The subject of this paper is flow- and context-insensitive pointer analysis. We present a novel approach for precisely modelling struct variables and indirect function calls. Our method emphasises e#ciency and simplicity and extends the language of set-constraints. We experimentally evaluate the precision cost trade-o # using a benchmark suite of 7 common C programs between 5,000 to 150,000 lines of code. Our results indicate the field-sensitive analysis is more expensive to compute, but yields significantly better precision.
|
640
|
Depth-First Search and Linear Graph Algorithms
– Tarjan
- 1972
|
|
415
|
Points-to analysis in almost linear time
– Steensgaard
- 1996
|
|
403
|
Program Analysis and Specialization for the C Programming Language. PhDthesis, University of Copenhagen, DIKU, DIKU report 94/19
– Andersen
- 1994
|
|
339
|
Effective context-sensitive pointer analysis for C programs
– Wilson, Lam
- 1995
|
|
146
|
Unification-based pointer analysis with directional assignments
– Das
- 2000
|
|
137
|
Fast and Accurate Flow-Insensitive Points-To Analysis
– Shapiro, Horwitz
- 1997
|
|
122
|
Context-insensitive alias analysis reconsidered
– Ruf
- 1995
|
|
101
|
Undecidability of static analysis
– Landi
- 1992
|
|
83
|
Ultra-fast aliasing analysis using CLA: A million lines of C code in a second
– Heintze, Tardieu
- 2001
|
|
81
|
Partial online cycle elimination in inclusion constraint graphs
– Fähndrich, Foster, et al.
- 1998
|
|
77
|
E cient Points-to Analysis for Whole-Program Analysis
– Liang, Harrold
- 1999
|
|
74
|
analysis: Haven't we solved this problem yet
– Pointer
- 2001
|
|
61
|
Scaling Java points-to analysis using Spark
– Lhoták, Hendren
- 2003
|
|
60
|
Points-to analysis for java using annotated constraints
– Rountev, Milanova, et al.
|
|
59
|
Introduction to set constraint-based program analysis. Science of Computer Programming (SCP
– Aiken
- 1999
|
|
59
|
Points-to analysis by type inference of pro-grams with structures and unions
– Steensgaard
- 1996
|
|
58
|
Pointer Analysis for Programs with Structures and Casting
– Yong, Horwitz, et al.
- 1999
|
|
52
|
Which pointer analysis should i use
– Hind, Pioli
- 2000
|
|
45
|
Estimating the impact of scalable pointer analysis on optimization
– Das, Liblit, et al.
- 2001
|
|
45
|
Polymorphic versus monomorphic flowinsensitive points-to analysis for C
– Foster, Fähndrich, et al.
- 2000
|
|
38
|
Projection merging: Reducing redundancies in inclusion constraint graphs
– Su, Fähndrich, et al.
- 2000
|
|
36
|
Extending and evaluating flow-insensitive and context-insensitive points-to analyses for Java
– Liang, Pennings, et al.
- 2001
|
|
35
|
Physical type checking for C
– Chandra, Reps
- 1999
|
|
35
|
An efficient inclusion-based points-to analysis for strictly-typed languages
– Whaley, Lam
- 2002
|
|
29
|
Off-line variable substitution for scaling points-to analysis
– Rountev, Chandra
- 2000
|
|
24
|
Precise flow-insensitive may-alias analysis is NP-Hard
– Horwitz
- 1997
|
|
21
|
O#-line variable substitution for scaling points-to analysis
– Rountev, Chandra
- 2000
|
|
20
|
Flow-insensitive points-to analysis with term and set constraints
– Foster, Fahndrich, et al.
- 1997
|
|
8
|
Online cycle detection and difference propagation for pointer analysis
– Pearce, Kelly, et al.
- 2003
|
|
5
|
Some directed graph algorithms and their application to pointer analysis
– Pearce
- 2005
|
|
3
|
Online cycle detection and di#erence propagation for pointer analysis
– Pearce, Kelly, et al.
- 2003
|
|
1
|
An e#cient inclusion-based points-to analysis for strictly-typed languages
– Whaley, Lam
- 2002
|
