Points-to Analysis using Types

CS618: Program Analysis 2016-17 I st Semester Points-to Analysis using Types Amey Karkare karkare@cse.iitk.ac.in karkare@cse.iitb.ac.in Department of CSE, IIT Kanpur/Bombay karkare, CSE, IITK/B CS618 1/10

Reference Papers Bjarne Steensgaard: Points-to Analysis in Almost Linear Time. POPL 1996 Manuvir Das: Unification-based pointer analysis with directional assignments. PLDI 2000 karkare, CSE, IITK/B CS618 2/10

Language S ::= x = y karkare, CSE, IITK/B CS618 3/10

Language S ::= x = y x = &y karkare, CSE, IITK/B CS618 3/10

Language S ::= x = y x = &y x = y karkare, CSE, IITK/B CS618 3/10

Language S ::= x = y x = &y x = y x = allocate(y) karkare, CSE, IITK/B CS618 3/10

Language S ::= x = y x = &y x = y x = allocate(y) x = y karkare, CSE, IITK/B CS618 3/10

Language S ::= x = y x = &y x = y x = allocate(y) x = y x = fun(f 1,...,f n ) returns r in S karkare, CSE, IITK/B CS618 3/10

Language S ::= x = y x = &y x = y x = allocate(y) x = y x = fun(f 1,...,f n ) returns r in S x = p(y 1,...,y n ) karkare, CSE, IITK/B CS618 3/10

Language S ::= x = y x = &y x = y x = allocate(y) x = y x = fun(f 1,...,f n ) returns r in S x = p(y 1,...,y n ) karkare, CSE, IITK/B CS618 3/10

Non standard Types s Symbols karkare, CSE, IITK/B CS618 4/10

Non standard Types s Symbols karkare, CSE, IITK/B CS618 4/10

Non standard Types s Symbols τ Locations ::= (ϕ, α) karkare, CSE, IITK/B CS618 4/10

Non standard Types s Symbols τ Locations ::= (ϕ, α) ϕ Ids ::= {s 1,...,s n } karkare, CSE, IITK/B CS618 4/10

Non standard Types s Symbols τ Locations ::= (ϕ, α) ϕ Ids ::= {s 1,...,s n } α Values ::= ptr(τ) karkare, CSE, IITK/B CS618 4/10

Non standard Types s Symbols τ Locations ::= (ϕ, α) ϕ Ids ::= {s 1,...,s n } α Values ::= ptr(τ) A denotes type environment. karkare, CSE, IITK/B CS618 4/10

Partial Order α 1 α 2 (α 1 = ) (α 1 = α 2 ) karkare, CSE, IITK/B CS618 5/10

: Typing Rules A x : (ϕ,α) A y : (ϕ,α ) α α A welltyped(x = y) karkare, CSE, IITK/B CS618 6/10

: Typing Rules A x : (ϕ,α) A y : (ϕ,α ) α α A welltyped(x = y) A x : (ϕ,α) A y : τ ptr(τ) α A welltyped(x = &y) karkare, CSE, IITK/B CS618 6/10

: Typing Rules A x : (ϕ,α) A y : (ϕ,α ) α α A welltyped(x = y) A x : (ϕ,α) A y : τ ptr(τ) α A welltyped(x = &y) A x : (ϕ,α) A y : (ϕ, ptr(ϕ,α )) α α A welltyped(x = y) karkare, CSE, IITK/B CS618 6/10

: Typing Rules A x : (ϕ,α) A y : (ϕ,α ) α α A welltyped(x = y) A x : (ϕ,α) A y : τ ptr(τ) α A welltyped(x = &y) A x : (ϕ,α) A y : (ϕ, ptr(ϕ,α )) α α A welltyped(x = y) A x : (ϕ, ptr(ϕ,α )) A y : (ϕ,α ) α α A welltyped( x = y) karkare, CSE, IITK/B CS618 6/10

