Introspective pushdown analysis

In the static analysis of functional programs, pushdown flow analysis and abstract garbage collection skirt just inside the boundaries of soundness and decidability. This work illuminates and conquers the theoretical challenges that stand in the way of combining the power of these techniques. Pushdown flow analysis grants unbounded yet computable polyvariance to the analysis of return-flow in higher- order programs. Abstract garbage collection grants unbounded polyvariance to abstract addresses which become unreachable between invocations of the abstract contexts in which they were created. Pushdown analysis solves the problem of precisely analyzing recursion in higher-order languages; abstract garbage collection is essential in solving the "stickiness" problem. Alone, each method reduces analysis times and boosts precision by orders of magnitude. We combine these methods. The challenge in marrying these techniques is not subtle: computing the reachable control states of a pushdown system relies on limiting access during transition to the top of the stack; abstract garbage collection, on the other hand, needs full access to the entire stack to compute a root set, just as concrete collection does. Pushdown flow analysis already skirts just inside the boundary of decidability, so it is not clear that integrating abstract garbage collection will preserve decidability. In fact, introducing abstract garbage collection breaks the pushdown framework: to find the root set of reachable addresses, the analysis must consider the full contents of all possible stacks associated with a given control state. Such introspection clearly violates the constraints on a pushdown system. Introspective pushdown systems resolve this conflict. Introspective pushdown systems provide enough access to the stack to allow abstract garbage collection, but they remain restricted enough to compute control-state reachability, thereby enabling the sound and precise product of pushdown analysis and abstract garbage collection. Experiments reveal synergistic interplay between the tech- niques, and the fusion demonstrates "better-than-both-worlds" precision.

[1]  Matthew Might,et al.  Environment Analysis of Higher-Order Languages , 2007 .

[2]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[3]  Thomas W. Reps,et al.  Program analysis via graph reachability , 1997, Inf. Softw. Technol..

[4]  Harry G. Mairson,et al.  Deciding kCFA is complete for EXPTIME , 2008, ICFP.

[5]  M. Might,et al.  Interprocedural Dependence Analysis of Higher-Order Programs via Stack Reachability , 2009 .

[6]  Harry G. Mairson,et al.  Deciding $k$CFA is complete for EXPTIME , 2008, ICFP 2008.

[7]  C.-H. Luke Ong,et al.  On Model-Checking Trees Generated by Higher-Order Recursion Schemes , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[8]  Aaron Turon,et al.  Regular-expression derivatives re-examined , 2009, Journal of Functional Programming.

[9]  Suresh Jagannathan,et al.  Polymorphic splitting: an effective polyvariant flow analysis , 1998, TOPL.

[10]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[11]  Matthew Might,et al.  Introspective pushdown analysis of higher-order programs , 2012, ICFP.

[12]  Matthew Might,et al.  Environment analysis via Delta CFA , 2006, POPL.

[13]  Matthias Felleisen,et al.  A calculus for assignments in higher-order languages , 1987, POPL '87.

[14]  Somesh Jha,et al.  Weighted pushdown systems and their application to interprocedural dataflow analysis , 2003, Sci. Comput. Program..

[15]  Olin Shivers,et al.  CFA2: A Context-Free Approach to Control-Flow Analysis , 2010, ESOP.

[16]  Thomas P. Jensen,et al.  Control-flow analysis of function calls and returns by abstract interpretation , 2009, Inf. Comput..

[17]  David Darais,et al.  Parsing with derivatives: a functional pearl , 2011, ICFP.

[18]  Matthew Might,et al.  Improving flow analyses via ΓCFA: abstract garbage collection and counting , 2006, ICFP '06.

[19]  Patrick Cousot,et al.  The calculational design of a generic abstract interpreter , 1999 .

[20]  Jakob Rehof,et al.  Type-base flow analysis: from polymorphic subtyping to CFL-reachability , 2001, POPL '01.

[21]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[22]  Naoki Kobayashi Types and higher-order recursion schemes for verification of higher-order programs , 2009, POPL '09.

[23]  Matthew Might,et al.  Model Checking Via GammaCFA , 2007, VMCAI.

[24]  Jan Maluszy¿ski Verification, Model Checking, and Abstract Interpretation , 2009, Lecture Notes in Computer Science.

[25]  Amr Sabry,et al.  The essence of compiling with continuations , 1993, PLDI '93.

[26]  Thomas W. Reps,et al.  Interconvertibility of a class of set constraints and context-free-language reachability , 2000, Theor. Comput. Sci..

[27]  Alexander Aiken,et al.  The set constraint/CFL reachability connection in practice , 2004, PLDI '04.