1109/TCAD.2005.844092Google ScholarDigital Library

Index Terms

Generalized Points-to Graphs: A Precise and Scalable Abstraction for Points-to Analysis
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
  2. Software notations and tools
    1. Compilers
    2. General programming languages
      1. Language types
        Imperative languages
2. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis

Recommendations

On-demand dynamic summary-based points-to analysis
CGO '12: Proceedings of the Tenth International Symposium on Code Generation and Optimization

Static analyses can be typically accelerated by reducing redundancies. Modern demand-driven points-to or alias analysis techniques rest on the foundation of Context-Free Language (CFL) reachability. These techniques achieve high precision efficiently ...
Read More
Refinement-based context-sensitive points-to analysis for Java
Proceedings of the 2006 PLDI Conference

We present a scalable and precise context-sensitive points-to analysis with three key properties: (1) filtering out of unrealizable paths, (2) a context-sensitive heap abstraction, and (3) a context-sensitive call graph. Previous work [21] has shown ...
Read More
Dynamic points-to sets: a comparison with static analyses and potential applications in program understanding and optimization
PASTE '01: Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

In this paper, we compare the behavior of pointers in C programs, as approximated by static pointer analysis algorithms, with the actual behavior of pointers when these programs are run. In order to perform this comparison, we have implemented several ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Programming Languages and Systems Volume 42, Issue 2
June 2020
286 pages
ISSN:0164-0925
EISSN:1558-4593
DOI:10.1145/3395960
Editor:
Andrew Myers
Cornell University, USA
Issue’s Table of Contents
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 May 2020
- Online AM: 7 May 2020
- Accepted: 1 January 2020
- Revised: 1 October 2019
- Received: 1 January 2018
Published in toplas Volume 42, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Flow- and context-sensitive interprocedural analysis
bottom-up interprocedural analysis
points-to analysis
procedure summaries
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 663
  Total Downloads
- Downloads (Last 12 months)198
- Downloads (Last 6 weeks)33
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Generalized Points-to Graphs: A Precise and Scalable Abstraction for Points-to Analysis

ACM Transactions on Programming Languages and Systems

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

On-demand dynamic summary-based points-to analysis

Refinement-based context-sensitive points-to analysis for Java

Dynamic points-to sets: a comparison with static analyses and potential applications in program understanding and optimization