Spelling suggestions: "subject:"Points-to 2analysis"" "subject:"Points-to 3analysis""
1 |
Towards a Framework for Static Analysis Based on Points-to InformationEdvinsson, Marcus January 2007 (has links)
<p>Static analysis on source code or binary code retrieves information about a software program. In object-oriented languages, static points-to analysis retrieves information about objects and how they refer to each other. The result of the points-to analysis is traditionally used to perform optimizations in compilers, such as static resolution of polymorphic calls, and dead-code elimination. More advanced optimizations have been suggested specifically for Java, such as synchronization removal and stack-allocation of objects. Recently, software engineering tools using points-to analysis have appeared aiming to help the developer to understand and to debug software. Altogether, there is a great variety of tools that use or could use points-to analysis, both from academia and from industry.</p><p>We aim to construct a framework that supports the development of new and the improvement of existing clients to points-to analysis result. We present two client analyses and investigate the similarities and differences they have. The client analyses are the escape analysis and the side-effects analysis. The similarities refer to data structures and basic algorithms that both depend on. The differences are found in the way the two analyses use the data structures and the basic algorithms. In order to reuse these in a framework, a specification language is needed to reflect the differences. The client analyses are implemented, with shared data-structures and basic algorithms, but do not use a separate specification language.</p><p>The framework is evaluated against three goal criteria, development speed, analysis precision, and analysis speed. The development speed is ranked as most important, and the two latter are considered equally important. Thereafter we present related work and discuss it with respect to the goal criteria.</p><p>The evaluation of the framework is done in two separate experiments. The first experiment evaluates development speed and shows that the framework enables higher development speed compared to not using the framework. The second experiment evaluates the precision and the speed of the analyses and it shows that the different precisions in the points-to analysis are reflected in the precisions of the client analyses. It also shows that there is a trade-off between analysis precision and analysis speed to consider when choosing analysis precision.</p><p>Finally, we discuss four alternative ways to continue the research towards a doctoral thesis.</p>
|
2 |
Comparison of Points-to AnalysesGutzmann, Tobias January 2008 (has links)
<p>Points-to analysis is a static program analysis which computes possible reference relations between different parts of a program. It serves as input to many high-level analyses. Points-to analyses differ, among others, in flow- and context-sensitivity, program representation, and object abstraction. Most program representations used for points-to analysis are sparse representations which abstract from, e.g., primitive data types and intra-procedural control-flow. Thus, a certain degree of information is sacrificed for compact program representation, which results in scalable performance. In this thesis, we present a framework which allows building different versions of Points-to SSA (P2SSA), a sparse, Memory SSA based program representation. Distinct instantiations of P2SSA contain different levels of abstraction from a program's full representation. We present another framework which allows running Points-to analyses on these program representations. We use these two frameworks to instantiate different versions of P2SSA and compare them in terms of analysis precision and execution time.</p>
|
3 |
Comparison of Points-to AnalysesGutzmann, Tobias January 2008 (has links)
Points-to analysis is a static program analysis which computes possible reference relations between different parts of a program. It serves as input to many high-level analyses. Points-to analyses differ, among others, in flow- and context-sensitivity, program representation, and object abstraction. Most program representations used for points-to analysis are sparse representations which abstract from, e.g., primitive data types and intra-procedural control-flow. Thus, a certain degree of information is sacrificed for compact program representation, which results in scalable performance. In this thesis, we present a framework which allows building different versions of Points-to SSA (P2SSA), a sparse, Memory SSA based program representation. Distinct instantiations of P2SSA contain different levels of abstraction from a program's full representation. We present another framework which allows running Points-to analyses on these program representations. We use these two frameworks to instantiate different versions of P2SSA and compare them in terms of analysis precision and execution time.
