Results 1  10
of
46
Perspectives on Program Analysis
, 1996
"... eing analysed. On the negative side, the semantic correctness of the analysis is seldom established and therefore there is often no formal justification for the program transformations for which the information is used. The semantics based approach [1; 5] is often based on domain theory in the form ..."
Abstract

Cited by 529 (33 self)
 Add to MetaCart
eing analysed. On the negative side, the semantic correctness of the analysis is seldom established and therefore there is often no formal justification for the program transformations for which the information is used. The semantics based approach [1; 5] is often based on domain theory in the form of abstract domains modelling sets of values, projections, or partial equivalence relations. The approach tends to focus more directly on discovering the extensional properties of interest: for constant propagation it might operate on sets of values with constancy corresponding to singletons, and for neededness analysis it might perform a strictness analysis and use the strictness information for neededness (or make use of the "absence" notion from projection analysis and attempt to discover the di#erence). On the positive side, this usually gives rise to provably correct analyses, although there are sometimes complications (due to deciding what information to stick onto the
Scalable propagationbased call graph construction algorithms
 In Conference on ObjectOriented Programming Systems, Languages, and Applications
, 2000
"... ..."
Call Graph Construction in ObjectOriented Languages
, 1997
"... Interprocedural analyses enable optimizing compilers to more precisely model the effects of noninlined procedure calls, potentially resulting in substantial increases in application performance. Applying interprocedural analysis to programs written in objectoriented or functional languages is comp ..."
Abstract

Cited by 110 (3 self)
 Add to MetaCart
Interprocedural analyses enable optimizing compilers to more precisely model the effects of noninlined procedure calls, potentially resulting in substantial increases in application performance. Applying interprocedural analysis to programs written in objectoriented or functional languages is complicated by the difficulty of constructing an accurate program call graph. This paper presents a parameterized algorithmic framework for call graph construction in the presence of message sends and/or firstclass functions. We use this framework to describe and to implement a number of wellknown and new algorithms. We then empirically assess these algorithms by applying them to a suite of mediumsized programs written in Cecil and Java, reporting on the relative cost of the analyses, the relative precision of the constructed call graphs, and the impact of this precision on the effectiveness of a number of interprocedural optimizations. 1 Introduction Interprocedural analysis can enable subs...
A framework for call graph construction algorithms
 ACM Transactions on Programming Languages and Systems
, 2001
"... A large number of call graph construction algorithms for objectoriented and functional languages have been proposed, each embodying different tradeoffs between analysis cost and call graph precision. In this article we present a unifying framework for understanding call graph construction algorithm ..."
Abstract

Cited by 68 (2 self)
 Add to MetaCart
A large number of call graph construction algorithms for objectoriented and functional languages have been proposed, each embodying different tradeoffs between analysis cost and call graph precision. In this article we present a unifying framework for understanding call graph construction algorithms and an empirical comparison of a representative set of algorithms. We first present a general parameterized algorithm that encompasses many wellknown and novel call graph construction algorithms. We have implemented this general algorithm in the Vortex compiler infrastructure, a mature, multilanguage, optimizing compiler. The Vortex implementation provides a “level playing field ” for meaningful crossalgorithm performance comparisons. The costs and benefits of a number of call graph construction algorithms are empirically assessed by applying their Vortex implementation to a suite of sizeable (5,000 to 50,000 lines of code) Cecil and Java programs. For many of these applications, interprocedural analysis enabled substantial speedups over an already highly optimized baseline. Furthermore, a significant fraction of these speedups can be obtained through the use of a scalable, nearlinear time call graph construction algorithm.
Fast Interprocedural Class Analysis
 IN SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 1998
"... Previous algorithms for interprocedural control flow analysis of higherorder and/or objectoriented languages have been described that perform propagation or constraint satisfaction and take O(N³) time (such as Shivers's 0CFA and Heintze's setbased analysis), or unification and take O(Na(N,N)) tim ..."
Abstract

Cited by 67 (4 self)
 Add to MetaCart
Previous algorithms for interprocedural control flow analysis of higherorder and/or objectoriented languages have been described that perform propagation or constraint satisfaction and take O(N³) time (such as Shivers's 0CFA and Heintze's setbased analysis), or unification and take O(Na(N,N)) time (such as Steensgaard's pointer analysis), or optimistic reachability analysis and take O(N) time (such as Bacon and Sweeney's Rapid Type Analysis). We describe a general parameterized analysis framework that integrates propagationbased and unificationbased analysis primitives and optimistic reachability analysis, whose instances mimic these existing algorithms as well as several new algorithms taking O(N), O(Na(N,N)), O(N²), and O(N² a(N,N)) time; our O(N) and O(Na(N,N)) algorithms produce more precise results than the previous algorithms with these complexities. We implemented our algorithm framework in the Vortex optimizing compiler, and we measured the cost and benefit of t...
A modular, polyvariant, and typebased closure analysis
 In ICFP ’97 [ICFP97
"... We observe that the principal typing property of a type system is the enabling technology for modularity and separate compilation [10]. We use this technology to formulate a modular and polyvariant closure analysis, based on the rank 2 intersection types annotated with controlflow information. Modu ..."
Abstract

