Runtime Value Numbering: A Profiling Technique to Pinpoint Redundant Computations

Global value numbering using random interpretation

ACM SIGPLAN Notices ◽

10.1145/982962.964030 ◽

2004 ◽

Vol 39 (1) ◽

pp. 342-352 ◽

Cited By ~ 1

Author(s):

Sumit Gulwani ◽

George C. Necula

Keyword(s):

Value Numbering

Download Full-text

Global code motion/global value numbering

ACM SIGPLAN Notices ◽

10.1145/223428.207154 ◽

1995 ◽

Vol 30 (6) ◽

pp. 246-257 ◽

Cited By ~ 22

Author(s):

Cliff Click

Keyword(s):

Value Numbering ◽

Code Motion

Download Full-text

A New Technique for Copy Propagation And Dead Code Elimination Using Hash Based Value Numbering

2006 International Conference on Advanced Computing and Communications ◽

10.1109/adcom.2006.4289962 ◽

2006 ◽

Cited By ~ 1

Author(s):

K. V. N. Sunitha ◽

V. Vijaya Kumar

Keyword(s):

New Technique ◽

Dead Code ◽

A New Technique ◽

Value Numbering

Download Full-text

Symbolic Execution Based Intra-Procedural Analysis for Search for Defects

Proceedings of the Institute for System Programming of RAS ◽

10.15514/ispras-2020-32(6)-7 ◽

2020 ◽

Vol 32 (6) ◽

pp. 87-100

Author(s):

Alexey Evgenevich Borodin ◽

Irina Aleksandrovna Dudina

Keyword(s):

Symbolic Execution ◽

Analysis Tool ◽

Bug Detection ◽

Call Graph ◽

Quality Of Reports ◽

Speed Up ◽

Abstract Domains ◽

Value Numbering ◽

Static Analysis Tool

Svace is a static analysis tool for bug detection in C/C++/Java source code. To analyze a program, Svace performs an intra-procedure analysis of individual functions, starting from the leaves of a call-graph and moving towards the roots, and uses summaries of previously analyzed procedures at call-cites. In this paper, we overview the approaches and techniques employed by Svace for the intra-procedural analysis. This phase is performed by an analyzer engine and an extensible set of detectors. The core engine employs a symbolic execution approach with state merging. It uses value numbering to reduce the set of symbolic expressions, maintains points-to relationship graph for memory modeling, and performs strong and weak updates of program values. Detectors are responsible for discovering and reporting bugs. They calculate different properties of program values using a variety of abstract domains. All detectors work simultaneously orchestrated by the engine. Svace analysis is unsound and employs a variety of heuristics to speed-up. We designed Svace to analyze big projects (several MLOCs) in just a few hours and report as many warnings as possible, while keeping a good quality of reports ≥ 65 of true positives). For example, Tizen 5.5 (20MLOC) analysis takes 8.6 hours and produces 18,920 warnings, more than 70% of which are true-positive.

Download Full-text