Deciding kCFA is complete for EXPTIME
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
A Posteriori Soundness for Non-deterministic Abstract Interpretations
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Ordering multiple continuations on the stack
Proceedings of the 20th ACM SIGPLAN workshop on Partial evaluation and program manipulation
Pushdown flow analysis of first-class control
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Shape analysis in the absence of pointers and structure
VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
CFA2: a context-free approach to control-flow analysis
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Hash-flow taint analysis of higher-order programs
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Introspective pushdown analysis of higher-order programs
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Sound and precise malware analysis for android via pushdown reachability and entry-point saturation
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Hi-index | 0.00 |
Any analysis of higher-order languages must grapple with the tri-facetted nature of λ. In one construct, the fundamental control, environment and data structures of a language meet and intertwine. With the control facet tamed nearly two decades ago, this work brings the environment facet to heel, defining the environment problem and developing its solution: environment analysis. Environment analysis allows a compiler to reason about the equivalence of environments, i.e., name-to-value mappings, that arise during a program's execution. In this dissertation, two different techniques—abstract counting and abstract frame strings—make this possible. A third technique, abstract garbage collection, makes both of these techniques more precise and, counter to intuition, often faster as well. An array of optimizations and even deeper analyses which depend upon environment analysis provide motivation for this work.In an abstract interpretation, a single abstract entity represents a set of concrete entities. When the entities under scrutiny are bindings—single name-to-value mappings, the atoms of environment—then determining when the equality of two abstract bindings infers the equality of their concrete counterparts is the crux of environment analysis. Abstract counting does this by tracking the size of represented sets, looking for singletons, in order to apply the following principle:If {x} = { y}, then x = y. Abstract frame strings enable environmental reasoning by statically tracking the possible stack change between the births of two environments; when this change is effectively empty, the environments are equivalent. Abstract garbage collection improves precision by intermittently removing unreachable environment structure during abstract interpretation.