skip to main content
article
Public Access

Allocation characterizes polyvariance: a unified methodology for polyvariant control-flow analysis

Published:04 September 2016Publication History
Skip Abstract Section

Abstract

The polyvariance of a static analysis is the degree to which it structurally differentiates approximations of program values. Polyvariant techniques come in a number of different flavors that represent alternative heuristics for managing the trade-off an analysis strikes between precision and complexity. For example, call sensitivity supposes that values will tend to correlate with recent call sites, object sensitivity supposes that values will correlate with the allocation points of related objects, the Cartesian product algorithm supposes correlations between the values of arguments to the same function, and so forth.

In this paper, we describe a unified methodology for implementing and understanding polyvariance in a higher-order setting (i.e., for control-flow analyses). We do this by extending the method of abstracting abstract machines (AAM), a systematic approach to producing an abstract interpretation of abstract-machine semantics. AAM eliminates recursion within a language’s semantics by passing around an explicit store, and thus places importance on the strategy an analysis uses for allocating abstract addresses within the abstract heap or store. We build on AAM by showing that the design space of possible abstract allocators exactly and uniquely corresponds to the design space of polyvariant strategies. This allows us to both unify and generalize polyvariance as tunings of a single function. Changes to the behavior of this function easily recapitulate classic styles of analysis and produce novel variations, combinations of techniques, and fundamentally new techniques.

References

  1. O. Agesen. The cartesian product algorithm. In Proceedings of the European Conference on Object-Oriented Programming, page 226, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. Amtoft and F. Turbak. Faithful translations between polyvariant flows and polymorphic types. In Programming Languages and Systems, pages 26–40. Springer, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. A. W. Appel. Compiling with Continuations. Cambridge University Press, February 2007. ISBN 052103311X. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. A. Banerjee. A modular, polyvariant and type-based closure analysis. In ACM SIGPLAN Notices, volume 32, pages 1–10. ACM, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. F. Besson. CPA beats ∞-CFA. In Proceedings of the 11th International Workshop on Formal Techniques for Java-like Programs, page 7. ACM, 2009.Google ScholarGoogle Scholar
  6. M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In ACM SIGPLAN Notices, volume 44, pages 243–262. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. P. Cousot. Types as abstract interpretations. In Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 316–331. ACM, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. P. Cousot and R. Cousot. Static determination of dynamic properties of programs. In Proceedings of the Second International Symposium on Programming, pages 106–130. Paris, France, 1976.Google ScholarGoogle Scholar
  9. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the Symposium on Principles of Programming Languages, pages 238–252, Los Angeles, CA, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. ACM Press, New York.Google ScholarGoogle Scholar
  11. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In Proceedings of the Symposium on Principles of Programming Languages, pages 269–282, San Antonio, TX, 1979. ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Earl, M. Might, and D. Van Horn. Pushdown control-flow analysis of higher-order programs: Precise, polyvariant and polynomial-time. In Scheme Workshop, August 2010.Google ScholarGoogle Scholar
  13. C. Earl, I. Sergey, M. Might, and D. Van Horn. Introspective pushdown analysis of higher-order programs. In International Conference on Functional Programming, pages 177–188, September 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. ECMA. ECMA-262 (ECMAScript Specification). ECMA, 5.1 edition, June 2011.Google ScholarGoogle Scholar
  15. T. Gilray and M. Might. A survey of polyvariance in abstract interpretations. In Proceedings of the Symposium on Trends in Functional Programming, May 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. T. Gilray and M. Might. A unified approach to polyvariance in abstract interpretations. In Proceedings of the Workshop on Scheme and Functional Programming, November 2013.Google ScholarGoogle Scholar
  17. T. Gilray, S. Lyde, M. D. Adams, M. Might, and D. V. Horn. Pushdown control-flow analysis for free. Proceedings of the Symposium on the Principals of Programming Languages (POPL), January 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Guha, C. Saftoiu, and S. Krishnamurthi. The essence of javascript. In Proceedings of the European Conference on Object-oriented Programming, pages 126–150, Berlin, Heidelberg, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. D. Guth. A formal semantics of python 3.3. Master’s thesis, University of Illinois at Urbana-Champaign, July 2013.Google ScholarGoogle Scholar
  20. W. L. Harrison. The interprocedural analysis and automatic parallelization of Scheme programs. Lisp and Symbolic Computation, 1989.Google ScholarGoogle ScholarCross RefCross Ref
  21. S. Holdermans and J. Hage. Polyvariant flow analysis with higherranked polymorphic types and higher-order effect operators. In ACM Sigplan Notices, volume 45, pages 63–74. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. S. Jagannathan and S. Weeks. A unified treatment of flow analysis in higher-order languages. In Proceedings of the Symposium on Principles of Programming Languages, pages 393–407, January 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. S. Jagannathan, S. Weeks, and A. Wright. Type-directed flow analysis for typed intermediate languages. In International Static Analysis Symposium, pages 232–249. Springer, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. M. Jenkins, L. Andersen, T. Gilray, and M. Might. Concrete and abstract interpretation: Better together. In Workshop on Scheme and Functional Programming, 2015.Google ScholarGoogle Scholar
  25. J. I. Johnson and D. Van Horn. Abstracting abstract control. In Proceedings of the ACM Symposium on Dynamic Languages, October 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. J. I. Johnson, N. Labich, M. Might, and D. Van Horn. Optimizing abstract abstract machines. In Proceedings of the International Conference on Functional Programming, September 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. N. D. Jones and S. S. Muchnick. A flexible approach to interprocedural data flow analysis and programs with recursive data structures. In Symposium on principles of programming languages, pages 66–74, 1982. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. In ACM SIGPLAN Notices, volume 48, pages 423– 434. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. A. Kennedy. Compiling with continuations, continued. In Proceedings of the International Conference on Functional Programming, pages 177–190, New York, NY, 2007. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. R. Koot and J. Hage. Type-based exception analysis for non-strict higher-order functional languages with imprecise exception semantics. In Proceedings of the 2015 Workshop on Partial Evaluation and Program Manipulation, pages 127–138. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. O. Lhoták. Program analysis using binary decision diagrams. PhD thesis, McGill University, 2006.Google ScholarGoogle Scholar
  32. O. Lhoták and L. Hendren. Context-sensitive points-to analysis: is it worth it? In Compiler Construction, pages 47–64. Springer, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. O. Lhoták and L. Hendren. Evaluating the benefits of context-sensitive points-to analysis using a bdd-based implementation. ACM Transactions on Software Engineering and Methodology (TOSEM), 18(1):3, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. D. Liang, M. Pennings, and M. J. Harrold. Evaluating the impact of context-sensitivity on andersen’s algorithm for java programs. In ACM SIGSOFT Software Engineering Notes, volume 31, pages 6–12. ACM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. S. Liang and M. Might. Hash-flow taint analysis of higher-order pograms. In Proceedings of the Conference on Programming Language Analysis for Security, June 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. J. Midtgaard. Control-flow analysis of functional programs. ACM Computing Surveys, 44(3):10:1–10:33, Jun2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. M. Might. Environment Analysis of Higher-Order Languages. PhD thesis, Georgia Institute of Technology, Atlanta, GA, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. M. Might. Abstract interpreters for free. In Static Analysis Symposium, pages 407–421, September 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. M. Might and P. Manolios. A posteriori soundness for nondeterministic abstract interpretations. In Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation, pages 260–274, January 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. M. Might and O. Shivers. Improving flow analyses via ΓCFA: abstract garbage collection and counting. In ACM SIGPLAN Notices, volume 41, pages 13–25. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. M. Might, Y. Smaragdakis, and D. Van Horn. Resolving and exploiting the k-CFA paradox: Illuminating functional vs. object-oriented program analysis. In Proceedings of the International Conference on Programming Language Design and Implementation, pages 305–315, June 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for java. ACM Transactions on Software Engineering Methodology, 14(1):1–41, January 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. M. Naik, A. Aiken, and J. Whaley. Effective static race detection for Java, volume 41. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. N. Oxhøj, J. Palsberg, and M. I. Schwartzbach. Making type inference practical. In ECOOP92 European Conference on Object-Oriented Programming, pages 329–349. Springer, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. J. Palsberg and C. Pavlopoulou. From polyvariant flow information to intersection and union types. Journal of functional programming, 11 (03):263–317, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. G. D. Plotkin. Call-by-name, call-by-value and the lambda-calculus. In Theoretical Computer Science 1, pages 125–159, 1975.Google ScholarGoogle Scholar
  47. G. D. Plotkin. A structural approach to operational semantics. 1981.Google ScholarGoogle Scholar
  48. J. G. Politz, M. J. Carroll, B. S. Lerner, and S. Krishnamurthi. A tested semantics for getters, setters, and eval in javascript. In Proceedings of the Dynamic Languages Symposium, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Racket Community. Racket programming language, 2015.Google ScholarGoogle Scholar
  50. J. F. Ranson, H. J. Hamilton, and P. W. Fong. A semantics of Python in Isabelle/HOL. Technical Report CS-2008-04, Department of Computer Science, University of Regina, Regina, Saskatchewan, December 2008.Google ScholarGoogle Scholar
  51. I. Sergey, D. Devriese, M. Might, J. Midtgaard, D. Darais, D. Clarke, and F. Piessens. Monadic abstract interpreters. In ACM SIGPLAN Notices, volume 48, pages 399–410. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. Program flow analysis: Theory and applications, pages 189– 234, 1981.Google ScholarGoogle Scholar
  53. O. Shivers. Control-Flow Analysis of Higher-Order Languages. PhD thesis, Carnegie-Mellon University, Pittsburgh, PA, May 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Y. Smaragdakis, M. Bravenboer, and O. Lhotak. Pick your contexts well: Understanding object-sensitivity. In Symposium on Principles of Programming Languages, pages 17–30, January 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. G. J. Smeding. An executable operational semantics for python. Master’s thesis, Universiteit Utrecht, January 2009.Google ScholarGoogle Scholar
  56. A. Tarski. A lattice-theoretical fixpoint theorem and its applications. Pacific Journal of Mathematics, 5(2):285–309, 1955.Google ScholarGoogle ScholarCross RefCross Ref
  57. D. Van Horn and H. G. Mairson. Deciding k-CFA is complete for EXPTIME. ACM Sigplan Notices, 43(9):275–282, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. D. Van Horn and M. Might. Abstracting abstract machines. In International Conference on Functional Programming, page 51, Sep 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. D. Vardoulakis and O. Shivers. CFA2: a context-free approach to control-flow analysis. In Proceedings of the European Symposium on Programming, volume 6012, LNCS, pages 570–589, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. H. Verstoep and J. Hage. Polyvariant cardinality analysis for non-strict higher-order functional languages: Brief announcement. In Proceedings of the 2015 Workshop on Partial Evaluation and Program Manipulation, pages 139–142. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. A. K. Wright and S. Jagannathan. Polymorphic splitting: An effective polyvariant flow analysis. In Proceedings of the ACM Transactions on Programming Languages and Systems, pages 166–207, January 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Allocation characterizes polyvariance: a unified methodology for polyvariant control-flow analysis

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!