Set-Based Pre-Processing for Points-To Analysis

We present set-based pre-analysis: a virtually universal op- timization technique for flow-insensitive points-to analysis. Points-to analysis computes a static abstraction of how ob- ject values flow through a program’s variables. Set-based pre-analysis relies on the observation that much of this rea- soning can take place at the set level rather than the value level. Computing constraints at the set level results in sig- nificant optimization opportunities: we can rewrite the in- put program into a simplified form with the same essential points-to properties. This rewrite results in removing both local variables and instructions, thus simplifying the sub- sequent value-based points-to computation. E ectively, set- based pre-analysis puts the program in a normal form opti- mized for points-to analysis. Compared to other techniques for o -line optimization of points-to analyses in the literature, the new elements of our approach are the ability to eliminate statements, and not just variables, as well as its modularity: set-based pre-analysis can be performed on the input just once, e.g., allowing the pre-optimization of libraries that are subsequently reused many times and for di erent analyses. In experiments with Java programs, set-based pre-analysis eliminates 30% of the program’s local variables and 30% or more of computed context-sensitive points-to facts, over a wide set of bench- marks and analyses, resulting in a 20% average speedup (max: 110%, median: 18%)

Class Hierarchy Complementation: Soundly Completing a Partial Type Graph

We present the problem of class hierarchy complementa- tion: given a partially known hierarchy of classes together with subtyping constraints (“A has to be a transitive sub- type of B”) complete the hierarchy so that it satisfies all con- straints. The problem has immediate practical application to the analysis of partial programs—e.g., it arises in the process of providing a sound handling of “phantom classes” in the Soot program analysis framework. We provide algorithms to solve the hierarchy complementation problem in the single inheritance and multiple inheritance settings. We also show that the problem in a language such as Java, with single in- heritance but multiple subtyping and distinguished class vs. interface types, can be decomposed into separate single- and multiple-subtyping instances. We implement our algorithms in a tool, JPhantom, which complements partial Java byte- code programs so that the result is guaranteed to satisfy the Java verifier requirements. JPhantom is highly scalable and runs in mere seconds even for large input applications and complex constraints (with a maximum of 14s for a 19MB binary)

Efficient and Effective Handling of Exceptions in Java Points-To Analysis

A joint points-to and exception analysis has been shown to yield benefits in both precision and performance. Treating exceptions as regular objects, however, incurs significant and rather unexpected overhead. We show that in a typical joint analysis most of the objects computed to flow in and out of a method are due to exceptional control-flow and not normal call-return control-flow. For instance, a context-insensitive analysis of the Antlr benchmark from the DaCapo suite computes 4-5 times more objects going in or out of a method due to exceptional control-flow than due to normal control-flow. As a consequence, the analysis spends a large amount of its time considering exceptions. We show that the problem can be addressed both e ectively and elegantly by coarsening the representation of exception objects. An interesting find is that, instead of recording each distinct exception object, we can collapse all exceptions of the same type, and use one representative object per type, to yield nearly identical precision (loss of less than 0.1%) but with a boost in performance of at least 50% for most analyses and benchmarks and large space savings (usually 40% or more)

Minimum distance regression-type estimates with rates under weak dependence

Under weak dependence, a minimum distance estimate is obtained for a smooth function and its derivatives in a regression-type framework. The upper bound of the risk depends on the Kolmogorov entropy of the underlying space and the mixing coefficient. It is shown that the proposed estimates have the same rate of convergence, in the L 1-norm sense, as in the independent case

A mixed logit model for the sensitivity analysis of Greek drivers' behaviour towards enforcement for road safety

Traffic violations are among the leading causes of road accidents. In this research, the sensitivity of Greek drivers to a hypothetical intensification of police enforcement for speed violations and improper overtaking is analyzed, using stated preference data. Under the assumption of increased police enforcement, drivers were presented with the option to maintain their unsafe driving patterns (and risk getting fined) or comply with the traffic laws (and experience longer trip duration). A parsimonious mixed logit model has been estimated and sensitivity analysis is performed with respect to the main variables. The model explicitly captures the (unobserved) heterogeneity in the sample, and reflects the fixed random parameter across observations from the same respondent. The behaviour of the surveyed drivers depends on socioeconomic characteristics and trip characteristics. Based on the presented sensitivity analysis, it can be argued that while the “typical” Greek driver may not be particularly riskprone, there are segments of the population that show a tendency to violate traffic laws. This is a useful finding that could be used by policy makers e.g. to develop targeted police enforcement campaigns (or targeted media campaigns, special education initiatives, etc.), aimed at the demographic segments with a higher tendency for traffic violation

Deep Static Modeling of invokedynamic

Java 7 introduced programmable dynamic linking in the form of the invokedynamic framework. Static analysis of code containing programmable dynamic linking has often been cited as a significant source of unsoundness in the analysis of Java programs. For example, Java lambdas, introduced in Java 8, are a very popular feature, which is, however, resistant to static analysis, since it mixes invokedynamic with dynamic code generation. These techniques invalidate static analysis assumptions: programmable linking breaks reasoning about method resolution while dynamically generated code is, by definition, not available statically. In this paper, we show that a static analysis can predictively model uses of invokedynamic while also cooperating with extra rules to handle the runtime code generation of lambdas. Our approach plugs into an existing static analysis and helps eliminate all unsoundness in the handling of lambdas (including associated features such as method references) and generic invokedynamic uses. We evaluate our technique on a benchmark suite of our own and on third-party benchmarks, uncovering all code previously unreachable due to unsoundness, highly efficiently