Abstract not found

Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-sensitivity, and while there has been significant recent progress regarding scalable context-sensitive pointer analysis, relatively little progress has been made in improving the scalability of flow-sensitive pointer analysis. This paper presents a new interprocedural, flow-sensitive pointer analysis algorithm that combines two ideas—semi-sparse analysis and a novel use of BDDs—that arise from a careful understanding of the unique challenges that face flow-sensitive pointer analysis. We evaluate our algorithm on 12 C benchmarks ranging from 11K to 474K lines of code. Our fastest algorithm is on average 197× faster and uses 4.6 × less memory than the state of the art, and it can analyze programs that are an order of magnitude larger than the previous state of the art.

This dissertation presents a critical rethinking of the Java bytecode verification architecture from the perspective of a software engineer. In existing commercial implementations of the Java Virtual Machine, there is a tight coupling between the dynamic linking process and the bytecode verifier. This leads to delocalized and interleaving program plans, making the verifier difficult to maintain and comprehend. A modular mobile code verification architecture, called Proof Linking, is proposed. By establishing explicit verification interfaces in the form of proof obligations and commitments, and by careful scheduling of linking events, Proof Linking supports the construction of bytecode verifier as a separate engineering component, fully decoupled from Java's dynamic linking process. This turns out to have two additional benefits: (1) Modularization enables distributed verification protocols, in which part of the verification burden can be safely offloaded to remote sites; (2) Alternative static analyses can now be integrated into Java's dynamic linking process with ease, thereby making it convenient to extend the protection mechanism of Java. These benefits make Proof Linking a competitive verification architecture for mobile code systems. A prototype of the Proof Linking Architecture has been implemented in an open source Java Virtual Machine, the Aegis VM (http://aegisvm.sourceforge.net). On the

Many program analyses perform better and produce more precise results when they are given precise pointer information. One dimension of precision is flow-sensitive pointer analysis (i.e., an analysis that respects a program’s control-flow), which has been shown to be useful for important applications such as program verification and understanding, among others. However, this type of pointer analysis has historically been unable to scale to programs beyond a few tens of thousands of lines of code. We present a new interprocedural flow-sensitive pointer analysis that has significantly better performance than the current stateof-the-art. There are two key ideas behind our algorithm: (1) We stage the pointer analysis by first running a flow-insensitive auxiliary pointer analysis that produces conservative def-use information; the primary flow-sensitive analysis can then employ a sparse analysis that efficiently propagates pointer information across these conservative def-use chains; and (2) we exploit a novel notion of equivalence called access equivalence, which allows the algorithm to efficiently apply the conservative def-use information for the sparse analysis even when the conservative nature of the auxiliary analysis produces a huge amount of def-use information. Together, these techniques produce the first flow-sensitive pointer analysis that can analyze a C program with 1.9M lines of code, an order of magnitude improvement over the previous state-of-the-art. 1.

Abstract not found

In this report we study the e#ect of an optimizing algorithm for straight--line code which first constructs a directed acyclic graph representing the given program and then generates code from it. We show that this algorithm produces optimal code with respect to the classical transformations such as Constant Folding, Common Subexpression Elimination, and Dead Code Elimination. In contrast to the former, the latter are also applicable to iterative code containing loops. We can show that the graph--based algorithm essentially corresponds to a combination of the three classical optimizations in conjunction with Copy Propagation. Thus, apart from its theoretical importance, this result is relevant for practical compiler design as it allows to exploit the optimization potential of the graph--based algorithm for non--linear code as well. 1

Static single assignment form (SSA) [5] is nearly ubiquitous in the compiler world. It is dearly loved by most compiler writers, and even more so by undergraduate compiler-class instructors. Its popularity comes from a number of powerful features: • It fits neatly into a 45 minute exam question. • It provides flow-sensitivity for free. • It adds sparseness to analyses, which can greatly reduce their run-time (especially for propagation algorithms). • The single assignment property greatly reduces memory usage, compared to traditional bit-vector analyses. • Factored use-def chains mitigate the explosion in memory use of use-def chains in certain circumstances. In an ideal world, every compiler could use an end-to-end SSA representation, from just after parsing [2], right the way through to code generation [7]. 1.1 Problem But a great big elephant sits in the room: you can’t just go straight into SSA form. In real compilers/languages, some form of alias analysis must be performed before SSA construction. Even in representations that incorporate alias analysis results into SSA, such as HSSA 1 [4], the alias analysis runs first, as a separate pass. As a result, the alias analysis cannot run on SSA, and cannot benefit from its properties. There have been a few nice ideas for more precise alias analysis recently. Our favourite, from Pioli and Hind [11], avoids analysing unrealizable paths by performing Conditional Constant Propagation (CCP) simultaneously with alias analysis. However, this requires moving another analysis out of SSA form, reducing further its benefits. One of the most elegant features of SSA is that it allows a unified value propagation framework. Sparse Conditional Constant

We present the design and implementation of a compiler from OCaml bytecode to Javascript. We believe that taking bytecode as input instead of a high-level language is a sensible choice. Virtual machines provide a very stable API. Such a compiler is thus easy to maintain. It is also convenient to use: it can just be added to an existing installation of the development tools. Already compiled libraries can be used directly, with no need to reinstall anything. Finally, some virtual machines are the target of several languages. A bytecode to Javascript compiler would make it possible to retarget all these languages to Web browsers at once.