Pushdown flow analysis with abstract garbage collection

Abstract In the static analysis of functional programs, pushdown flow analysis and abstract garbage collection push the boundaries of what we can learn about programs statically. This work illuminates and poses solutions to theoretical and practical challenges that stand in the way of combining the power of these techniques. Pushdown flow analysis grants unbounded yet computable polyvariance to the analysis of return-flow in higher-order programs. Abstract garbage collection grants unbounded polyvariance to abstract addresses which become unreachable between invocations of the abstract contexts in which they were created. Pushdown analysis solves the problem of precisely analyzing recursion in higher-order languages; abstract garbage collection is essential in solving the “stickiness” problem. Alone, our benchmarks demonstrate that each method can reduce analysis times and boost precision by orders of magnitude. We combine these methods. The challenge in marrying these techniques is not subtle: computing the reachable control states of a pushdown system relies on limiting access during transition to the top of the stack; abstract garbage collection, on the other hand, needs full access to the entire stack to compute a root set, just as concrete collection does. Conditional pushdown systems were developed for just such a conundrum, but existing methods are ill-suited for the dynamic nature of garbage collection. We show fully precise and approximate solutions to the feasible paths problem for pushdown garbage-collecting control-flow analysis. Experiments reveal synergistic interplay between garbage collection and pushdown techniques, and the fusion demonstrates “better-than-both-worlds” precision.

[1]  Seymour Ginsburg,et al.  One-way stack automata , 1967, JACM.

[2]  William C. Rounds,et al.  Complexity of Recognition in Intermediate-Level Languages , 1973, SWAT.

[3]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[4]  Matthias Felleisen,et al.  A calculus for assignments in higher-order languages , 1987, POPL '87.

[5]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[6]  Amr Sabry,et al.  The essence of compiling with continuations , 1993, PLDI '93.

[7]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[8]  Suresh Jagannathan,et al.  Polymorphic splitting: an effective polyvariant flow analysis , 1998, TOPL.

[9]  Thomas W. Reps,et al.  Program analysis via graph reachability , 1997, Inf. Softw. Technol..

[10]  Patrick Cousot,et al.  The calculational design of a generic abstract interpreter , 1999 .

[11]  Thomas W. Reps,et al.  Interconvertibility of a class of set constraints and context-free-language reachability , 2000, Theor. Comput. Sci..

[12]  Jakob Rehof,et al.  Type-base flow analysis: from polymorphic subtyping to CFL-reachability , 2001, POPL '01.

[13]  Javier Esparza,et al.  Model-Checking LTL with Regular Valuations for Pushdown Systems , 2001, TACS.

[14]  Somesh Jha,et al.  Weighted pushdown systems and their application to interprocedural dataflow analysis , 2003, Sci. Comput. Program..

[15]  Alexander Aiken,et al.  The set constraint/CFL reachability connection in practice , 2004, PLDI '04.

[16]  Somesh Jha,et al.  Weighted pushdown systems and their application to interprocedural dataflow analysis , 2005, Sci. Comput. Program..

[17]  Matthew Might,et al.  Improving flow analyses via ΓCFA: abstract garbage collection and counting , 2006, ICFP '06.

[18]  Matthew Might,et al.  Environment analysis via ΔCFA , 2006, POPL '06.

[19]  Jakob Rehof,et al.  Type-Based Flow Analysis : From Polymorphi Subtyping to CFL-Rea hability , 2006 .

[20]  Matthew Might,et al.  Environment analysis via Delta CFA , 2006, POPL.

[21]  C.-H. Luke Ong,et al.  On Model-Checking Trees Generated by Higher-Order Recursion Schemes , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[22]  Thomas W. Reps,et al.  Improving Pushdown System Model Checking , 2006, CAV.

[23]  Matthew Might,et al.  Environment Analysis of Higher-Order Languages , 2007 .

[24]  Matthew Might,et al.  Model Checking Via GammaCFA , 2007, VMCAI.

[25]  Deciding $k$CFA is complete for EXPTIME , 2008, ICFP.

[26]  Harry G. Mairson,et al.  Deciding kCFA is complete for EXPTIME , 2008, ICFP.

[27]  Aaron Turon,et al.  Regular-expression derivatives re-examined , 2009, Journal of Functional Programming.

[28]  Thomas P. Jensen,et al.  Control-flow analysis of function calls and returns by abstract interpretation , 2009, Inf. Comput..

[29]  M. Might,et al.  Interprocedural Dependence Analysis of Higher-Order Programs via Stack Reachability , 2009 .

[30]  Matthew Might,et al.  A PosterioriSoundness for Non-deterministic Abstract Interpretations , 2009, VMCAI.

[31]  Mizuhito Ogawa,et al.  Conditional weighted pushdown systems and applications , 2010, PEPM '10.

[32]  Olin Shivers,et al.  CFA2: A Context-Free Approach to Control-Flow Analysis , 2010, ESOP.

[33]  Matthew Might,et al.  Pushdown Control-Flow Analysis of Higher-Order Programs , 2010, ArXiv.

[34]  Yannis Smaragdakis,et al.  Resolving and exploiting the k-CFA paradox: illuminating functional vs. object-oriented program analysis , 2010, PLDI '10.

[35]  David Darais,et al.  Parsing with derivatives: a functional pearl , 2011, ICFP.

[36]  Olin Shivers,et al.  Pushdown flow analysis of first-class control , 2011, ICFP '11.

[37]  Olin Shivers,et al.  Cfa2: pushdown flow analysis for higher-order languages , 2012 .

[38]  Matthew Might,et al.  Introspective pushdown analysis of higher-order programs , 2012, ICFP.

[39]  Matthew Might,et al.  Systematic abstraction of abstract machines , 2011, Journal of Functional Programming.

[40]  David Van Horn,et al.  Concrete Semantics for Pushdown Analysis: The Essence of Summarization , 2013, ArXiv.

[41]  Matthew Might,et al.  Pushdown flow analysis with abstract garbage collection , 2014, ArXiv.