A Formal Design of a Tool for Static Analysis of Upper Bounds on Object Calls in Java

Abstract. This paper presents a formal design of a tool for statically establishing the upper bound on the number of executions of objects’ methods in a fragment of object-oriented code. The algorithm that our tool employs is a multi-pass interprocedural analysis consisting of data flow and region-based analyses. We describe the formalization of each of stage of the algorithm. This rigorous specification greatly aids the implementation of the tool by removing ambiguities of textual descrip-tions. There are many applications for information obtained through this method including reasoning about concurrent code, scheduling, code optimization, compositing services, etc.We concentrate on using upper bounds to instrument transactional code that uses a synchronization mechanism based on versioning, and therefore benefits from a priori knowledge about the usage of shared objects within each transaction. To this end we implement a precompiler for Java that analyzes transac-tions, and injects generated source code to initialize each transaction

Efficient Subcubic Alias Analysis for C

Abstract Inclusion-based alias analysis for C can be formulated as a context-free language (CFL) reachability problem. It is well known that the traditional cubic CFL-reachability algorithm does not scale well in practice. We present a highly scalable and efficient CFL-reachability-based alias analysis for C. The key novelty of our algorithm is to propagate reachability information along only original graph edges and bypass a large portion of summary edges, while the traditional CFLreachability algorithm propagates along all summary edges. We also utilize the Four Russians' Trick -a key enabling technique in the subcubic CFL-reachability algorithm -in our alias analysis. We have implemented our subcubic alias analysis and conducted extensive experiments on widely-used C programs from the pointer analysis literature. The results demonstrate that our alias analysis scales extremely well in practice. In particular, it can analyze the recent Linux kernel (which consists of 10M SLOC) in about 30 seconds

Existential Label Flow Inference via CFL Reachability

Abstract. In programming languages, existential quantification is useful for describing relationships among members of a structured type. For example, we may have a list in which there exists some mutual exclusion lock l in each list element such that l protects the data stored in that element. With this information, a static analysis can reason about the relationship between locks and locations in the list even when the precise identity of the lock and/or location is unknown. To facilitate the construction of such static analyses, this paper presents a contextsensitive label flow analysis algorithm with support for existential quantification. Label flow analysis is a core part of many static analysis systems. Following Rehof et al, we use context-free language (CFL) reachability to develop an efficient O(n 3) label flow inference algorithm. We prove the algorithm sound by reducing its derivations to those in a system based on polymorphically-constrained types, in the style of Mossin. We have implemented a variant our analysis as part of a data race detection tool for C programs.