The Design and Implementation of a Non-Iterative Range Analysis Algorithm on a Production Compiler

This paper presents the first implementation of a non-iterative range analysis algorithm in a production compiler. Discrete range analyses try to discover the intervals of values that may be bound to the integer variables during program execution. This information enables compiler optimizations such as dead code elimination and the detection of bugs such as buffer overflow vulnerabilities. So far, non-iterative range analysis algorithms have been constrained to theoretical works – actual implementations never reaching the boundaries of industrial strength compilers. In this paper we fix this omission by implementing in the LLVM compiler the constraint system that Su and Wagner designed in 2005. In the effort to implement this method in an actual compiler we had to modify Su’s algorithm in many ways. In particular, we use Gawlitza’s algorithm to handle program loops, and Bodik’s Extended Static Single Assignment form to add flow sensitiveness to our analysis. We have tested this analysis with a compiler optimization that converts 32-bit variables to either 8-bit or 16-bit variables whenever possible. Our implementation of range analysis has been able to process over 4 million assembly instructions in 223 seconds, yielding results on par with previous works. For instance, we have reduced by 39.4% on average the bit size of the integer variables in the bitwise benchmark suite.

[1]  Richard Bellman,et al.  ON A ROUTING PROBLEM , 1958 .

[2]  Scott A. Mahlke,et al.  Bitwidth cognizant architecture synthesis of custom hardwareaccelerators , 2001, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[3]  Axel Simon Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities , 2008 .

[4]  Rahul Gupta,et al.  Optimal Bitwise Register Allocation Using Integer Linear Programming , 2006, LCPC.

[5]  Rajiv Gupta,et al.  Bitwidth aware global register allocation , 2003, POPL.

[6]  Jens Palsberg,et al.  Register allocation by puzzle solving , 2008, PLDI '08.

[7]  Jan Reineke,et al.  Polynomial Precise Interval Analysis Revisited , 2009, Efficient Algorithms.

[8]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[9]  Jason R. C. Patterson,et al.  Accurate static branch prediction by value range propagation , 1995, PLDI '95.

[10]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[11]  David A. Wagner,et al.  A class of polynomially solvable range constraints for interval analysis without widenings , 2005, Theor. Comput. Sci..

[12]  R. K. Shyamasundar,et al.  Introduction to algorithms , 1996 .

[13]  Timothy Kong,et al.  Precise register allocation for irregular architectures , 1998, Proceedings. 31st Annual ACM/IEEE International Symposium on Microarchitecture.

[14]  Zhiru Zhang,et al.  Bitwidth-aware scheduling and binding in high-level synthesis , 2005, Proceedings of the ASP-DAC 2005. Asia and South Pacific Design Automation Conference, 2005..

[15]  Fernando Magno Quintão Pereira,et al.  Dynamic Elimination of Overflow Tests in a Trace Compiler , 2011, CC.

[16]  Vivek Sarkar,et al.  ABCD: eliminating array bounds checks on demand , 2000, PLDI '00.

[17]  C. Scott Ananian,et al.  The static single information form , 2001 .

[18]  Mark N. Wegman,et al.  Constant propagation with conditional branches , 1985, POPL.

[19]  Bernhard Scholz,et al.  Register allocation for irregular architectures , 2002, LCTES/SCOPES '02.

[20]  Mark Stephenson,et al.  Bidwidth analysis with application to silicon compilation , 2000, PLDI '00.

[21]  Daniel Cordes,et al.  A Fast and Precise Static Loop Analysis Based on Abstract Interpretation, Program Slicing and Polytope Models , 2009, 2009 International Symposium on Code Generation and Optimization.

[22]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[23]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.