DOCSLIB.ORG

Implementation of Invariant Code Motion Optimization in an Embedded Processor Oriented Compiler Infrastructure

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Implementation of Invariant Code Motion Optimization in an Embedded Processor Oriented Compiler Infrastructure Ivan Považan, Marko Krnjetin, Miodrag Đukić, Miroslav Popović Abstract—In order to achieve better performance results for Compiler optimizations the generated code various compiler optimizations are First approach relates to adapting the source code for performed during the compilation process. Even though it is certain compiler according to compiler specific coding expected that optimization would improve the code quality, for guidelines which can help compiler in code generation. embedded processor with small amount of resources applying On the other hand, more ideally, compiler should certain optimizations can sometimes lead to generation of larger number of instructions (i.e. larger code size and slower automatically perform the same and should not depend on the execution). One such optimization is a loop optimization - source code. Therefore compilers implement various invariant code motion. In this paper we present improvements to optimizations which are performed automatically on the the implementation of this optimization in an embedded source code, or are available through compiler switches to the processor oriented compiler infrastructure which give good user, in order to achieve the best performance. Complier results in cases of high register pressure. The enclosed test results optimizations are not independent and applying one can affect for translated code with and without proposed improvements show that our new approach generates code with better the other which can result in better or worse code. Choosing performance in all cases. the best combination of optimizations which would generate the best code, is a complex problem. Furthermore, Index Terms—Compiler optimization, invariant code motion, compilation passes like instruction selection, resource high register pressure allocation and instruction scheduling also need to be interleaved and interconnected for embedded processors to achieve better results, which additionally complicates I. INTRODUCTION choosing the best compilation strategy [1]. Clearly for DSP Having a high quality compiler for certain processor is not applications the most critical part of the source code, which an uncommon practice. It is actually quite the opposite and need to be condensed down as much as possible, are loops. nowadays there is a high demand for fast, robust and reliable Optimizations like loop unrolling, software pipelining, loop compilers that can generate code with high quality. Quality of tiling, invariant code motion, induction variable detection, the code most often refers to code size (number of instructions hardware loop detection and similar, generally improve the in memory) or code speed (number of cycles needed for the quality of the generated code by significant percentage. code execution). However, the question is: is this always true? In the embedded systems domain both characteristics are Most of mentioned loop optimizations are machine highly desirable and an ideally generated code has the independent optimizations and are performed on high level of performance near to the hand-written assembly code. In other intermediate representation of the translated code. This means words, the generated code is small and fast. However, that some target architecture specifics like: available resources designing and developing such compilers is not a trivial job to or available machine instructions are not considered at that do. Especially if the quality of the source code is taken into point in the compilation process, and applying such account. Compiler has to understand and recognize certain optimization can have undesirable effects. Moving the code constructs from the source code and to perform the best outside of the loop usually increases the number of compilation strategy in order to generate the best code, despite interferences between operands and can cause spills which the way those are written in the starting language. There are increases the overall number of instructions. In this paper we two approaches for dealing with this problem: present improvements for the implementation of invariant Source code adaptations code motion optimization which solve these problems. The paper is organized in six sections. This section gives an introduction to the problem domain. Next section includes Ivan Považan, RT-RK Institute for Computer Based Systems, Narodnog fronta 23a, Novi Sad, Serbia (e-mail: [email protected]) description of the used compiler framework, while the third Marko Krnjetin, RT-RK Institute for Computer Based Systems, Narodnog describes initial algorithm for invariant code