Inferable Existential Quantification - Cornell Computer Science
Inferable Existential Quantification Ross Tate1 , Juan Chen2 , and Chris Hawblitzel2 1
University of California, San Diego 2 Microsoft Research, Redmond
Abstract. Abstract interpretation is an excellent tool for designing complete dataflow analyses [6]. Existential quantification is an excellent tool for designing precise dataflow analyses. However, these two tools are difficult to combine. Abstract interpretation requires algorithms for deciding subtypes and constructing joins. This is problematic for existential quantification because simply subtyping with existential quantification is undecidable in general [17], not to mention the additional challenge of joining with existential quantification. This paper presents a category-theoretic framework for designing abstract domains for complete inference and analysis using constrained but expressive forms of existential quantification. This framework is constructive in that it supplies the abstract algorithms for deciding subtypes and constructing joins. This framework is also instructive in that it provides guidelines to follow while designing the abstract domain and existential quantification in order to guarantee inferability. Finally, the framework is practical for real-world applications, as demonstrated by its critical role in designing an inferable typed assembly language for C# [16].
1
Introduction
Existential quantification grants a great deal of precision. In typed assembly languages [14], existential quantification over classes with inheritance constraints has been used to verify dynamic dispatch and runtime casts [3–5, 11, 16]; existential quantification over integers with ordering constraints has been used to verify array accesses [12, 16]; and existential quantification over arbitrary types has been used to verify closures [13, 14]. Existential quantification is particularly useful because it can track connections between separate abstract values. For example, existential quantification can express that an instance in one register and a vtable in another register both correspond to the same class which implements Shape: ∃α Shape.{EAX 7→ I NS(α), EBX 7→ VTABLE(α)} Or existential quantification can express that the integer in one register can be used to access the array in another register: ∃i
University of California, San Diego 2 Microsoft Research, Redmond
Abstract. Abstract interpretation is an excellent tool for designing complete dataflow analyses [6]. Existential quantification is an excellent tool for designing precise dataflow analyses. However, these two tools are difficult to combine. Abstract interpretation requires algorithms for deciding subtypes and constructing joins. This is problematic for existential quantification because simply subtyping with existential quantification is undecidable in general [17], not to mention the additional challenge of joining with existential quantification. This paper presents a category-theoretic framework for designing abstract domains for complete inference and analysis using constrained but expressive forms of existential quantification. This framework is constructive in that it supplies the abstract algorithms for deciding subtypes and constructing joins. This framework is also instructive in that it provides guidelines to follow while designing the abstract domain and existential quantification in order to guarantee inferability. Finally, the framework is practical for real-world applications, as demonstrated by its critical role in designing an inferable typed assembly language for C# [16].
1
Introduction
Existential quantification grants a great deal of precision. In typed assembly languages [14], existential quantification over classes with inheritance constraints has been used to verify dynamic dispatch and runtime casts [3–5, 11, 16]; existential quantification over integers with ordering constraints has been used to verify array accesses [12, 16]; and existential quantification over arbitrary types has been used to verify closures [13, 14]. Existential quantification is particularly useful because it can track connections between separate abstract values. For example, existential quantification can express that an instance in one register and a vtable in another register both correspond to the same class which implements Shape: ∃α Shape.{EAX 7→ I NS(α), EBX 7→ VTABLE(α)} Or existential quantification can express that the integer in one register can be used to access the array in another register: ∃i
