859 research outputs found
Set-Based Pre-Processing for Points-To Analysis
We present set-based pre-analysis: a virtually universal op-
timization technique for flow-insensitive points-to analysis.
Points-to analysis computes a static abstraction of how ob-
ject values flow through a program’s variables. Set-based
pre-analysis relies on the observation that much of this rea-
soning can take place at the set level rather than the value
level. Computing constraints at the set level results in sig-
nificant optimization opportunities: we can rewrite the in-
put program into a simplified form with the same essential
points-to properties. This rewrite results in removing both
local variables and instructions, thus simplifying the sub-
sequent value-based points-to computation. E
ectively, set-
based pre-analysis puts the program in a normal form opti-
mized for points-to analysis.
Compared to other techniques for o
-line optimization of
points-to analyses in the literature, the new elements of our
approach are the ability to eliminate statements, and not just
variables, as well as its modularity: set-based pre-analysis
can be performed on the input just once, e.g., allowing the
pre-optimization of libraries that are subsequently reused
many times and for di
erent analyses. In experiments with
Java programs, set-based pre-analysis eliminates 30% of the
program’s local variables and 30% or more of computed
context-sensitive points-to facts, over a wide set of bench-
marks and analyses, resulting in a
20% average speedup
(max: 110%, median: 18%)
Class Hierarchy Complementation: Soundly Completing a Partial Type Graph
We present the problem of class hierarchy complementa-
tion: given a partially known hierarchy of classes together
with subtyping constraints (“A has to be a transitive sub-
type of B”) complete the hierarchy so that it satisfies all con-
straints. The problem has immediate practical application to
the analysis of partial programs—e.g., it arises in the process
of providing a sound handling of “phantom classes” in the
Soot program analysis framework. We provide algorithms to
solve the hierarchy complementation problem in the single
inheritance and multiple inheritance settings. We also show
that the problem in a language such as Java, with single in-
heritance but multiple subtyping and distinguished class vs.
interface types, can be decomposed into separate single- and
multiple-subtyping instances. We implement our algorithms
in a tool, JPhantom, which complements partial Java byte-
code programs so that the result is guaranteed to satisfy the
Java verifier requirements. JPhantom is highly scalable and
runs in mere seconds even for large input applications and
complex constraints (with a maximum of 14s for a 19MB
binary)
Efficient and Effective Handling of Exceptions in Java Points-To Analysis
A joint points-to and exception analysis has been shown to yield benefits in both precision and performance. Treating exceptions as regular objects,
however, incurs significant and rather unexpected overhead. We show that in a
typical joint analysis most of the objects computed to flow in and out of a method
are due to exceptional control-flow and not normal call-return control-flow. For
instance, a context-insensitive analysis of the Antlr benchmark from the DaCapo
suite computes 4-5 times more objects going in or out of a method due to exceptional control-flow than due to normal control-flow. As a consequence, the
analysis spends a large amount of its time considering exceptions.
We show that the problem can be addressed both e
ectively and elegantly by
coarsening the representation of exception objects. An interesting find is that, instead of recording each distinct exception object, we can collapse all exceptions
of the same type, and use one representative object per type, to yield nearly identical precision (loss of less than 0.1%) but with a boost in performance of at least
50% for most analyses and benchmarks and large space savings (usually 40% or
more)
Minimum distance regression-type estimates with rates under weak dependence
Under weak dependence, a minimum distance estimate is obtained for a smooth function and its derivatives in a regression-type framework. The upper bound of the risk depends on the Kolmogorov entropy of the underlying space and the mixing coefficient. It is shown that the proposed estimates have the same rate of convergence, in the L 1-norm sense, as in the independent case
A mixed logit model for the sensitivity analysis of Greek drivers' behaviour towards enforcement for road safety
Traffic violations are among the leading causes of road accidents. In this research, the sensitivity of
Greek drivers to a hypothetical intensification of police enforcement for speed violations and improper
overtaking is analyzed, using stated preference data. Under the assumption of increased police
enforcement, drivers were presented with the option to maintain their unsafe driving patterns (and risk
getting fined) or comply with the traffic laws (and experience longer trip duration). A parsimonious
mixed logit model has been estimated and sensitivity analysis is performed with respect to the main
variables. The model explicitly captures the (unobserved) heterogeneity in the sample, and reflects the
fixed random parameter across observations from the same respondent. The behaviour of the surveyed
drivers depends on socioeconomic characteristics and trip characteristics. Based on the presented
sensitivity analysis, it can be argued that while the “typical” Greek driver may not be particularly riskprone,
there are segments of the population that show a tendency to violate traffic laws. This is a useful
finding that could be used by policy makers e.g. to develop targeted police enforcement campaigns (or
targeted media campaigns, special education initiatives, etc.), aimed at the demographic segments with a
higher tendency for traffic violation
Deep Static Modeling of invokedynamic
Java 7 introduced programmable dynamic linking in the form of the invokedynamic framework. Static analysis of code containing programmable dynamic linking has often been cited as a significant source of unsoundness in the analysis of Java programs. For example, Java lambdas, introduced in Java 8, are a very popular feature, which is, however, resistant to static analysis, since it mixes invokedynamic with dynamic code generation. These techniques invalidate static analysis assumptions: programmable linking breaks reasoning about method resolution while dynamically generated code is, by definition, not available statically. In this paper, we show that a static analysis can predictively model uses of invokedynamic while also cooperating with extra rules to handle the runtime code generation of lambdas. Our approach plugs into an existing static analysis and helps eliminate all unsoundness in the handling of lambdas (including associated features such as method references) and generic invokedynamic uses. We evaluate our technique on a benchmark suite of our own and on third-party benchmarks, uncovering all code previously unreachable due to unsoundness, highly efficiently
- …