Pointer Analysis. G. Ramalingam Microsoft Research, India. A Constant Propagation Example. x = 3; y = 4; z = x + 5;. x is always 3 here can replace x by 3 and replace x+5 by 8 and so on. A Constant Propagation Example With Pointers. x = 3; *p = 4; z = x + 5;.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Pointer Analysis
G. Ramalingam
Microsoft Research, India
x = 3;
y = 4;
z = x + 5;
x = 3;
*p = 4;
z = x + 5;
p = &y;
x = 3;
*p = 4;
z = x + 5;
if (?)
p = &x;
else
p = &y;
x = 3;
*p = 4;
z = x + 5;
p = &x;
x = 3;
*p = 4;
z = x + 5;
pointers affect
most program analyses
x is always 3
x is always 4
x may be 3 or 4
(i.e., x is unknown in our lattice)
p = &y;
x = 3;
*p = 4;
z = x + 5;
if (?)
p = &x;
else
p = &y;
x = 3;
*p = 4;
z = x + 5;
p = &x;
x = 3;
*p = 4;
z = x + 5;
p always
points-to y
p always
points-to x
p may point-to x or y
Can *p denote the
same location as *q?
*q = 3;
*p = 4;
z = *q + 5;
what values can
this take?
p = &x;
q = &y;
if (?) {
q = p;
}
x = &a;
y = &b;
z = *q;
p = &x;
q = &y;
if (?) {
q = p;
}
x = &a;
y = &b;
z = *q;
x = &a;
y = &b;
if (?) {
p = &x;
} else {
p = &y;
}
*x = &c;
*p = &c;
x: a
x: {a,c}
x: a
y: {b,c}
y: b
y: b
p: {x,y}
p: {x,y}
p: {x,y}
a: c
a: c
a: null
How should we handle
this statement?
Weak update
Weak update
Strong update
(where x and y are variables in Var)
1
Vars = {x,y,p,a,b,c}
x = &a;
y = &b;
if (?) {
p = &x;
} else {
p = &y;
}
*x = &c;
*p = &c;
x = &a
2
y = &b
3
p = &x
p = &y
4
5
skip
skip
6
*x = &c
7
*p = &c
8
Vars = {x,y,p,a,b,c}
Initial data-state
1
x: N, y:N, p:N, a:N, b:N, c:N
x = &a
2
Initial program-state
y = &b
x: N, y:N, p:N, a:N, b:N, c:N
<1, >
3
p = &x
p = &y
4
5
skip
skip
6
*x = &c
7
*p = &c
8
must say what happens if null is dereferenced
All of this formalism for this one definition
{ (p,x) | forall s in RS(u). s(p) == x }
{ (p,x) | exists s in RS(u). s(p) == x }
May Point-To Analysis
Compute R: V -> 2Vars’ such that
R(u) IdealMayPT(u)
(where Var’ = Var U {null})
For every vertex u in the CFG,
compute a set R(u) such that
R(u) { (p,x) | $sÎRS(u). s(p) == x }
"uÎV. R(u) IdealMayPT(u)
"uÎV. R(u)=IdealMayPT(u)
"uÎV. R1(u) ÍR2(u)
Compute R: V -> 2Vars’ such that
R(u) IdealMayPT(u)
p = &x;
q = &y;
if (?) {
q = p;
}
x = &a;
y = &b;
z = *q;
x(v)
x(w)
v
w
st(v,u)
st(w,u)
u
x(u)
where s*({v1,…,vn}) = s(v1) È … È s(vn)
a
g
2Data-State
2Var x Var’
a(Y) = { (p,x) | exists s in Y. s(p) == x }
MayPT(u)
a
Í
a
RS(u)
IdealMayPT(u)
2Data-State
2Var x Var’
IdealMayPT (u) = a ( RS(u) )
c is said to be correctly
approximated by a
iff
a(c) Ía
c1
correctly
approximated by
a1
f
c2
f#
correctly
approximated by
a2
C
A
concretization
g
c1
a1
f
abstraction
a
c2
f#
a2
requirement:
f#(a1) ≥a (f( g(a1))
C
A
where s*({v1,…,vn}) = s(v1) È … È s(vn)
x: &y
y: &x
z: &a
g
x: {&y}
y: {&x,&z}
z: {&a}
x: &y
y: &z
z: &a
f
f#
*y = &b;
*y = &b;
x: &b
y: &x
z: &a
x: {&y,&b}
y: {&x,&z}
z: {&a,&b}
x: &y
y: &z
z: &b
a
x: &y
y: &x
z: &a
g
x: {&y}
y: {&x,&z}
z: {&a}
x: &y
y: &z
z: &a
f
f#
*x = &b;
*x = &b;
x: &y
y: &b
z: &a
x: {&y}
y: {&b}
z: {&a}
x: &y
y: &b
z: &a
a