Traditional control-flow analysis (CFA) for higher-order languages introduces spurious connections between callers and callees, and different invocations of a function may pollute each other’s return flows. Recently, three distinct approaches have been published that provide perfect call-stack precision in a computable manner: CFA2, PDCFA, and AAC. Unfortunately, implementing CFA2 and PDCFA requires significant engineering effort. Furthermore, all three are computationally expensive. For a monovariant analysis, CFA2 is in O(2n), PDCFA is in O(n6), and AAC is in O(n8).
In this paper, we describe a new technique that builds on these but is both straightforward to implement and computationally inexpensive. The crucial insight is an unusual state-dependent allocation strategy for the addresses of continuations. Our technique imposes only a constant-factor overhead on the underlying analysis and costs only O(n3) in the monovariant case. We present the intuitions behind this development, benchmarks demonstrating its efficacy, and a proof of the precision of this analysis.
Keywords Static analysis; Control-flow analysis; Abstract interpretation; Pushdown analysis; Store-allocated continuations
, , , , and . Pushdown control-flow analysis for free. In Proceedings of the 43nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’16. ACM, New York, NY, USA, January 2016. doi: 10.1145/2837614.2837631.
@inproceedings{gilray2016p4f,
author = {Gilray, Thomas and Lyde, Steven and Adams, Michael D. and Might, Matthew and Van Horn, David},
title = {Pushdown Control-Flow Analysis for Free},
booktitle = {Proceedings of the 43nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
year = {2016},
series = {POPL '16},
address = {New York, NY, USA},
month = jan,
publisher = {ACM},
doi = {10.1145/2837614.2837631},
}