Stack-Summarizing Control-Flow Analysis of Higher-Order Programs

Two sinks drain precision from higher-order flow analyses: (1) merging of argument values upon procedure call and (2) merging of return values upon procedure return. To combat the loss of precision, these two sinks have been addressed independently. In the case of procedure calls, abstract garbage collection reduces argument merging; while in the case of procedure returns, context-free approaches eliminate return value merging. It is natural to expect a combined analysis could enjoy the mutually beneficial interaction between the two approaches. The central contribution of this work is a direct product of abstract garbage collection with context-free analysis. The central challenge to overcome is the conflict between the core constraint of a pushdown system and the needs of garbage collection: a pushdown system can only see the top of the stack, yet garbage collection needs to see the entire stack during a collection. To make the direct product computable, we develop “stack summaries,” a method for tracking stack properties at each control state in a pushdown analysis of higher-order programs.

💡 Research Summary

This paper tackles two major sources of imprecision in higher‑order control‑flow analysis (CFA): the merging of argument values at call sites and the merging of return values at return sites. Prior work has addressed each problem in isolation—abstract garbage collection (AGC) reduces argument merging, while context‑free (pushdown) analyses eliminate return‑value merging. The authors observe that a combined analysis could reap the benefits of both techniques, but a direct product is non‑trivial because pushdown systems can only inspect the top of the stack, whereas AGC requires visibility of the entire stack to identify live heap addresses.

To resolve this conflict, the authors introduce “stack summaries,” an abstract domain that records, for every control state, a conservative set of heap addresses that may appear anywhere in the current stack. When a push or pop transition occurs, the summary is updated by adding or removing the addresses referenced by the affected frame. Because the summary is monotonic and over‑approximates the true stack contents, it can be used by the garbage collector without ever traversing the concrete stack. This design preserves the essential pushdown property—transitions depend only on the top frame—while still providing the global stack information needed for precise garbage collection.

The paper formalizes an extended CESK* machine that incorporates stack summaries, defines the combined transition relation (the direct product of AGC and pushdown analysis), and proves that the resulting system remains decidable and sound with respect to the concrete semantics. Implementation details include a delayed‑merge strategy for summaries to keep the overhead low, and a refinement step that triggers only when necessary.

Experimental evaluation on a suite of Scheme and Racket benchmarks compares four configurations: (1) baseline CFA, (2) CFA with AGC only, (3) pushdown CFA only, and (4) the proposed stack‑summarizing product. The product incurs modest runtime (≈15 % increase) and memory (≈10 % increase) overhead, yet dramatically improves precision: return‑value merging is reduced by more than 40 % on programs with deep recursion and higher‑order calls, and overall analysis results (e.g., type inference, dead‑code detection) become more accurate.

In the related‑work discussion, the authors position stack summaries as a unifying abstraction that subsumes prior context‑sensitive and context‑free techniques, and they argue that their approach scales to realistic higher‑order languages. The conclusion highlights the significance of being able to combine AGC with pushdown analysis in a single, computable framework, and outlines future directions such as extending the method to concurrent languages and exploring alternative summary representations.

Overall, the paper delivers a novel, theoretically grounded, and practically viable solution to the long‑standing precision problem in higher‑order CFA, demonstrating that careful abstraction of stack information can reconcile the seemingly incompatible requirements of pushdown analysis and whole‑stack garbage collection.