Proceedings Article10.1145/349299.349309
Unification-based pointer analysis with directional assignments
Manuvir Das
- 01 May 2000
- Vol. 35, Iss: 5, pp 35-46
351
TL;DR: This algorithm provides a method for obtaining precise flow-insensitive points-to information for large C programs and lies between Steensgaard's algorithm and Andersen's algorithm in terms of both precision and running time.
read more
Abstract: This paper describes a new algorithm for flow and context insensitive pointer analysis of C programs. Our studies show that the most common use of pointers in C programs is in passing the addresses of composite objects or updateable values as arguments to procedures. Therefore, we have designed a low-cost algorithm that handles this common case accurately. In terms of both precision and running time, this algorithm lies between Steensgaard's algorithm, which treats assignments bi-directionally using unification, and Andersen's algorithm, which treats assignments directionally using subtyping. Our “one level flow” algorithm uses a restricted form of subtyping to avoid unification of symbols at the top levels of pointer chains in the points-to graph, while using unification elsewhere in the graph. The method scales easily to large programs. For instance, we are able to analyze a 1.4 MLOC (million lines of code) program in two minutes, using less than 200MB of memory. At the same time, the precision of our algorithm is very close to that of Andersen's algorithm. On all of the integer benchmark programs from SPEC95, the one level flow algorithm and Andersen's algorithm produce either identical or essentially identical points-to information. Therefore, we claim that our algorithm provides a method for obtaining precise flow-insensitive points-to information for large C programs.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
The SLAM project: debugging system software via static analysis
Thomas Ball,Sriram K. Rajamani +1 more
- 01 Jan 2002
TL;DR: This work has successfully applied the SLAM toolkit to Windows XP device drivers, to both validate behavior and find defects in their usage of kernel APIs.
Automatic predicate abstraction of C programs
Thomas Ball,Rupak Majumdar,Todd Millstein,Sriram K. Rajamani +3 more
- 01 May 2001
TL;DR: This work presents the first algorithm to automatically construct a predicate abstraction of programs written in am industrial programming language such as C, and its implementation in a tool -- C2BP, part of the SLAM toolkit.
•Book
Memory Systems: Cache, DRAM, Disk
Bruce Jacob,Spencer W. Ng,David T. Wang +2 more
- 10 Sep 2007
TL;DR: Is your memory hierarchy stopping your microprocessor from performing at the high level it should be?
813
Pointer analysis: haven't we solved this problem yet?
Michael Hind
- 01 Jun 2001
TL;DR: Issues related to pointer analysis and remaining open problems are described.
682
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
John Whaley,Monica S. Lam +1 more
- 09 Jun 2004
TL;DR: This paper presents the first scalable context-sensitive, inclusion-based pointer alias analysis for Java programs, and develops a system called bddbddb that automatically translates Datalog programs into highly efficient BDD implementations.
References
•Book
Data Structures and Network Algorithms
Robert E. Tarjan
- 01 Jan 1983
TL;DR: This paper presents a meta-trees tree model that automates the very labor-intensive and therefore time-heavy and therefore expensive process of manually selecting trees to grow in a graph.
2.3K
Points-to analysis in almost linear time
Bjarne Steensgaard
- 01 Jan 1996
TL;DR: This is the asymptotically fastest non-trivial interprocedural points-to analysis algorithm yet described and is based on a non-standard type system for describing a universally valid storage shape graph for a program in linear space.
Context-sensitive interprocedural points-to analysis in the presence of function pointers
Maryam Emami,Rakesh Ghiya,Laurie Hendren +2 more
- 01 Jun 1994
TL;DR: This paper reports on the design, implementation, and empirical results of a new method for dealing with the aliasing problem in C based on approximating the points-to relationships between accessible stack locations that allows the smooth integration for handling general function pointers in C.
Efficient, context-sensitive pointer analysis for c programs
Monica S. Lam,Robert P. Wilson +1 more
- 01 Jan 1998
TL;DR: In this article, a partial transfer function (PTF) describes the behavior of a procedure assuming that certain alias relationships hold when it is called, and can reuse a PTF in many calling contexts as long as the aliases among the inputs to the procedure are the same.
603
•Book
Efficient, context-sensitive pointer analysis for C programs
Robert P. Wilson,Monica S. Lam +1 more
- 01 Jan 1997
TL;DR: An efficient technique for context-sensitive pointer analysis that is applicable to real C programs and based on a low-level representation of memory locations that safely handles all the features of C.
555
Related Papers (5)
Bjarne Steensgaard
- 01 Jan 1996
Lars Ole Andersen,Peter Lee +1 more
- 01 Jan 2005
Robert P. Wilson,Monica S. Lam +1 more
- 01 Jan 1997
Michael Hind
- 01 Jun 2001