Large Spurious Cycle in Global Static Analyses and Its Algorithmic Mitigation

Oh, Hakjoo

doi:10.1007/978-3-642-10672-9_4

Cited by 13 publications

(9 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The evaluation was performed on top of SPARROW [23,25,26,28,[35][36][37][38], an industrial-strength static analyzer for C programs. For the non-relational analysis, we use the interval domain [9], a representative non-relational domain that is widely used in practice [1,2,4,13,26].…”

Section: Methodsmentioning

confidence: 99%

“…The fixpoint is computed by a worklist algorithm using the conventional widening operator [9] for interval domain. Details of the analysis can be found in [23,26,28,[35][36][37][38].…”

Section: Interval Domain-based Sparse Analysismentioning

confidence: 99%

“…Both our interval and octagon domain-based analyzers can analyze sendmail. Airac [26,35], a general-purpose interval domain-based global static analyzer, scales only to 30 KLOC in global analysis. Recently, a significant progress has been reported by Oh et al [38], but it still does not scale over 120 KLOC.…”

Section: Related Workmentioning

confidence: 99%

“…We can instantiate these designs with a particular non-relational and relational abstract domains, respectively. • We prove the practicality of our framework by experimentally demonstrating the achieved speedup of an industrial-strength static analyzer [23,26,28,[35][36][37][38]. The sparse analysis can analyze programs up to 1 million lines of C code with interval domain and up to 100K lines of C code with octagon domain.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Design and implementation of sparse global analyses for C-like languages

Heo

Lee

et al. 2012

Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

In this article we present a general method for achieving global static analyzers that are precise, sound, yet also scalable. Our method generalizes the sparse analysis techniques on top of the abstract interpretation framework to support relational as well as non-relational semantics properties for C-like languages. We first use the abstract interpretation framework to have a global static analyzer whose scalability is unattended. Upon this underlying sound static analyzer, we add our generalized sparse analysis techniques to improve its scalability while preserving the precision of the underlying analysis. Our framework determines what to prove to guarantee that the resulting sparse version should preserve the precision of the underlying analyzer.We formally present our framework; we present that existing sparse analyses are all restricted instances of our framework; we show more semantically elaborate design examples of sparse nonrelational and relational static analyses; we present their implementation results that scale to analyze up to one million lines of C programs. We also show a set of implementation techniques that turn out to be critical to economically support the sparse analysis process.

show abstract

Section: Methodsmentioning

confidence: 99%

“…The fixpoint is computed by a worklist algorithm using the conventional widening operator [9] for interval domain. Details of the analysis can be found in [23,26,28,[35][36][37][38].…”

Section: Interval Domain-based Sparse Analysismentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Design and implementation of sparse global analyses for C-like languages

Heo

Lee

et al. 2012

Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

show abstract

“…This reduces the number of calling contexts dramatically without compromising on the precision, generality and simplicity of the method. Oh [34] finds that in call string based static analysis, there can be spurious inter-procedural cycles caused by approximated connections between the call sites, procedure entries, procedure exits and return-sites. He extends the classical call string approach to mitigate substantial performance degradation caused by such cycles, and the extension seems effective.…”

Section: Related Workmentioning

confidence: 99%

Contribution-based call stack abstraction for call string based pointer analysis

Qian¹,

Chen²,

Xu³

et al. 2011

Information and Software Technology

View full text Add to dashboard Cite

Weakly sensitive analysis for JavaScript object‐manipulating programs

Rival

Ryu

2019

Softw Pract Exp

View full text Add to dashboard Cite

While JavaScript programs have become pervasive in web applications, they remain hard to reason about. In this context, most static analyses for JavaScript programs require precise call graph information, since the presence of large numbers of spurious callees significantly deteriorates precision. One of the most challenging JavaScript features that complicate the inference of precise static call graph information is read/write accesses to object fields, the names of which are computed at runtime. JavaScript framework libraries often exploit this facility to build objects from other objects, as a way to simulate sophisticated high-level programming constructions. Such code patterns are difficult to analyze precisely, due to weak updates and limitations of unrolling techniques. In this paper, we observe that precise field origination relations can be inferred by locally reasoning about object copies, both regarding to the object and to the program structure, and we propose an abstraction that allows to separately reason about field read/write access patterns working on different fields and to carefully handle the sets of JavaScript object fields. We formalize and implement an analysis based on this technique. We evaluate the performance and precision of the analysis on the computation of call graph information for examples from jQuery tutorials. KEYWORDSabstract interpretation, JavaScript, object abstraction, static analysis, string abstraction, trace partitioning abstractionThe results in this paper are based in part on findings presented in the proceeding of APLAS'17. 840 FIGURE 1 A simplified excerpt from jQuery 1.7.2 and an example use case [Colour figure can be viewed at wileyonlinelibrary.com]One of the problematic JavaScript features that complicate the precise static call graph construction is read/write accesses to object fields, the names of which are computed at runtime. In JavaScript, an object has a set of fields, each of which consists of a name and value pair, and the field lookup and update operations take the value of an expression as an index that designates the field to read or write. JavaScript framework libraries often exploit this facility to build an object from another object by copying all the fields one by one (shallow copy) or by computing values using the fields in the source object (eg, to simulate accessor methods). To reason over such field copy or transformation patterns (for short, FCT patterns), analysis tools need to resolve precisely the fields of objects, and the relations among them.As an example, we consider the jQuery implementation of class inheritance using field copies of an object, as shown in Figure 1. To achieve that, function fix copies the fields of oE designated by the elements of array copy into array e. This copy of the fields of object oE takes place in the loop at lines 3-7. More generally, an FCT pattern boils down to an assignment of the form o1where v is a variable, o1 and o2 are two objects, f is a function over field names, and g is a function over values. ...

show abstract

Large Spurious Cycle in Global Static Analyses and Its Algorithmic Mitigation

Cited by 13 publications

References 19 publications

Design and implementation of sparse global analyses for C-like languages

Design and implementation of sparse global analyses for C-like languages

Contribution-based call stack abstraction for call string based pointer analysis

Weakly sensitive analysis for JavaScript object‐manipulating programs

Contact Info

Product

Resources

About