Symbolic Range of Pointers in C programs

Participants : Vitor Paisante [Univ. Mineas Gerais, Brazil] , Maroua Maalej, Leonardo Barbosa [Univ. Mineas Gerais, Brazil] , Laure Gonnord, Fernando Pereira [Univ. Mineas Gerais, Brazil] .

Alias analysis is one of the most fundamental techniques that compilers use to optimize languages with pointers. However, in spite of all the attention that this topic has received, the current state-of-the-art approaches inside compilers still face challenges regarding precision and speed. In particular, pointer arithmetic, a key feature in C and C++, is yet to be handled satisfactorily. We designed a new alias analysis algorithm to solve this problem. The key insight of our approach is to combine alias analysis with symbolic range analysis. This combination lets us disambiguate fields within arrays and structs, effectively achieving more precision than traditional algorithms. To validate our technique, we have implemented it on top of the LLVM compiler. Tests on a vast suite of benchmarks show that we can disambiguate several kinds of C idioms that current state-of-the-art analyses cannot deal with. In particular, we can disambiguate 1.35x more queries than the alias analysis currently available in LLVM. Furthermore, our analysis is very fast: we can go over one million assembly instructions in 10 seconds.

This work has been accepted at CGO'16 [30] . An extended version of the related work is available as an Inria research report [27] and will be the basis of a journal submission.