Introspective pushdown analysis of higher-order programs

In the static analysis of functional programs, pushdown flow analysis and abstract garbage collection skirt just inside the boundaries of soundness and decidability. Alone, each method reduces analysis times and boosts precision by orders of magnitude. This work illuminates and conquers the theoretical challenges that stand in the way of combining the power of these techniques. The challenge in marrying these techniques is not subtle: computing the reachable control states of a pushdown system relies on limiting access during transition to the top of the stack; abstract garbage collection, on the other hand, needs full access to the entire stack to compute a root set, just as concrete collection does. Introspective pushdown systems resolve this conflict. Introspective pushdown systems provide enough access to the stack to allow abstract garbage collection, but they remain restricted enough to compute control-state reachability, thereby enabling the sound and precise product of pushdown analysis and abstract garbage collection. Experiments reveal synergistic interplay between the techniques, and the fusion demonstrates "better-than-both-worlds" precision.

[1]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[2]  Matthias Felleisen,et al.  A calculus for assignments in higher-order languages , 1987, POPL '87.

[3]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[4]  Amr Sabry,et al.  The essence of compiling with continuations , 1993, PLDI '93.

[5]  Michael Sipser,et al.  Introduction to the Theory of Computation , 1996, SIGA.

[6]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[7]  Suresh Jagannathan,et al.  Polymorphic splitting: an effective polyvariant flow analysis , 1998, TOPL.

[8]  Thomas W. Reps,et al.  Program analysis via graph reachability , 1997, Inf. Softw. Technol..

[9]  Patrick Cousot,et al.  The calculational design of a generic abstract interpreter , 1999 .

[10]  Thomas W. Reps,et al.  Interconvertibility of a class of set constraints and context-free-language reachability , 2000, Theor. Comput. Sci..

[11]  Jakob Rehof,et al.  Type-base flow analysis: from polymorphic subtyping to CFL-reachability , 2001, POPL '01.

[12]  Somesh Jha,et al.  Weighted pushdown systems and their application to interprocedural dataflow analysis , 2003, Sci. Comput. Program..

[13]  Alexander Aiken,et al.  The set constraint/CFL reachability connection in practice , 2004, PLDI '04.

[14]  Matthew Might,et al.  Improving flow analyses via ΓCFA: abstract garbage collection and counting , 2006, ICFP '06.

[15]  Matthew Might,et al.  Environment analysis via ΔCFA , 2006, POPL '06.

[16]  Matthew Might,et al.  Environment analysis via Delta CFA , 2006, POPL.

[17]  C.-H. Luke Ong,et al.  On Model-Checking Trees Generated by Higher-Order Recursion Schemes , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[18]  Matthew Might,et al.  Environment Analysis of Higher-Order Languages , 2007 .

[19]  Matthew Might,et al.  Model Checking Via GammaCFA , 2007, VMCAI.

[20]  Deciding $k$CFA is complete for EXPTIME , 2008, ICFP.

[21]  Harry G. Mairson,et al.  Deciding kCFA is complete for EXPTIME , 2008, ICFP.

[22]  Naoki Kobayashi Types and higher-order recursion schemes for verification of higher-order programs , 2009, POPL '09.

[23]  Thomas P. Jensen,et al.  Control-flow analysis of function calls and returns by abstract interpretation , 2009, Inf. Comput..

[24]  Olin Shivers,et al.  CFA2: A Context-Free Approach to Control-Flow Analysis , 2010, ESOP.

[25]  Matthew Might,et al.  Pushdown Control-Flow Analysis of Higher-Order Programs , 2010, ArXiv.