Article

Efficient field-sensitive pointer analysis for C

Authors:
David J. Pearce

Imperial College, London, UK

Imperial College, London, UK
View Profile

,
Paul H. J. Kelly

Imperial College, London, UK

Imperial College, London, UK
View Profile

,
Chris Hankin

Imperial College, London, UK

Imperial College, London, UK
View Profile

PASTE '04: Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineeringJune 2004Pages 37–42https://doi.org/10.1145/996821.996835

Published:07 June 2004Publication History

PASTE '04: Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

Pages 37–42

ABSTRACT

The subject of this paper is flow- and context-insensitive pointer analysis. We present a novel approach for precisely modelling struct variables and indirect function calls. Our method emphasises efficiency and simplicity and extends the language of set-constraints. We experimentally evaluate the precision cost trade-off using a benchmark suite of 7 common C programs between 5,000 to 150,000 lines of code. Our results indicate the field-sensitive analysis is more expensive to compute, but yields significantly better precision.

References

A. Aiken. Introduction to set constraint-based program analysis. Sci. Comp. Prog., 35(2--3):79--111, 1999.]] Google ScholarDigital Library
L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994.]]Google Scholar
S. Chandra and T. Reps. Physical type checking for C. In Proc. ACM Workshop on Program Analysis for Software Tools and Engineering, pages 66--75, 1999.]] Google ScholarDigital Library
S. Chandra and T. Reps. Physical type checking for C. Technical Report BL0113590-990302-04, Bell Laboratories, Lucent Technologies, 1999.]]Google ScholarDigital Library
M. Das. Unification-based pointer analysis with directional assignments. In Proc. ACM Conf. Programming Language Design and Implementation, pages 35--46, 2000.]] Google ScholarDigital Library
M. Das, B. Liblit, M. Fähndrich, and J. Rehof. Estimating the impact of scalable pointer analysis on optimization. In Proc. Static Analysis Symposium, volume 2126 of LNCS, pages 260--278. Springer, 2001.]] Google ScholarDigital Library
M. Fähndrich, J. S. Foster, Z. Su, and A. Aiken. Partial online cycle elimination in inclusion constraint graphs. In Proc. ACM Conf. Programming Language Design and Implementation, pages 85--96, 1998.]] Google ScholarDigital Library
J. S. Foster, M. Fähndrich, and A. Aiken. Flow-insensitive points-to analysis with term and set constraints. Technical Report CSD-97-964, University of California, Berkeley, 1997.]] Google ScholarDigital Library
J. S. Foster, M. Fähndrich, and A. Aiken. Polymorphic versus monomorphic flow-insensitive points-to analysis for C. In Proc. Static Analysis Symposium, volume 1824 of LNCS, pages 175--198. Springer-Verlag, 2000.]] Google ScholarDigital Library
N. Heintze and O. Tardieu. Ultra-fast aliasing analysis using CLA: A million lines of C code in a second. In Proc. ACM Conf. Programming Language Design and Implementation, pages 254--263, 2001.]] Google ScholarDigital Library
M. Hind. Pointer analysis: haven't we solved this problem yet? In Proc. ACM Workshop on Program Analysis for Software Tools and Engineering, pages 54--61, 2001.]] Google ScholarDigital Library
M. Hind and A. Pioli. Which pointer analysis should I use? In Proc. ACM Symp. Software Testing and Analysis, pages 113--123, 2000.]] Google ScholarDigital Library
S. Horwitz. Precise flow-insensitive may-alias analysis is NP-Hard. ACM Transactions on Programming Languages And Systems, 19(1):1--6, Jan. 1997.]] Google ScholarDigital Library
W. Landi. Undecidability of static analysis. ACM Letters on Programming Languages and Systems, 1(4):323--337, 1992.]] Google ScholarDigital Library
O. Lhoták and L. J. Hendren. Scaling Java points-to analysis using SPARK. In Proc. Conf. Compiler Construction, volume 2622 of LNCS, pages 153--169. Springer, 2003.]]Google ScholarCross Ref
