Context transformations for pointer analysis


Points-to analysis for Java benefits greatly from context sensitivity. CFL-reachability and <i>k</i>-limited context strings are two approaches to obtaining context sensitivity with different advantages: CFL-reachability allows local reasoning about data-value flow and thus is suitable for demand-driven analyses, whereas <i>k</i>-limited analyses allow object sensitivity which is a superior calling context abstraction for object-oriented languages. We combine the advantages of both approaches to obtain a context-sensitive analysis that is as precise as <i>k</i>-limited context strings, but is more efficient to compute. Our key insight is based on a novel abstraction of contexts adapted from CFL-reachability that represents a relation between two calling contexts as a composition of transformations over contexts. We formulate pointer analysis in an algebraic structure of context transformations, which is a set of functions over calling contexts closed under function composition. We show that the context representation of context-string-based analyses is an explicit enumeration of all input and output values of context transformations. CFL-reachability-based pointer analysis is formulated to use call-strings as contexts, but the context transformations concept can be applied to any context abstraction used in <i>k</i>-limited analyses, including object- and type-sensitive analysis. The result is a more efficient algorithm for computing context-sensitive results for a wide variety of context configurations.

DOI: 10.1145/3062341.3062359

5 Figures and Tables

Cite this paper

@inproceedings{Thiessen2017ContextTF, title={Context transformations for pointer analysis}, author={Rei Thiessen and Ondrej Lhot{\'a}k}, booktitle={PLDI}, year={2017} }