Results 1  10
of
11
From Polyvariant Flow Information to Intersection and Union Types
 J. FUNCT. PROGRAMMING
, 1998
"... Many polyvariant program analyses have been studied in the 1990s, including kCFA, polymorphic splitting, and the cartesian product algorithm. The idea of polyvariance is to analyze functions more than once and thereby obtain better precision for each call site. In this paper we present an equivalen ..."
Abstract

Cited by 43 (7 self)
 Add to MetaCart
Many polyvariant program analyses have been studied in the 1990s, including kCFA, polymorphic splitting, and the cartesian product algorithm. The idea of polyvariance is to analyze functions more than once and thereby obtain better precision for each call site. In this paper we present an equivalence theorem which relates a coinductively defined family of polyvariant ow analyses and a standard type system. The proof embodies a way of understanding polyvariant flow information in terms of union and intersection types, and, conversely, a way of understanding union and intersection types in terms of polyvariant flow information. We use the theorem as basis for a new flowtype system in the spirit of the CIL calculus of Wells, Dimock, Muller, and Turbak, in which types are annotated with flow information. A flowtype system is useful as an interface between a owanalysis algorithm and a program optimizer. Derived systematically via our equivalence theorem, our flowtype system should be a g...
A type system equivalent to a model checker
 In Proc. of the European Symp. on Prog
, 2005
"... Type systems and model checking are two prevalent approaches to program verification. A prominent difference between them is that type systems are typically defined in a syntactic and modular style whereas model checking is usually performed in a semantic and wholeprogram style. This difference bet ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
Type systems and model checking are two prevalent approaches to program verification. A prominent difference between them is that type systems are typically defined in a syntactic and modular style whereas model checking is usually performed in a semantic and wholeprogram style. This difference between the two approaches lends them complementary to each other: type systems are good at explaining why a program was accepted while model checkers are good at explaining why a program was rejected. We present a type system that is equivalent to a model checker for verifying temporal safety properties of imperative programs. The model checker is natural and may be instantiated with any finitestate abstraction scheme such as predicate abstraction. The type system, which is also parametric, type checks exactly those programs that are accepted by the model checker. It uses function types to capture flow sensitivity and intersection and union types to capture context sensitivity. Our result sheds light on the relationship between the two approaches, provides a methodology for studying their relative expressiveness, is a step towards sharing results between them, and motivates synergistic program analyses involving interplay between them.
Types, potency, and idempotency: why nonlinearity and amnesia make a type system work
 In ICFP ’04: Proceedings of the ninth ACM SIGPLAN international conference on Functional programming, 138–149, ACM
, 2004
"... Useful type inference must be faster than normalization. Otherwise, you could check safety conditions by running the program. We analyze the relationship between bounds on normalization and type inference. We show how the success of type inference is fundamentally related to the amnesia of the type ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
Useful type inference must be faster than normalization. Otherwise, you could check safety conditions by running the program. We analyze the relationship between bounds on normalization and type inference. We show how the success of type inference is fundamentally related to the amnesia of the type system: the nonlinearity by which all instances of a variable are constrained to have the same type. Recent work on intersection types has advocated their usefulness for static analysis and modular compilation. We analyze SystemI (and some instances of its descendant, System E), an intersection type system with a type inference algorithm. Because SystemI lacks idempotency, each occurrence of a variable requires a distinct type. Consequently, type inference is equivalent to normalization in every single case, and time bounds on type inference and normalization are identical. Similar relationships hold for other intersection type systems without idempotency. The analysis is founded on an investigation of the relationship between linear logic and intersection types. We show a lockstep correspondence between normalization and type inference. The latter shows the promise of intersection types to facilitate static analyses of varied granularity, but also belies an immense challenge: to add amnesia to such analysis without losing all of its benefits.