D. Liang and M. J. Harrold. Efficient points-to analysis for whole-program analysis. In Proc. Foundations of Software Engineering, volume 1687 of LNCS, pages 199--215. 1999.]] Google ScholarDigital Library
D. Liang, M. Pennings, and M. J. Harrold. Extending and evaluating flow-insensitive and context-insensitive points-to analyses for Java. In Proc. ACM Workshop Program Analyses for Software Tools and Engineering, pages 73--79, 2001.]] Google ScholarDigital Library
D. J. Pearce. Some directed graph algorithms and their application to pointer analysis (work in progress). PhD thesis, Imperial College, London, 2004.]]Google Scholar
D. J. Pearce, P. H. J. Kelly, and C. Hankin. Online cycle detection and difference propagation for pointer analysis. In Proc. IEEE Workshop on Source Code Analysis and Manipulation, pages 3--12, 2003.]]Google ScholarCross Ref
A. Rountev and S. Chandra. Off-line variable substitution for scaling points-to analysis. In Proc. ACM Conf. Programming Language Design and Implementation, pages 47--56, 2000.]] Google ScholarDigital Library
A. Rountev, A. Milanova, and B. G. Ryder. Points-to analysis for Java using annotated constraints. In Proc. ACM Conf. Object Oriented Programming Systems, Languages and Applications, pages 43--55, 2001.]] Google ScholarDigital Library
M. Shapiro and S. Horwitz. Fast and accurate flow-insensitive points-to analysis. In Proc. ACM symposium on Principles of Programming Languages, pages 1--14, 1997.]] Google ScholarDigital Library
B. Steensgaard. Points-to analysis in almost linear time. In Proc. ACM Symp. Principles of Programming Languages, pages 32--41, 1996.]] Google ScholarDigital Library
Z. Su, M. Fähndrich, and A. Aiken. Projection merging: Reducing redundancies in inclusion constraint graphs. In ACM Symp. Principles of Programming Languages, pages 81--95, 2000.]] Google ScholarDigital Library
R. Tarjan. Depth-first search and linear graph algorithms. SIAM Journal on Computing, 1(2):146--160, 1972.]]Google ScholarDigital Library
J. Whaley and M. S. Lam. An efficient inclusion-based points-to analysis for strictly-typed languages. In Proc. Static Analysis Symp., volume 2477 of LNCS, pages 180--195, 2002.]] Google ScholarDigital Library
R. P. Wilson and M. S. Lam. Efficient context-sensitive pointer analysis for C programs. In Proc. ACM Conf. Programming Language Design and Implementation, pages 1--12, 1995.]] Google ScholarDigital Library
S. H. Yong, S. Horwitz, and T. Reps. Pointer analysis for programs with structures and casting. In Proc. ACM Conf. Programming Language Design and Implementation, pages 91--103, 1999.]] Google ScholarDigital Library

Index Terms

Efficient field-sensitive pointer analysis for C
1. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis
    2. Program semantics

Recommendations

Efficient field-sensitive pointer analysis of C

The subject of this article is flow- and context-insensitive pointer analysis. We present a novel approach for precisely modelling struct variables and indirect function calls. Our method emphasises efficiency and simplicity and is based on a simple ...
Read More
Semi-sparse flow-sensitive pointer analysis
POPL '09

Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-...
Read More
Semi-sparse flow-sensitive pointer analysis
POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PASTE '04: Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
June 2004
64 pages
ISBN:1581139101
DOI:10.1145/996821
Conference Chairs:
Cormac Flanagan
University of California at Santa Cruz
,
Andreas Zeller
Saarland University
Copyright © 2004 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 June 2004
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
pointer analysis
set-constraints
Qualifiers
- Article
Conference

Acceptance Rates
PASTE '04 Paper Acceptance Rate10of37submissions,27%Overall Acceptance Rate57of159submissions,36%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 43
  Total Citations
  View Citations
- 574
  Total Downloads
- Downloads (Last 12 months)11
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.