550 research outputs found
Data-Flow Analysis for Multi-Core Computing Systems: A Reminder to Reverse Data-Flow Analysis
The increasing demands for highly performant, proven correct, easily
maintainable, extensible programs together with the continuous
growth of real-world programs strengthen the pressure for powerful and
scalable program analyses for program development and code
generation. Multi-core computing systems offer new chances for
enhancing the scalability of program analyses, if the additional
computing power offered by these systems can be used
effectively. This, however, poses new challenges on the analysis
side. In principle, it requires program analyses which can be easily
parallelized and mapped to multi-core architectures. In this paper we
remind to reverse data-flow analysis, which has been introduced
and investigated in the context of demand-driven data-flow analysis,
as one such class of program analyses which is particularly suitable
for this
Enforcing Termination of Interprocedural Analysis
Interprocedural analysis by means of partial tabulation of summary functions
may not terminate when the same procedure is analyzed for infinitely many
abstract calling contexts or when the abstract domain has infinite strictly
ascending chains. As a remedy, we present a novel local solver for general
abstract equation systems, be they monotonic or not, and prove that this solver
fails to terminate only when infinitely many variables are encountered. We
clarify in which sense the computed results are sound. Moreover, we show that
interprocedural analysis performed by this novel local solver, is guaranteed to
terminate for all non-recursive programs --- irrespective of whether the
complete lattice is infinite or has infinite strictly ascending or descending
chains
Generalized Points-to Graphs: A New Abstraction of Memory in the Presence of Pointers
Flow- and context-sensitive points-to analysis is difficult to scale; for
top-down approaches, the problem centers on repeated analysis of the same
procedure; for bottom-up approaches, the abstractions used to represent
procedure summaries have not scaled while preserving precision.
We propose a novel abstraction called the Generalized Points-to Graph (GPG)
which views points-to relations as memory updates and generalizes them using
the counts of indirection levels leaving the unknown pointees implicit. This
allows us to construct GPGs as compact representations of bottom-up procedure
summaries in terms of memory updates and control flow between them. Their
compactness is ensured by the following optimizations: strength reduction
reduces the indirection levels, redundancy elimination removes redundant memory
updates and minimizes control flow (without over-approximating data dependence
between memory updates), and call inlining enhances the opportunities of these
optimizations. We devise novel operations and data flow analyses for these
optimizations.
Our quest for scalability of points-to analysis leads to the following
insight: The real killer of scalability in program analysis is not the amount
of data but the amount of control flow that it may be subjected to in search of
precision. The effectiveness of GPGs lies in the fact that they discard as much
control flow as possible without losing precision (i.e., by preserving data
dependence without over-approximation). This is the reason why the GPGs are
very small even for main procedures that contain the effect of the entire
program. This allows our implementation to scale to 158kLoC for C programs
Heap Abstractions for Static Analysis
Heap data is potentially unbounded and seemingly arbitrary. As a consequence,
unlike stack and static memory, heap memory cannot be abstracted directly in
terms of a fixed set of source variable names appearing in the program being
analysed. This makes it an interesting topic of study and there is an abundance
of literature employing heap abstractions. Although most studies have addressed
similar concerns, their formulations and formalisms often seem dissimilar and
some times even unrelated. Thus, the insights gained in one description of heap
abstraction may not directly carry over to some other description. This survey
is a result of our quest for a unifying theme in the existing descriptions of
heap abstractions. In particular, our interest lies in the abstractions and not
in the algorithms that construct them.
In our search of a unified theme, we view a heap abstraction as consisting of
two features: a heap model to represent the heap memory and a summarization
technique for bounding the heap representation. We classify the models as
storeless, store based, and hybrid. We describe various summarization
techniques based on k-limiting, allocation sites, patterns, variables, other
generic instrumentation predicates, and higher-order logics. This approach
allows us to compare the insights of a large number of seemingly dissimilar
heap abstractions and also paves way for creating new abstractions by
mix-and-match of models and summarization techniques.Comment: 49 pages, 20 figure
Understanding Program Slices
Program slicing is a useful analysis for aiding different
software engineering activities. In the past decades, various
notions of program slices have been evolved as well as a number
of methods to compute them. By now program slicing has numerous
applications in software maintenance, program comprehension,
reverse engineering, program integration, and software testing.
Usability of program slicing for real world programs depends on
many factors such as precision, speed, and scalability, which
have already been addressed in the literature. However, only a
little attention has been brought to the practical demand: when
the slices are large or difficult to understand, which often
occur in the case of larger programs, how to give an explanation
for the user why a particular element has been included in the
resulting slice. This paper describes a reasoning method about
elements of static program slices
- …