|
4 |
Towards a Framework for Static Analysis Based on Points-to InformationEdvinsson, Marcus January 2007 (has links)
Static analysis on source code or binary code retrieves information about a software program. In object-oriented languages, static points-to analysis retrieves information about objects and how they refer to each other. The result of the points-to analysis is traditionally used to perform optimizations in compilers, such as static resolution of polymorphic calls, and dead-code elimination. More advanced optimizations have been suggested specifically for Java, such as synchronization removal and stack-allocation of objects. Recently, software engineering tools using points-to analysis have appeared aiming to help the developer to understand and to debug software. Altogether, there is a great variety of tools that use or could use points-to analysis, both from academia and from industry. We aim to construct a framework that supports the development of new and the improvement of existing clients to points-to analysis result. We present two client analyses and investigate the similarities and differences they have. The client analyses are the escape analysis and the side-effects analysis. The similarities refer to data structures and basic algorithms that both depend on. The differences are found in the way the two analyses use the data structures and the basic algorithms. In order to reuse these in a framework, a specification language is needed to reflect the differences. The client analyses are implemented, with shared data-structures and basic algorithms, but do not use a separate specification language. The framework is evaluated against three goal criteria, development speed, analysis precision, and analysis speed. The development speed is ranked as most important, and the two latter are considered equally important. Thereafter we present related work and discuss it with respect to the goal criteria. The evaluation of the framework is done in two separate experiments. The first experiment evaluates development speed and shows that the framework enables higher development speed compared to not using the framework. The second experiment evaluates the precision and the speed of the analyses and it shows that the different precisions in the points-to analysis are reflected in the precisions of the client analyses. It also shows that there is a trade-off between analysis precision and analysis speed to consider when choosing analysis precision. Finally, we discuss four alternative ways to continue the research towards a doctoral thesis.
|
5 |
Towards a Gold Standard for Points-to AnalysisGutzmann, Tobias January 2010 (has links)
Points-to analysis is a static program analysis that computes reference informationfor a given input program. It serves as input to many client applicationsin optimizing compilers and software engineering tools. Unfortunately, the Gold Standard – i.e., the exact reference information for a given program– is impossible to compute automatically for all but trivial cases, and thus, little can been said about the accuracy of points-to analysis. This thesis aims at paving the way towards a Gold Standard for points-to analysis. For this, we discuss theoretical implications and practical challenges that occur when comparing results obtained by different points-to analyses. We also show ways to improve points-to analysis by different means, e.g., combining different analysis implementations, and a novel approach to path sensitivity. We support our theories with a number of experiments.
|
6 |
Statická analýza programů v C# / Static analysis of C# programsMalý, Petr January 2014 (has links)
The goal of this diploma thesis is to study and implement selected methods of static code analysis for C# programs translated into the Common Intermediate Language. The results of this work are integrated into the ParallaX Development Environment system. This diploma thesis focuses on Structural, Points-to and Dependence. analysis. Powered by TCPDF (www.tcpdf.org)
|
7 |
Demand-Driven Static Analysis of Heap-Manipulating ProgramsChenguang Sun (5930306) 16 August 2019 (has links)
<div>Modern Java application frameworks present significant challenges for existing static analysis algorithms. Such challenges include large-scale code bases, heap-carried dependency, and asynchronous control flow caused by message passing.</div><div>Existing analysis algorithms are not suitable to deal with these challenges. One reason is that analyses are typically designed to operate homogeneously on the whole program. This leads to scalability problems when the analysis algorithms are used on applications built as plug-ins of large frameworks, since the framework code is analyzed together with the application code. Moreover, the asynchronous message passing of the actor model adopted by most modern frameworks leads to control flows which are not modeled by existing analyses.</div><div>This thesis presents several techniques for more powerful debugging and program understanding tools based on slicing. In general, slicing-based techniques aim to discover interesting properties of a large program by only reasoning about the relevant part of the program (typically a small amount of code) precisely, abstracting away the behavior of the rest of the program.</div><div>The key contribution of this thesis is a demand-driven framework to enable precise and scalable analyses on programs built on large frameworks. A slicing algorithm, which can handle heap-carried dependence, is used to identify the program elements relevant to an analysis query. We instantiated the framework to infer correlations between registration call sites and callback methods, and resolve asynchronous control flows caused by asynchronous message passing.</div>
