designing precise pushdown higher-order flow analysesdeeglaze.github.io/ibmpl2012-slides.pdf · 2....
TRANSCRIPT
Designing Precise Pushdown
Higher-Order Flow Analyses
J. Ian Johnson, David Van Horn and Olin Shivers{ianj,dvanhorn,shivers}@ccs.neu.edu
Northeastern UniversityBoston, MA, USA
1
Flow analysis is indispensible
2
Flow analysis is indispensible
Every language should have one
3
Analysis is great
• Compiler optimizations
4
Analysis is great
• Compiler optimizations
• Type reconstruction
5
Analysis is great
• Compiler optimizations
• Type reconstruction
• Deadlock detection
6
Analysis is great
• Compiler optimizations
• Type reconstruction
• Deadlock detection
• Data race detection
7
Analysis is great
• Compiler optimizations
• Type reconstruction
• Deadlock detection
• Data race detection
• Code quality enforcement
8
Analysis is great
• Compiler optimizations
• Type reconstruction
• Deadlock detection
• Data race detection
• Code quality enforcement
• Hundreds more
9
Analysis is terrible
• Annoying false positives
10
Analysis is terrible
• Annoying false positives
• Takes too long
11
Analysis is terrible
• Annoying false positives
• Takes too long
• Hard to implement
12
Analysis is terrible
• Annoying false positives
• Takes too long
• Hard to implement
• Hard to show correct
13
Analysis is terrible
• Annoying false positives
• Takes too long
• Hard to implement
• Hard to show correct
• The good ones inherently first-order
14
Analysis is terrible
• Annoying false positives
• Takes too long
• Hard to implement
• Hard to show correct
• The good ones inherently first-order
We can fix this
15
Analysis is terrible
• Annoying false positives
• Takes too long
• Hard to implement
• Hard to show correct
• The good ones inherently first-order
We can fix thisFirst some history
16
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
Higher-order
17
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
Higher-order
(Jones & Muchnick 82) Program + set constraints
18
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
19
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
20
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
(Might & Van Horn 10) Derived from concrete
21
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
(Might & Van Horn 10) Derived from concrete
(Vardoulakis & Shivers 10) CPS + summaries
(Earl et al. 10) ANF + Dyck state graph
22
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
(Might & Van Horn 10) Derived from concrete
(Vardoulakis & Shivers 10) CPS + summaries
(Earl et al. 10) ANF + Dyck state graph
Graphs are a bad abstraction
23
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
(Might & Van Horn 10) Derived from concrete
(Vardoulakis & Shivers 10) CPS + summaries
(Earl et al. 10) ANF + Dyck state graph
Graphs are a bad abstraction
24
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
(Might & Van Horn 10) Derived from concrete
(Vardoulakis & Shivers 10) CPS + summaries
(Earl et al. 10) ANF + Dyck state graph
25
Flow Graphs vs. Programs
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
(Might & Van Horn 10) Derived from concrete
(Vardoulakis & Shivers 10) CPS + summaries
(Earl et al. 10) ANF + Dyck state graph
?
26
Analyses are derivable [Might & Van Horn 2010]
• Start: concrete machine semantics
27
Analyses are derivable [Might & Van Horn 2010]
• Start: concrete machine semantics
• Simple transforms: put semantics in right form
28
Analyses are derivable [Might & Van Horn 2010]
• Start: concrete machine semantics
• Simple transforms: put semantics in right form
• Analysis: pointwise-abstraction
29
Functions Without Stack
(define (sqr x) (* x x))
(sqrt (+ (sqr y) (sqr z)))
30
Functions Without Stack
(define (sqr x) (* x x))
(sqrt (+ (sqr y) (sqr z)))
31
Functions Without Stack
(define (sqr x) (* x x))
(sqrt (+ (sqr y) (sqr z)))
0CFA: Not even terminating!
32
Pushdown Higher-Order Flow Analysis
33
Pushdown Higher-Order Flow Analysis
34
Pushdown Higher-Order Flow Analysis
35
Pushdown Higher-Order Flow Analysis
36
Pushdown Higher-Order Flow Analysis
37
Pushdown Higher-Order Flow Analysis
38
Pushdown Higher-Order Flow Analysis
39
Pushdown Higher-Order Flow Analysis
40
Pushdown Higher-Order Flow Analysis
41
Analysis is terrible salvagable
• Annoying false positives
• Takes too long
• Hard to implement
• Hard to show correct
• The good ones inherently first-order
42
Deriving Pushdown Analyses
• Start: Concrete machine semantics
43
Deriving Pushdown Analyses
• Start: Concrete machine semantics
• Simple transform: memoize functions
44
Deriving Pushdown Analyses
• Start: Concrete machine semantics
• Simple transform: memoize functions
• Simple transform: store functions’ calling contexts
45
Deriving Pushdown Analyses
• Start: Concrete machine semantics
• Simple transform: memoize functions
• Simple transform: store functions’ calling contexts
• Simple transform: heap-allocate data
46
Deriving Pushdown Analyses
• Start: Concrete machine semantics
• Simple transform: memoize functions
• Simple transform: store functions’ calling contexts
• Simple transform: heap-allocate data
• Analysis: pointwise-abstraction
47
Deriving Pushdown Analyses
• Start: Concrete machine semantics
• Simple transform: memoize functions
• Simple transform: store functions’ calling contexts
• Simple transform: heap-allocate data
• Analysis: pointwise-abstraction
Gives semantic account of summaries
48
Analysis is terrible salvagable
• Annoying false positives
• Takes too long
• Hard to implement
• Hard to show correct
• The good ones inherently first-order
49
(app id 1)
Memo
Contexts
Environment:id ...app ...
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
50
(f y)
Memo
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
Environment:id ...f idy 1
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
51
x
Memo
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
⟨id 1⟩ (let* (... [app (λ (f y) •)] ...) ...)
Environment:x 1
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
52
x
Memo⟨id 1⟩ 1
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
⟨id 1⟩ (let* (... [app (λ (f y) •)] ...) ...)
Environment:(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
53
(f y)
Memo⟨id 1⟩ 1
⟨app id 1⟩ 1
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
⟨id 1⟩ (let* (... [app (λ (f y) •)] ...) ...)
Environment:(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
54
(app id 2)
Memo⟨id 1⟩ 1
⟨app id 1⟩ 1
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
⟨id 1⟩ (let* (... [app (λ (f y) •)] ...) ...)
Environment:id ...app ...n1 1
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
55
(f y)
Memo⟨id 1⟩ 1
⟨app id 1⟩ 1
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
⟨id 1⟩ (let* (... [app (λ (f y) •)] ...) ...)
⟨app id 2⟩ (let* (... [n2 •]) ...)
Environment:id ...f idy 2
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
56
x
Memo⟨id 1⟩ 1
⟨app id 1⟩ 1
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
⟨id 1⟩ (let* (... [app (λ (f y) •)] ...) ...)
⟨app id 2⟩ (let* (... [n2 •]) ...)
⟨id 2⟩ (let* (... [app (λ (f y) •)] ...) ...)
Environment:x 2
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
57
x
Memo⟨id 1⟩ 1
⟨app id 1⟩ 1
⟨id 2⟩ 2
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
⟨id 1⟩ (let* (... [app (λ (f y) •)] ...) ...)
⟨app id 2⟩ (let* (... [n2 •]) ...)
⟨id 2⟩ (let* (... [app (λ (f y) •)] ...) ...)
Environment:(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
58
(f y)
Memo⟨id 1⟩ 1
⟨app id 1⟩ 1
⟨id 2⟩ 2
⟨app id 2⟩ 2
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
⟨id 1⟩ (let* (... [app (λ (f y) •)] ...) ...)
⟨app id 2⟩ (let* (... [n2 •]) ...)
⟨id 2⟩ (let* (... [app (λ (f y) •)] ...) ...)
Environment:(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
59
(+ n1 n2)
Memo⟨id 1⟩ 1
⟨app id 1⟩ 1
⟨id 2⟩ 2
⟨app id 2⟩ 2
Contexts⟨app id 1⟩ (let* (... [n1 •] ...) ...)
⟨id 1⟩ (let* (... [app (λ (f y) •)] ...) ...)
⟨app id 2⟩ (let* (... [n2 •]) ...)
⟨id 2⟩ (let* (... [app (λ (f y) •)] ...) ...)
Environment:id ...app ...n1 1n2 2
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
60
(app id 1)
Memo
Contexts
Store: σ₀
Start Store: σ₀
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
61
(f y)
Memo
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
Store: σ₁
f id
y 1
Start Store: σ₁
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
62
x
Memo
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
Store: σ₂
f id
y 1
x 1
Start Store: σ₂
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
63
x
Memo⟨id σ₂⟩ (1 σ₂)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
Store: σ₂
f id
y 1
x 1
Start Store: σ₂
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
64
(f y)
Memo⟨id σ₂⟩ (1 σ₂)
⟨app σ₁⟩ (1 σ₂)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
Store: σ₂
f id
y 1
x 1
Start Store: σ₁
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
65
(app id 2)
Memo⟨id σ₂⟩ (1 σ₂)
⟨app σ₁⟩ (1 σ₂)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
Store: σ₃
f id
y 1
x 1
n1 1
Start Store: σ₀
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
66
(f y)
Memo⟨id σ₂⟩ (1 σ₂)
⟨app σ₁⟩ (1 σ₂)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
⟨app σ₄ ⟩ ((let* (... [n2 •]) ...) σ₀)
Store: σ₄
f id
y (1 2)
x 1
n1 1
Start Store: σ₄
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
67
x
Memo⟨id σ₂⟩ (1 σ₂)
⟨app σ₁⟩ (1 σ₂)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
⟨app σ₄ ⟩ ((let* (... [n2 •]) ...) σ₀)
⟨id σ₅ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₄)
Store: σ₅
f id
y (1 2)
x (1 2)
n1 1
Start Store: σ₅
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
68
x
Memo⟨id σ₂⟩ (1 σ₂)
⟨app σ₁⟩ (1 σ₂)
⟨id σ₅⟩ (2 σ₅)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
⟨app σ₄ ⟩ ((let* (... [n2 •]) ...) σ₀)
⟨id σ₅ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₄)
Store: σ₅
f id
y (1 2)
x (1 2)
n1 1
Start Store: σ₅
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
69
(f y)
Memo⟨id σ₂⟩ (1 σ₂)
⟨app σ₁⟩ (1 σ₂)
⟨id σ₅⟩ (2 σ₅)
⟨app σ₄⟩ (2 σ₅)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
⟨app σ₄ ⟩ ((let* (... [n2 •]) ...) σ₀)
⟨id σ₅ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₄)
Store: σ₅
f id
y (1 2)
x (1 2)
n1 1
Start Store: σ₄
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
70
(+ n1 n2)
Memo⟨id σ₂⟩ (1 σ₂)
⟨app σ₁⟩ (1 σ₂)
⟨id σ₅⟩ (2 σ₅)
⟨app σ₄⟩ (2 σ₅)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
⟨app σ₄ ⟩ ((let* (... [n2 •]) ...) σ₀)
⟨id σ₅ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₄)
Store: σ₆
f id
y (1 2)
x (1 2)
n1 1
n2 (1 2)
Start Store: σ₀
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
71
Heaps are imprecise
(+ n1 n2)
Memo⟨id σ₂⟩ (1 σ₂)
⟨app σ₁⟩ (1 σ₂)
⟨id σ₅⟩ (2 σ₅)
⟨app σ₄⟩ (2 σ₅)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
⟨app σ₄ ⟩ ((let* (... [n2 •]) ...) σ₀)
⟨id σ₅ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₄)
Store: σ₆
f id
y (1 2)
x (1 2)
n1 1
n2 (1 2)
Start Store: σ₀
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
72
Fixed[Vardoulakis & Shivers 10]
Local storage (stack frames)
73
(define (foldr f b lst) (letrec
([loop(λ (lst)(cond [(empty? lst) b]
[else (cons (f (car lst))(loop (cdr lst)))]))])
(loop lst)))
74
(define (foldr f b lst) (letrec
([loop(λ (lst)(cond [(empty? lst) b]
[else (cons (f (car lst))(loop (cdr lst)))]))])
(loop lst)))
75
(define (foldr f b lst) (letrec
([loop(λ (lst)(cond [(empty? lst) b]
[else (cons (f (car lst))(loop (cdr lst)))]))])
(loop lst)))
76
Fixed
Instrument your escape analysis
77
Escape Analysis
Which addresses outlive their creator’s context?
78
Escape Analysis
Which addresses outlive their creator’s context?
We introduce three components:
• Escaped addresses ℰ
• Addresses owned by current function 𝒪
• The random access stack Ξ
79
Escape Analysis
Which addresses outlive their creator’s context?
We introduce three components:
• Escaped addresses ℰ
• Addresses owned by current function 𝒪
• The random access stack Ξ
Lookup is now defined with
ℒ(a,σ,Ξ,ℰ) = a ∈ ℰ → σ(a), Ξ(a)
80
⟨(x ,ρ),σ,Ξ,κ⟩ ⟼ ⟨v,σ,Ξ,κ⟩
where v ∈ ℒ(ρ(x) ,σ ,Ξ ,ℰ)
81
⟨(x ,ρ),σ,Ξ,κ⟩ ⟼ ⟨v,σ,Ξ,κ⟩
where v ∈ ℒ(ρ(x) ,σ ,Ξ ,ℰ)
⟨v,σ,Ξ,fn((λ x.e ,ρ),κ)⟩ ⟼ ⟨c,σnext,Ξ[a ↦ v],[]c⟩
where c = (e ,ρ[x ↦ a])
σnext = σ[a ↦ v]
ℰ' = ℰ∩ ℛ(𝒯(c) ,σnext)
82
⟨(x ,ρ),σ,Ξ,κ⟩ ⟼ ⟨v,σ,Ξ,κ⟩
where v ∈ ℒ(ρ(x) ,σ ,Ξ ,ℰ)
⟨v,σ,Ξ,fn((λ x.e ,ρ),κ)⟩ ⟼ ⟨c,σnext,Ξ[a ↦ v],[]c⟩
where c = (e ,ρ[x ↦ a])
σnext = σ[a ↦ v]
ℰ' = ℰ∩ ℛ(𝒯(c) ,σnext)
𝒪 ' = {a}
83
⟨(x ,ρ),σ,Ξ,κ⟩ ⟼ ⟨v,σ,Ξ,κ⟩
where v ∈ ℒ(ρ(x) ,σ ,Ξ ,ℰ)
⟨v,σ,Ξ,fn((λ x.e ,ρ),κ)⟩ ⟼ ⟨c,σnext,Ξ[a ↦ v],[]c⟩
where c = (e ,ρ[x ↦ a])
σnext = σ[a ↦ v]
ℰ' = ℰ∩ ℛ(𝒯(c) ,σnext)
𝒪 ' = {a}
L' = L⊔[(c ,σnext) ↦ (κ ,σcur ,Ξ ,ℰ ,𝒪)]
84
⟨v,σ,Ξ,[]c⟩ ⟼ ⟨v,σ,Ξ',κ⟩
if (κ ,σnext ,Ξ' ,ℰ' ,𝒪) ' ∈ L(c ,σcur)
M' = M[(c ,σcur) ↦ (v ,σ)]
ℰ'' = ℰ' ∪ ((ℰ ∪ 𝒪) ∩ ℛ(𝒯(v),σ))
85
Analysis is terrible salvagable
• Annoying false positives
• Takes too long
• Hard to implement
• Hard to show correct
• The good ones inherently first-order
86
We're not done yet
87
Too context-sensitive
Memo⟨id σ₂⟩ (1 σ₂)
⟨app σ₁⟩ (1 σ₂)
⟨id σ₅⟩ (2 σ₅)
⟨app σ₄⟩ (2 σ₅)
Contexts⟨app σ₁ ⟩ ((let* (... [n1 •] ...) ...) σ₀)
⟨id σ₂ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₁)
⟨app σ₄ ⟩ ((let* (... [n2 •]) ...) σ₀)
⟨id σ₅ ⟩ ((let* (... [app (λ (f y) •)] ...) ...) σ₄)
Store: σ₆
f id
y (1 2)
x (1 2)
n1 1
n2 (1 2)
Start Store: σ₀
(let* ([id (λ (x) x)][app (λ (f y) (f y))][n1 (app id 1)][n2 (app id 2)])
(+ n1 n2))
88
First-Order Influence
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
(Might & Van Horn 10) Derived from concrete
(Vardoulakis & Shivers 10) CPS + summaries
(Earl et al. 10) ANF + Dyck state graph
Today's talk
?
89
First-Order Influence
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
(Oh et al. 12) CFG + lattice + bypassing
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
(Might & Van Horn 10) Derived from concrete
(Vardoulakis & Shivers 10) CPS + summaries
(Earl et al. 10) ANF + Dyck state graph
Today's talk
?
90
First-order
(Hecht 77) CFG + lattice
(Sharir & Pnueli 81) CFG + lattice + summaries
(Reps 95) PDS + idempotent semiring
(Oh et al. 12) CFG + lattice + bypassing
Higher-order
(Jones & Muchnick 82) Program + set constraints
(Shivers 91) CPS + set constraints
(Might 07) CPS + abstract small step semantics
(Might & Van Horn 10) Derived from concrete
(Vardoulakis & Shivers 10) CPS + summaries
(Earl et al. 10) ANF + Dyck state graph
Today's talk
?
91
To Conclude
• Design: Model abstract mechanisms concretely
92
To Conclude
• Design: Model abstract mechanisms concretely
• Pushdown: Memo and local continuation tables
93
To Conclude
• Design: Model abstract mechanisms concretely
• Pushdown: Memo and local continuation tables
• Precise analyses: Stack allocation ⟹ precision
94
To Conclude
• Design: Model abstract mechanisms concretely
• Pushdown: Memo and local continuation tables
• Precise analyses: Stack allocation ⟹ precision
• (Not shown) works for control operators / GC
95
To Conclude
• Design: Model abstract mechanisms concretely
• Pushdown: Memo and local continuation tables
• Precise analyses: Stack allocation ⟹ precision
• (Not shown) works for control operators / GC
• Future work: sparse analysis via time travel
96
To Conclude
• Design: Model abstract mechanisms concretely
• Pushdown: Memo and local continuation tables
• Precise analyses: Stack allocation ⟹ precision
• (Not shown) works for control operators / GC
• Future work: sparse analysis via time travel
Thank you
97