Results 1 - 10
of
14
CFA2: A context-free approach to control-flow analysis
- Logical Methods Comput. Sci
, 2011
"... Abstract. In a functional language, the dominant control-flow mecha-nism is function call and return. Most higher-order flow analyses, includ-ing k-CFA, do not handle call and return well: they remember only a bounded number of pending calls because they approximate programs with control-flow graphs ..."
Abstract
-
Cited by 24 (0 self)
- Add to MetaCart
(Show Context)
Abstract. In a functional language, the dominant control-flow mecha-nism is function call and return. Most higher-order flow analyses, includ-ing k-CFA, do not handle call and return well: they remember only a bounded number of pending calls because they approximate programs with control-flow graphs. Call/return mismatch introduces precision-degrading spurious control-flow paths and increases the analysis time. We describe CFA2, the first flow analysis with precise call/return match-ing in the presence of higher-order functions and tail calls. We formulate CFA2 as an abstract interpretation of programs in continuation-passing style and describe a sound and complete summarization algorithm for our abstract semantics. A preliminary evaluation shows that CFA2 gives more accurate data-flow information than 0CFA and 1CFA. 1
Introspective Pushdown Analysis of Higher-Order Programs
"... In the static analysis of functional programs, pushdown flow analysis and abstract garbage collection skirt just inside the boundaries of soundness and decidability. Alone, each method reduces analysis times and boosts precision by orders of magnitude. This work illuminates and conquers the theoreti ..."
Abstract
-
Cited by 22 (13 self)
- Add to MetaCart
(Show Context)
In the static analysis of functional programs, pushdown flow analysis and abstract garbage collection skirt just inside the boundaries of soundness and decidability. Alone, each method reduces analysis times and boosts precision by orders of magnitude. This work illuminates and conquers the theoretical challenges that stand in the way of combining the power of these techniques. The challenge in marrying these techniques is not subtle: computing the reachable control states of a pushdown system relies on limiting access during transition to the top of the stack; abstract garbage collection, on the other hand, needs full access to the entire stack to compute a root set, just as concrete collection does. Introspective pushdown systems resolve this conflict. Introspective pushdown systems provide enough access to the stack to allow abstract garbage collection, but they remain restricted enough to compute control-state reachability, thereby enabling the sound and precise product of pushdown analysis and abstract garbage collection. Experiments reveal synergistic interplay between the techniques, and the fusion demonstrates “better-than-both-worlds ” precision.
Concrete Semantics for Pushdown Analysis: The Essence of Summarization
"... Abstract. Pushdown analysis is better than finite-state analysis in precision and performance. Why then have we not seen total widespread adoption of these techniques? For one, the known techniques are technically burdened and difficult to understand or extend. Control structure of the programming l ..."
Abstract
-
Cited by 3 (3 self)
- Add to MetaCart
(Show Context)
Abstract. Pushdown analysis is better than finite-state analysis in precision and performance. Why then have we not seen total widespread adoption of these techniques? For one, the known techniques are technically burdened and difficult to understand or extend. Control structure of the programming language gets pulled into the model of computation, which makes extensions to non-pushdown control structures, such as call/cc or shift and reset, non-trivial. We show a derivational approach to abstract interpretation that yields transparently sound static analyses that can precisely match calls and returns when applied to well-known abstract machines. We show that adding memoization and segmenting the continuation into bounded pieces leads to machines that abstract to static analyses for context-free reachability by simply bounding the stores. This technique allows us to derive existing, more technically involved analyses, and a novel pushdown analysis for delimited, composable control. 1
Exact flow analysis by higher-order model checking
- In FLOPS, volume 7294 of LNCS
, 2012
"... Abstract. We propose a novel control flow analysis for higher-order functional programs, based on a reduction to higher-order model check-ing. The distinguished features of our control flow analysis are that, un-like most of the control flow analyses like k-CFA, it is exact for simply-typed λ-calcul ..."
Abstract
-
Cited by 3 (1 self)
- Add to MetaCart
(Show Context)
Abstract. We propose a novel control flow analysis for higher-order functional programs, based on a reduction to higher-order model check-ing. The distinguished features of our control flow analysis are that, un-like most of the control flow analyses like k-CFA, it is exact for simply-typed λ-calculus with recursion and finite base types, and that, unlike Mossin’s exact flow analysis, it is indeed runnable in practice, at least for small programs. Furthermore, under certain (arguably strong) assump-tions, our control flow analysis runs in time cubic in the size of a program. We formalize the reduction of control flow analysis to higher-order model checking, prove the correctness, and report preliminary experiments. 1
Binary Reachability Analysis of Higher Order Functional Programs
, 2012
"... A number of recent approaches for proving program termination rely on transition invariants – a termination argument that can be constructed incrementally using abstract interpretation. These approaches use binary reachability analysis to check if a candidate transition invariant holds for a given ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
A number of recent approaches for proving program termination rely on transition invariants – a termination argument that can be constructed incrementally using abstract interpretation. These approaches use binary reachability analysis to check if a candidate transition invariant holds for a given program. For imperative programs, its efficient implementation can be obtained by a reduction to reachability analysis, for which practical tools are available. In this paper, we show how a binary reachability analysis can be put to work for proving termination of higher order functional programs.
Please cite this article as
- 2012), doi:10.1016/j.eneco.2012.01.002 M. Mekaroonreung, A.L. Johnson / Energy Economics xxx (2012) xxx–xxx EPA (U.S. Environmental Protection Agency), 2011b. Clean
"... doi:10.1017/S0956796814000100 ..."
Pushdown Abstractions of JavaScript
"... Abstract. We design a family of program analyses for JavaScript that make no approximation in matching calls with returns, exceptions with handlers, and breaks with labels. We do so by starting from an established reduction semantics for JavaScript and systematically deriving its intensional abstrac ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. We design a family of program analyses for JavaScript that make no approximation in matching calls with returns, exceptions with handlers, and breaks with labels. We do so by starting from an established reduction semantics for JavaScript and systematically deriving its intensional abstract interpretation. Our first step is to transform the semantics into an equivalent low-level abstract machine: the JavaScript Abstract Machine (JAM). We then give an infinite-state yet decidable pushdown machine whose stack precisely models the structure of the concrete program stack. The precise model of stack structure in turn confers precise control-flow analysis even in the presence of control effects, such as exceptions and finally blocks. We give pushdown generalizations of traditional forms of analysis such as k-CFA, and prove the pushdown framework for abstract interpretation is sound and computable. 1
Detecting Function Purity in JavaScript
"... Abstract—We present an approach to detect function purity in JavaScript. A function is pure if none of its applications cause observable side-effects. The approach is based on a pushdown flow analysis that besides traditional control and value flow also keeps track of write effects. To increase the ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—We present an approach to detect function purity in JavaScript. A function is pure if none of its applications cause observable side-effects. The approach is based on a pushdown flow analysis that besides traditional control and value flow also keeps track of write effects. To increase the precision of our purity analysis, we combine it with an intraprocedural analysis to determine freshness of variables and object references. We formalize the core aspects of our analysis, and discuss our implementation used to analyze several common JavaScript benchmarks. Experiments show that our technique is capable of detecting function purity, even in the presence of higher-order functions, dynamic property expressions, and prototypal inheritance. I.
