1 / 14

Advanced Pointer Analysis: Techniques and Trade-offs

Understand pointer analysis in advanced compilers. Learn about sensitivity levels, flow dimensions, and algorithms like Steensgaard's and Andersen's. Examine examples and unresolved challenges in pointer analysis. Discover the best approaches and potential improvements.

norrisn
Télécharger la présentation

Advanced Pointer Analysis: Techniques and Trade-offs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced CompilersCMPSCI 710Spring 2003Pointer Analysis Emery Berger University of Massachusetts, Amherst

  2. Pointer Analysis (= alias analysis, = points-to analysis) • Goal: statically determine possible runtime values of a pointer • Necessary for optimizations, error detection • Vital for C, C++ but: • Undecidable • Luckily: good approximations • Trade-off efficiency & precision • Result: points-to sets

  3. Points-to sets if () p = &a; else p = &b; *p = 3; { a , b }

  4. Analysis Sensitivity • Flow-insensitive • What may happen (on at least one path) • Linear-time • Flow-sensitive • Consider control flow (what must happen) • Iterative data-flow: possibly exponential • Context-insensitive • Call treated the same regardless of caller • “Monovariant” analysis • Context-sensitive • Reanalyze callee for each caller • “Polyvariant” analysis • More sensitivity ) more accuracy, but more expense

  5. Flow-Sensitive Pointer Analysis • Too bad it’s exponential…

  6. Flow-Insensitivity: Dimensions • Address-taken • Any object whose address is taken = potential alias • Brain-dead, widely used in practice • Equality-based • Treat assignments as bidirectional • Steensgaard’s • Almost linear • Subset-based • Assignment is unidirectional • Andersen’s • Polynomial complexity • Up to 30 times slower, but more precise

  7. p q p p q q Steensgaard’s Algorithm p = q;

  8. r1 p = &q; p q r2 p = q; r1 p = *q; q p r2 *p = q; r3 Andersen’s Algorithm p = &q; p = q;

  9. s1 r1 p s2 q r2 s3 r1 s1 q p r2 s2 Andersen’s Algorithm p = *q; *p = q;

  10. Analysis Examples Compare points-to sets at S5: • Address-taken • One set of objects for whole program • {heapS1, heapS4, heapS6, heapS8, local, p, q} • Steensgaard’s • Union two objects pointed to by same pointer into one • {heapS1, heapS4, heapS6, local} • Andersen’s • Don’t merge objects • {heapS1, heapS4, local}

  11. More Dimensions • Heap modeling • Objects can be named by allocation site • Source line, n-levels in call stack • More sophisticated shape analysis • Aggregate modeling • Elements (of arrays structs, unions) distinct • Or collapsed into one object

  12. Haven’t We Solved This Problem Yet? From [Hind, 2001]: • Past 21 years: at least 75 papers and nine Ph.D. theses published on pointer analysis

  13. Many Publications…

  14. So Which Pointer Analysis is Best? • Comparisons between algorithms difficult • Size of points-to sets inadequate • Model heap as one blob = one object for all heap pointers! • Trade-offs unclear • Faster pointer analysis can mean more objects= more time for client analysis • More precise analysis can reduce client analysis time! • Idea: use client to drive pointer analyzer…

More Related