Importance of heap specialization in pointer analysis

Nyström, Erik; Kim, Hong-Seok; Hwu, Wen-mei W.

doi:10.1145/996821.996836

Cited by 35 publications

(31 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Much work has also been done on context-sensitive analyses which, unlike the analysis studied in this paper, consider a function separately for each calling context (see e.g. [Wilson 1997;Chatterjee et al 1999;Cheng and Hwu 2000;Foster et al 2000;Fähndrich et al 2000;Das et al 2001;Liang et al 2001;Whaley and Lam 2004;Nystrom et al 2004b]). While this can greatly improve precision, it is equivalent to fully inlining each function before performing the analysis and is, generally speaking, impractical for analysing large programs [Whaley and Lam 2004;Nystrom et al 2004a].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Efficient field-sensitive pointer analysis for C

Pearce

Hankin

2004

Proceedings of the 5th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

View full text Add to dashboard Cite

The subject of this paper is flow-and context-insensitive pointer analysis. We present a novel approach for precisely modelling struct variables and indirect function calls. Our method emphasises efficiency and simplicity and is based on a simple language of set constraints. We obtain an O(v 4 ) bound on the time needed to solve a set of constraints from this language, where v is the number of constraint variables. This gives, for the first time, some insight into the hardness of performing field-sensitive pointer analysis of C. Furthermore, we experimentally evaluate the time versus precision trade-off for our method by comparing against the field-insensitive equivalent. Our benchmark suite consists of 11 common C programs ranging in size from 15,000 to 200,000 lines of code. Our results indicate the field-sensitive analysis is more expensive to compute, but yields significantly better precision. In addition, our technique has been integrated into the latest release (version 4.1) of the GNU Compiler GCC. Finally, we identify several previously unknown issues with an alternative and less precise approach to modelling struct variables, known as field-based analysis.

show abstract

Section: Related Workmentioning

confidence: 99%

“…However, this could be done with only minor modification (i.e. using actual offsets instead of field numbers) and, in fact, Nystrom et al claim to have done just this, although they do not discuss exact details [Nystrom et al 2004b]. …”

Section: String Concatenationmentioning

confidence: 99%

Efficient field-sensitive pointer analysis for C

Pearce

Hankin

2004

Proceedings of the 5th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

View full text Add to dashboard Cite

show abstract

“…Our work shows how points-to analysis can be enriched with summaries of heap structures, thereby giving a new answer to the question of how to merge the regions created at call sites of malloc [14]. Moreover, our analysis could replace ad-hoc forms of shape analysis such as summarizing all heap cells but the last one allocated [1].…”

Section: Related Approaches To Shape Analysismentioning

confidence: 99%

FESA: Fold- and Expand-Based Shape Analysis

Siegel

Simon

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. A static shape analysis is presented that can prove the absence of NULL-and dangling pointer dereferences in standard algorithms on lists, trees and graphs. It is conceptually simpler than other analyses that use symbolically represented logic to describe the heap. Instead, it represents the heap as a single graph and a Boolean formula. The key idea is to summarize two nodes by calculating their common points-to information, which is done using the recently proposed fold and expand operations. The force of this approach is that both, fold and expand , retain relational information between points-to edges, thereby essentially inferring new shape invariants. We show that highly precise shape invariants can be inferred using off-the-shelf SAT-solvers. Cheaper approximations may augment standard points-to analysis used in compiler optimisations.

show abstract

“…In [22], the authors introduced FULCRA as a context-sensitive Andersen's analysis by promoting the side-effect-causing statements from a calee to its callsites. Earlier [23], they showed empirically on top of their analysis that full heap cloning can improve the analysis precision, but can also incur uncontrollable overhead. In this paper, QUDA makes full heap cloning significantly more scalably for Andersen's analysis by being query-quided.…”

Section: Related Workmentioning

confidence: 99%

“…As k increases, pointer analysis becomes strictly no less precise but more costly to compute. With full heap cloning, the precision for some programs can be significantly improved but the analysis can be prohibitively expensive or even does not terminate [22,23]. Steensgarrd's unification-based and Andersen's inclusionbased pointer analyses are commonly used in modern compilers.…”

Section: Introductionmentioning

confidence: 99%

Query-directed adaptive heap cloning for optimizing compilers

Sui

Xue

2013

Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)

View full text Add to dashboard Cite

Andersen's pointer analysis becomes more precise when applied with full heap cloning but unscalable for large, heapintensive programs. In contrast, k-callsite-sensitive heap cloning can be faster but less precise for some programs.In this paper, we make one step forward by enhancing Andersen's analysis with QUery-Directed Adaptive (QUDA) heap cloning for optimizing compilers. The novelty of our analysis, called QUDA, lies in performing k-callsite-sensitive heap cloning iteratively, starting with k = 0 (without heap cloning), so that an abstract heap object is cloned at iteration k = i + 1 only if some mayalias queries that are not answered positively at iteration k = i may now be answered more precisely. QUDA, which is implemented in Open64, has the same precision as the state-of-the-art, FULCRA, a version of QUDA with exhaustive heap cloning, but is significantly more scalable. For 10 SPEC2000 C benchmarks and 5 C applications (totalling 840 KLOC) evaluated, QUDA takes only 4+ minutes but exhaustive heap cloning takes 42+ minutes to complete. QUDA takes only 75.1% of the time that Open64 takes on average to compile these 15 programs under "-O2".

show abstract

Importance of heap specialization in pointer analysis

Cited by 35 publications

References 15 publications

Efficient field-sensitive pointer analysis for C

Efficient field-sensitive pointer analysis for C

FESA: Fold- and Expand-Based Shape Analysis

Query-directed adaptive heap cloning for optimizing compilers

Contact Info

Product

Resources

About