Program Analysis Using Mixed Term and Set Constraints

@inproceedings{Fhndrich1997ProgramAU,
  title={Program Analysis Using Mixed Term and Set Constraints},
  author={Manuel F{\"a}hndrich and Alexander Aiken},
  booktitle={SAS},
  year={1997}
}
There is a tension in program analysis between precision and efficiency. In constraint-based program analysis, at one extreme methods based on unification of equality constraints over terms are very fast but often imprecise. At the other extreme, methods based on the resolution of inclusion constraints over set expressions are quite precise, but are often inefficient in practice. We describe a parameterized framework for constraint-based program analyses that allows the analysis designer to… 

Program analysis with regularly annotated constraints

TLDR
This dissertation proposes the use of a single constraint-based toolkit for constructing static analyses, and provides new results on the expressiveness of set constraints through a new reduction from context-free language reachability, as well as a new extension to the constraint language based on annotations.

A framework for combining analysis and verification

TLDR
A general framework for combining program verification and program analysis is presented that induces an algorithm which exploits the assertions and the analyzer to produce a generally more accurate analysis.

Flow-Insensitive Points-to Analysis with Term and Set Constraints

TLDR
It is concluded that a mixed constraint system provides a useful, practical framework for static semantic analyses and can be seen as a straightforward axiomatization of an informal description of the algorithms.

Precise and efficient static array bound checking for large embedded C programs

TLDR
The design and implementation of a static array-bound checker for a family of embedded programs: the flight control software of recent Mars missions, which is the first distributed implementation of static analysis algorithms.

Dead Code Elimination through Dependent Types

  • H. Xi
  • Computer Science
    PADL
  • 1999
TLDR
This work presents a novel approach to eliminating unreachable matching clauses through the use of the dependent type system of DML, a functional programming language that enriches ML with a restricted form of dependent types.

Abstract Interpretation Based Formal Methods and Future Challenges

TLDR
The main point is that in order to reason or compute about a complex system, some information must be lost, that is the observation of executions must be either partial or at a high level of abstraction.

Interactive, scalable, declarative program analysis: from prototype to implementation

TLDR
DIMPLE provides both a representation of Java bytecodes in a database of relations and a declarative domain-specific language for specifying new analyses as queries over this database, enabling researchers to use logic programming for every step of the analysis development process.

Set based failure diagnosis for concurrent constraint programming

TLDR
Plain is defined, and it is shown that an expressive strong type system is possible for a language that combines key features of Oz, namely higher-order procedures, logic variables and partially determined data structures, cells, and records, and the restrictions of Plain with respect to Oz are highlighted.

An overview of the saturn project

TLDR
It is argued that the combination of summaries and constraints allows Saturn to achieve both great scalability and great precision, while the use of a logic programming language with constraints allows for succinct, high-level expression of program analyses.

Translation and optimization for a core calculus with exceptions

TLDR
The goal is to design an intermediate, minimal but expressive, core calculus which can be easily analysed and manipulated, and to show that this calculus can handle major language features by translating a significant imperative source language into it.
...

References

SHOWING 1-10 OF 48 REFERENCES

Set-based analysis of ML programs

TLDR
This paper develops an approximate “set-based” operational semantics for the language, which formalizes the intuition of treating program variables as sets and develops an O(n3) algorithm for computing the set based approximation of a program.

Componential set-based analysis

TLDR
Componential set-based analysis is developed, a modular and polymorphic variant of SBA, which establishes a close connection between the observable equivalence of constraint systems and the equivalences of regular-tree grammars.

Points-to analysis in almost linear time

TLDR
This is the asymptotically fastest non-trivial interprocedural points-to analysis algorithm yet described and is based on a non-standard type system for describing a universally valid storage shape graph for a program in linear space.

Types and Effects Towards the Integration of Functional and Imperative Programming.

TLDR
The type and effect system makes it possible to embed functional program fragments within imperative programs, and vice versa, while retaining the benefits of the chosen programming style in each program fragment, and offers a clean solution to the problem of first-class polymorphism in an imperative language.

Fast and accurate flow-insensitive points-to analysis

TLDR
This paper addresses techniques for flow- and context-insensitive interprocedural analysis of stack-based storage, and defines two new algorithms that are significantly more accurate than Steensgaard's algorithm, and significantly faster than Andersen's algorithm on large programs.

Polymorphic effect systems

TLDR
The effect system the authors describe performs certain kinds of side-effect analysis that were not previously feasible and can be used effectively to compile programs for parallel computers.

A Theory of Type Polymorphism in Programming

  • R. Milner
  • Computer Science
    J. Comput. Syst. Sci.
  • 1978

Efficient Type Inference for Higher-Order Binding-Time Analysis

Binding-time analysis determines when variables and expressions in a program can be bound to their values, distinguishing between early (compile-time) and late (run-time) binding. Binding-time

Linear-time subtransitive control flow analysis

We present a linear-time algorithm for bounded-type programs that builds a directed graph whose transitive closure gives exactly the results of the standard (cubic-time) Control-Flow Analysis (CFA)

The Complexity of Set Constraints

TLDR
This work presents several results on the computational complexity of solving systems of set constraints, which form a natural complexity hierarchy depending on the form of the constraint language.