Mix your contexts well: opportunities unleashed by recent advances in scaling context-sensitivity
22 Feb 2020-pp 27-38
TL;DR: A detailed comparative study of the existing precise context-sensitive heap analyses and proposes novel context abstractions that lead to a new sweet-spot in the arena, and shows that the newer proposals not only enhance the precision of both LSRV contexts and object-sensitive analyses, but also scale well to large programs.
Abstract: Existing precise context-sensitive heap analyses do not scale well for large OO programs. Further, identifying the right context abstraction becomes quite intriguing as two of the most popular categories of context abstractions (call-site- and object-sensitive) lead to theoretically incomparable precision. In this paper, we address this problem by first doing a detailed comparative study (in terms of precision and efficiency) of the existing approaches, both with and without heap cloning. In addition, we propose novel context abstractions that lead to a new sweet-spot in the arena. We first enhance the precision of level-summarized relevant value (LSRV) contexts (a highly scalable abstraction with precision matching that of call-site-sensitivity) using heap cloning. Then, motivated by the resultant scalability, we propose the idea of mixing various context abstractions, and add the advantages of k-object-sensitive analyses to LSRV contexts, in an efficient manner. The resultant context abstraction, which we call lsrvkobjH, also leads to a novel connection between the two broad variants of otherwise incomparable context-sensitive analyses. Our evaluation shows that the newer proposals not only enhance the precision of both LSRV contexts and object-sensitive analyses (to perform control-flow analysis of Java programs), but also scale well to large programs.
Citations
More filters
15 Oct 2021
TL;DR: The Unity-Relay framework as discussed by the authors is a one-two-punch approach to combine and maximize the precision of all components of a context-sensitive pointer analysis for hard-to-analyze Java programs.
Abstract: Traditional context-sensitive pointer analysis is hard to scale for large and complex Java programs. To address this issue, a series of selective context-sensitivity approaches have been proposed and exhibit promising results. In this work, we move one step further towards producing highly-precise pointer analyses for hard-to-analyze Java programs by presenting the Unity-Relay framework, which takes selective context sensitivity to the next level. Briefly, Unity-Relay is a one-two punch: given a set of different selective context-sensitivity approaches, say S = S1, . . . , Sn, Unity-Relay first provides a mechanism (called Unity)to combine and maximize the precision of all components of S. When Unity fails to scale, Unity-Relay offers a scheme (called Relay) to pass and accumulate the precision from one approach Si in S to the next, Si+1, leading to an analysis that is more precise than all approaches in S. As a proof-of-concept, we instantiate Unity-Relay into a tool called Baton and extensively evaluate it on a set of hard-to-analyze Java programs, using general precision metrics and popular clients. Compared with the state of the art, Baton achieves the best precision for all metrics and clients for all evaluated programs. The difference in precision is often dramatic — up to 71% of alias pairs reported by previously-best algorithms are found to be spurious and eliminated.
13 citations
TL;DR: In this paper, the authors describe, implement, and evaluate an algorithm that performs efficient context-sensitive analysis incrementally on modular partitions of programs, where modifications are small and isolated within a few components, and it is desirable to reuse as much as possible previous analysis results.
Abstract: Context-sensitive global analysis of large code bases can be expensive, which can make its use impractical during software development. However, there are many situations in which modifications are small and isolated within a few components, and it is desirable to reuse as much as possible previous analysis results. This has been achieved to date through incremental global analysis fixpoint algorithms that achieve cost reductions at fine levels of granularity, such as changes in program lines. However, these fine-grained techniques are neither directly applicable to modular programs nor are they designed to take advantage of modular structures. This paper describes, implements, and evaluates an algorithm that performs efficient context-sensitive analysis incrementally on modular partitions of programs. The experimental results show that the proposed modular algorithm shows significant improvements, in both time and memory consumption, when compared to existing non-modular, fine-grain incremental analysis techniques. Furthermore, thanks to the proposed intermodular propagation of analysis information, our algorithm also outperforms traditional modular analysis even when analyzing from scratch.
8 citations
TL;DR: In this article, the authors present a survey of techniques for translating verification problems for different programming languages, and in general software systems, into satisfiability problems for constrained Horn clauses (CHCs), a term that has become popular in the verification field to refer to CLP programs.
Abstract: This paper surveys recent work on applying analysis and transformation techniques that originate in the field of constraint logic programming (CLP) to the problem of verifying software systems. We present specialisation-based techniques for translating verification problems for different programming languages, and in general software systems, into satisfiability problems for constrained Horn clauses (CHCs), a term that has become popular in the verification field to refer to CLP programs. Then, we describe static analysis techniques for CHCs that may be used for inferring relevant program properties, such as loop invariants. We also give an overview of some transformation techniques based on specialisation and fold/unfold rules, which are useful for improving the effectiveness of CHC satisfiability tools. Finally, we discuss future developments in applying these techniques.
7 citations
13 Nov 2020
TL;DR: This paper combines finite state machines and dynamic dispatching to allow fully context-sensitive specialization while cloning only functions that are effectively optimized, which makes it possible to apply very liberal optimizations, such as context- sensitive constant propagation, in large programs—something that could not have been easily done before.
