Article

Refinement-based context-sensitive points-to analysis for Java

Authors:

Manu Sridharan,

Rastislav BodíkAuthors Info & Claims

PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 387 - 400

https://doi.org/10.1145/1133981.1134027

Published: 11 June 2006 Publication History

Abstract

We present a scalable and precise context-sensitive points-to analysis with three key properties: (1) filtering out of unrealizable paths, (2) a context-sensitive heap abstraction, and (3) a context-sensitive call graph. Previous work [21] has shown that all three properties are important for precisely analyzing large programs, e.g., to show safety of downcasts. Existing analyses typically give up one or more of the properties for scalability. We have developed a refinement-based analysis that succeeds by simultaneously refining handling of method calls and heap accesses, allowing the analysis to precisely analyze important code while entirely skipping irrelevant code. The analysis is demanddriven and client-driven, facilitating refinement specific to each queried variable and increasing scalability. In our experimental evaluation, our analysis proved the safety of 61% more casts than one of the most precise existing analyses across a suite of large benchmarks. The analysis checked the casts in under 13 minutes per benchmark (taking less than 1 second per query) and required only 35MB of memory, far less than previous approaches.

References

[1]

Ashes suite collection. http://www.sable.mcgill.ca/software/.]]

[2]

DaCapo Benchmark Suite. http://wwwali. cs.umass.edu/DaCapo/gcbm.html.]]

[3]

L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, DIKU, 1994.]]

[4]

D. Bacon and P. Sweeney. Fast static analysis of C++ virtual function calls. In Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), San Jose, CA, October 1996.]]

Digital Library

[5]

M. Berndl, O. Lhoták, F. Qian, L. Hendren, and N. Umanee. Pointsto analysis using BDDs. In Conference on Programming Language Design and Implementation (PLDI), June 2003.]]

Digital Library

[6]

S. Cherem and R. Rugina. Region analysis and transformation for java programs. In ISMM '04: Proceedings of the 4th international symposium on Memory management, 2004.]]

Digital Library

[7]

J.-D. Choi, M. Gupta, M. Serrano, V. Sreedhar, and S. Midkiff. Escape analysis for Java. In Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), November 1999.]]

Digital Library

[8]

A. Donovan, A. Kiezun, M. S. Tschantz, and M. D. Ernst. Converting Java programs to use generic libraries. In Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2004.]]

Digital Library

[9]

M. Fähndrich, J. Rehof, and M. Das. Scalable context-sensitive flow analysis using instantiation constraints. In Conference on Programming Language Design and Implementation (PLDI), 2000.]]

Digital Library

[10]

R. Fuhrer, F. Tip, J. Dolby, A. Kiezun, and M. Keller. Refactoring techniques for migrating applications to generic java container classes. In European Conference on Object-Oriented Programming (ECOOP), 2005.]]

[11]

D. Grove and C. Chambers. A framework for call graph construction algorithms. ACM Trans. Program. Lang. Syst., 23(6):685--746, 2001.]]

Digital Library

[12]

S. Z. Guyer and C. Lin. Client-driven pointer analysis. In International Static Analysis Symposium (SAS), San Diego, CA, June 2003.]]

Digital Library

[13]

S. Hallem, B. Chelf, Y. Xie, and D. Engler. A system and language for building system-specific, static analyses. In Conference on Programming Language Design and Implementation (PLDI), 2002.]]

Digital Library

[14]

N. Heintze and O. Tardieu. Demand-driven pointer analysis. In Conference on Programming Language Design and Implementation (PLDI), Snowbird, Utah, June 2001.]]

Digital Library

[15]

M. Hind. Pointer analysis: Haven't we solved this problem yet? In ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE), Snowbird, Utah, June 2001.]]

Digital Library

[16]

S. Horwitz, T. Reps, and M. Sagiv. Demand interprocedural dataflow analysis. In SIGSOFT'95: Proceedings of the Third ACM SIGSOFT Symposium on the Foundations of Software Engineering, 1995.]]

Digital Library

[17]

C. Lattner and V. Adve. Data Structure Analysis: An Efficient Context- Sensitive Heap Analysis. Tech. Report UIUCDCS-R-2003-2340, UIUC, April 2003.]]

[18]

O. Lhoták. Personal communication. 2005.]]

[19]

O. Lhoták. Program Analysis using Binary Decision Diagrams. PhD thesis, McGill University, Jan. 2006.]]

[20]

O. Lhoták and L. Hendren. Scaling Java points-to analysis using Spark. In International Conference on Compiler Construction (CC), Warsaw, Poland, April 2003.]]