motion and fronta 23a, Novi Sad, Serbia (e-mail: [email protected]) introduced improvements. Following section encloses test Miodrag Đukić, Faculty of Technical Sciences, Trg Dositeja Obradovića 6, Novi Sad, Serbia (e-mail: [email protected]) results and discussion about improvements acquired with Miroslav Popović, Faculty of Technical Sciences, Trg Dositeja modifications. Fifth section includes related work and finally Obradovića 6, Novi Sad, Serbia (e-mail: miroslav.popovic@ rt-rk.uns.ac.rs) Proceedings of 4th International Conference on Electrical, Electronics and Computing Engineering, pp. RTI1.4.1-5 IcETRAN 2017, Kladovo, Serbia, June 05-08, ISBN 978-86-7466-692-0 the last section gives a conclusion. change over loop iterations, and moves that computation from the loop body in order to improve performance of the II. RTCC generated code. This motion is also called hoisting. The technique is most often used on HLIR in order to hoist Implementation of invariant code motion optimization, invariant expressions, but can be also used during low level described in this paper is a part of embedded processor passes. Initially, RTCC included HLICM described in paper oriented compiler infrastructure called RTCC [2]. It is a class [3] which was implemented to work only as high level library which includes compiler modules for creating back- optimization. ends for embedded processor compilers. The framework In order to describe the HLICM algorithm we first need to defines sets of modules for: define how to detect invariant computation; then where we analyses – control flow, data dependency, call can move the code; and finally how to determine if code is graph, liveness, alias, single static assignment; movable. These three procedures are defined according to [4] optimizations – common sub-expression as follows: elimination, dead code elimination, constant Definition 1: The definition d: t ← a1 op a2 is loop- propagation, hardware loop detection, invariant invariant within loop L if, for each source operand ai: code motion, induction variable detection, copy 1. ai is a constant, propagation 2. or all the definitions of ai that reach d are outside compilation passes – instruction selection, resource the loop allocation, instruction scheduling, code generation 3. or only one definition of ai reaches d, and that definition is loop-invariant modelling target architecture – resources, 4. op some operation instructions, hazards, latencies, parallelization Definition 2: The preheader basic block p of the loop L is rules immediate dominator of head basic block for the loop L IR (intermediate representation) – translation from Definition 3: The definition d: t ← a1 op a2 can be hoisted FE IR (front-end intermediate representation), to the loop preheader p if: definition of BE IR (back-end intermediate 1. d dominates all loop exists at which t is live-out representation) 2. and there is only one definition of t in the loop IR is defined in form of graph of connected basic blocks 3. and t is not live-out of the loop preheader p that include list of operations. HLIR - high level intermediate Fig. 1 shows simple example with invariant code which can representation includes high level operations which are be detected on HLIR. The output generated after HLICM independent of the target architecture, while LLIR - low level module is displayed in Fig. 2 which shows that the algorithm intermediate representation or low level operations include can successfully detect such scenarios. target specific instructions. Creating a custom compiler requires using an existing front-end and modelling the target L1: processor with RTCC modules, where some of them can be i = 0 used directly while others can be derived and adjusted L2: according to target architecture specifics. if (i > 10) jmp L3 a = 0x101 Source code translation is performed in the compiler’s FE array[i] = a & b until IR is reached. After that FE IR is transformed into RTCC i++ HLIR and compilation resumed in the BE of the compiler. jmp L2 L3: Control flow, data dependency, call graphs, and other L3: analyses are then performed on the HLIR in order to provide Fig. 1. ICM example before HLICM optimization additional information used by other compilation passes and L1: high level code optimizations. Afterwards, HLIR is lowered to i = 0 LLIR with instruction selection module by applying rewriting a = 0x101 t = a & b rules which translate abstract representation into target L2: specific instructions. When LLIR is reached, low level if (i > 100) jmp L3 optimizations, instruction scheduling and resource allocation array[i] = t i++ are performed. Finally, the assembly code is generated. jmp L2 One of the available optimization modules, within RTCC L3: library, is invariant code motion module described in this Fig. 2. ICM
Recommended publications
  • Loop Pipelining with Resource and Timing Constraints