Abstract: Academia has spent much effort into making context-sensitive analyses practical, with great profit. However, the implementation of context-sensitive optimizations, in contrast to analyses, is still not practical, due to code-size explosion. This growth happens because current technology requires the cloning of full paths in the Calling Context Tree. In this paper, we present a solution to this problem. We combine finite state machines and dynamic dispatching to allow fully context-sensitive specialization while cloning only functions that are effectively optimized. This technique makes it possible to apply very liberal optimizations, such as context-sensitive constant propagation, in large programs—something that could not have been easily done before. We demonstrate the viability of our idea by formalizing it in Prolog, and implementing it in LLVM. As a proof of concept, we have used our state machines to implement context-sensitive constant propagation in LLVM. The binaries produced by traditional full cloning are 2.63 times larger than the binaries that we generate with our state machines. When applied on Mozilla Firefox, our optimization increases binary size from 7.2MB to 9.2MB. Full cloning, in contrast, yields a binary of 34MB.
3 citations
Additional excerpts
...…2014; Ghiya and Hendren 1996; Hind et al. 1999; Jeong et al. 2017; Li et al. 2020; Might et al. 2010; Milanova 2007; Milanova et al. 2014; Oh et al. 2014; Späth et al. 2019, 2016; Thakur and Nandivada 2019, 2020; Thiessen and Lhoták 2017; Wei and Ryder 2015; Wilson and Lam 1995; Yu et al. 2010]....
[...]
18 Nov 2020
TL;DR: This paper summarizes some such learnings from its author's research to help readers beat the state-of-the-art in (Java) pointer analysis, as they move into their research careers beyond 2020.
Abstract: Despite being a very old discipline, pointer analysis still attracts several research papers every year in premier programming language venues. While a major goal of contemporary pointer analysis research is to improve its efficiency without sacrificing precision, we also see works that introduce novel ways of solving the problem itself. What does this mean? Research in this area is not going to die soon. I too have been writing pointer analyses of various kinds, specially for object-oriented languages such as Java. While some standard ways of writing such analyses are clear, I have realized that there are an umpteen number of nooks and pitfalls that make the task difficult and error prone. In particular, there are several misconceptions and undocumented practices, being aware of which would save significant research time. On the other hand, there are lessons from my own research that might go a long way in writing correct, precise and efficient pointer analyses, faster. This paper summarizes some such learnings, with a hope to help readers beat the state-of-the-art in (Java) pointer analysis, as they move into their research careers beyond 2020.
1 citations
Cites background or methods from "Mix your contexts well: opportuniti..."
...For example, Thakur and Nandivada [40] estimate the required amount of value contexts [14, 29] (points-to graphs reaching the entry points of methods) by computing the depth of the subgraphs reachable from each parameter of a method, in a pre-analysis; this information is independent of the flow and does not require performing an expensive iterative dataflow analysis....
[...]
...Meanwhile, I encountered interesting challenges and insights related to contextsensitive pointer analyses, which led to the development of some novel abstractions [40, 42] for context-sensitivity....
[...]
...In particular, for scaling context-sensitivity, Thakur and Nandivada [40, 42] propose several variants of novel analysis-specific context abstractions, and also use them as part of scaling precise analyses for JIT compilers [41]....
[...]
...For a more comprehensive discussion on the relative precisions of various context abstractions from Java program-analysis literature, the reader is referred to a recent work by Thakur and Nandivada [42]....
[...]
...Kanvar and Khedker [13] present a detailed study of the various choices available while writing such analyses in general, and Thakur and Nandivada [42] evaluate existing and novel choices of context abstractions for Java programs....
[...]
References
More filters
01 Jan 2018
TL;DR: Static program analysis (generally based on computing fixpoints using the technique of abstract interpretation) is widely used for automatically inferring program properties such as correctness, robustness, safety, cost, etc.
Abstract: Static program analysis (generally based on computing fixpoints using the technique
of abstract interpretation) is widely used for automatically inferring program properties
such as correctness, robustness, safety, cost, etc. Performing such analysis interactively
during software development allows early detection and reporting of bugs, such as, e.g.,
assertion violations, back to the programmer. This can be done as the program is being
edited by (re-)running the analysis in the background each time a set of changes is made,
e.g., when a file is saved, or a commit made in the version control system.
3 citations
"Mix your contexts well: opportuniti..." refers result in this paper
...It would also be interesting to compare our approaches to scale context-sensitivity with approaches used in other domains such as logic programming [6, 17]....
[...]
09 Apr 2018
TL;DR: TwAS is a novel method to combine two shape analysis techniques-a fastbutless precise technique with a slow but more precise one-to get the best of both (speed as well as precision).
Abstract: A major drawback of shape analysis techniques is the trade-off between speed and precision. We present TwAS: a novel method to combine two shape analysis techniques-a fastbutless precise technique with a slow but more precise one-to get the best of both (speed as well as precision). The novelty of our approach is the use of fast analysis to filter heap variables for which the shape information is already precise and can not be refined further This allows us to run the slow analysis on only a small portion of the program, thus improving its performance. We implemented TwAS in GCC as a dynamic plugin as an inter-procedural data-flow analysis and evaluated it on standard benchmarks against the component analyses. TwAS is able to achieve the same precision as the slow analysis at a marginal slowdown compared to the fast analysis. TwAS is able to improve precision for 5 out of 8 Olden benchmarks compared to the fast-but-imprecise analysis, while retaining the precision for the others. At the same time, TwAS is 4X--2500X faster than the precise-but-slow analysis for these benchmarks, without any loss in precision.
2 citations
"Mix your contexts well: opportuniti..." refers methods in this paper
...Recently, Karkare [8] uses a pre-analysis to mark variables whose shape cannot be refined, and skips them in a following precise (slow) pass....
[...]