Abstract
Array-Range Analysis computes at compile time the range of possible index values for each array-index expression in a program. This information can be used to detect potential out-of-bounds array accesses and to identify non-aliasing array accesses. In a language like C, where arrays can be accessed indirectly via pointers, and where pointer arithmetic is allowed, range analysis must be extended to compute the range of possible values for each pointer dereference.
This paper describes a Pointer-Range Analysis algorithm that computes a safe approximation of the set of memory locations that may be accessed by each pointer dereference. To properly account for non-trivial aspects of C, including pointer arithmetic and type-casting, a range representation is described that separates the identity of a pointer’s target location from its type; this separation allows a concise representation of pointers to multiple arrays, and precise handling of mismatched-type pointer arithmetic.
This work was supported in part by the National Science Foundation under grants CCR-9987435 and CCR-0305387.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: International Conference on Compiler Construction, Barcelona, Spain (March 2004)
Blume, W., Eigenmann, R.: Demand-driven, symbolic range propagation. In: 8th International workshop on Languages and Compilers for Parallel Computing, pp. 141–160, Columbus, OH (August 1995)
Bodik, R., Gupta, R., Sarkar, V.: ABCD: Eliminating array bounds checks on demand. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Vancouver, BC, June 2000, pp. 321–333 (2000)
Carlisle, M.C., Rogers, A.: Software caching and computation migration in Olden. Technical Report TR-483-95, Princeton University (1995)
Cousot, P., Cousot, R.: Static determination of dynamic properties of programs. In: ACM Symposium on Principles of Programming Languages, April 1976, pp. 106–130 (1976)
Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: ACM Symposium on Principles of Programming Languages, Januany 1978, pp. 84–96 (1978)
Creusillet, B., Irigoin, F.: Interprocedural array region analyses. International Journal of Parallel Programming 24(6), 513–546 (1996)
Das, M.: Unification-based pointer analysis with directional assignments. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Vancouver, BC, June 2000, pp. 35–46 (2000)
Dor, N., Rodeh, M., Sagiv, M.: Cleanness checking of string manipulations in C programs via integer analysis. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, p. 194. Springer, Heidelberg (2001)
Emami, M., Ghiya, R., Hendren, L.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Orlando, FL, June 1994, pp. 242–256 (1994)
Gu, J., Li, Z., Lee, G.: Symbolic array dataflow analysis for array privatization and program parallelization. In: ACM/IEEE Conference on Supercomputing, San Diego, CA (December 1995)
Gupta, M., Mukhopadhyay, S., Sinha, N.: Automatic parallelization of recursive procedures. In: International Conference on Parallel Architectures and Compilation Techniques (PACT), Newport Beach, CA, October 1999, pp. 139–148. IEEE Computer Society, Los Alamitos (1999)
Harrison, W.H.: Compiler analysis of the value ranges for variables. IEEE Transactions on Software Engineering SE-3, 243–250 (1977)
Havlak, P., Kennedy, K.: An implementation of interprocedural bounded regular section analysis. IEEE Transactions of Parallel and Distributed Computing 2(3), 350–360 (1991)
Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of C. In: USENIX Annual Technical Conference, Monterey, CA (June 2002)
Landi, W., Ryder, B.G.: A safe approximate algorithm for interprocedural pointer aliasing. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, San Francisco, CA, June 1992, pp. 235–248 (1992)
Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: USENIX Security Symposium, Washington, D.C. (August. 2001)
Martin, F.: Experimental comparison of call string and functional approaches to interprocedural analysis. In: Jähnichen, S. (ed.) CC 1999. LNCS, vol. 1575, pp. 63–75. Springer, Heidelberg (1999)
Patterson, J.R.C.: Accurate static branch prediction by value range propagation. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, La Jolla, CA, June 1995, pp. 67–78 (1995)
Pugh, W., Wonnacott, D.: Constraint-based array dependence analysis. ACM Transactions on Programming Languages and Systems 20(3), 635–678 (1998)
Rugina, R., Rinard, M.: Symbolic bounds analysis of pointers, array indices, and accessed memory regions. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Vancouver, BC, June 2000, pp. 182–195 (2000)
Stephenson, M., Babb, J., Amarasinghe, S.: Bitwidth analysis with application to silicon compilation. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Vancouver, BC, June 2000, pp. 108–120 (2000)
Su, Z., Wagner, D.: A class of polynomially solvable range constraints for interval analysis without widenings and narrowings. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 280–295. Springer, Heidelberg (2004)
Verbrugge, C., Co, P., Hendren, L.: Generalized constant propagation: A study in C. In: Gyimóthy, T. (ed.) CC 1996. LNCS, vol. 1060, pp. 74–90. Springer, Heidelberg (1996)
Wagner, D., Foster, J., Brewer, E., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Symposium on Network and Distributed Systems Security, San Diego, CA, February 2000, pp. 3–17 (2000)
Welsh, J.: Economic range checks in Pascal. Software–Practice and Experience 8, 85–97 (1978)
Wilson, R.P., Lam, M.S.: Efficient context-sensitive pointer analysis for C programs. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, La Jolla, CA, June 1995, pp. 1–12 (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yong, S.H., Horwitz, S. (2004). Pointer-Range Analysis. In: Giacobazzi, R. (eds) Static Analysis. SAS 2004. Lecture Notes in Computer Science, vol 3148. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27864-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-27864-1_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22791-5
Online ISBN: 978-3-540-27864-1
eBook Packages: Springer Book Archive