    Loop Pipelining with Resource and Timing Constraints

    UNIVERSITAT POLITÈCNICA DE CATALUNYA LOOP PIPELINING WITH RESOURCE AND TIMING CONSTRAINTS Autor: Fermín Sánchez October, 1995 1 1 1 1 1 1 1 1 2 1• SOFTWARE PIPELINING 1 1 1 2.1 INTRODUCTION 1 Software pipelining [ChaSl] comprises a family of techniques aimed at finding a pipelined schedule of the execution of loop iterations. The pipelined schedule represents a new loop body which may contain instructions belonging to different iterations. The sequential execution of the schedule takes less time than the sequential execution of the iterations of the loop as they were initially written. 1 In general, a pipelined loop schedule has the following characteristics1: • All the iterations (of the new loop) are executed in the same fashion. • The initiation interval (ÍÍ) between the issuing of two consecutive iterations is always the same. 1 Figure 2.1 shows an example of software pipelining a loop. The DDG representing the loop body to pipeline is presented in Figure 2.1(a). The loop must be executed ten times (with an iteration index i G [0,9]). Let us assume that all instructions in the loop are executed in a single cycle 1 and a new iteration may start every cycle (otherwise the dependence between instruction A from 1 We will assume here that the schedule contains a unique iteration of the loop. 1 15 1 1 I I 16 CHAPTER 2 I I time B,, Prol AO Q, BO A, I Q, B, A2 3<i<9 I Steady State D4 B7 I Epilogue Cy I D9 (a) (b) (c) I Figure 2.1 Software pipelining a loop (a) DDG representing a loop body (b) Parallel execution of the loop (c) New parallel loop body I iterations i and i+ 1 will not be honored).- With this assumption,-the loop can be executed in a I more parallel fashion than the sequential one, as shown in Figure 2.1(b).
  • A Methodology for Assessing Javascript Software Protections

    A Methodology for Assessing Javascript Software Protections

    A methodology for Assessing JavaScript Software Protections Pedro Fortuna A methodology for Assessing JavaScript Software Protections Pedro Fortuna About me Pedro Fortuna Co-Founder & CTO @ JSCRAMBLER OWASP Member SECURITY, JAVASCRIPT @pedrofortuna 2 A methodology for Assessing JavaScript Software Protections Pedro Fortuna Agenda 1 4 7 What is Code Protection? Testing Resilience 2 5 Code Obfuscation Metrics Conclusions 3 6 JS Software Protections Q & A Checklist 3 What is Code Protection Part 1 A methodology for Assessing JavaScript Software Protections Pedro Fortuna Intellectual Property Protection Legal or Technical Protection? Alice Bob Software Developer Reverse Engineer Sells her software over the Internet Wants algorithms and data structures Does not need to revert back to original source code 5 A methodology for Assessing JavaScript Software Protections Pedro Fortuna Intellectual Property IP Protection Protection Legal Technical Encryption ? Trusted Computing Server-Side Execution Obfuscation 6 A methodology for Assessing JavaScript Software Protections Pedro Fortuna Code Obfuscation Obfuscation “transforms a program into a form that is more difficult for an adversary to understand or change than the original code” [1] More Difficult “requires more human time, more money, or more computing power to analyze than the original program.” [1] in Collberg, C., and Nagra, J., “Surreptitious software: obfuscation, watermarking, and tamperproofing for software protection.”, Addison- Wesley Professional, 2010. 7 A methodology for Assessing
  • Attacking Client-Side JIT Compilers.Key

    Attacking Client-Side JIT Compilers.Key

    Attacking Client-Side JIT Compilers Samuel Groß (@5aelo) !1 A JavaScript Engine Parser JIT Compiler Interpreter Runtime Garbage Collector !2 A JavaScript Engine • Parser: entrypoint for script execution, usually emits custom Parser bytecode JIT Compiler • Bytecode then consumed by interpreter or JIT compiler • Executing code interacts with the Interpreter runtime which defines the Runtime representation of various data structures, provides builtin functions and objects, etc. Garbage • Garbage collector required to Collector deallocate memory !3 A JavaScript Engine • Parser: entrypoint for script execution, usually emits custom Parser bytecode JIT Compiler • Bytecode then consumed by interpreter or JIT compiler • Executing code interacts with the Interpreter runtime which defines the Runtime representation of various data structures, provides builtin functions and objects, etc. Garbage • Garbage collector required to Collector deallocate memory !4 A JavaScript Engine • Parser: entrypoint for script execution, usually emits custom Parser bytecode JIT Compiler • Bytecode then consumed by interpreter or JIT compiler • Executing code interacts with the Interpreter runtime which defines the Runtime representation of various data structures, provides builtin functions and objects, etc. Garbage • Garbage collector required to Collector deallocate memory !5 A JavaScript Engine • Parser: entrypoint for script execution, usually emits custom Parser bytecode JIT Compiler • Bytecode then consumed by interpreter or JIT compiler • Executing code interacts with the Interpreter runtime which defines the Runtime representation of various data structures, provides builtin functions and objects, etc. Garbage • Garbage collector required to Collector deallocate memory !6 Agenda 1. Background: Runtime Parser • Object representation and Builtins JIT Compiler 2. JIT Compiler Internals • Problem: missing type information • Solution: "speculative" JIT Interpreter 3.
  • Expression Rematerialization for VLIW DSP Processors with Distributed Register Files ?

