Precise call graph construction in the presence of function pointers

Citations Over TimeTop 10% of 2003 papers

Abstract

The use of pointers presents serious problems for software productivity tools for software understanding, restructuring, and testing. Pointers enable indirect memory accesses through pointer dereferences, as well as indirect procedure calls (e.g., through function pointers in C). Such indirect-accesses and calls can be disambiguated with pointer analysis. In this paper we evaluate the precision of a pointer analysis by Zhang et al. (1996, 1998) for the purposes of call graph construction for C programs with function pointers. The analysis is implemented in the context of a production-strength code-browsing tool from Siemens Corporate Research. The analysis uses an inexpensive, almost-linear flow- and context-insensitive algorithm. To measure analysis precision, we compare the call graph computed by the analysis with the most precise call graph obtainable by a large category of pointer analyses. Surprisingly, for all our data programs the analysis of Zhang et al. achieves the best possible precision. This result indicates that for the purposes of call graph construction, even inexpensive analyses can provide very good precision, and therefore the use of more expensive analyses may not be justified.

Related Papers

• → Towards Path-Sensitive Points-to Analysis(2007)3 cited
• → Towards Path-Sensitive Points-to Analysis(2007)4 cited
• Pointer analysis for java programs: novel techniques and applications(2006)
• → Accelerating Data-Flow Analysis with Full-Partitioning(2021)