Analysis of
programs with pointers
Wednesday, November 30, 2011
Simple example
•
What are the dependences in this program?
•
Problem: just looking at variable names will not give you the correct
information
–
After statement S2, program names “x” and “*ptr” are both expressions
that refer to the same memory location.
–
We say that ptr pointsto x after statement S2.
•
In a Clike language that has pointers, we must know the pointsto
relation to be able to determine dependences correctly
x := 5
ptr := @x
*ptr := 9
y := x
S1
S2
S3
S4
dependences
program
Wednesday, November 30, 2011
Program model
•
For now, only types are int and int*
•
No heap
– All pointers point to only to stack variables
•
No procedure or function calls
•
Statements involving pointer variables:
– address: x := &y
– copy:
x := y
– load:
x := *y
– store:
*x := y
•
Arbitrary computations involving ints
Wednesday, November 30, 2011
Pointsto relation
•
Directed graph:
– nodes are program variables
– edge (a,b): variable a pointsto variable b
•
Can use a special node to represent NULL
•
Pointsto relation is different at different program
points
x
ptr
y
Wednesday, November 30, 2011
•
Outdegree of node may be more than one
– if pointsto graph has edges (a,b) and (a,c), it means that
variable a may point to either b or c
– depending on how we got to that point, one or the other
will be true
– pathsensitive analyses: track how you got to a program
point (we will not do this)
Pointsto graph
if (p)
then x := &y
else x := &z
…..
p
x := &y
x := &z
What does x point to here?
Wednesday, November 30, 2011
Ordering on pointsto relation
•
Subset ordering: for a given set of
variables
– Least element is graph with no edges
– G1 <= G2 if G2 has all the edges G1 has and
maybe some more
•
Given two pointsto relations G1 and G2
– G1 U G2: least graph that contains all the
edges in G1 and in G2
Wednesday, November 30, 2011
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Overview
•
We will look at three different pointsto analyses.
•
Flowsensitive pointsto analysis
–
Dataflow analysis
–
Computes a different pointsto relation at each point in program
•
Flowinsensitive pointsto analysis
–
Computes a single pointsto graph for entire program
–
Andersen’s algorithm
•
Natural simplification of flowsensitive algorithm
–
Steensgard’s algorithm
•
Nodes in tree are equivalence classes of variables
–
if x may pointto either y or z, put y and z in the same equivalence class
•
Pointsto relation is a tree with edges from children to parents rather
than a general graph
•
Less precise than Andersen’s algorithm but faster
Wednesday, November 30, 2011
Example
x := &z
ptr := @x
y := @w
ptr := @y
ptr
x
z
y
w
ptr
x
z
y
w
ptr
x,y
z,w
Flowsensitive algorithm
Andersen’s algorithm
Steensgard’s algorithm
Wednesday, November 30, 2011
Notation
•
Suppose S and S1 are setvalued variables.
This is the end of the preview.
Sign up
to
access the rest of the document.
 Fall '08
 TEST
 Wednesday

Click to edit the document details