2. Abstract
• flow & context insensitive pointer analysis of C
• low-cost
• / Steensgaard’s Andersen’s
• using a restricted form of subtyping at the top
levels
• using unification elsewhere in the graph
• scale easily to large programs
• 1.4MLOC, 2min., 200MB
2010 1 8
3. Background
• Steensgaard’s unification-based approach
• linear running-time
• imprecise
• Andersen’s subtyping-based approach
• worst-case cubic running-time
• much more precise
2010 1 8
4. Contributions
• the one level flow algorithm
• simple extension of Steensgaard’s algorithm
• scaling properties of Steensgaard’s algorithm and
the precision of Andersen’s algorithm
2010 1 8
5. Example
Steensgaard’s Andersen’s One level flow (proposed)
p s3 flow edge
2010 1 8
6. Experiments
• AST Toolkit (extension of the MS VC)
• client analyzes individual compilation units
• a partial points-to graph, table
• linker produces global points-to info.
2010 1 8
7. 2010
1
8
Analysis time (ms per 1000 nodes)
0
10
20
30
co
m
pr
e ss
li
m
88
ks
im
ijp
eg
go
pe
Benchmark
rl
vo
rte
x
gc
c
W
or
d9
7
Steensgaard
Flow step overhead
Flow graph overhead
8. 100
Average points-to set size
80 11.78
185.62 22.22
(normalized)
1.22
60
14.79
40
20 3.29 59.30 7.72
0
im
ss
li
c
eg
go
rl
x
gc
rte
pe
e
ijp
ks
pr
vo
88
m
co
m
Benchmark
One level flow Andersen
2010 1 8