A Framework for Memory Efficient Context-Sensitive Program Analysis

Static program analysis is in general more precise if it is sensitive to execution contexts (execution paths). But then it is also more expensive in terms of memory consumption. For languages with conditions and iterations, the number of contexts grows exponentially with the program size. This probl...

Full description

Saved in:
Bibliographic Details
Published in:Theory of computing systems Vol. 66; no. 5; pp. 911 - 956
Main Authors: Hedenborg, Mathias, Lundberg, Jonas, Löwe, Welf, Trapp, Martin
Format: Journal Article
Language:English
Published: New York Springer US 01.10.2022
Springer Nature B.V
Subjects:
Algorithms
Approximation
Computer and Information Sciences Computer Science
Computer Science
Context
Context-sensitivity
Cost analysis
Data analysis
Data flow analysis
Data- och informationsvetenskap
Graph theory
Mathematical analysis
Program verification (computers)
Redundancy
Static program analysis
Theory of Computation
Static program analysis
Data-flow analysis
Context-sensitivity
ISSN:1432-4350, 1433-0490, 1433-0490
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Static program analysis is in general more precise if it is sensitive to execution contexts (execution paths). But then it is also more expensive in terms of memory consumption. For languages with conditions and iterations, the number of contexts grows exponentially with the program size. This problem is not just a theoretical issue. Several papers evaluating inter-procedural context-sensitive data-flow analysis report severe memory problems, and the path-explosion problem is a major issue in program verification and model checking. In this paper we propose χ -terms as a means to capture and manipulate context-sensitive program information in a data-flow analysis. χ -terms are implemented as directed acyclic graphs without any redundant subgraphs. We introduce the k -approximation and the l -loop-approximation that limit the size of the context-sensitive information at the cost of analysis precision. We prove that every context-insensitive data-flow analysis has a corresponding k , l -approximated context-sensitive analysis, and that these analyses are sound and guaranteed to reach a fixed point. We also present detailed algorithms outlining a compact, redundancy-free, and DAG-based implementation of χ -terms.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1432-4350
1433-0490
1433-0490
DOI:10.1007/s00224-022-10093-w