Interprocedural Analysis with Lazy Propagation

We propose lazy propagation as a technique for flow- and context-sensitive interprocedural analysis of programs with objects and first-class functions where transfer functions may not be distributive. The technique is described formally as a systematic modification of a variant of the monotone framework and its theoretical properties are shown. It is implemented in a type analysis tool for JavaScript where it results in a significant improvement in performance.

[1]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[2]  Neil D. Jones,et al.  A flexible approach to interprocedural data flow analysis and programs with recursive data structures , 1982, POPL '82.

[3]  Thomas W. Reps,et al.  Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation , 1995, TAPSOFT.

[4]  Thomas W. Reps,et al.  Demand interprocedural dataflow analysis , 1995, SIGSOFT FSE.

[5]  Jeffrey S. Foster,et al.  Static type inference for Ruby , 2009, SAC '09.

[6]  Simon L. Peyton Jones,et al.  The Implementation of Functional Programming Languages , 1987 .

[7]  Stephen N. Zilles,et al.  Programming with abstract data types , 1974, SIGPLAN Symposium on Very High Level Languages.

[8]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[9]  Peter Thiemann,et al.  Recency Types for Analyzing Scripting Languages , 2010, ECOOP.

[10]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[11]  Peter Thiemann,et al.  Type Analysis for JavaScript , 2009, SAS.

[12]  Barbara G. Ryder,et al.  A schema for interprocedural modification side-effect analysis with pointer aliasing , 2001, TOPL.

[13]  Alexander Aiken,et al.  Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.

[14]  Susan Horwitz,et al.  An efficient general iterative algorithm for dataflow analysis , 2004, Acta Informatica.

[15]  Mark N. Wegman,et al.  Analysis of pointers and structures (with retrospective) , 1990 .

[16]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[17]  Helmut Seidl,et al.  Propagating Differences: An Efficient New Fixpoint Algorithm for Distributive Constraint Systems , 1998, Nord. J. Comput..

[18]  Frank Tip,et al.  Finding bugs in dynamic web applications , 2008, ISSTA '08.

[19]  Sophia Drossopoulou,et al.  Towards Type Inference for JavaScript , 2005, ECOOP.

[20]  Thomas W. Reps,et al.  Recency-Abstraction for Heap-Allocated Storage , 2006, SAS.

[21]  Jeffrey D. Ullman,et al.  Global Data Flow Analysis and Iterative Algorithms , 1976, J. ACM.

[22]  William G. Griswold,et al.  Implementation techniques for efficient data-flow analysis of large programs , 2001, Proceedings IEEE International Conference on Software Maintenance. ICSM 2001.

[23]  Calvin Lin,et al.  Efficient Flow-Sensitive Interprocedural Data-Flow Analysis in the Presence of Pointers , 2006, CC.

[24]  Jong-Deok Choi,et al.  Interprocedural pointer alias analysis , 1999, TOPL.

[25]  Shriram Krishnamurthi,et al.  Using static analysis for Ajax intrusion detection , 2009, WWW '09.

[26]  Michael Hind,et al.  Pointer analysis: haven't we solved this problem yet? , 2001, PASTE '01.

[27]  Peter Thiemann Towards a Type System for Analyzing JavaScript Programs , 2005, ESOP.

[28]  Jeffrey D. Ullman,et al.  Monotone data flow analysis frameworks , 1977, Acta Informatica.

[29]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.