Affiliation:
1. Victoria University of Wellington, Wellington, New Zealand
2. Imperial College, London, United Kingdom
Abstract
The subject of this article is flow- and context-insensitive pointer analysis. We present a novel approach for precisely modelling struct variables and indirect function calls. Our method emphasises efficiency and simplicity and is based on a simple language of set constraints. We obtain an
O
(
v
4
) bound on the time needed to solve a set of constraints from this language, where
v
is the number of constraint variables. This gives, for the first time, some insight into the hardness of performing field-sensitive pointer analysis of C. Furthermore, we experimentally evaluate the time versus precision trade-off for our method by comparing against the field-insensitive equivalent. Our benchmark suite consists of 11 common C programs ranging in size from 15,000 to 200,000 lines of code. Our results indicate the field-sensitive analysis is more expensive to compute, but yields significantly better precision. In addition, our technique has been integrated into the latest release (version 4.1) of the GNU Compiler GCC. Finally, we identify several previously unknown issues with an alternative and less precise approach to modelling struct variables, known as field-based analysis.
Publisher
Association for Computing Machinery (ACM)
Reference103 articles.
1. Lecture Notes in Computer Science;Aiken A.
2. Introduction to set constraint-based program analysis
3. Type inclusion constraints and type inference
4. Lecture Notes in Computer Science;Alur R.,1998
Cited by
66 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献