A practical and precise inference and specializer for array bound checks elimination

Arrays are intensively used in many software programs, including those in the popular graphics and game programming domains. Although the problem of eliminating redundant array bound checks has been studied for a long time, there are few works that attempt to be both aggressively precise and practical. We propose an inference mechanism that achieves both aims by combining a forward relational analysis with a backward precondition derivation. Our inference algorithm works for a core imperative language with assignments, and analyses each method once through a summary-based approach. Our inference is precise as it is both path and context sensitive. Through a novel technique that can strengthen preconditions, we can selectively reduce the sizes of formulae to support a practical inference algorithm. Moreover, we subject each inferred program to a flexivariant specialization that can achieve good tradeoff between elimination of array checks and code explosion concerns. We have proven the soundness of our approach and have also implemented a prototype inference and specialization system. Initial experiments suggest that such a desired system is viable.

[1]  Olivier Tardieu,et al.  Ultra-fast aliasing analysis using CLA: a million lines of C code in a second , 2001, PLDI '01.

[2]  Manuel Fähndrich,et al.  Pentagons: a weakly relational abstract domain for the efficient validation of array accesses , 2008, SAC '08.

[3]  Norihisa Suzuki,et al.  Implementation of an array bound checker , 1977, POPL.

[4]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[5]  Wei-Ngan Chin,et al.  Inferring Disjunctive Postconditions , 2006, ASIAN.

[6]  Sriram K. Rajamani,et al.  Counterexample Driven Refinement for Abstract Interpretation , 2006, TACAS.

[7]  Martin C. Rinard,et al.  Symbolic bounds analysis of pointers, array indices, and accessed memory regions , 2005, TOPL.

[8]  Jack J. Dongarra,et al.  The LINPACK Benchmark: past, present and future , 2003, Concurr. Comput. Pract. Exp..

[9]  Wei-Ngan Chin,et al.  Extending sized type with collection analysis , 2003, PEPM '03.

[10]  Rajiv Gupta,et al.  Complete removal of redundant expressions , 1998, PLDI 1998.

[11]  Wei-Ngan Chin,et al.  Deriving Pre-Conditions for Array Bound Check Elimination , 2001, APLAS.

[12]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[13]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[14]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[15]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[16]  William Pugh,et al.  A practical algorithm for exact array dependence analysis , 1992, CACM.

[17]  Sriram Sankaranarayanan,et al.  Static Analysis in Disjunctive Numerical Domains , 2006, SAS.

[18]  James R. Larus,et al.  Static branch frequency and program profile analysis , 1994, MICRO 27.

[19]  Frank Pfenning,et al.  Eliminating array bound checking through dependent types , 1998, PLDI.

[20]  Takeo Kanade,et al.  Unifying Theories of Programming , 2010, Lecture Notes in Computer Science.

[21]  Patrick Cousot,et al.  Modular Static Program Analysis , 2002, CC.

[22]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[23]  Cormac Flanagan,et al.  Hybrid type checking , 2006, POPL '06.

[24]  Michael Wolfe,et al.  Elimination of redundant array subscript range checks , 1995, PLDI '95.

[25]  Alexander Aiken,et al.  Scalable error detection using boolean satisfiability , 2005, POPL '05.

[26]  Sriram Sankaranarayanan,et al.  Program Analysis Using Symbolic Ranges , 2007, SAS.

[27]  Barton P. Miller,et al.  Safety checking of machine code , 2000, PLDI '00.

[28]  David Grove,et al.  Selective specialization for object-oriented languages , 1995, PLDI '95.

[29]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[30]  Josef Svenningsson,et al.  Constraint Abstractions , 2001, PADO.

[31]  Mikel Luján,et al.  Elimination of Java array bounds checks in the presence of indirection , 2002, JGI '02.

[32]  Vivek Sarkar,et al.  ABCD: eliminating array bounds checks on demand , 2000, PLDI '00.

[33]  Amr Sabry,et al.  Proving the correctness of reactive systems using sized types , 1996, POPL '96.

[34]  William Pugh,et al.  Counting solutions to Presburger formulas: how and why , 1994, PLDI '94.

[35]  Rajiv Gupta A fresh look at optimizing array bound checking , 1990, PLDI '90.

[36]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[37]  Antoine Mid The Octagon Abstract Domain , 2001 .

[38]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[39]  François Irigoin,et al.  Efficient and effective array bound checking , 2005, TOPL.

[40]  William Pugh,et al.  The Omega test: A fast and practical integer programming algorithm for dependence analysis , 1991, Proceedings of the 1991 ACM/IEEE Conference on Supercomputing (Supercomputing '91).

[41]  Michael Rodeh,et al.  CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.

[42]  Roberto Bagnara,et al.  Widening operators for powerset domains , 2005, International Journal on Software Tools for Technology Transfer.

[43]  Viktor Kuncak,et al.  Crosscutting techniques in program specification and analysis , 2005, AOSD '05.