Pushdown flow analysis with abstract garbage collection

by   J. Ian Johnson, et al.

In the static analysis of functional programs, pushdown flow analysis and abstract garbage collection push the boundaries of what we can learn about programs statically. This work illuminates and poses solutions to theoretical and practical challenges that stand in the way of combining the power of these techniques. Pushdown flow analysis grants unbounded yet computable polyvariance to the analysis of return-flow in higher-order programs. Abstract garbage collection grants unbounded polyvariance to abstract addresses which become unreachable between invocations of the abstract contexts in which they were created. Pushdown analysis solves the problem of precisely analyzing recursion in higher-order languages; abstract garbage collection is essential in solving the "stickiness" problem. Alone, our benchmarks demonstrate that each method can reduce analysis times and boost precision by orders of magnitude. We combine these methods. The challenge in marrying these techniques is not subtle: computing the reachable control states of a pushdown system relies on limiting access during transition to the top of the stack; abstract garbage collection, on the other hand, needs full access to the entire stack to compute a root set, just as concrete collection does. Conditional pushdown systems were developed for just such a conundrum, but existing methods are ill-suited for the dynamic nature of garbage collection. We show fully precise and approximate solutions to the feasible paths problem for pushdown garbage-collecting control-flow analysis. Experiments reveal synergistic interplay between garbage collection and pushdown techniques, and the fusion demonstrates "better-than-both-worlds" precision.


page 1

page 2

page 3

page 4


Abstracting Abstract Control (Extended)

The strength of a dynamic language is also its weakness: run-time flexib...

Data Flow Analysis of Asynchronous Systems using Infinite Abstract Domains

Asynchronous message-passing systems are employed frequently to implemen...

Analyzing Smart Contracts: From EVM to a sound Control-Flow Graph

The EVM language is a simple stack-based language with words of 256 bits...

Abstracting Definitional Interpreters

In this functional pearl, we examine the use of definitional interpreter...

Flow-Sensitive Composition of Thread-Modular Abstract Interpretation

We propose a constraint-based flow-sensitive static analysis for concurr...

Unification-based Pointer Analysis without Oversharing

Pointer analysis is indispensable for effectively verifying heap-manipul...

Please sign up or login with your details

Forgot password? Click here to reset