Making context-sensitive points-to analysis with heap cloning practical for the real world

作     者：Lattner, Chris Lenharth, Andrew Adve, Vikram 

作者机构：Univ Illinois Urbana IL 61801 USA 

出 版 物：《ACM SIGPLAN NOTICES》 (ACM SIGPLAN Not.)

年 卷 期：2007年第42卷第6期

页      面：278-289页

核心收录：

学科分类：08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：pointer analysis context-sensitive field-sensitive interprocedural static analysis recursive data structure 

摘      要：Context-sensitive pointer analysis algorithms with full heap cloning are powerful but are widely considered to be too expensive to include in production compilers. This paper shows, for the first time, that a context-sensitive, field-sensitive algorithm with full heap cloning (by acyclic call paths) can indeed be both scalable and extremely fast in practice. Overall, the algorithm is able to analyze programs in the range of 100K-200K lines of C code in 1-3 seconds, takes less than 5% of the time it takes for GCC to compile the code (which includes no whole-program analysis), and scales well across five orders of magnitude of code size. It is also able to analyze the Linux kernel (about 355K lines of code) in 3.1 seconds. The paper describes the major algorithmic and engineering design choices that are required to achieve these results, including (a) using flow-insensitive and unification-based analysis, which are essential to avoid exponential behavior in practice;(b) sacrificing context-sensitivity within strongly connected components of the call graph;and (c) carefully eliminating several kinds of O(N-2) behaviors (largely without affecting precision). The techniques used for (b) and (c) eliminated several major bottlenecks to scalability, and both are generalizable to other context-sensitive algorithms. We show that the engineering choices collectively reduce analysis time by factors of up to 3x-21x in our ten largest programs, and that the savings grow strongly with program size. Finally, we briefly summarize results demonstrating the precision of the analysis.