Abstract
Most scalable approaches to inter-procedural dataflow analysis do not take into account the order in which fields are accessed, and methods are executed, at run-time. That is, they have no inter-procedural flow-sensitivity. In this chapter we present an approach to dataflow analysis named Simulated Execution. It is flow-sensitive in the sense that a memory accessing operation (call or field access) will never be affected by another memory access that is executed thereafter in all runs of a program. This makes Simulated Execution strictly more precise than the most frequently used flow-insensitive approaches. We also outline a proof of correctness using abstract interpretation. Finally, although we present Simulated Execution as a dataflow algorithm applied to context-insensitive Points-to Analysis, it can be applied on any inter-procedural dataflow problem and in a context-sensitive manner.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aho, A., Sethi, R., Ullman, J.: Compilers: Principles, Techniques, and Tools. Addison-Wesley Reading (1986)
Chatterjee, R., Ryder, B., Landi, W.: Relevant context inference. In: Symposium on Principles of Programming Languages (POPL’99), pp. 133–146 (1999)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximations of fixed points. In: Conference Record of the Fourth Annual ACM SIGACT/SIGPLAN Symposium on Principles of Programming Languages, January, pp. 238–252 (1977)
Cytron, R., Ferrante, J., Rosen, B., Wegman, M., Zadeck, K.: Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst. 13(4), 451–490 (1991)
Diwan, A., Moss, J.E.B., McKinley, K.S.: Simple and effective analysis of statically typed object-oriented programs. In: Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA’96), October (1996)
Grove, D., DeFouw, G., Dean, J., Chambers, C.: Call graph construction in object-oriented languages. In: Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA’97), pp. 108–124 (1997)
Hasti, R., Horwitz, S.: Using static single assignment form to improve flow-insensitive pointer analysis. In: Proceedings of the Conference on Programming Language Design and Implementation (PLDI’98), June, pp. 97–105 (1998)
Hind, M.: Pointer analysis: Haven’t we solved this problem yet? In: Workshop on Program Analysis for Software Tools and Engineering (PASTE’01), pp. 54–61 (2001)
Lhoták, O., Hendren, L.: Scaling Java points-to analysis using spark. In: Proceedings of the International Conference on Compiler Construction (CC’03), April, pp. 153–169 (2003)
Lhoták, O., Hendren, L.: Context-sensitive points-to analysis: Is it worth it? In: Mycroft, A., Zeller, A. (eds.) International Conference on Compiler Construction (CC’06). LNCS, vol. 3923, pp. 47–64. Springer, Berlin (2006)
Lhoták, O., Hendren, L.: Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Trans. Softw. Eng. Methodol. 18(1), 1–53 (2008)
Liang, D., Pennings, M., Harrold, M.: Extending and evaluating flow-insensitive and context-insensitive points-to analysis for Java. In: Proceedings of the Workshop on Program Analysis for Software Tools and Engineering (PASTE’01), June, pp. 73–79 (2001)
Liekweg, F.: Compiler-directed automatic memory management. In: 3rd Workshop on Semantics, Program Analysis, and Computing Environments for Memory Management (SPACE). ACM/SIGPLAN, New York (2006)
Lundberg, J., Gutzmann, T., Edvinsson, M., Löwe, W.: Fast and precise points-to analysis. J. Inf. Softw. Technol. 51(10), 1428–1439 (2009)
Marlowe, T., Ryder, B.: Properties of data flow frameworks: A unified model. Acta Inform. 28, 121–163 (1990)
Marlowe, T.J., Ryder, B.G., Burke, M.G.: Defining flow sensitivity for data flow problems. Laboratory of Computer Science Research Technical Report, Number LCSR-TR-249 (1995)
Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to and side-effect analyses for Java. In: Proceedings of the International Symposium on Software Testing and Analysis (ISSTA’02), July, pp. 1–11 (2002)
Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol. 14(1), 1–41 (2005)
Muchnick, S.S.: Advanced Compiler Design Implementation. Morgan Kaufmann, San Francisco (1997)
Nielsen, F., Nielsen, H.R., Hankin, C.: Principles of Program Analysis, 2nd edn. Springer, Berlin (2005)
Palsberg, J.: Object-oriented type inference. In: Proceedings of the Workshop on Program Analysis for Software Tools and Engineering (PASTE’01), July, pp. 20–27 (2001)
Ruf, E.: Effective synchronization removal for Java. In: Proceedings of the Conference on Programming Language Design and Implementation (PLDI’00), pp. 208–218 (2000)
Ryder, B.G.: Dimensions of precision in reference analysis of object-oriented programming languages. In: International Conference on Compiler Construction (CC’03). LNCS, vol. 2622, pp. 126–137. Springer, Berlin (2003)
Streckenbach, M., Snelting, G.: Points-to for Java: A general framework and an empirical comparison. Technical report, Lehrstuhl für Softwaresysteme, Universität Passau, Germany, November (2000)
Trapp, M.: Optimierung objektorientierter programme. PhD thesis, Universität Karlsruhe, December (1999)
Trapp, M., Lindenmaier, G., Boesler, B.: Documentation of the intermediate representation Firm. Technical report 1999-14, Fakultät für Informatik, Universität Karlsruhe, Germany (1999)
Whaley, J., Lam, M.S.: An efficient inclusion-based points-to analysis for strictly-typed languages. In: Proceedings of the Static Analysis Symposium (SAS’02) (2002)
Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Proceedings of the Conference on Programming Language Design and Implementation (PLDI’04), June, pp. 131–144 (2004)
Zhu, J., Calman, S.: Symbolic pointer analysis revisited. In: Proceedings of the Conference on Programming Language Design and Implementation (PLDI’04), June, pp. 145–157 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag London
About this chapter
Cite this chapter
Lundberg, J., Hedenborg, M., Löwe, W. (2012). SSA-Based Simulated Execution. In: Breitman, K., Horspool, R. (eds) Patterns, Programming and Everything. Springer, London. https://doi.org/10.1007/978-1-4471-2350-7_7
Download citation
DOI: https://doi.org/10.1007/978-1-4471-2350-7_7
Publisher Name: Springer, London
Print ISBN: 978-1-4471-2349-1
Online ISBN: 978-1-4471-2350-7
eBook Packages: Computer ScienceComputer Science (R0)