Digital Library

[21]

O. Lhoták and L. Hendren. Context-sensitive points-to analysis: Is it worth it? In International Conference on Compiler Construction (CC), 2006.]]

Digital Library

[22]

D. Liang and M. J. Harrold. Efficient computation of parameterizedpointer information for interprocedural analyses. In Proceedings of the 8th International Symposium on Static Analysis, 2001.]]

Digital Library

[23]

A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for java. ACM Trans. Softw. Eng. Methodol., 14(1):1--41, 2005.]]

Digital Library

[24]

M. Naik, A. Aiken, and J. Whaley. Effective static race detection for Java. In Conference on Programming Language Design and Implementation (PLDI), 2006.]]

Digital Library

[25]

N. Nystrom, M. R. Clarkson, and A. C. Myers. Polyglot: An extensible compiler framework for java. In CC, pages 138--152, 2003.]]

Digital Library

[26]

R. O'Callahan. Generalized Aliasing as a Basis for Program Analysis Tools. PhD thesis, Carnegie Mellon University, November 2000.]]

Digital Library

[27]

J. Rehof and M. Fähndrich. Type-base flow analysis: from polymorphic subtyping to CFL-reachability. In ACM Symposium on Principles of Programming Languages (POPL), 2001.]]

Digital Library

[28]

T. Reps. Solving demand versions of interprocedural analysis problems. In International Conference on Compiler Construction (CC), Edinburgh, Scotland, April 1994.]]

Digital Library

[29]

T. Reps. Program analysis via graph reachability. Information and Software Technology, 40(11-12):701--726, November/December 1998.]]

[30]

T. Reps. Undecidability of context-sensitive data-independence analysis. ACM Trans. Program. Lang. Syst., 22(1):162--186, 2000.]]

Digital Library

[31]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In ACM Symposium on Principles of Programming Languages (POPL), 1995.]]

Digital Library

[32]

T. Reps, S. Horwitz, M. Sagiv, and G. Rosay. Speeding up slicing. In ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE), New Orleans, LA, December 1994.]]

Digital Library

[33]

E. Ruf. Effective synchronization removal for java. In Conference on Programming Language Design and Implementation (PLDI), 2000.]]

Digital Library

[34]

B. G. Ryder. Dimensions of precision in reference analysis of objectoriented programming languages. In International Conference on Compiler Construction (CC), Warsaw, Poland, April 2003.]]

[35]

O. Shivers. Control flow analysis in scheme. In Conference on Programming Language Design and Implementation (PLDI), 1988.]]

Digital Library

[36]

M. Sridharan and R. Bodík. Refinement-based context-sensitive points-to analysis for Java. Technical Report UCB/EECS-2006-31, UC Berkeley, 2006.]]

Digital Library

[37]

M. Sridharan, D. Gopan, L. Shan, and R. Bodík. Demand-driven points-to analysis for Java. In Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2005.]]

Digital Library

[38]

B. Steensgaard. Personal communication on analysis for Microsoft Bartok compiler. 2005.]]

[39]

B. Steensgaard. Points-to analysis in almost linear time. In ACM Symposium on Principles of Programming Languages (POPL), 1996.]]

Digital Library

[40]

F. Tip, A. Kiezun, and D. Bäumer. Refactoring for generalization using type constraints. In OOPSLA, pages 13--26, 2003.]]

Digital Library

[41]

R. Vallée-Rai, L. Hendren, V. Sundaresan, P. Lam, E. Gagnon, and P. Co. Soot - a Java optimization framework. In Proceedings of CASCON 1999, pages 125--135, 1999.]]

Digital Library

[42]

T. Wang and S. F. Smith. Precise constraint-based type inference for java. In 15th European Conference on Object-Oriented Programming (ECOOP), 2001.]]

Digital Library

[43]

J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In Conference on Programming Language Design and Implementation (PLDI), 2004.]]

Digital Library

[44]

J. Whaley and M. Rinard. Compositional pointer and escape analysis for Java programs. In Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), November 1999.]]

Digital Library

[45]

R. P. Wilson and M. S. Lam. Efficient context-sensitive pointer analysis for C programs. In Conference on Programming Language Design and Implementation (PLDI), 1995.]]

Digital Library

[46]

J. Zhu and S. Calman. Symbolic pointer analysis revisited. In Conference on Programming Language Design and Implementation (PLDI), 2004.]]

