Results 1  10
of
89
Componential setbased analysis
 ACM Transactions on Programming Languages and Systems
, 1997
"... Setbased analysis (SBA) produces good predictions about the behavior of functional and objectoriented programs. The analysis proceeds by inferring constraints that characterize the data flow relationships of the analyzed program. Experiences with MrSpidey, a static debugger based on SBA, indicate t ..."
Abstract

Cited by 109 (12 self)
 Add to MetaCart
Setbased analysis (SBA) produces good predictions about the behavior of functional and objectoriented programs. The analysis proceeds by inferring constraints that characterize the data flow relationships of the analyzed program. Experiences with MrSpidey, a static debugger based on SBA, indicate that SBA can adequately deal with programs of up to a couple of thousand lines of code. SBA fails, however, to cope with larger programs because it generates systems of constraints that are at least linear, and possibly quadratic, in the size of the analyzed program. This article presents theoretical and practical results concerning methods for reducing the size of constraint systems. The theoretical results include a prooftheoretic characterization of the observable behavior of constraint systems for program components, and a complete algorithm for deciding the observable equivalence of constraint systems. In the course of this development we establish a close connection between the observable equivalence of constraint systems and the equivalence of regulartree grammars. We then exploit this connection to adapt a variety of algorithms for simplifying grammars to the problem of simplifying constraint systems. Based on the resulting algorithms, we have developed componential setbased analysis, a modular and polymorphic variant of SBA. Experimental results verify the effectiveness of the simplification
On the Complexity Analysis of Static Analyses
 Journal of the ACM
, 1999
"... . This paper argues that for many algorithms, and static analysis ..."
Abstract

Cited by 68 (3 self)
 Add to MetaCart
. This paper argues that for many algorithms, and static analysis
Subtyping Constrained Types
, 1996
"... A constrained type is a type that comes with a set of subtyping constraints on variables occurring in the type. Constrained type inference systems are a natural generalization of Hindley/Milner type inference to languages with subtyping. This paper develops several subtyping relations on polymorphic ..."
Abstract

Cited by 62 (2 self)
 Add to MetaCart
A constrained type is a type that comes with a set of subtyping constraints on variables occurring in the type. Constrained type inference systems are a natural generalization of Hindley/Milner type inference to languages with subtyping. This paper develops several subtyping relations on polymorphic constrained types of a general form that allows recursive constraints and multiple bounds on type variables. We establish a full type abstraction property that equates a novel operational notion of subtyping with a semantic notion based on regular trees. The decidability of this notion of subtyping is open; we present a decidable approximation. Subtyping constrained types has applications to signature matching and to constrained type simplification. The relation will thus be a critical component of any programming language incorporating a constrained typing system. 1 Introduction A constrained type is a type that is additionally constrained by a set of subtyping constraints on the free ty...
Security properties of typed applets
 IN SECURE INTERNET PROGRAMMING – SECURITY ISSUES FOR MOBILE AND DISTRIBUTED
, 1999
"... This paper formalizes the folklore result that stronglytyped applets are more secure than untyped ones. We formulate and prove several security properties that all welltyped applets possess, and identify sufficient conditions for the applet execution environment to be safe, such as procedural enca ..."
Abstract

Cited by 60 (2 self)
 Add to MetaCart
This paper formalizes the folklore result that stronglytyped applets are more secure than untyped ones. We formulate and prove several security properties that all welltyped applets possess, and identify sufficient conditions for the applet execution environment to be safe, such as procedural encapsulation, type abstraction, and systematic typebased placement of runtime checks. These results are a first step towards formal techniques for developing and validating safe execution environments for applets.
A modular, polyvariant, and typebased closure analysis
 In ICFP ’97 [ICFP97
"... We observe that the principal typing property of a type system is the enabling technology for modularity and separate compilation [10]. We use this technology to formulate a modular and polyvariant closure analysis, based on the rank 2 intersection types annotated with controlflow information. Modu ..."
Abstract

Cited by 54 (1 self)
 Add to MetaCart
We observe that the principal typing property of a type system is the enabling technology for modularity and separate compilation [10]. We use this technology to formulate a modular and polyvariant closure analysis, based on the rank 2 intersection types annotated with controlflow information. Modularity manifests itself in a syntaxdirected, annotatedtype inference algorithm that can analyse program fragments containing free variables: a principal typing property is used to formalise it. Polyvariance manifests itself in the separation of different behaviours of the same function at its different uses: this is formalised via the rank 2 intersection types. As the rank 2 intersection type discipline types at least all (core) ML programs, our analysis can be used in the separate compilation of such programs. 1
Effective Flow Analysis for Avoiding RunTime Checks
 In Proceedings of the 1995 International Static Analysis Symposium
, 1995
"... . This paper describes a general purpose program analysis that computes global controlflow and dataflow information for higherorder, callbyvalue programs. This information can be used to drive global program optimizations such as inlining and runtime check elimination, as well as optimizations ..."
Abstract

