Existing tools struggle to detect memory safety issues in GPU programs, such as input-dependent out-of-bounds (OOB) accesses and intra-allocation OOB errors caused by logical memory partitioning. This work proposes SCuBA, a compile-time static analysis technique that models semantic relationships between CPU and GPU code to generate constraints, which are then verified by a SAT solver to determine whether OOB accesses can occur under any input. SCuBA also tracks logical memory partitions to identify intra-allocation OOB violations. To the best of our knowledge, SCuBA is the first approach to precisely detect both input-dependent and intra-allocation OOB errors at compile time, overcoming the limitations of traditional runtime tools. Experimental evaluation demonstrates that SCuBA successfully identifies all 45 subtle bugs missed by tools like Compute Sanitizer across 20 benchmark programs, with zero false positives.

Memory safety bugs, such as out-of-bound accesses (OOB) in GPU programs, can compromise the security and reliability of GPU-accelerated software. We report the existence of input-dependent OOBs in the wild that manifest only under specific inputs. All existing tools to detect OOBs in GPU programs rely on runtime techniques that require an OOB to manifest for detection. Thus, input-dependent OOBs elude them. We also discover intra-allocation OOBs that arise in the presence of logical partitioning of a memory allocation into multiple data structures. Existing techniques are oblivious to the possibility of such OOBs. We make a key observation that the presence (or absence) of semantic relations among program variables, which determines the size of allocations (CPU code) and those calculating offsets into memory allocations (GPU code), helps identify the absence (or presence) of OOBs. We build SCuBA, a first-of-its-kind compile-time technique that analyzes CPU and GPU code to capture such semantic relations (if present). It uses a SAT solver to check if an OOB access is possible under any input, given the captured relations expressed as constraints. It further analyzes GPU code to track logical partitioning of memory allocations for detecting intra-allocation OOB. Compared to NVIDIA's Compute Sanitizer that misses 45 elusive memory bugs across 20 programs, SCuBA misses none with no false alarms.