Oops, replied to the wrong message (that's why there was a "(COPY)" there). "David L. Nicol" wrote: > > Steve Fink wrote: > > > It's standard semantic analysis. Both your taintedness analysis and my > > reachability analyses can be fully described by specifying what things > > generate the characteristic you're analyzing, what things block (in the > > literature, "kill") it, and the transfer rules. It's often not the best > > way of implementing it, since the fully general framework can be pretty > > slow, but it's a concise way of describing things that you'll find in > > many textbooks. They talk in terms of maintaining GEN and KILL sets and > > describing when to add, subtract, union, and intersect the incoming & > > outgoing GENs and KILLs. > > So what would be involved in adding hooks for arbitrary semantic analysis? I suspect the hardest part is figuring out how primitive operations describe themselves for an analysis. (It'll need a neo-XS interface, too.) > What language features can be described to allow for introduction of > arbitrary SA passes? At what levels? I was thinking these sorts of things could be the same way as my $var : attributes. Classify attributes as explicit, default, or compiler-generated. The compiler-generated ones would be read-only to regular code. Or something like that. > What's a good introductory glossary of SA terms? Things get confusing > with many reinvented wheels rolling around. There's a badly formatted mention at http://www.google.com/search?q=cache:compilers.iecc.com/comparch/article/86-03-009+GEN+KILL&hl=en (I couldn't reach the original page). They refer to Aho, Sethi, and Ullman, in "Compilers: Principles, Techniques, and Tools", p. 608 -- that's the dragon book. I think that's where I first read it, though I'm not sure I liked their description all that well. Here's random slide that talks about it: http://www.cs.utexas.edu/users/djimenez/cbz/node7.html
