Logic-flow analysis of higher-order programs

This work presents a framework for fusing flow analysis and theorem proving called logic-flow analysis (LFA). The framework itself is the reduced product of two abstract interpretations: (1) an abstract state machine and (2) a set of propositions in a restricted first-order logic. The motivating application for LFA is the safe removal of implicit array-bounds checks without type information, user interaction or program annotation. LFA achieves this by delegating a given task to either the prover or the flow analysis depending on which is best suited to discharge it. Described within are a concrete semantics for continuation-passing style; a restricted, first-order logic; a woven product of two abstract interpretations; proofs of correctness; and a worked example.

[1]  Matthew Might,et al.  Improving flow analyses via ΓCFA: abstract garbage collection and counting , 2006, ICFP '06.

[2]  Matthias Felleisen,et al.  Modular set-based analysis from contracts , 2006, POPL '06.

[3]  Robert Hieb,et al.  The Revised Report on the Syntactic Theories of Sequential Control and State , 1992, Theor. Comput. Sci..

[4]  Olin Shivers,et al.  Control flow analysis in scheme , 1988, PLDI '88.

[5]  Ole Agesen The Cartesian Product Algorithm: Simple and Precise Type Inference Of Parametric Polymorphism , 1995, ECOOP.

[6]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[7]  Antoine Miné,et al.  Relational Abstract Domains for the Detection of Floating-Point Run-Time Errors , 2004, ESOP.

[8]  Lars Birkedal,et al.  Polymorphism and separation in hoare type theory , 2006, ICFP '06.

[9]  Paul Hudak A semantic model of reference counting and its abstraction (detailed summary) , 1986, LFP '86.

[10]  Jakob Rehof,et al.  Type-base flow analysis: from polymorphic subtyping to CFL-reachability , 2001, POPL '01.

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[13]  Todd D. Millstein,et al.  Polymorphic predicate abstraction , 2005, TOPL.

[14]  Matthew Might,et al.  Environment analysis via ΔCFA , 2006, POPL '06.

[15]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[16]  David Walker,et al.  ILC: A Foundation for Automated Reasoning About Pointer Programs , 2006, ESOP.