ABCD: Eliminating Array Bounds Checks on Demand

Abstract

Bounds overflow is one of the most frequently encountered errors in C programs. To guarantee type-safe execution, C and other typed languages require bounds checking of array accesses. Using existing powerful bounds-check optimizers at run time is not feasible, however, because they are too heavy-weight for the dynamic compilation setting. ABCD, is a light-weight algorithm for elimination of array bounds checking on demand, and its design emphasizes simplicity and efficiency. 

Benefits to LLVM and LLVMers

ABCD algorithm is a light-weight method to check array bounds to eliminate both fully and partial redundant checks. Hence, if I implement it based on LLVM, LLVM will have the ability to do a light-weight check on array access. I want to write one or several passes to implement the algorithm, so perhaps people who want to do some research on checking out-of-bounds errors can be inspired from my project. They can add their own new contribution to increase the analysis accuracy, or use some of my passes to do a variety of their own jobs.

Deliverables

In my project, I plan to write several passes to implement the ABCD algorithm. So the following is necessary: (a) the pass(es) implementing the algorithm, (b) a document explaining the implementation, and (c) the benchmarks and the corresponding outcome for the implementation.

Project Details

ABCD, the algorithm I want to implement, is a light-weight algorithm for elimination of array bounds checking on demand, and its design emphasizes simplicity and efficiency. It works by adding a few edges to the SSA value graph and performing a simple traversal of the graph. A straightforward approach to detecting redundant checks is to construct a constraint system at each point, and then apply a theorem prover at the point of the bounds check. Both of these are expensive steps, so ABCD builds a single, program-point-independent constraint system, instead of constraint propagation, and performs a simple, demand-driven traversal of the sparse representation, instead of relying on a theorem prover. The entire ABCD algorithm contain mainly three components: (a) build the extension-SSA form, (b) build the inequality graph, and (3) remove the redundant checks.

       Perhaps I don’t have enough time to implement both fully and partial redundant elimination of ABCD algorithm, but I promise I will implement the fully redundant elimination and do my best to implement the other part.