Relational Cache Analysis for Static Timing Analysis

Static cache analysis is an indispensable part of static timing analysis, which is employed to verify the timing behaviour of programs in safety-critical real-time systems. State-of-the-art cache analyses classify memory references as `always hit', `always miss', or `unknown'. To do so, they rely on a preceding address analysis that tries to determine the referenced addresses. If a referenced address is not determined precisely, however, those cache analyses cannot predict this reference as hit or miss. On top of that, information about other cache contents is lost upon such references. We present a novel approach to static cache analysis that alleviates the dependency on precise address analysis. Instead of having to argue about concrete addresses, we only need to argue about relations between referenced addresses, e.g. `accesses same memory block' or `maps to different cache set'. Such relations can be determined by congruence analyses, without precise knowledge about the actual addresses. The subsequent cache analysis then only relies on relations to infer cache information and to classify references. One advantage of this approach is that hits can be predicted for references with imprecisely determined addresses, even if there is no information about accessed addresses. In particular, this enables the prediction of hits for references whose addresses depend on an unknown stack pointer or even depend on the program input. Relational cache analysis is always at least as precise as the corresponding state-of-the-art cache analysis. Furthermore, we demonstrate significant improvements for three classes of program constructs.

[1]  Jan Reineke,et al.  Precise and Efficient FIFO-Replacement Analysis Based on Static Phase Detection , 2010, 2010 22nd Euromicro Conference on Real-Time Systems.

[3]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[4]  Jan Gustafsson,et al.  The Mälardalen WCET Benchmarks: Past, Present And Future , 2010, WCET.

[5]  Helmut Seidl,et al.  A Generic Framework for Interprocedural Analysis of Numerical Properties , 2005, SAS.

[6]  Thomas W. Reps,et al.  Analyzing Memory Accesses in x86 Executables , 2004, CC.

[7]  David B. Whalley,et al.  Timing analysis for data caches and set-associative caches , 1997, Proceedings Third IEEE Real-Time Technology and Applications Symposium.

[8]  Johann Blieberger,et al.  Symbolic Cache Analysis for Real-Time Systems , 2000, Real-Time Systems.

[9]  Reinhard Wilhelm,et al.  Efficient and Precise Cache Behavior Prediction for Real-Time Systems , 1999, Real-Time Systems.

[10]  Jakob Engblom,et al.  The worst-case execution-time problem—overview of methods and survey of tools , 2008, TECS.

[11]  Y. N. Srikant,et al.  WCET estimation for executables in the presence of data caches , 2007, EMSOFT '07.

[12]  M. Wegman,et al.  Global value numbers and redundant computations , 1988, POPL '88.

[13]  Gerard J. M. Smit,et al.  A mathematical approach towards hardware design , 2010, Dynamically Reconfigurable Architectures.

[14]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.