Cited by 50 (5 self)
 Add to MetaCart
. This paper describes a general purpose program analysis that computes global controlflow and dataflow information for higherorder, callbyvalue programs. This information can be used to drive global program optimizations such as inlining and runtime check elimination, as well as optimizations like constant folding and loop invariant code motion that are typically based on specialpurpose local analyses. The analysis employs a novel approximation technique called polymorphic splitting that uses letexpressions as syntactic clues to gain precision. Polymorphic splitting borrows ideas from HindleyMilner polymorphic type inference systems to create an analog to polymorphism for flow analysis. Experimental results derived from an implementation of the analysis for Scheme indicate that the analysis is extremely precise and has reasonable cost. In particular, it eliminates significantly more runtime checks than simple flow analyses (i.e. 0CFA) or analyses based on type ...
ControlFlow Analysis and Type Systems
, 1995
"... . We establish a series of equivalences between type systems and controlflow analyses. Specifically, we take four type systems from the literature (involving simple types, subtypes and recursion) and conservatively extend them to reason about controlflow information. Similarly, we take four standa ..."
Abstract

Cited by 47 (1 self)
 Add to MetaCart
. We establish a series of equivalences between type systems and controlflow analyses. Specifically, we take four type systems from the literature (involving simple types, subtypes and recursion) and conservatively extend them to reason about controlflow information. Similarly, we take four standard controlflow systems and conservatively extend them to reason about type consistency. Our main result is that we can match up the resulting type and controlflow systems such that we obtain pairs of equivalent systems, where the equivalence is with respect to both type and controlflow information. In essence, type systems and controlflow analysis can be viewed as complementary approaches for addressing questions of type consistency and controlflow. Recent and independent work by Palsberg and O'Keefe has addressed the same general question. Our work differs from theirs in two respects. First, they only consider what happens when controlflow systems are used to reason about types. In co...
Lineartime Subtransitive Control Flow Analysis
, 1997
"... We present a lineartime algorithm for boundedtype programs that builds a directed graph whose transitive closure gives exactly the results of the standard (cubictime) ControlFlow Analysis (CFA) algorithm. Our algorithm can be used to list all functions calls from all call sites in (optimal) quadr ..."
Abstract

Cited by 42 (1 self)
 Add to MetaCart
We present a lineartime algorithm for boundedtype programs that builds a directed graph whose transitive closure gives exactly the results of the standard (cubictime) ControlFlow Analysis (CFA) algorithm. Our algorithm can be used to list all functions calls from all call sites in (optimal) quadratic time. More importantly, it can be used to give lineartime algorithms for CFAconsuming applications such as: ffl effects analysis: find the sideeffecting expressions in a program. ffl klimited CFA: for each callsite, list the functions if there are only a few of them ( k) and otherwise output "many". ffl calledonce analysis: identify all functions called from only one callsite. 1 Introduction The controlflow graph of a program plays a central role in compilation  it identifies the block and loop structure in a program, a prerequisite for many code optimizations. For firstorder languages, this graph can be directly constructed from a program because information about flow of ...
Types as abstract interpretations, invited paper
 In 24 th POPL
, 1997
"... Starting from a denotational semantics of the eager untyped lambdacalculus with explicit runtime errors, the standard collecting semantics is defined as specifying the strongest program properties. By a first abstraction, a new sound type collecting semantics is derived in compositional fixpoint fo ..."
Abstract

Cited by 39 (11 self)
 Add to MetaCart
Starting from a denotational semantics of the eager untyped lambdacalculus with explicit runtime errors, the standard collecting semantics is defined as specifying the strongest program properties. By a first abstraction, a new sound type collecting semantics is derived in compositional fixpoint form. Then by successive (semidual) Galois connection based abstractions, type systems and/or type inference algorithms are designed as abstract semantics or abstract interpreters approximating the type collecting semantics. This leads to a hierarchy of type systems, which is part of the lattice of abstract interpretations of the untyped lambdacalculus. This hierarchy includes two new à la Church/Curry polytype systems. Abstractions of this polytype semantics lead to classical Milner/Mycroft and Damas/Milner polymorphic type schemes, Church/Curry monotypes and Hindley principal typing algorithm. This shows that types are abstract interpretations. 1
Practical RefinementType Checking
, 1997
"... Refinement types allow many more properties of programs to be expressed and statically checked than conventional type systems. We present a practical algorithm for refinementtype checking in a calculus enriched with refinementtype annotations. We prove that our basic algorithm is sound and comple ..."
Abstract

Cited by 37 (1 self)
 Add to MetaCart
Refinement types allow many more properties of programs to be expressed and statically checked than conventional type systems. We present a practical algorithm for refinementtype checking in a calculus enriched with refinementtype annotations. We prove that our basic algorithm is sound and complete, and show that every term which has a refinement type can be annotated as required by our algorithm. Our positive experience with an implementation of an extension of this algorithm to the full core language of Standard ML demonstrates that refinement types can be a practical program development tool in a realistic programming language. The required refinement type definitions and annotations are not much of a burden and serve as formal, machinechecked explanations of code invariants which otherwise would remain implicit. 1 Introduction The advantages of staticallytyped programming languages are well known, and have been described many times (e.g. see [Car97]). However, conventional ty...