The use of pointers presents serious problems for software productivity tools for software understanding, restructuring, and testing. Pointers enable indirect memory accesses through pointer dereferences, as well as indirect procedure calls (e.g., through function pointers in C). Such indirect accesses and calls can be disambiguated with pointer analysis. In this paper we evaluate the precision of a pointer analysis by Zhang et al. [20, 19] for the purposes of call graph construction for C programs with function pointers. The analysis is implemented in the context of a productionstrength code-browsing tool from Siemens Corporate Research. The analysis uses an inexpensive, almost-linear, flow- and context-insensitive algorithm. To measure analysis precision, we compare the call graph computed by the analysis with the most precise call graph obtainable by a large category of pointer analyses. Surprisingly, for all our data programs the analysis from [20, 19] achieves the best possible ...
Ana Milanova, Atanas Rountev, Barbara G. Ryder