: Typing Rules A x : (ϕ,α) A y : (ϕ,α ) α α A welltyped(x = y) A x : (ϕ,α) A y : τ ptr(τ) α A welltyped(x = &y) A x : (ϕ,α) A y : (ϕ, ptr(ϕ,α )) α α A welltyped(x = y) A x : (ϕ, ptr(ϕ,α )) A y : (ϕ,α ) α α A welltyped( x = y) A x : τ A welltyped(x = allocate(y)) karkare, CSE, IITK/B CS618 6/10

Function Definitions karkare, CSE, IITK/B CS618 7/10

Function Definitions Need a new type value: (τ 1...τ n ) τ karkare, CSE, IITK/B CS618 7/10

Function Definitions Need a new type value: (τ 1...τ n ) τ karkare, CSE, IITK/B CS618 7/10

Function Definitions Need a new type value: (τ 1...τ n ) τ A x : (τ 1...τ n ) τ karkare, CSE, IITK/B CS618 7/10

Function Definitions Need a new type value: (τ 1...τ n ) τ A x : (τ 1...τ n ) τ i {1...n}.A f i : τ i karkare, CSE, IITK/B CS618 7/10

Function Definitions Need a new type value: (τ 1...τ n ) τ A x : (τ 1...τ n ) τ i {1...n}.A f i : τ i A r : τ karkare, CSE, IITK/B CS618 7/10

Function Definitions Need a new type value: (τ 1...τ n ) τ A x : (τ 1...τ n ) τ i {1...n}.A f i : τ i A r : τ s S.A welltyped(s) karkare, CSE, IITK/B CS618 7/10

Function Definitions Need a new type value: (τ 1...τ n ) τ A x : (τ 1...τ n ) τ i {1...n}.A f i : τ i A r : τ s S.A welltyped(s) A welltyped(x = fun(f 1,...,f n ) returns r in S ) karkare, CSE, IITK/B CS618 7/10

Function Calls A x : τ τ = (ϕ,α) karkare, CSE, IITK/B CS618 8/10

Function Calls A x : τ τ = (ϕ,α) karkare, CSE, IITK/B CS618 8/10

Function Calls A x : τ τ = (ϕ,α) A p : (τ 1...τ n ) τ τ i = (ϕ i,α i ) karkare, CSE, IITK/B CS618 8/10

Function Calls A x : τ τ = (ϕ,α) A p : (τ 1...τ n ) τ τ i = (ϕ i,α i ) i {1...n}.A y i : τ i τ i = (ϕ i,α i ) karkare, CSE, IITK/B CS618 8/10

Function Calls A x : τ τ = (ϕ,α) A p : (τ 1...τ n ) τ τ i = (ϕ i,α i ) i {1...n}.A y i : τ i τ i = (ϕ i,α i ) α i α i α α karkare, CSE, IITK/B CS618 8/10

Function Calls A x : τ τ = (ϕ,α) A p : (τ 1...τ n ) τ τ i = (ϕ i,α i ) i {1...n}.A y i : τ i τ i = (ϕ i,α i ) α i α i α α A welltyped(x = p(y 1,...,y n )) karkare, CSE, IITK/B CS618 8/10

Manuvir Das s One-level Flow-based Analysis α 1 α 2 ptr(τ 1 ) ptr(τ 2 ) karkare, CSE, IITK/B CS618 9/10

Manuvir Das s One-level Flow-based Analysis α 1 α 2 ptr(τ 1 ) ptr(τ 2 ) ptr((ϕ,α )) ptr((ϕ,α)) karkare, CSE, IITK/B CS618 9/10

Manuvir Das s One-level Flow-based Analysis α 1 α 2 ptr(τ 1 ) ptr(τ 2 ) ptr((ϕ,α )) ptr((ϕ,α)) (ϕ ϕ) (α = α) karkare, CSE, IITK/B CS618 9/10

One-level Flow-based Analysis Replace by in Steensgaard s analysis karkare, CSE, IITK/B CS618 10/10

One-level Flow-based Analysis Replace by in Steensgaard s analysis Keeps top level pointees separate! karkare, CSE, IITK/B CS618 10/10