|
8 |
Benchmarking Points-to AnalysisGutzmann, Tobias January 2013 (has links)
Points-to analysis is a static program analysis that, simply put, computes which objects created at certain points of a given program might show up at which other points of the same program. In particular, it computes possible targets of a call and possible objects referenced by a field. Such information is essential input to many client applications in optimizing compilers and software engineering tools. Comparing experimental results with respect to accuracy and performance is required in order to distinguish the promising from the less promising approaches to points-to analysis. Unfortunately, comparing the accuracy of two different points-to analysis implementations is difficult, as there are many pitfalls in the details. In particular, there are no standardized means to perform such a comparison, i.e, no benchmark suite - a set of programs with well-defined rules of how to compare different points-to analysis results - exists. Therefore, different researchers use their own means to evaluate their approaches to points-to analysis. To complicate matters, even the same researchers do not stick to the same evaluation methods, which often makes it impossible to take two research publications and reliably tell which one describes the more accurate points-to analysis. In this thesis, we define a methodology on how to benchmark points-to analysis. We create a benchmark suite, compare three different points-to analysis implementations with each other based on this methodology, and explain differences in analysis accuracy. We also argue for the need of a Gold Standard, i.e., a set of benchmark programs with exact analysis results. Such a Gold Standard is often required to compare points-to analysis results, and it also allows to assess the exact accuracy of points-to analysis results. Since such a Gold Standard cannot be computed automatically, it needs to be created semi-automatically by the research community. We propose a process for creating a Gold Standard based on under-approximating it through optimistic (dynamic) analysis and over-approximating it through conservative (static) analysis. With the help of improved static and dynamic points-to analysis and expert knowledge about benchmark programs, we present a first attempt towards a Gold Standard. We also provide a Web-based benchmarking platform, through which researchers can compare their own experimental results with those of other researchers, and can contribute towards the creation of a Gold Standard.
|
9 |
P2A : An Approximative Points-to Analysis for JavaStensson, Peter Unknown Date (has links)
<p>Den här magisteruppsatsen presenterar en metod för points-to analys som är avsedd för aktiviteter inom mjukvaruutveckling. Applikationer för mjukvaruutveckling som använder resultatet från en points-to analys är oftast intresserad av en liten del av det program som analyseras. För att göra metoden mer effektiv presenteras också ett antal approximationer som kommer att reducera storleken på analysen. En implementation av metoden och approximationerna gjordes för att kunna utvärdera metoden och approximationerna. Resultatet visar att approximationerna som gjordes på analysen inte påverkar precisionen avsevärt. Resultatet visar också att tiden för att göra en analys kortas ner mycket genom att göra approximationer på analysen.</p> / <p>This master’s thesis is presenting an approach to points-to analysis that is targeted to software engineering activities. Software engineering applications that use the result of points-to analysis are often only interested of a small amount of the classes in an application. In order to make the analysis more efficient, a couple of approximations are presented that will reduce the size of the analysis scope. An implementation was constructed to evaluate the approach and the approximations. The experimental result shows that the approximations made on the analysis are in the most cases not affecting the precision at all for the relevant parts of the application being analyzed. The experimental results also show that the analysis time is shortened considerable by using approximations.</p>
|
10 |
Towards a Gold Standard for Points-to AnalysisGutzmann, Tobias January 2010 (has links)
<p>Points-to analysis is a static program analysis that computes reference informationfor a given input program. It serves as input to many client applicationsin optimizing compilers and software engineering tools. Unfortunately, the Gold Standard – i.e., the exact reference information for a given program– is impossible to compute automatically for all but trivial cases, and thus, little can been said about the accuracy of points-to analysis.</p><p>This thesis aims at paving the way towards a Gold Standard for points-to analysis. For this, we discuss theoretical implications and practical challenges that occur when comparing results obtained by different points-to analyses. We also show ways to improve points-to analysis by different means, e.g., combining different analysis implementations, and a novel approach to path sensitivity.</p><p>We support our theories with a number of experiments.</p>
|
Page generated in 0.0571 seconds