In this paper, we present a new algorithm for partial program verification that runs in polynomial time and space. We are interested in checking that a program satisfies a given temporal safety property. Our insight is that by accurately modeling only those branches in a program for which the property-related behavior differs along the arms of the branch, we can design an algorithm that is accurate enough to verify the program with respect to the given property, without paying the potentially exponential cost of full pathsensitive analysis. We have implemented this “property simulation ” algorithm as part of a partial verification tool called ESP. We present the results of applying ESP to the problem of verifying the file I/O behavior of a version of the GNU C compiler (gcc, 140,000 LOC). We are able to prove that all of the 646 calls to fprintf in the source code of gcc are guaranteed to print to valid, open files. Our results show that property simulation scales to large programs and is accurate enough to verify meaningful properties.

Abstract not found

Translation validation establishes a posteriori the correctness of a run of a compilation pass or other program transformation. In this paper, we develop an efficient translation validation algorithm for the Lazy Code Motion (LCM) optimization. LCM is an interesting challenge for validation because it is a global optimization that moves code across loops. Consequently, care must be taken not to move computations that may fail before loops that may not terminate. Our validator includes a specific check for anticipability to rule out such incorrect moves. We present a mechanicallychecked proof of correctness of the validation algorithm, using the Coq proof assistant. Combining our validator with an unverified implementation of LCM, we obtain a LCM pass that is provably semantics-preserving and was integrated in the CompCert formally verified compiler.

We introduce filters, an abstract-interpretation variant, to incrementally refine a naively generated state space and help validate path properties of the space via model checking. Filters can be represented equivalently as (i) state-transition-based abstract interpretations, (ii) "property automata," or (iii) path formulas in a CTL*- variant. We give examples of filters and show their application in the FLAVERS static analysis system. It is no accident that a compiler uses a control flow graph (cfg ) as its "abstract interpretation of choice" for a sequential program: A program's cfg possesses a manageable state space, and a variety of code improvements are enacted by conducting additional flow analyses on top of the cfg . Of course, such analyses are abstract interpretations (ai s) themselves, but what is noteworthy here is that the cfg is used as the base structure upon which another analysis is placed: one ai (the flow analysis) "filters" the other (the cfg ). Unfortunately, this ...

We prove that there is no difference between code motion (CM ) and code placement (CP) in the traditional syntactic setting, however, a dramatic difference in the semantic setting. We demonstrate this by re-investigating semantic CM under the perspective of the recent development of syntactic CM. Besides clarifying and highlightening the analogies and essential differences between the syntactic and the semantic approach, this leads as a side-effect to a drastical reduction of the conceptual complexity of the value-flow based procedure for semantic CM of [28], as the original bidirectional analysis is decomposed into purely unidirectional components. On the theoretical side, this establishes a natural semantical understanding in terms of the Herbrand interpretation (transparent equivalence), and thus eases the proof of correctness; moreover, it shows the frontier of semantic CM, and gives reason for the lack of algorithms going beyond. On the practical side, it simplifies the implement...

Fully supporting end-to-end processes requires combining service orientation—which takes an engineering approach to reducing the gap between software requirements and implementation—with model-driven design—which addresses the same problem in terms of well-understood mathematical structures. Globalization is a general and inevitable trend that started with enterprises and politics and now increasingly characterizes the process landscape. Worldwide operations require global process modeling, coordination, and— at least since the Sarbanes-Oxley Act and Basel II— transparency. This puts enormous pressure on process management and its efficiency, compliance, reliability, and agility. Especially in large organizations, minimizing the total cost of ownership, controlling risk, and protecting

Data-flow analysis is an integral part of any aggressive optimizing compiler. We propose a framework for improving the precision of data-flow analysis in the presence of complex control-flow. We initially perform data-flow analysis to determine those control-flow merges which cause the loss in data-flow analysis precision. The control-flow graph of the program is then restructured such that performing data-flow analysis on the resulting restructured graph gives more precise results. The proposed framework is both simple, involving the familiar notion of product automata, and also general, since it is applicable to any forward or backward data-flow analysis. Apart from proving that our restructuring process is correct, we also show that restructuring is profitable in that it necessarily leads to more optimization opportunities. Furthermore, the framework handles the trade-off between the increase in data-flow precision and the code size increase inherent in the restructuring. We show that determining an optimal restructuring is NP-hard, and propose and evaluate a greedy strategy. The framework has been implemented in the Scale research compiler, and instantiated for the specific problem of Constant Propagation. 1.

A lifetime optimal algorithm, called MC-PRE, is presented for the first time that performs speculative PRE based on edge profiles. In addition to being computationally optimal in the sense that the total number of dynamic computations for an expression in the transformed code is minimized, MC-PRE is also lifetime optimal since the lifetimes of introduced temporaries are also minimized. The key in achieving lifetime optimality lies not only in finding a unique minimum cut on a transformed graph of a given CFG but also in performing a data-flow analysis directly on the CFG to avoid making unnecessary code insertions and deletions. The lifetime optimal results are rigorously proved. We evaluate our algorithm in GCC against three previously published PRE algorithms, namely, MC-PREcomp (Qiong and Xue’s computationally optimal version of MC-PRE), LCM (Knoop, Rüthing and Steffen’s lifetime optimal algorithm for performing non-speculative PRE) and CMP-PRE (Bodik, Gupta and Soffa’s PRE algorithm based on code-motion preventing (CMP) regions, which is speculative but not computationally optimal). We report and analyze our experimental results, obtained from both actual program execution and instrumentation, for all 22 C, C++ and FORTRAN 77 benchmarks from SPECcpu2000 on an Itanium 2 computer system. Our results show that MC-PRE (or MC-PREcomp) is capable of eliminating more partial redundancies than both LCM and CMP-PRE (especially in functions with complex control flow), and in addition, MC-PRE inserts temporaries with shorter lifetimes than MC-PREcomp. Each of both benefits has contributed to the performance improvements in benchmark programs at the costs of only small compile-time and code-size increases in some benchmarks.

Abstract. Traditional code optimization techniques treat loops as nonpredictable structures and do not consider expressions containing array accesses for optimization. We show that the polyhedron model can be used to implement code placement techniques that exploit equalities of expressions that hold between loop iterations. We also present preliminaryresults for a simple example. 1

Abstract Enhanced pipeline scheduling (EPS) is a software pipelining technique which can achieve a variable initiation interval (II) for loops with control flows via its code motion pipelining. EPS, however, leaves behind many renaming copy instructions that cannot be coalesced due to interferences. These copies take resources, and more seriously, they may cause a stall if they rename a multi-latency instruction whose latency is longer than the II aimed for by EPS.