This paper presents a novel framework for the symbolic bounds analysis of pointers, array indices, and accessed memory regions. Our framework formulates each analysis problem as a system of inequality constraints between symbolic bound polynomials. It then reduces the constraint system to a linear program. The solution to the linear program provides symbolic lower and upper bounds for the values of pointer and array index variables and for the regions of memory that each statement and procedure accesses. This approach eliminates fundamental problems associated with applying standard fixed-point approaches to symbolic analysis problems. Experimental results from our implemented compiler show that the analysis can solve several important problems, including static race detection, automatic parallelization, static detection of array bounds violations, elimination of array bounds checks, and reduction of the number of bits used to store computed values.
|
639
|
Efficiently Computing Static Single Assignment Form and the Control Dependence Graph
– Cytron, Ferrante, et al.
- 1991
|
|
628
|
Eiffel: The Language
– Meyer
- 1991
|
|
441
|
Optimizing Supercompilers for Supercomputers
– Wolfe
- 1989
|
|
415
|
Points-to analysis in almost linear time
– Steensgaard
- 1996
|
|
352
|
The omega test: a fast and practical integer programming algorithm for dependence analysis
– Pugh
- 1991
|
|
344
|
Dependence Analysis for Supercomputing
– Banerjee
- 1988
|
|
339
|
Effective context-sensitive pointer analysis for C programs
– Wilson, Lam
- 1995
|
|
318
|
Analysis of pointers and structures
– Chase, Wegman, et al.
- 1990
|
|
316
|
Compiling Fortran D for MIMD distributed-memory machines
– Hiranandani, Kennedy, et al.
- 1992
|
|
310
|
Parametric shape analysis via 3-valued logic
– Sagiv, Reps, et al.
|
|
305
|
Principles of Program Analysis
– Nielson, Nielson, et al.
- 1999
|
|
299
|
Cilk: An efficient multithreaded runtime system
– Blumofe, Joerg, et al.
- 1995
|
|
270
|
Extended static checking for Java
– Flanagan, Leino, et al.
- 2002
|
|
256
|
Enforcing high-level protocols in low-level software
– Deline, Fähndrich
- 2001
|
|
250
|
Extended static checking
– Detlefs, Leino, et al.
- 1998
|
|
249
|
Solving shape-analysis problems in languages with destructive updating
– Sagiv, Reps, et al.
- 1998
|
|
224
|
A First Step towards Automated Detection of Buffer Overrun Vulnerabilities
– Wagner, Foster, et al.
- 2000
|
|
216
|
The design and implementation of a certifying compiler
– Necula, Lee
- 1998
|
|
195
|
An implementation of interprocedural bounded regular section analysis
– Havlak, Kennedy
- 1991
|
|
155
|
Type-based race detection for Java
– Flanagan, Freund
- 2000
|
|
155
|
Detecting conflicts between structure accesses
– Larus, Hilfinger
- 1988
|
|
152
|
Is it a Tree, a DAG, or a Cyclic Graph? A shape analysis for heap-directed pointers in C
– Ghiya, Hendren
- 1996
|
|
146
|
Efficient detection of all pointer and array access errors
– Austin, Breach, et al.
- 1994
|
|
141
|
Eliminating Array Bound Checking Through Dependent Types
– Xi, Pfenning
- 1998
|
|
137
|
Practical dependence testing
– Goff, Kennedy, et al.
- 1991
|
|
135
|
Detecting parallelism in C programs with recursive data structures
– Ghiya, Hendren, et al.
- 1998
|
|
132
|
Region-based memory management in cyclone
– Grossman, Morrisett, et al.
- 2002
|
|
124
|
The implementation of the Cilk-5 multithreaded language
– Frigo, Leiserson, et al.
- 1998
|
|
117
|
Pointer Analysis for Multithreaded Programs
– Rugina, Rinard
- 1999
|
|
117
|
A parameterized type system for race-free Java programs
– Boyapati, Rinard
- 2001
|
|
110
|
Efficient and exact data dependence analysis
– Maydan, Hennessy, et al.
|
|
106
|
The SUIF compiler for scalable parallel machines
– Amarasinghe, Anderson, et al.
- 1995
|
|
106
|
Statically detecting likely buffer overflow vulnerabilities
– Larochelle, Evans
- 2001
|
|
100
|
Direct parallelization of CALL statements
– Triolet, Irigoin, et al.
- 1986
|
|
98
|
Efficient and precise datarace detection for multithreaded object-oriented programs
– Choi, Lee, et al.
- 2002
|
|
92
|
A type and effect system for atomicity
– Flanagan, Qadeer
- 2003
|
|
86
|
Eliminating array bounds checks on demand
– Bodik, Gupta, et al.
- 2002
|
|
86
|
Abstract Debugging of Higher-Order Imperative Languages
– Bourdoncle
- 1993
|
|
84
|
Detecting coarse-grain parallelism using an interprocedural parallelizing compiler
– Hall, Amarasinghe, et al.
- 1995
|
|
83
|
Types for Safe Locking
– Flanagan, Abadi
- 1999
|
|
77
|
A technique for summarizing data access and its use in parallelism enhancing transformations
– Balasundaram, Kennedy
- 1989
|
|
76
|
Recursion Leads To Automatic Variable Blocking For Dense Linear-algebra Algorithms
– Gustavson
- 1997
|
|
76
|
Compiler Analysis of the Value Ranges for Variables
– Harrison
- 1977
|
|
71
|
Detecting Data Races in Cilk Programs that Use Locks
– Cheng, Feng
- 1998
|
|
68
|
Auto-blocking matrix multiplication or tracking blas3 performance from source code
– Frens, Wise
- 1997
|
|
63
|
Detecting Access Anomalies in Programs with Critical Sections
– Dinning, Schonberg
- 1991
|
|
63
|
Elimination of redundant array subscript range checks
– Kolte, Wolfe
- 1995
|
|
63
|
Optimizing array bounds checks using flow analysis
– Gupta
- 1993
|
|
63
|
On-the-fly detection of data races for programs with nested fork-join parallelism
– Mellor-Crummey
- 1991
|
|
62
|
Bitwidth analysis with application to silicon compilation
– Stephenson, Babb, et al.
- 2000
|
|
