Precise and Scalable Points-to Analysis via Data-Driven Context Tunneling
Wed 7 Nov 2018 18:18 - 18:20 at Georgian - Poster & SRC
We present context tunneling, a new approach for performing precise and scalable context-sensitive points-to analysis. As context-sensitivity holds the key to the development of precise and scalable points-to analysis, a variety of techniques for context-sensitivity have been proposed. However, most existing approaches have a significant weakness that they blindly update the context of a method at every call-site, allowing important context elements to be overwritten by more recent, but not necessarily more important, ones. In this paper, we show that this is a key limiting factor in existing techniques, and demonstrate that remarkable increase in both precision and scalability can be gained by carefully maintaining important context elements only.
We attain context tunneling via a data-driven approach. The effectiveness of context tunneling is very sensitive to the choice of important context elements. Even worse, precision is not monotonically increasing with respect to the ordering of the choices. As a result, manually coming up with a good heuristic rule for context tunneling is extremely challenging and likely fails to maximize its potential. We address this challenge by developing a specialized data-driven algorithm, which is able to automatically search for high-quality heuristics over the non-monotonic space of context tunneling.
We implemented our approach in the Doop framework and applied it to four major flavors of context sensitivity: call-site-sensitivity, object-sensitivity, type-sensitivity, and hybrid context-sensitivity. In all cases, $1$-context-sensitive analysis with context tunneling far outperformed deeper context-sensitivity with $k=2$ in both precision and scalability.
