Resolving and exploiting the k-CFA paradox: illuminating functional vs. object-oriented program analysis

Authors:
Matthew Might;Yannis Smaragdakis;David Van Horn
Affiliations:
University of Utah, Salt Lake City, UT, USA;University of Massachusetts, Amherst, MA, USA;Northeastern University, Boston, MA, USA
Venue:
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Year:
2010

Citing 14
Cited 13

Control-flow analysis of higher-order languages of taming lambda

Control-flow analysis of higher-order languages of taming lambda
Compiling with continuations

Compiling with continuations
A unified treatment of flow analysis in higher-order languages

POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Type-base flow analysis: from polymorphic subtyping to CFL-reachability

POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Featherweight Java: a minimal core calculus for Java and GJ

ACM Transactions on Programming Languages and Systems (TOPLAS)
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Systematic design of program analysis frameworks

POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Compiling a functional language

LFP '84 Proceedings of the 1984 ACM Symposium on LISP and functional programming
Environment analysis via ΔCFA

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Improving flow analyses via ΓCFA: abstract garbage collection and counting

Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Relating complexity and precision in control flow analysis

ICFP '07 Proceedings of the 12th ACM SIGPLAN international conference on Functional programming
Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation

ACM Transactions on Software Engineering and Methodology (TOSEM)
Deciding kCFA is complete for EXPTIME

Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Strictly declarative specification of sophisticated points-to analyses

Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications

Pick your contexts well: understanding object-sensitivity

Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
EigenCFA: accelerating flow analysis with GPUs

Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Abstracting abstract machines: a systematic approach to higher-order program analysis

Communications of the ACM
Family of abstract interpretations for static analysis of concurrent higher-order programs

SAS'11 Proceedings of the 18th international conference on Static analysis
Control-flow analysis of functional programs

ACM Computing Surveys (CSUR)
Language design and analyzability: a retrospective

Software—Practice & Experience
Hash-flow taint analysis of higher-order programs

Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Logical approximation for program analysis

Higher-Order and Symbolic Computation
Modular heap analysis for higher-order programs

SAS'12 Proceedings of the 19th international conference on Static Analysis
Efficient and effective handling of exceptions in java points-to analysis

CC'13 Proceedings of the 22nd international conference on Compiler Construction
Hybrid context-sensitivity for points-to analysis

Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Monadic abstract interpreters

Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Alias analysis for object-oriented programs

Aliasing in Object-Oriented Programming

Quantified Score

Hi-index	0.02

Visualization

Abstract

Low-level program analysis is a fundamental problem, taking the shape of "flow analysis" in functional languages and "points-to" analysis in imperative and object-oriented languages. Despite the similarities, the vocabulary and results in the two communities remain largely distinct, with limited cross-understanding. One of the few links is Shivers's k-CFA work, which has advanced the concept of "context-sensitive analysis" and is widely known in both communities. Recent results indicate that the relationship between the functional and object-oriented incarnations of k-CFA is not as well understood as thought. Van Horn and Mairson proved k-CFA for k ≥ 1 to be EXPTIME-complete; hence, no polynomial-time algorithm can exist. Yet, there are several polynomial-time formulations of context-sensitive points-to analyses in object-oriented languages. Thus, it seems that functional k-CFA may actually be a profoundly different analysis from object-oriented k-CFA. We resolve this paradox by showing that the exact same specification of k-CFA is polynomial-time for object-oriented languages yet exponential-time for functional ones: objects and closures are subtly different, in a way that interacts crucially with context-sensitivity and complexity. This illumination leads to an immediate payoff: by projecting the object-oriented treatment of objects onto closures, we derive a polynomial-time hierarchy of context-sensitive CFAs for functional programs.