An Efficient Inclusion-Based Points-To Analysis for Strictly-Typed Languages
We describe the design and implementation of an efficient inclusion-based points-to analysis for strictly-typed object-oriented languages. Our implementation easily scales to millions of lines of Java code, and it supports language features such as inheritance, object fields, exceptional control flow, type casting, dynamic dispatch, and reflection. Our algorithm is based on Heintze and Tardieu’s Andersen-style points-to analysis designed originally for C programs. We have improved the precision of their algorithm by tracking the fields of individual objects separately and by analyzing the local variables in a method in a flow-sensitive manner. Our algorithm represents the semantics of each procedure concisely using a sparse summary graph representation based on access paths; it iterates over this sparse representation until it reaches a fixed point solution. By utilizing the access path and field information present in the summary graphs, along with minimizing redundant operations and memory management overheads, we are able to quickly and effectively analyze very large programs. Our experimental results demonstrate that this technique can be used to compute precise static call graphs for very large Java programs.
KeywordsCall Graph Access Path Summary Graph Method Invocation Concrete Node
Unable to display preview. Download preview PDF.
- 1.L. Andersen. A Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, 1994.Google Scholar
- 2.D. F. Bacon and P. F. Sweeney. Fast static analysis of C++ virtual function calls. In Proceedings of the Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 324–341, 1996.Google Scholar
- 3.J. Dean, D. Grove, and C. Chambers. Optimization of object-oriented programs using static class hierarchy analysis. In Proceedings of the 9th European Conference on Object-Oriented Programming (ECOOP), 1995.Google Scholar
- 4.M. Fahndrich, J. S. Foster, Z. Su, and A. Aiken. Partial online cycle elimination in inclusion constraint graphs. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI), pages 85–96, 1998.Google Scholar
- 5.N. Heintze and O. Tardieu. Ultra-fast aliasing analysis using CLA: A million lines of C code. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI), pages 146–161, 2001.Google Scholar
- 6.D. Liang, M. Pennings, and M. J. Harrold. Extending and evaluating flow-insenstitive and context-insensitive points-to analyses for Java. In Workshop on Program Analysis For Software Tools and Engineering, pages 73–79, 2001.Google Scholar
- 7.A. Rountev, A. Milanova, and B. Ryder. Points-to analysis for Java based on annotated constraints. In Proceedings of the Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 43–55, 2001.Google Scholar
- 8.B. Steensgaard. Points-to analysis in almost linear time. In Proceedings of the Twenty-third Annual ACM Symposium on Principles of Programming Languages (POPL), pages 32–41, 1996.Google Scholar
- 9.M. Streckenbach and G. Snelting. Points-to for Java: A general framework and an empirical comparison. Technical report, University of Passau, Sept. 2000.Google Scholar
- 10.Z. Su, M. Fahndrich, and A. Aiken. Projection merging: Reducing redundancies in inclusion constraint graphs. In Proceedings of the Twenty-seventh Annual ACM Symposium on Principles of Programming Languages (POPL), pages 81–95, 2000.Google Scholar
- 11.V. Sundaresan, L. J. Hendren, C. Razafimahefa, R. Vallee-Rai, P. Lam, E. Gagnon, and C. Godin. Practical virtual method call resolution for Java. In Proceedings of the Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 264–280, 2000.Google Scholar
- 12.J. Whaley. joeq virtual machine. http://joeq.sourceforge.net, 2001.