Exact flow analysis by higherorder model checking
 In FLOPS, volume 7294 of LNCS
, 2012
"... Abstract. We propose a novel control flow analysis for higherorder functional programs, based on a reduction to higherorder model checking. The distinguished features of our control flow analysis are that, unlike most of the control flow analyses like kCFA, it is exact for simplytyped λcalcul ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a novel control flow analysis for higherorder functional programs, based on a reduction to higherorder model checking. The distinguished features of our control flow analysis are that, unlike most of the control flow analyses like kCFA, it is exact for simplytyped λcalculus with recursion and finite base types, and that, unlike Mossin’s exact flow analysis, it is indeed runnable in practice, at least for small programs. Furthermore, under certain (arguably strong) assumptions, our control flow analysis runs in time cubic in the size of a program. We formalize the reduction of control flow analysis to higherorder model checking, prove the correctness, and report preliminary experiments. 1
Flow Analysis, Linearity, and PTIME
"... Abstract. Flow analysis is a ubiquitous and muchstudied component of compiler technology—and its variations abound. Amongst the most well known is Shivers ’ 0CFA; however, the best known algorithm for 0CFA requires time cubic in the size of the analyzed program and is unlikely to be improved. Conse ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Flow analysis is a ubiquitous and muchstudied component of compiler technology—and its variations abound. Amongst the most well known is Shivers ’ 0CFA; however, the best known algorithm for 0CFA requires time cubic in the size of the analyzed program and is unlikely to be improved. Consequently, several analyses have been designed to approximate 0CFA by trading precision for faster computation. Henglein’s simple closure analysis, for example, forfeits the notion of directionality in flows and enjoys an “almost linear ” time algorithm. But in making tradeoffs between precision and complexity, what has been given up and what has been gained? Where do these analyses differ and where do they coincide? We identify a core language—the linear λcalculus—where 0CFA, simple closure analysis, and many other known approximations or restrictions to 0CFA are rendered identical. Moreover, for this core language, analysis corresponds with (instrumented) evaluation. Because analysis faithfully captures evaluation, and because the linear λcalculusiscomplete for ptime, wederiveptimecompleteness results for all of these analyses. 1
Abstract
"... This paper describes a novel floweffect type system that combines concepts of type constraint systems and type effect systems, to achieve a flowsensitive abstract interpretation of programs with higherorder functions. We prove that a decidable, safe closure algorithm exists. Deriving a decidable ..."
Abstract
 Add to MetaCart
(Show Context)
This paper describes a novel floweffect type system that combines concepts of type constraint systems and type effect systems, to achieve a flowsensitive abstract interpretation of programs with higherorder functions. We prove that a decidable, safe closure algorithm exists. Deriving a decidable type closure algorithm in the presence of higherorder recursive functions is the main technical achievement of the paper. 1.
Deciding kCFA is Complete for . . .
, 2008
"... We give an exact characterization of the computational complexity of the kCFA hierarchy. For any k> 0, we prove that the control flow decision problem is complete for deterministic exponential time. This theorem validates empirical observations that such control flow analysis is intractable. It a ..."
Abstract
 Add to MetaCart
We give an exact characterization of the computational complexity of the kCFA hierarchy. For any k> 0, we prove that the control flow decision problem is complete for deterministic exponential time. This theorem validates empirical observations that such control flow analysis is intractable. It also provides more general insight into the complexity of abstract interpretation.
TypeBased Analysis and Applications
"... Typebased analysis is an approach to static analysis of programs that has been studied for more than a decade. A typebased analysis assumes that the program type checks, and the analysis takes advantage of that. This paper examines the state of the art of typebased analysis, and it surveys some of ..."
Abstract
 Add to MetaCart
(Show Context)
Typebased analysis is an approach to static analysis of programs that has been studied for more than a decade. A typebased analysis assumes that the program type checks, and the analysis takes advantage of that. This paper examines the state of the art of typebased analysis, and it surveys some of the many software tools that use typebased analysis. Most of the surveyed tools use types as discriminators, while most of the theoretical studies use type and effect systems. We conclude that typebased analysis is a promising approach to achieving both provable correctness and good performance with a reasonable effort. 1.
Program verification with floweffect types
, 2005
"... Abstract. This paper develops a flow sensitive type system for higher order programming languages. Floweffect types are a novel form of type that combine the notion of temporal ordering inherent in type effect systems, with subtype constraint systems which focus on unordered dataflow. The resulting ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. This paper develops a flow sensitive type system for higher order programming languages. Floweffect types are a novel form of type that combine the notion of temporal ordering inherent in type effect systems, with subtype constraint systems which focus on unordered dataflow. The resulting system achieves a high level of precision by cutting very close to the operational behavior of programs. The naïve type closure algorithm completely simulates expression computation, and so is undecidable. The main result of the paper is development of a sound and decidable closure algorithm for floweffect types. 1