More Web Proxy on the site http://driver.im/

Article

The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code

Authors:

Calvin LinAuthors Info & Claims

PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 290 - 299

https://doi.org/10.1145/1250734.1250767

Published: 10 June 2007 Publication History

Abstract

Pointer information is a prerequisite for most program analyses, and the quality of this information can greatly affect their precision and performance. Inclusion-based (i.e. Andersen-style) pointer analysis is an important point in the space of pointer analyses, offering a potential sweet-spot in the trade-off between precision and performance. However, current techniques for inclusion-based pointer analysis can have difficulties delivering on this potential.

We introduce and evaluate two novel techniques for inclusion-based pointer analysis---one lazy, one eager¹---that significantly improve upon the current state-of-the-art without impacting precision. These techniques focus on the problem of online cycle detection, a critical optimization for scaling such analyses. Using a suite of six open-source C programs, which range in size from 169K to 2.17M LOC, we compare our techniques against the three best inclusion-based analyses--described by Heintze and Tardieu [11], by Pearce et al. [21], and by Berndl et al. [4]. The combination of our two techniques results in an algorithm which is on average 3.2 xfaster than Heintze and Tardieu's algorithm, 6.4 xfaster than Pearce et al.'s algorithm, and 20.6 faster than Berndl et al.'s algorithm.

We also investigate the use of different data structures to represent points-to sets, examining the impact on both performance and memory consumption. We compare a sparse-bitmap implementation used in the GCC compiler with a BDD-based implementation, and we find that the BDD implementation is on average 2x slower than using sparse bitmaps but uses 5.5x less memory.

References

[1]

Aesop. The Ant and the Grasshopper, rm from Aesop's Fables. Greece, 6th century BC.

[2]

Lars Ole Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, May 1994.

[3]

Dzintars Avots, Michael Dalton, VBenjamin Livshits, and Monica S. Lam. Improving software security with a C pointer analysis. In 27th International Conference on Software Engineering (ICSE), pages 332--341, 2005.

Digital Library

[4]

Marc Berndl, Ondrej Lhotak, Feng Qian, Laurie Hendren, and Navindra Umanee. Points-to analysis using BDDs. In Programming Language Design and Implementation (PLDI), pages 103--114, 2003.

Digital Library

[5]

Randal E. Bryant. Graph-based algorithms for Boolean function manipulation. IEEE Transactions on Computers, C-35(8):677--691, August 1986.

Digital Library

[6]

Jong-Deok Choi, Michael Burke, and Paul Carini. Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects. In Principles of Programming Languages (POPL), pages 232--245, 1993.

Digital Library

[7]

Manuvir Das. Unification-based pointer analysis with directional assignments. In Programming Language Design and Implementation (PLDI), pages 35--46, 2000.

Digital Library

[8]

Maryam Emami, Rakesh Ghiya, and Laurie J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In Programming Language Design and Implementation (PLDI), pages 242--256, 1994.

Digital Library

[9]

Manuel Faehndrich, Jeffrey S. Foster, Zhendong Su, and Alexander Aiken. Partial online cycle elimination in inclusion constraint graphs. In Programming Language Design and Implementation (PLDI), pages 85--96, 1998.

Digital Library

[10]

Samuel Z. Guyer and Calvin Lin. Error checking with client-driven pointer analysis. Science of Computer Programming, 58(1-2):83--114, 2005.

Digital Library

[11]

Nevin Heintze and Olivier Tardieu. Ultra-fast aliasing analysis using CLA: A million lines of C code in a second. In Programming Language Design and Implementation (PLDI), pages 24--34, 2001.

Digital Library

[12]

Michael Hind. Pointer analysis: haven't we solved this problem yet? In Workshop on Program Analysis for Software Tools and Engineering (PASTE), pages 54--61, 2001.

Digital Library

[13]

Michael Hind, Michael Burke, Paul Carini, and Jong-Deok Choi. Interprocedural pointer alias analysis. ACM Transactions on Programming Languages and Systems, 21(4):848--894, 1999.

Digital Library

[14]

William Landi and Barbara G. Ryder. Pointer-induced aliasing: a problem taxonomy. In Symposium on Principles of Programming Languages (POPL), pages 93--103, 1991.

Digital Library

[15]

William Landi and Barbara G. Ryder. A safe approximate algorithm for interprocedural pointer aliasing. In Programming Language Design and Implementation (PLDI), pages 235--248, 1992.

Digital Library

[16]

J. Lind-Nielson. BuDDy, a binary decision package. http://www.itu.dk/research/buddy/.

[17]

George C. Necula, Scott McPeak, Shree Prakash Rahul, and Westley Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Computational Complexity, pages 213--228, 2002.

Digital Library

[18]

F. Nielson, H. R. Nielson, and C. L. Hankin. Principles of Program Analysis. Springer-Verlag, 1999.

Digital Library

[19]

Esko Nuutila and Eljas Soisalon-Soininen. On finding the strong components in a directed graph. Technical Report TKO-B94, Helsinki University of Technology, Laboratory of Information Processing Science, 1995.

[20]

Erik M. Nystrom, Hong-Seok Kim, and Wen mei WHwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. In International Symposium on Static Analysis, pages 165--180, 2004.

[21]

David Pearce, Paul Kelly, and Chris Hankin. Efficient field-sensitive pointer analysis for C. In ACM workshop on Program Analysis for Software Tools and Engineering (PASTE), pages 37--42, 2004.

Digital Library

[22]

David J. Pearce, Paul H. J. Kelly, and Chris Hankin. Online cycle detection and difference propagation for pointer analysis. In 3rd International IEEE Workshop on Source Code Analysis and Manipulation (SCAM), pages 3--12, 2003.