    Expression Rematerialization for VLIW DSP Processors with Distributed Register Files ?

    Expression Rematerialization for VLIW DSP Processors with Distributed Register Files ? Chung-Ju Wu, Chia-Han Lu, and Jenq-Kuen Lee Department of Computer Science, National Tsing-Hua University, Hsinchu 30013, Taiwan {jasonwu,chlu}@pllab.cs.nthu.edu.tw,[email protected] Abstract. Spill code is the overhead of memory load/store behavior if the available registers are not sufficient to map live ranges during the process of register allocation. Previously, works have been proposed to reduce spill code for the unified register file. For reducing power and cost in design of VLIW DSP processors, distributed register files and multi- bank register architectures are being adopted to eliminate the amount of read/write ports between functional units and registers. This presents new challenges for devising compiler optimization schemes for such ar- chitectures. This paper aims at addressing the issues of reducing spill code via rematerialization for a VLIW DSP processor with distributed register files. Rematerialization is a strategy for register allocator to de- termine if it is cheaper to recompute the value than to use memory load/store. In the paper, we propose a solution to exploit the character- istics of distributed register files where there is the chance to balance or split live ranges. By heuristically estimating register pressure for each register file, we are going to treat them as optional spilled locations rather than spilling to memory. The choice of spilled location might pre- serve an expression result and keep the value alive in different register file. It increases the possibility to do expression rematerialization which is effectively able to reduce spill code.
  • Research of Register Pressure Aware Loop Unrolling Optimizations for Compiler

    Research of Register Pressure Aware Loop Unrolling Optimizations for Compiler

    MATEC Web of Conferences 228, 03008 (2018) https://doi.org/10.1051/matecconf/201822803008 CAS 2018 Research of Register Pressure Aware Loop Unrolling Optimizations for Compiler Xuehua Liu1,2, Liping Ding1,3 , Yanfeng Li1,2 , Guangxuan Chen1,4 , Jin Du5 1Laboratory of Parallel Software and Computational Science, Institute of Software, Chinese Academy of Sciences, Beijing, China 2University of Chinese Academy of Sciences, Beijing, China 3Digital Forensics Lab, Institute of Software Application Technology, Guangzhou & Chinese Academy of Sciences, Guangzhou, China 4Zhejiang Police College, Hangzhou, China 5Yunnan Police College, Kunming, China Abstract. Register pressure problem has been a known problem for compiler because of the mismatch between the infinite number of pseudo registers and the finite number of hard registers. Too heavy register pressure may results in register spilling and then leads to performance degradation. There are a lot of optimizations, especially loop optimizations suffer from register spilling in compiler. In order to fight register pressure and therefore improve the effectiveness of compiler, this research takes the register pressure into account to improve loop unrolling optimization during the transformation process. In addition, a register pressure aware transformation is able to reduce the performance overhead of some fine-grained randomization transformations which can be used to defend against ROP attacks. Experiments showed a peak improvement of about 3.6% and an average improvement of about 1% for SPEC CPU 2006 benchmarks and a peak improvement of about 3% and an average improvement of about 1% for the LINPACK benchmark. 1 Introduction fundamental transformations, because it is not only performed individually at least twice during the Register pressure is the number of hard registers needed compilation process, it is also an important part of to store values in the pseudo registers at given program optimizations like vectorization, module scheduling and point [1] during the compilation process.
  • Equality Saturation: a New Approach to Optimization

    Equality Saturation: a New Approach to Optimization

    Logical Methods in Computer Science Vol. 7 (1:10) 2011, pp. 1–37 Submitted Oct. 12, 2009 www.lmcs-online.org Published Mar. 28, 2011 EQUALITY SATURATION: A NEW APPROACH TO OPTIMIZATION ROSS TATE, MICHAEL STEPP, ZACHARY TATLOCK, AND SORIN LERNER Department of Computer Science and Engineering, University of California, San Diego e-mail address: {rtate,mstepp,ztatlock,lerner}@cs.ucsd.edu Abstract. Optimizations in a traditional compiler are applied sequentially, with each optimization destructively modifying the program to produce a transformed program that is then passed to the next optimization. We present a new approach for structuring the optimization phase of a compiler. In our approach, optimizations take the form of equality analyses that add equality information to a common intermediate representation. The op- timizer works by repeatedly applying these analyses to infer equivalences between program fragments, thus saturating the intermediate representation with equalities. Once saturated, the intermediate representation encodes multiple optimized versions of the input program. At this point, a profitability heuristic picks the final optimized program from the various programs represented in the saturated representation. Our proposed way of structuring optimizers has a variety of benefits over previous approaches: our approach obviates the need to worry about optimization ordering, enables the use of a global optimization heuris- tic that selects among fully optimized programs, and can be used to perform translation validation, even on compilers other than our own. We present our approach, formalize it, and describe our choice of intermediate representation. We also present experimental results showing that our approach is practical in terms of time and space overhead, is effective at discovering intricate optimization opportunities, and is effective at performing translation validation for a realistic optimizer.
  • CS153: Compilers Lecture 19: Optimization

    CS153: Compilers Lecture 19: Optimization

    CS153: Compilers Lecture 19: Optimization Stephen Chong https://www.seas.harvard.edu/courses/cs153 Contains content from lecture notes by Steve Zdancewic and Greg Morrisett Announcements •HW5: Oat v.2 out •Due in 2 weeks •HW6 will be released next week •Implementing optimizations! (and more) Stephen Chong, Harvard University 2 Today •Optimizations •Safety •Constant folding •Algebraic simplification • Strength reduction •Constant propagation •Copy propagation •Dead code elimination •Inlining and specialization • Recursive function inlining •Tail call elimination •Common subexpression elimination Stephen Chong, Harvard University 3 Optimizations •The code generated by our OAT compiler so far is pretty inefficient. •Lots of redundant moves. •Lots of unnecessary arithmetic instructions. •Consider this OAT program: int foo(int w) { var x = 3 + 5; var y = x * w; var z = y - 0; return z * 4; } Stephen Chong, Harvard University 4 Unoptimized vs. Optimized Output .globl _foo _foo: •Hand optimized code: pushl %ebp movl %esp, %ebp _foo: subl $64, %esp shlq $5, %rdi __fresh2: movq %rdi, %rax leal -64(%ebp), %eax ret movl %eax, -48(%ebp) movl 8(%ebp), %eax •Function foo may be movl %eax, %ecx movl -48(%ebp), %eax inlined by the compiler, movl %ecx, (%eax) movl $3, %eax so it can be implemented movl %eax, -44(%ebp) movl $5, %eax by just one instruction! movl %eax, %ecx addl %ecx, -44(%ebp) leal -60(%ebp), %eax movl %eax, -40(%ebp) movl -44(%ebp), %eax Stephen Chong,movl Harvard %eax,University %ecx 5 Why do we need optimizations? •To help programmers… •They write modular, clean, high-level programs •Compiler generates efficient, high-performance assembly •Programmers don’t write optimal code •High-level languages make avoiding redundant computation inconvenient or impossible •e.g.
  • Quaxe, Infinity and Beyond

    Quaxe, Infinity and Beyond

    Quaxe, infinity and beyond Daniel Glazman — WWX 2015 /usr/bin/whoami Primary architect and developer of the leading Web and Ebook editors Nvu and BlueGriffon Former member of the Netscape CSS and Editor engineering teams Involved in Internet and Web Standards since 1990 Currently co-chair of CSS Working Group at W3C New-comer in the Haxe ecosystem Desktop Frameworks Visual Studio (Windows only) Xcode (OS X only) Qt wxWidgets XUL Adobe Air Mobile Frameworks Adobe PhoneGap/Air Xcode (iOS only) Qt Mobile AppCelerator Visual Studio Two solutions but many issues Fragmentation desktop/mobile Heavy runtimes Can’t easily reuse existing c++ libraries Complex to have native-like UI Qt/QtMobile still require c++ Qt’s QML is a weak and convoluted UI language Haxe 9 years success of Multiplatform OSS language Strong affinity to gaming Wide and vibrant community Some press recognition Dead code elimination Compiles to native on all But no native GUI… platforms through c++ and java Best of all worlds Haxe + Qt/QtMobile Multiplatform Native apps, native performance through c++/Java C++/Java lib reusability Introducing Quaxe Native apps w/o c++ complexity Highly dynamic applications on desktop and mobile Native-like UI through Qt HTML5-based UI, CSS-based styling Benefits from Haxe and Qt communities Going from HTML5 to native GUI completeness DOM dynamism in native UI var b: Element = document.getElementById("thirdButton"); var t: Element = document.createElement("input"); t.setAttribute("type", "text"); t.setAttribute("value", "a text field"); b.parentNode.insertBefore(t,
  • Scalable Conditional Induction Variables (CIV) Analysis

    Scalable Conditional Induction Variables (CIV) Analysis

    Scalable Conditional Induction Variables (CIV) Analysis ifact Cosmin E. Oancea Lawrence Rauchwerger rt * * Comple A t te n * A te s W i E * s e n l C l o D C O Department of Computer Science Department of Computer Science and Engineering o * * c u e G m s E u e C e n R t v e o d t * y * s E University of Copenhagen Texas A & M University a a l d u e a [email protected] [email protected] t Abstract k = k0 Ind. k = k0 DO i = 1, N DO i =1,N Var. DO i = 1, N IF(cond(b(i)))THEN Subscripts using induction variables that cannot be ex- k = k+2 ) a(k0+2*i)=.. civ = civ+1 )? pressed as a formula in terms of the enclosing-loop indices a(k)=.. Sub. ENDDO a(civ) = ... appear in the low-level implementation of common pro- ENDDO k=k0+MAX(2N,0) ENDIF ENDDO gramming abstractions such as filter, or stack operations and (a) (b) (c) pose significant challenges to automatic parallelization. Be- Figure 1. Loops with affine and CIV array accesses. cause the complexity of such induction variables is often due to their conditional evaluation across the iteration space of its closed-form equivalent k0+2*i, which enables its in- loops we name them Conditional Induction Variables (CIV). dependent evaluation by all iterations. More importantly, This paper presents a flow-sensitive technique that sum- the resulted code, shown in Figure 1(b), allows the com- marizes both such CIV-based and affine subscripts to pro- piler to verify that the set of points written by any dis- gram level, using the same representation.
  • Induction Variable Analysis with Delayed Abstractions1

    Induction Variable Analysis with Delayed Abstractions1

    Induction Variable Analysis with Delayed Abstractions1 SEBASTIAN POP, and GEORGES-ANDRE´ SILBER CRI, Mines Paris, France and ALBERT COHEN ALCHEMY group, INRIA Futurs, Orsay, France We present the design of an induction variable analyzer suitable for the analysis of typed, low-level, three address representations in SSA form. At the heart of our analyzer stands a new algorithm that recognizes scalar evolutions. We define a representation called trees of recurrences that is able to capture different levels of abstractions: from the finer level that is a subset of the SSA representation restricted to arithmetic operations on scalar variables, to the coarser levels such as the evolution envelopes that abstract sets of possible evolutions in loops. Unlike previous work, our algorithm tracks induction variables without prior classification of a few evolution patterns: different levels of abstraction can be obtained on demand. The low complexity of the algorithm fits the constraints of a production compiler as illustrated by the evaluation of our implementation on standard benchmark programs. Categories and Subject Descriptors: D.3.4 [Programming Languages]: Processors—compilers, interpreters, optimization, retargetable compilers; F.3.2 [Logics and Meanings of Programs]: Semantics of Programming Languages—partial evaluation, program analysis General Terms: Compilers Additional Key Words and Phrases: Scalar evolutions, static analysis, static single assignment representation, assessing compilers heuristics regressions. 1Extension of Conference Paper:
  • Precise Null Pointer Analysis Through Global Value Numbering

    Precise Null Pointer Analysis Through Global Value Numbering

    Precise Null Pointer Analysis Through Global Value Numbering Ankush Das1 and Akash Lal2 1 Carnegie Mellon University, Pittsburgh, PA, USA 2 Microsoft Research, Bangalore, India Abstract. Precise analysis of pointer information plays an important role in many static analysis tools. The precision, however, must be bal- anced against the scalability of the analysis. This paper focusses on improving the precision of standard context and flow insensitive alias analysis algorithms at a low scalability cost. In particular, we present a semantics-preserving program transformation that drastically improves the precision of existing analyses when deciding if a pointer can alias Null. Our program transformation is based on Global Value Number- ing, a scheme inspired from compiler optimization literature. It allows even a flow-insensitive analysis to make use of branch conditions such as checking if a pointer is Null and gain precision. We perform experiments on real-world code and show that the transformation improves precision (in terms of the number of dereferences proved safe) from 86.56% to 98.05%, while incurring a small overhead in the running time. Keywords: Alias Analysis, Global Value Numbering, Static Single As- signment, Null Pointer Analysis 1 Introduction Detecting and eliminating null-pointer exceptions is an important step towards developing reliable systems. Static analysis tools that look for null-pointer ex- ceptions typically employ techniques based on alias analysis to detect possible aliasing between pointers. Two pointer-valued variables are said to alias if they hold the same memory location during runtime. Statically, aliasing can be de- cided in two ways: (a) may-alias [1], where two pointers are said to may-alias if they can point to the same memory location under some possible execution, and (b) must-alias [27], where two pointers are said to must-alias if they always point to the same memory location under all possible executions.
  • A Formally-Verified Alias Analysis

    A Formally-Verified Alias Analysis

    A Formally-Verified Alias Analysis Valentin Robert1;2 and Xavier Leroy1 1 INRIA Paris-Rocquencourt 2 University of California, San Diego [email protected], [email protected] Abstract. This paper reports on the formalization and proof of sound- ness, using the Coq proof assistant, of an alias analysis: a static analysis that approximates the flow of pointer values. The alias analysis con- sidered is of the points-to kind and is intraprocedural, flow-sensitive, field-sensitive, and untyped. Its soundness proof follows the general style of abstract interpretation. The analysis is designed to fit in the Comp- Cert C verified compiler, supporting future aggressive optimizations over memory accesses. 1 Introduction Alias analysis. Most imperative programming languages feature pointers, or object references, as first-class values. With pointers and object references comes the possibility of aliasing: two syntactically-distinct program variables, or two semantically-distinct object fields can contain identical pointers referencing the same shared piece of data. The possibility of aliasing increases the expressiveness of the language, en- abling programmers to implement mutable data structures with sharing; how- ever, it also complicates tremendously formal reasoning about programs, as well as optimizing compilation. In this paper, we focus on optimizing compilation in the presence of pointers and aliasing. Consider, for example, the following C program fragment: ... *p = 1; *q = 2; x = *p + 3; ... Performance would be increased if the compiler propagates the constant 1 stored in p to its use in *p + 3, obtaining ... *p = 1; *q = 2; x = 4; ... This optimization, however, is unsound if p and q can alias.