Cited by 54 (1 self)
 Add to MetaCart
We observe that the principal typing property of a type system is the enabling technology for modularity and separate compilation [10]. We use this technology to formulate a modular and polyvariant closure analysis, based on the rank 2 intersection types annotated with controlflow information. Modularity manifests itself in a syntaxdirected, annotatedtype inference algorithm that can analyse program fragments containing free variables: a principal typing property is used to formalise it. Polyvariance manifests itself in the separation of different behaviours of the same function at its different uses: this is formalised via the rank 2 intersection types. As the rank 2 intersection type discipline types at least all (core) ML programs, our analysis can be used in the separate compilation of such programs. 1
Static analysis for Ajax intrusion detection
 In International World Wide Web Conference
, 2009
"... We present a static controlflow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected clie ..."
Abstract

Cited by 41 (3 self)
 Add to MetaCart
We present a static controlflow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected client behavior as seen from the server, and build an intrusionprevention proxy for the server: the proxy intercepts client requests and disables those that do not meet the expected behavior. We insert random asynchronous requests to foil mimicry attacks. Finally, we evaluate our technique against several real applications and show that it protects against an attack in a widelyused web application.
A Calculus with Polymorphic and Polyvariant Flow Types
"... We present # CIL , a typed #calculus which serves as the foundation for a typed intermediate language for optimizing compilers for higherorder polymorphic programming languages. The key innovation of # CIL is a novel formulation of intersection and union types and flow labels on both terms and ..."
Abstract

Cited by 28 (11 self)
 Add to MetaCart
We present # CIL , a typed #calculus which serves as the foundation for a typed intermediate language for optimizing compilers for higherorder polymorphic programming languages. The key innovation of # CIL is a novel formulation of intersection and union types and flow labels on both terms and types. These flow types can encode polyvariant control and data flow information within a polymorphically typed program representation. Flow types can guide a compiler in generating customized data representations in a strongly typed setting. Since # CIL enjoys confluence, standardization, and subject reduction properties, it is a valuable tool for reasoning about programs and program transformations.
Propagating Differences: An Efficient New Fixpoint Algorithm for Distributive Constraint Systems
, 1998
"... Integrating seminaive fixpoint iteration from deductive data bases [3, 2, 4] as well as continuations into worklistbased solvers, we derive a new application independent local fixpoint algorithm for distributive constraint systems. Seemingly different efficient algorithms for abstract interpre ..."
Abstract

Cited by 27 (10 self)
 Add to MetaCart
Integrating seminaive fixpoint iteration from deductive data bases [3, 2, 4] as well as continuations into worklistbased solvers, we derive a new application independent local fixpoint algorithm for distributive constraint systems. Seemingly different efficient algorithms for abstract interpretation like those for linear constant propagation for imperative languages [17] as well as for controlflow analysis for functional languages [13] turn out to be instances of our scheme. Besides this systematizing contribution we also derive a new efficient algorithm for abstract OLDTresolution as considered in [15, 16, 25] for Prolog.
Polymorphic Splitting: An Effective Polyvariant Flow Analysis
 ACM Transactions on Programming Languages and Systems
, 1998
"... values for our framework are defined as follows: a 2 Avalue = Aconst +Aclosure b 2 Aconst = ftrue; false; number; nilg hl; ae; i 2 Aclosure = Label \Theta Aenv \Theta Contour ae 2 Aenv = Var fin \Gamma! Contour 2 Contour = Label An abstract value a is a set of abstract constants and abstra ..."
Abstract

Cited by 23 (0 self)
 Add to MetaCart
values for our framework are defined as follows: a 2 Avalue = Aconst +Aclosure b 2 Aconst = ftrue; false; number; nilg hl; ae; i 2 Aclosure = Label \Theta Aenv \Theta Contour ae 2 Aenv = Var fin \Gamma! Contour 2 Contour = Label An abstract value a is a set of abstract constants and abstract closures. The abstract constants true and false each denote a single exact value, while the abstract constant number denotes a set of exact values. An abstract closure hl; ae; i identifies procedures created from the expression (lambda (x 1 : : : xn) e b ) l . The contour of an abstract closure, paired with an argument x i or a label of a subexpression of e b , determines the program points for the body of the abstract closure. Thus two abstract closures that share the same label but use different contours will have different program points. The abstract environment ae of an abstract closure records the contours in which its free variables are bound. Our polymorphic splitting analy...