Digital Library

Cited By

Conrado GKjelstrøm Avan de Pol JPavlogiannis A(2025)Program Analysis via Multiple Context Free Language ReachabilityProceedings of the ACM on Programming Languages10.1145/37048549:POPL(509-538)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704854
Li HShi CLu JLi LXue J(2024)Boosting the Performance of Alias-Aware IFDS Analysis with CFL-Based Environment TransformersProceedings of the ACM on Programming Languages10.1145/36898048:OOPSLA2(2633-2661)Online publication date: 8-Oct-2024
https://doi.org/10.1145/3689804
Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Show More Cited By

Index Terms

Refinement-based context-sensitive points-to analysis for Java
1. Software and its engineering
  1. Software notations and tools
    1. Compilers

Recommendations

Demand-driven points-to analysis for Java
Proceedings of the 20th annual ACM SIGPLAN conference on Object oriented programming systems languages and applications

We present a points-to analysis technique suitable for environments with small time and memory budgets, such as just-in-time (JIT) compilers and interactive development environments (IDEs). Our technique is demand-driven, performing only the work ...
Refinement-based context-sensitive points-to analysis for Java
Proceedings of the 2006 PLDI Conference

We present a scalable and precise context-sensitive points-to analysis with three key properties: (1) filtering out of unrealizable paths, (2) a context-sensitive heap abstraction, and (3) a context-sensitive call graph. Previous work [21] has shown ...
On-demand dynamic summary-based points-to analysis
CGO '12: Proceedings of the Tenth International Symposium on Code Generation and Optimization

Static analyses can be typically accelerated by reducing redundancies. Modern demand-driven points-to or alias analysis techniques rest on the foundation of Context-Free Language (CFL) reachability. These techniques achieve high precision efficiently ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2006

438 pages

ISBN:1595933204

DOI:10.1145/1133981

General Chair:
Michael Schwartzbach
University of Aarhus, Denmark
,
Program Chair:
Thomas Ball
Microsoft Research

ACM SIGPLAN Notices Volume 41, Issue 6
Proceedings of the 2006 PLDI Conference
June 2006
426 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1133255
Issue’s Table of Contents

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

PLDI06

Sponsor:

PLDI06: ACM SIGPLAN Conference on Programming Language Design and Implementation 2006

June 11 - 14, 2006

Ontario, Ottawa, Canada

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

318
Total Citations
View Citations
1,726
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)8

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Conrado GKjelstrøm Avan de Pol JPavlogiannis A(2025)Program Analysis via Multiple Context Free Language ReachabilityProceedings of the ACM on Programming Languages10.1145/37048549:POPL(509-538)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704854
Li HShi CLu JLi LXue J(2024)Boosting the Performance of Alias-Aware IFDS Analysis with CFL-Based Environment TransformersProceedings of the ACM on Programming Languages10.1145/36898048:OOPSLA2(2633-2661)Online publication date: 8-Oct-2024
https://doi.org/10.1145/3689804
Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Tang WDong DLi SWang CYao PZhou JZhang C(2024) Octopus: Scaling Value-Flow Analysis via Parallel Collection of Realizable Path ConditionsACM Transactions on Software Engineering and Methodology10.1145/363274333:3(1-33)Online publication date: 24-Jan-2024
https://dl.acm.org/doi/10.1145/3632743
Bao YZhang CSu K(2024)Call-Graph-Based Context-Sensitive Points-to Analysis for JavaIEEE Transactions on Reliability10.1109/TR.2023.323699073:2(851-860)Online publication date: Jun-2024
https://doi.org/10.1109/TR.2023.3236990
Babu MLemerre MBardin SMarion J(2024)Trace Partitioning as an Optimization ProblemStatic Analysis10.1007/978-3-031-74776-2_2(26-60)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-74776-2_2
Cai YZhang C(2023)A Cocktail Approach to Practical Call Graph ConstructionProceedings of the ACM on Programming Languages10.1145/36228337:OOPSLA2(1001-1033)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622833
He DGui YLi WTao YZou CSui YXue J(2023)A Container-Usage-Pattern-Based Context Debloating Approach for Object-Sensitive Pointer AnalysisProceedings of the ACM on Programming Languages10.1145/36228327:OOPSLA2(971-1000)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622832
Tan TLi YJust RFraser G(2023)Tai-e: A Developer-Friendly Static Analysis Framework for Java by Harnessing the Good Designs of ClassicsProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598120(1093-1105)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598120
Ma WYang STan TMa XXu CLi Y(2023)Context Sensitivity without Contexts: A Cut-Shortcut Approach to Fast and Precise Pointer AnalysisProceedings of the ACM on Programming Languages10.1145/35912427:PLDI(539-564)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591242
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten