In this paper, we present a new algorithm for partial program verification that runs in polynomial time and space. We are interested in checking that a program satisfies a given temporal safety property. Our insight is that by accurately modeling only those branches in a program for which the property-related behavior differs along the arms of the branch, we can design an algorithm that is accurate enough to verify the program with respect to the given property, without paying the potentially exponential cost of full pathsensitive analysis. We have implemented this “property simulation ” algorithm as part of a partial verification tool called ESP. We present the results of applying ESP to the problem of verifying the file I/O behavior of a version of the GNU C compiler (gcc, 140,000 LOC). We are able to prove that all of the 646 calls to fprintf in the source code of gcc are guaranteed to print to valid, open files. Our results show that property simulation scales to large programs and is accurate enough to verify meaningful properties.

Abstract-Some properties guide program testing. of a program data flow can be used to The presented approach aims to exercise usedefinition chains that appear in the program. Two such data oriented testing strategies are proposed; the first involves checking liveness of every definition of a variable at the point(s) of its possible use; the second deals with liveness of vectors of variables treated as arguments to an instruction or program block. Reliability of these strategies is discussed with respect to a program containing an error. Index Terms-Control flow, data context, data environment, data flow, data oriented testing, program testing, liveness,.variable definition. I.

Until recently, information-flow analysis has been used primarily to verify that information trans-mission between program variables cannot violate security requirements. Here, the notion of infor-mation flow is explored as an aid to program development and validation. Information-flow relations are presented for while-programs, which identify those program statements whose execution may cause information to be transmitted from or to particular input, internal, or output values. It is shown with examples how these flow relations can be helpful in writing, testing, and updating programs; they also usefully extend the class of errors which can be detected automatically in the “static analysis ” of a program.

In recent experiments, array privatization played a critical role in successful parallelization of several real programs. This paper presents compiler algorithms for the program analysis for this transformation. The paper also addresses issues in the implementation. 1 Introduction The diversity of parallel architectures makes it difficult to write efficient parallel programs in a machine independent language. For a long time, many researchers have pursued the goal of automatic transformation of sequential programs into parallel machine code. Unfortunately, the result has been unsatisfactory. Many transformation techniques used in existing compilers do not prove to be effective in practice [EB91], mainly because they handle relatively simple cases. On the other hand, recent experiments show significant results by solving more complex cases, using hand-performed new analyses and transformations [EHJ + 91], [EHLP91]. A technique called array privatization, along with other techniques,...

High-performance, general-purpose microprocessors serve as compute engines for computers ranging from personal computers to supercomputers. Sequential programs constitute a major portion of real-world software that run on the computers. State-of-the-art microprocessors exploit instruction level parallelism (ILP) to achieve high performance on such applications by searching for independent instructions in a dynamic window of instructions and executing them on a wide-issue pipeline. Increasing the window size and the issue width to extract more ILP may hinder achieving high clock speeds, limiting overall performance. The Multiscalar architecture employs multiple small windows and many narrow-issue processing units to exploit ILP at high clock speeds. Sequential programs are partitioned into code fragments called tasks, which are speculatively executed in parallel. Inter-task register dependences are honored via communication and synchronization and inter-task control flow and memory depe...

In this paper, we present a new algorithm for program verification that runs in polynomial time and space. We are interested in checking that a program satisfies a given temporal safety property. Our insight is that by accurately modeling only those branches in a program for which the propertyrelated behaviour of the program differs along the arms of the branch, we can design an algorithm that is accurate enough for verification without paying the exponential cost of full path-sensitive analysis.

In this paper we propose a new framework for elimination-based exhaustive and incremental data flow analysis using DJ graphs. In this paper we give an overview of our framework. The details can be found in our two long reports [SGL95a, SG95a]. These two reports are available from our WWW URL http://www-acaps.cs.mcgill.ca/~sreedhar/pubs.html OR http://www-acaps.cs.mcgill.ca/doc/memos.html i Contents 1 Introduction 1 2 Exhaustive Data Flow Analysis 3 2.1 The Eager Elimination Method : : : : : : : : : : : : : : : : : : : : : : : : : : : : 3 2.1.1 Correctness of Eager Elimination : : : : : : : : : : : : : : : : : : : : : : : 8 2.2 The Delayed Elimination Method : : : : : : : : : : : : : : : : : : : : : : : : : : : 9 2.3 The Complexity of Our Exhaustive Elimination Methods : : : : : : : : : : : : : 11 3 Handling Irreducibility 13 4 Incremental Data Flow Analysis 13 4.1 Updating the Final Flow Equations: Non-Structural Changes : : : : : : : : : : : 14 4.2 Updating the Final Flow Equa...

Dependence relationships among the statements of a program are important to understand for various software development and maintenance purposes. The program's dependence graph is used as a base for various types of program analyses. A dependence graph represents the potential for one statement in a program to affect another in terms of the control and data dependencies among a program's statements. A dependence graph is a directed multi-graph; the vertices of the graph represent the statements in a program and the arcs represent control and data dependencies separately. During the past two decades the value of a dependence graph as a program representation has been recognized by a wide audience and the definition has been extended in various ways in order to incorporate dependence relationships in various types of programs. Ths

In this paper we present a new approach to elimination based data flow analysis that uses a program representation called the DJ Graph. The skeleton of the DJ graph of a program is the dominator tree of its flowgraph (whose edges are called D edges in this paper), and the tree skeleton is augmented with join edges (called J edges in this paper). Unlike the previous elimination methods, which first reduce a flowgraph to a single node, our approach only eliminate J edges from the DJ graph in a bottom-up fashion during the reduction process, while maintainting the dominator tree structure (which may be compressed). We propose two methods for eliminating variables: (1) eager elimination method, and (2) delayed elimination method. With eager elimination, we first perform variable elimination on the DJ-graph in a bottom-up manner. Once we determine the solution for the root node, we propagate this information in a top-down fashion on the dominator tree and determine the corresponding solutio...

Flow grammars provide a new mechanism for modelling control flow in flow analyzers and code optimizers. Existing methods for representing control flow are inadequate in terms of both their generality and their accuracy. Flow grammars overcome these deficiencies and are well-suited to the specification and solution of data flow analysis problems.