Affiliation:
1. University of California, Berkeley
Abstract
We present a scalable and precise context-sensitive points-to analysis with three key properties: (1) filtering out of unrealizable paths, (2) a context-sensitive heap abstraction, and (3) a context-sensitive call graph. Previous work [21] has shown that all three properties are important for precisely analyzing large programs, e.g., to show safety of downcasts. Existing analyses typically give up one or more of the properties for scalability. We have developed a refinement-based analysis that succeeds by simultaneously refining handling of method calls and heap accesses, allowing the analysis to precisely analyze important code while entirely skipping irrelevant code. The analysis is demanddriven and client-driven, facilitating refinement specific to each queried variable and increasing scalability. In our experimental evaluation, our analysis proved the safety of 61% more casts than one of the most precise existing analyses across a suite of large benchmarks. The analysis checked the casts in under 13 minutes per benchmark (taking less than 1 second per query) and required only 35MB of memory, far less than previous approaches.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Reference44 articles.
1. Ashes suite collection. http://www.sable.mcgill.ca/software/.]] Ashes suite collection. http://www.sable.mcgill.ca/software/.]]
2. DaCapo Benchmark Suite. http://wwwali. cs.umass.edu/DaCapo/gcbm.html.]] DaCapo Benchmark Suite. http://wwwali. cs.umass.edu/DaCapo/gcbm.html.]]
3. Fast static analysis of C++ virtual function calls
4. Points-to analysis using BDDs
Cited by
44 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献