As a starting point for static program analysis a control flow graph (CFG) is needed. If only the binary executable is available, this CFG has to be reconstructed from sequences of instructions. The usual way to do this is a top-down approach: the executable 's information about routines is used to split the sequence into routines, and then, each instruction is analysed for branch targets in order to compute basic block boundaries. When

Embedded software must meet conflicting requirements such as being highly reliable, running on resource-constrained platforms, and being developed rapidly. Static program analysis can help meet all of these goals. People developing analyzers for embedded object code face a difficult problem: writing an abstract version of each instruction in the target architecture(s). This is currently done by hand, resulting in abstract operations that are both buggy and imprecise. We have developed Hoist: a novel system that solves these problems by automatically constructing abstract operations using a microprocessor (or simulator) as its own specification. With almost no input from a human, Hoist generates a collection of C functions that are ready to be linked into an abstract interpreter. We demonstrate that Hoist generates abstract operations that are correct, having been extensively tested, sufficiently fast, and substantially more precise than manually written abstract operations. Hoist is currently limited to eight-bit machines due to costs exponential in the word size of the target architecture. It is essential to be able to analyze software running on these small processors: they are important and ubiquitous, with many embedded and safety-critical systems being based on them.

This paper presents Lancet, a multi-platform software visualization tool that enables the inspection of programs at the binary code level. Implemented on top of the linktime rewriting framework Diablo, Lancet provides several views on the interprocedural control flow graph of a program. These views can be used to navigate through the program, to edit the program in a e#cient manner, and to interact with the existing whole-program analyses and optimizations that are implemented in Diablo or existing applications of Diablo. As such, Lancet is an ideal tool to examine compiler-generated code, to assist the development of new compiler optimizations, or to optimize assembly code manually.

The hardware description language TDL has been designed with the goal to generate machine-dependent postpass optimizers and analyzers from a concise specification of the target processor. TDL is assembly-oriented and provides a generic modeling of irregular hardware constraints that are typical for many embedded processors. The generic modeling supports graph-based and search-based optimization algorithms. An important design goal of Tdl was to achieve extendibility, so that TDL can be easily integrated in different target applications. TDL is at the base

... this article novel approximation techniques for ILP-based code optimization are presented. The presented approximation techniques mostly produce optimal results while reducing the computation time by orders of magnitude compared to the exact solution. The PROPAN framework has been retargeted to several representative standard digital signal processors. Practical experiments demonstrate the applicability of this approach.

The overhead in terms of code size, power consumption, and execution time caused by the use of precompiled libraries and separate compilation is often unacceptable in the embedded world, where real-time constraints, battery life-time, and production costs are of critical importance. In this paper, we present our link-time optimizer for the ARM architecture. We discuss how we can deal with the peculiarities of the ARM architecture related to its visible program counter and how the introduced overhead can to a large extent be eliminated. Our link-time optimizer is evaluated with four tool chains, two proprietary ones from ARM and two open ones based on GNU GCC. When used with proprietary tool chains from ARM Ltd., our link-time optimizer achieved average code size reductions of 16.0 and 18.5%, while the programs have become 12.8 and 12.3 % faster, and 10.7 to 10.1 % more energy efficient. Finally, we show how the incorporation of link-time optimization in tool chains may influence library interface design.

Abstract not found

Predicated instructions are a feature more and more common in contemporary instruction set architectures. Machine instructions are only executed if an individual guard register associated with the instruction evaluates to true. This enhances execution efficiency, but comes at a price: the control flow of a program is not explicit any more. Instead instructions from the same basic block may belong to different execution paths if they are subject to disjoint guard predicates. Postpass tools processing machine code with the purpose of program analyses or optimizations require the control flow graph of the input program to be known. The effectiveness of postpass analyses and optimizations strongly depends on the precision of the control ow reconstruction. If traditional reconstruction techniques are applied for processors with predicated instructions, their precision is seriously deteriorated. In this paper a generic algorithm is...

High quality code generation for irregular architectures, such as Digital Signal Processors, is a complex task, as it requires a fully integrated approach that simultaneously deals with the most important tasks of instruction selection, register allocation and instruction scheduling.

Code generation in a compiler is commonly divided into several phases: instruction selection, scheduling, register allocation, spill code generation, and, in the case of clustered architectures, cluster assignment. These phases are interdependent; for instance, a decision in the instruction selection phase affects how an operation can be scheduled. We examine the effect of this separation of phases on the quality of the generated code. To study this we have formulated optimal methods for code generation with integer linear programming; first for acyclic code and then we extend this method to modulo scheduling of loops. In our experiments we compare optimal modulo scheduling, where all phases are integrated, to modulo scheduling, where instruction selection and cluster assignment are done in a separate phase. The results show that, for an architecture with two clusters, the integrated method finds a better solution than the non-integrated method for 27 % of the instances.