Status

Active.

Demand-Driven Program Analysis (DDPA) is a novel approach to higher-order program analysis that brings ideas of on-demand lookup from first-order CFL-reachability program analyses to higher-order programs. The analysis needs to produce only a control-flow graph; it can derive all other information including values of variables directly from the graph.

Several challenges have to be overcome, including how to build the control-flow graph on-the-fly and how to deal with nonlocal variables in functions. The resulting analysis is flow- and context-sensitive with a provable polynomial-time bound. Along with the theoretical development, we’re also working on efficient implementations of the variable lookup algorithm.

Publications

  • Leandro Facchinetti, Zachary Palmer, Scott Smith. Relative Store Fragments for Singleton Abstraction. 24th Static Analysis Symposium.

    Abstract

    A singleton abstraction occurs in a program analysis when some results of the analysis are known to be exact: an abstract binding corresponds to a single concrete binding. In this paper, we develop a novel approach to constructing singleton abstractions via relative store fragments. Each store fragment is a locally exact store abstraction in that it contains only those abstract variable bindings necessary to address a particular question at a particular program point; it is relative to that program point and the point of view may be shifted. We show how an analysis incorporating relative store fragments achieves flow-, context-, path- and must-alias sensitivity, and can be used as a basis for environment analysis, without any machinery put in place for those specific aims. We build upon recent advances in demand-driven higher-order program analysis to achieve this construction as it is fundamentally tied to demand-driven lookup of variable values.

  • Zachary Palmer, Scott Smith. Higher-Order Demand-Driven Program Analysis, European Conference on Object-Oriented Programming (ECOOP) 2016. Implementation.

    Abstract

    We explore a novel approach to higher-order program analysis that brings ideas of on-demand lookup from first-order CFL-reachability program analyses to higher-order programs. The analysis needs to produce only a control-flow graph; it can derive all other information including values of variables directly from the graph. Several challenges had to be overcome, including how to build the control-flow graph on-the-fly and how to deal with non-local variables in functions. The resulting analysis is flow- and context-sensitive with a provable polynomial-time bound. The analysis is formalized and proved correct and terminating, and an initial implementation is described.