[23]

Atanas Rountev and Satish Chandra. Off-line variable substitution for scaling points-to analysis. In Programming Language Design and Implementation (PLDI), pages 47--56, 2000.

Digital Library

[24]

M. Shapiro and S. Horwitz. The effects of the precision of pointer analysis. Lecture Notes in Computer Science, 1302:16--34, 1997.

Digital Library

[25]

Bjarne Steensgaard. Points-to analysis in almost linear time. In Symposium on Principles of Programming Languages (POPL), pages 32--41, 1996.

Digital Library

[26]

Robert Tarjan. Depth-first search and linear graph algorithms. SIAM J. Comput., 1(2):146--160, June 1972.

Digital Library

[27]

Teck Bok Tok, Samuel Z. Guyer, and Calvin Lin. Efficient flow-sensitive interprocedural data-flow analysis in the presence of pointers. In 15th International Conference on Compiler Construction (CC), pages 17--31, 2006.

Digital Library

[28]

John Whaley and Monica S. Lam. Cloning-based context-sensitive pointer alias analysis. In Programming Language Design and Implementation (PLDI), pages 131--144, 2004.

Digital Library

[29]

Robert P. Wilson and Monica S. Lam. Efficient context-sensitive pointer analysis for c programs. In Programming Language Design and Implementation (PLDI), pages 1--12, 1995.

Digital Library

[30]

Jianwen Zhu and Silvian Calman. Symbolic pointer analysis revisited. In Programming Language Design and Implementation (PLDI), pages 145--157, 2004.

Digital Library

Cited By

Rajagopalan VPortokalidis GCraven RMickelson M(2024)Evaluating the Effect of Improved Indirect Call Resolution on System Call DebloatingProceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3689937.3695791(1-6)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3689937.3695791
An XJia XDu HXie Y(2024)Structure-Sensitive Pointer Analysis for Multi-structure ObjectsProceedings of the 15th Asia-Pacific Symposium on Internetware10.1145/3671016.3671396(155-164)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1145/3671016.3671396
Wimmer CStancu CKozak DWürthinger T(2024)Scaling Type-Based Points-to Analysis with SaturationProceedings of the ACM on Programming Languages10.1145/36564178:PLDI(990-1013)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656417
Show More Cited By

Index Terms

The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code
1. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis
    2. Program semantics

Recommendations

The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code
Proceedings of the 2007 PLDI conference

Pointer information is a prerequisite for most program analyses, and the quality of this information can greatly affect their precision and performance. Inclusion-based (i.e. Andersen-style) pointer analysis is an important point in the space of pointer ...
Precise flow-insensitive may-alias analysis is NP-hard

Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...
Semi-sparse flow-sensitive pointer analysis
POPL '09

Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2007

508 pages

ISBN:9781595936332

DOI:10.1145/1250734

General Chair:
Jeanne Ferrante
University of California, San Diego, USA
,
Program Chair:
Kathryn S. McKinley
University of Texas at Austin, USA

ACM SIGPLAN Notices Volume 42, Issue 6
Proceedings of the 2007 PLDI conference
June 2007
491 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1273442
Issue’s Table of Contents

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 June 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tag

pointer analysis

Qualifiers

Article

Conference

PLDI '07

Sponsor:

PLDI '07: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 10 - 13, 2007

California, San Diego, USA

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

196
Total Citations
View Citations
1,714
Total Downloads

Downloads (Last 12 months)64
Downloads (Last 6 weeks)12

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rajagopalan VPortokalidis GCraven RMickelson M(2024)Evaluating the Effect of Improved Indirect Call Resolution on System Call DebloatingProceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3689937.3695791(1-6)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3689937.3695791
An XJia XDu HXie Y(2024)Structure-Sensitive Pointer Analysis for Multi-structure ObjectsProceedings of the 15th Asia-Pacific Symposium on Internetware10.1145/3671016.3671396(155-164)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1145/3671016.3671396
Wimmer CStancu CKozak DWürthinger T(2024)Scaling Type-Based Points-to Analysis with SaturationProceedings of the ACM on Programming Languages10.1145/36564178:PLDI(990-1013)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656417
Wang JWang HChristakis MPradel M(2024)NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android AppsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680335(971-982)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680335
Palit TFonseca PTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Kaleidoscope: Precise Invariant-Guided Pointer AnalysisProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651340(561-576)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651340
Fu SLiao Y(2024)Golang Defect Detection based on Value Flow Analysis2024 9th International Conference on Electronic Technology and Information Science (ICETIS)10.1109/ICETIS61828.2024.10593695(358-363)Online publication date: 17-May-2024
https://doi.org/10.1109/ICETIS61828.2024.10593695
Zhao CTu TWang CQin S(2023)VulPathsFinder: A Static Method for Finding Vulnerable Paths in PHP Applications Based on CPGApplied Sciences10.3390/app1316924013:16(9240)Online publication date: 14-Aug-2023
https://doi.org/10.3390/app13169240
Chitre KKedia PPurandare R(2023)Rapid: Region-Based Pointer DisambiguationProceedings of the ACM on Programming Languages10.1145/36228597:OOPSLA2(1729-1757)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622859
Cai YZhang C(2023)A Cocktail Approach to Practical Call Graph ConstructionProceedings of the ACM on Programming Languages10.1145/36228337:OOPSLA2(1001-1033)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622833
Lu K(2023)Practical Program Modularization with Type-Based Dependence Analysis2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179412(1256-1270)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179412
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents