A Correspondence between Two Approaches to Interprocedural Analysis in the Presence of Join

Mangal, Ravi; Naik, Mayur; Yang, Hongseok

doi:10.1007/978-3-642-54833-8_27

Cited by 12 publications

(13 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From (14), (15) and repeatedly applying P1 and P2 in (7), we have (16) T k out ⊆ [C](I test ). From (16) and the condition check on line 7 of ONLINE, we have (17) ∀sum ∈ S k : pre(sum) ⊆ [C](I test ). From (1) and (17), we have (18) S k is a set of applicable summaries.…”

Section: Resultsmentioning

confidence: 99%

“…Next, it computes the initial set of derived tuples T out by running the instrumented analysis on I test with C and blockSet such that all grounded constraints covered by the summaries in sumSet are blocked (line 3). Next, it iterates until every summary in sumSet is either applied or discarded (line [4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19]. In each iteration, the algorithm applies every summary whose T pre is contained in T out by adding its T post to T out (line [6][7][8][9][10][11][12].…”

Section: The Online Phasementioning

confidence: 99%

“…In each iteration, the algorithm applies every summary whose T pre is contained in T out by adding its T post to T out (line [6][7][8][9][10][11][12]. If no summary can be applied, to make the analysis proceed, it removes an arbitrary summary from the sumSet and unblocks the grounded constraints covered by it (line [13][14][15][16][17]. Here we only discard one summary instead of all, as with new tuples derived in the next iteration, some summaries might become applicable.…”

Section: The Online Phasementioning

confidence: 99%

“…The online phase is not able to make progress. The algorithm avoids this problem by shrinking the blocking set (lines [14][15][16]. Now, the pre-condition of summary S, {t 0 , t 1 , t 2 }, no longer belongs to blockSet.…”

Section: The Online Phasementioning

confidence: 99%

“…Figure 9 specifies the Datalog rules of our Points-To Analysis. This analysis is adapted from the points-to analysis specified in [16], which computes the points-to information at each program point. It is a summarybased context-and flow-sensitive analysis that applies the IFDS algorithm [20].…”

Section: Instances Of Polymermentioning

confidence: 99%

See 4 more Smart Citations

Accelerating program analyses by cross-program training

et al. 2016

Self Cite

View full text Add to dashboard Cite

Practical programs share large modules of code. However, many program analyses are ineffective at reusing analysis results for shared code across programs. We present POLYMER, an analysis optimizer to address this problem. POLYMER runs the analysis offline on a corpus of training programs and learns analysis facts over shared code. It prunes the learnt facts to eliminate intermediate computations and then reuses these pruned facts to accelerate the analysis of other programs that share code with the training corpus.We have implemented POLYMER to accelerate analyses specified in Datalog, and apply it to optimize two analyses for Java programs: a call-graph analysis that is flow-and context-insensitive, and a points-to analysis that is flow-and context-sensitive. We evaluate the resulting analyses on ten programs from the DaCapo suite that share the JDK library. POLYMER achieves average speedups of 2.6× for the callgraph analysis and 5.2× for the points-to analysis.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: The Online Phasementioning

confidence: 99%

Section: The Online Phasementioning

confidence: 99%

Section: The Online Phasementioning

confidence: 99%

Section: Instances Of Polymermentioning

confidence: 99%

See 3 more Smart Citations

Accelerating program analyses by cross-program training

et al. 2016

Self Cite

View full text Add to dashboard Cite

show abstract

Selective conjunction of context‐sensitivity and octagon domain toward scalable and precise global static analysis

Heo

2017

Softw Pract Exp

View full text Add to dashboard Cite

We present a practical technique for achieving a scalable and precise global static analysis by selectively applying context-sensitivity and the octagon relational domain. For precise analysis, context-sensitivity and relational analysis are key properties, but it has been hard to practically combine both of them. Our approach turns on those precision improvement features only when the analysis is likely to improve the precision to resolve given queries. The guidance comes from an impact pre-analysis that estimates the impact of a fully context-sensitive and relational octagon analysis. We designed a cost-effective pre-analysis and implemented this method in a realistic octagon analysis for full C. The experimental results show that our approach proves eight times more queries, while saving the time cost by 73.1% compared with a partially relational octagon analysis enabled by a syntactic heuristic. > (i.e., no relational information). We observed that, in real C programs, queries that require such inter-procedural reasoning on variable relationships are prevalent (Section 7). Unfortunately, the previous selective X-sensitive analyses estimate each sensitivity separately so that it cannot select those queries. Furthermore, naively combing the existing pre-analyses suffers from the huge cost of the combinatory sensitivities.In this paper, we present a practical technique that selectively combines context-sensitivity and the octagon relational analysis. The basic idea is the existing selective X-sensitive approach [4]. We take both the octagon domain and context-sensitivity into account simultaneously: (1) we design a pre-analysis that conservatively estimates the 'symbiotic' effect of both the fully context-sensitive and fully relational octagon analysis; (2) the pre-analysis predicts where the combination of the two precision-improving techniques will help to prove given queries; and (3) the selective main analysis is derived from the guidance of the pre-analysis results. Our new analysis is different from the previous one [4] in two aspects. First, our analysis is selective both in tracked variable relations and context-sensitivity while the previous approach is selective only in each sensitivity. Second, we propose a cost-effective pre-analysis equipped with the summary-based context-sensitivity [1]. Instead of computing all possible contexts, the new pre-analysis differentiates only a particular set of contexts related to queries that is derived from a backward pre-analysis.Our experimental results show that the selective context-sensitive and relational analysis is precise and scalable. We implemented the selective analysis on top of our Sparrow framework [5]. In experiments with various C benchmarks, the analysis scaled up to 100KLOC and proved 201 queries among 206 queries. In the comparison with the conventional octagon analysis with syntactic variable packing [3], the new analysis proves eight times more queries, saving 73.1% of the analysis's time overhead on average. Contributions Our contributions are ...

show abstract

Static analysis of JavaScript libraries in a scalable and precise way using loop sensitivity

2017

View full text Add to dashboard Cite

Statically analyzing JavaScript applications often requires an analysis of JavaScript libraries because many JavaScript applications use libraries. However, static analysis techniques for JavaScript are not yet ready for analyzing libraries in a scalable and precise manner. Simply loading JavaScript libraries uses various dynamic features of JavaScript, which cause static analyzers to suffer from mutually intermingled problems of scalability and imprecision. In this paper, we present a loop-sensitive analysis (LSA) technique, which can improve the analysis scalability when analyzing JavaScript libraries by enhancing the analysis precision of loops. The LSA technique distinguishes loop iterations when loop conditions can be determined to be either true or false precisely. We formalize LSA in the abstract interpretation framework in the presence of tricky language features such as exceptions and prove its soundness and precision theorems using Coq. We evaluate our LSA implementation with the analysis results of programs that use 5 JavaScript libraries and show that LSA significantly improves the analysis scalability and precision of an existing JavaScript static analyzer when analyzing JavaScript libraries. In addition, using the configurability of LSA, we experimentally show the correlation between scalability and precision in the analysis of JavaScript libraries. We found that even the analysis of simple programs that just load jQuery, which is the most popular JavaScript library, in a scalable way requires distinguishing not only the last 4 functions being called but also 40 iterations in each loop with 2-level nested loops at least. Both the mechanization and implementation of LSA are publicly available. KEYWORDSabstract interpretation, context-sensitive analysis, JavaScript, libraries, loop-sensitive analysis, static analysis The results in this paper are based in part on findings presented at the Proceeding of the 29th European Conference on Object-Oriented Programming (ECOOP'15).Softw Pract Exper. 2018;48:911-944.wileyonlinelibrary.com/journal/spe

show abstract

A Correspondence between Two Approaches to Interprocedural Analysis in the Presence of Join

Cited by 12 publications

References 29 publications

Accelerating program analyses by cross-program training

Accelerating program analyses by cross-program training

Selective conjunction of context‐sensitivity and octagon domain toward scalable and precise global static analysis

Static analysis of JavaScript libraries in a scalable and precise way using loop sensitivity

Contact Info

Product

Resources

About