Alias Analysis by Means of a Model Checker

We study the application of a standard model checker tool, Spin, to the well-known problem of computing a may-alias relation for a C program. A precise may-alias relation can significantly improve code optimization, but in general it may be computationally too expensive. We show that, at least in the case of intraprocedural alias analysis, a model checking tool has a great potential for precision and efficiency. For instance, we can easily deal, with good precision, with features such as pointer arithmetic, arrays, structures and dynamic memory allocation. At the very least, the great flexibility allowed in defining the may-alias relation, should make it easier to experiment and to examine the connections among the accuracy of an alias analysis and the optimizations available in the various compilation phases.

[1]  Thomas W. Reps,et al.  Program analysis via graph reachability , 1997, Inf. Softw. Technol..

[2]  William Pugh,et al.  Constraint-based array dependence analysis , 1998, TOPL.

[3]  David A. SchmidtKansas Limiting State Explosion with Filter-Based Re nement , 1997 .

[4]  Patrick Cousot,et al.  Temporal abstract interpretation , 2000, POPL '00.

[5]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[6]  Donglin Liang,et al.  Equivalence analysis: a general technique to improve the efficiency of data-flow analyses in the presence of pointers , 1999, PASTE '99.

[7]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[8]  William Landi,et al.  Interprocedural aliasing in the presence of pointers , 1992 .

[9]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[10]  David A. Schmidt,et al.  Program Analysis as Model Checking of Abstract Interpretations , 1998, SAS.

[11]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[12]  Barbara G. Ryder,et al.  A safe approximate algorithm for interprocedural aliasing , 1992, PLDI '92.

[13]  Thomas W. Reps,et al.  Pointer analysis for programs with structures and casting , 1999, PLDI '99.

[14]  Andrew W. Appel,et al.  Modern Compiler Implementation in Java , 1997 .

[15]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[16]  Reinhard Wilhelm,et al.  Shape Analysis , 2000, CC.

[17]  Donglin Liang,et al.  Efficient points-to analysis for whole-program analysis , 1999, ESEC/FSE-7.

[18]  Jong-Deok Choi,et al.  Interprocedural pointer alias analysis , 1999, TOPL.

[19]  Joseph A. Fisher,et al.  Trace Scheduling: A Technique for Global Microcode Compaction , 1981, IEEE Transactions on Computers.

[20]  David F. Bacon,et al.  Compiler transformations for high-performance computing , 1994, CSUR.

[21]  Susan Horwitz,et al.  The Effects of the Precision of Pointer Analysis , 1997, SAS.

[22]  Bernhard Steffen,et al.  Data Flow Analysis as Model Checking , 1990, TACS.

[23]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[24]  Susan Horwitz,et al.  Precise flow-insensitive may-alias analysis is NP-hard , 1997, TOPL.

[25]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[26]  G. Ramalingam,et al.  The undecidability of aliasing , 1994, TOPL.

[27]  Joseph A. Fisher The VLIW Machine: A Multiprocessor for Compiling Scientific Code , 1984, Computer.