Scalable context-sensitive flow analysis using instantiation constraints

This paper shows that a type graph (obtained via polymorphic typeinference) harbors explicit directional flow paths between functions. These flow paths arise from the instantiations of polymorphic types and correspond to call-return sequences in first-order programs. We show that flow information can be computed efficiently while considering only paths with well matched call-return sequences, even in the higher-order case. Furthermore, we present a practical algorithm for inferring type instantiation graphs and provide empirical evidence to the scalability of the presented techniques by applying them in the context of points-to analysis for C programs.

[1]  Alexander Aiken,et al.  Polymorphic versus Monomorphic Flow-Insensitive Points-to Analysis for C , 2000, SAS.

[2]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[3]  Flemming Nielson,et al.  Infinitary control flow analysis: a collecting semantics for closure analysis , 1997, POPL '97.

[4]  David A. McAllester,et al.  Linear-time subtransitive control flow analysis , 1997, PLDI '97.

[5]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[6]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[7]  Alan Mycroft,et al.  Polymorphic Type Schemes and Recursive Definitions , 1984, Symposium on Programming.

[8]  Donglin Liang,et al.  Efficient points-to analysis for whole-program analysis , 1999, ESEC/FSE-7.

[9]  Jong-Deok Choi,et al.  Escape analysis for Java , 1999, OOPSLA '99.

[10]  Robert O'Callahan,et al.  Lackwit: A Program Understanding Tool Based on Type Inference , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[11]  Jerzy Tiuryn,et al.  The Undecidability of the Semi-unification Problem , 1993, Inf. Comput..

[12]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[13]  Martin C. Rinard,et al.  Compositional pointer and escape analysis for Java programs , 1999, OOPSLA '99.

[14]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[15]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[16]  Suresh Jagannathan,et al.  Effective Flow Analysis for Avoiding Run-Time Checks , 1995, SAS.

[17]  Thomas Reps,et al.  Interconveritibility of Set Constraints and Context-Free Language Reachability , 1997, PEPM.

[18]  Jerzy Tiuryn,et al.  An analysis of ML typability , 1994, JACM.

[19]  Fritz Henglein,et al.  Type inference with polymorphic recursion , 1993, TOPL.

[20]  Jakob Rehof,et al.  From Polymorphic Subtyping to CFL Reachability: Context-Sensitive Flow Analysis Using Instantiation Constraints , 2000 .

[21]  Robin Milner,et al.  Principal type-schemes for functional programs , 1982, POPL '82.