IPA: Improving predictive analysis with pointer analysis

Abstract

Predictive analysis, recently proposed for race detection, guarantees to report no false positives and achieves good coverage. Predictive analysis starts with the trace of an execution and mutates the schedule order of the trace to "predict" the executions that expose the hidden races. Ideally, the predictive analysis should allow the schedule mutation to change the memory location accessed by the field access, which helps meet the "same memory location" requirement of the data race. However, existing predictive approaches, including causality-preserving approaches and symbolic approaches, lack this capability. We propose the first predictive analysis that allows changing the accessed locations. The key challenge is that modeling of the field accesses relies on the location, which may however become unknown due to schedule mutation. We solve this challenge through a novel combination of predictive analysis and pointer analysis. Furthermore, unlike previous work, our analysis applies a hybrid encoding scheme to increase practical applicability. We have implemented our approach as a prototype IPA, and compared it against the most recent predictive analysis over a set of popular Java applications. Our experimental evaluation confirms the effectiveness of our approach: IPA is able to find close to 2X as many races as previous approaches.