Symbolic Analysis of Imperative Programming Languages

We present a generic symbolic analysis framework for imperative programming languages. Our framework is capable of computing all valid variable bindings of a program at given program points. This information is invaluable for domain-specific static program analyses such as memory leak detection, program parallelisation, and the detection of superfluous bound checks, variable aliases and task deadlocks. We employ path expression algebra to model the control flow information of programs. A homomorphism maps path expressions into the symbolic domain. At the center of the symbolic domain is a compact algebraic structure called supercontext. A supercontext contains the complete control and data flow analysis information valid at a given program point. Our approach to compute supercontexts is based purely on algebra and is fully automated. This novel representation of program semantics closes the gap between program analysis and computer algebra systems, which makes supercontexts an ideal intermediate representation for all domain-specific static program analyses. Our approach is more general than existing methods because it can derive solutions for arbitrary (even intra-loop) nodes of reducible and irreducible control flow graphs. We prove the correctness of our symbolic analysis method. Our experimental results show that the problem sizes arising from real-world applications such as the SPEC95 benchmark suite are tractable for our symbolic analysis framework.

[1]  Rudolf Eigenmann,et al.  Nonlinear and Symbolic Data Dependence Testing , 1998, IEEE Trans. Parallel Distributed Syst..

[2]  Kyle A. Gallivan,et al.  A unified framework for nonlinear dependence testing and symbolic analysis , 2004, ICS '04.

[3]  Thomas Fahringer,et al.  Advanced Symbolic Analysis for Compilers: New Techniques and Algorithms for Symbolic Program Analysis and Optimization , 2003 .

[4]  William Pugh,et al.  Nonlinear array dependence analysis , 1994 .

[5]  Thomas Fahringer,et al.  Advanced Symbolic Analysis for Compilers , 2003, Lecture Notes in Computer Science.

[6]  Michael Wolfe,et al.  Beyond induction variables: detecting and classifying sequences using a demand-driven SSA form , 1995, TOPL.

[7]  Juan Ángel Pastor Franco,et al.  A systematic approach to developing safe tele-operated robots , 2006 .

[8]  George S. Lueker,et al.  Some Techniques for Solving Recurrences , 1980, CSUR.

[9]  Keshav Pingali,et al.  Fractal symbolic analysis , 2000, TOPL.

[10]  Johann Blieberger,et al.  Interprocedural Symbolic Evaluation of Ada Programs with Aliases , 1999, Ada-Europe.

[11]  William Pugh,et al.  A practical algorithm for exact array dependence analysis , 1992, CACM.

[12]  Johann Blieberger,et al.  Static Detection of Access Anomalies in Ada95 , 2006, Ada-Europe.

[13]  Paul Havlak,et al.  Interprocedural symbolic analysis , 1995 .

[14]  Johann Blieberger,et al.  Symbolic Cache Analysis for Real-Time Systems , 2000, Real-Time Systems.

[15]  Martin C. Rinard,et al.  Symbolic bounds analysis of pointers, array indices, and accessed memory regions , 2005, TOPL.

[16]  Johann Blieberger,et al.  Data-Flow Frameworks for Worst-Case Execution Time Analysis , 2002, Real-Time Systems.

[17]  Constantine D. Polychronopoulos,et al.  Symbolic analysis for parallelizing compilers , 1996, TOPL.

[18]  Robert van Engelen The CR# Algebra and its Application in Loop Analysis and Optimization , 2004 .

[19]  Johann Blieberger,et al.  Eliminating Redundant Range Checks in GNAT Using Symbolic Evaluation , 2003, Ada-Europe.

[20]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[21]  David A. Padua,et al.  Gated SSA-based demand-driven symbolic analysis for parallelizing compilers , 1995, ICS '95.

[22]  Johann Blieberger,et al.  Symbolic Data Flow Analysis for Detecting Deadlocks in Ada Tasking Programs , 2000, Ada-Europe.

[23]  Tobias Nipkow,et al.  Term rewriting and all that , 1998 .

[24]  Paul S. Wang,et al.  Chains of recurrences—a method to expedite the evaluation of closed-form functions , 1994, ISSAC '94.

[25]  Johann Blieberger Discrete Loops and Worst Case Performance , 1994, Comput. Lang..

[26]  D. Knuth,et al.  Mathematics for the Analysis of Algorithms , 1999 .

[27]  William Pugh,et al.  Counting solutions to Presburger formulas: how and why , 1994, PLDI '94.

[28]  Johann Blieberger,et al.  Symbolic pointer analysis for detecting memory leaks , 1999, PEPM '00.

[29]  William Pugh,et al.  The Omega test: A fast and practical integer programming algorithm for dependence analysis , 1991, Proceedings of the 1991 ACM/IEEE Conference on Supercomputing (Supercomputing '91).

[30]  Matthew S. Hecht,et al.  Flow Analysis of Computer Programs , 1977 .

[31]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[32]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[33]  Robert E. Tarjan,et al.  A Unified Approach to Path Problems , 1981, JACM.

[34]  Juan Antonio de la Puente,et al.  Reliable Software Technologies — Ada-Europe’ 99 , 2002, Lecture Notes in Computer Science.

[35]  Hubert B. Keller,et al.  Reliable Software Technologies Ada-Europe 2000 , 2000, Lecture Notes in Computer Science.

[36]  Eugene V. Zima Simplification and optimization transformations of chains of recurrences , 1995, ISSAC '95.

[37]  Neil D. Jones,et al.  Program Flow Analysis: Theory and Application , 1981 .

[38]  R. Haskins Mathematics for the analysis of algorithms (2nd ed.) , 1986, Proceedings of the IEEE.

[39]  守屋 悦朗,et al.  J.E.Hopcroft, J.D. Ullman 著, "Introduction to Automata Theory, Languages, and Computation", Addison-Wesley, A5変形版, X+418, \6,670, 1979 , 1980 .

[40]  Stephen Wolfram,et al.  The Mathematica Book , 1996 .

[41]  Keith O. Geddes,et al.  Algorithms for computer algebra , 1992 .

[42]  Barbara M. Chapman,et al.  Supercompilers for parallel and vector computers , 1990, ACM Press frontier series.