Reasoning ab out Continuations with Control E ects 1;2 Pierre Jouvelot 2 David K. Gi ord Categories and Sub ject Descriptions: D.1.3 [Program- Abstract ming Techniques] { Concurrent Programming: E ect We present a new static analysis metho d for rst-class systems; D.1.m [Programming Techniques] { Mis- continuations that uses an e ect system to classify the cellaneous: First-class continuations; D.3.1 [Program- control domain b ehavior of expressions in a typ ed p oly- ming Languages] { Formal De nitions and Theory; morphic language. We intro duce two new control ef- D.3.3 [Programming Languages] { Language Con- fects, goto and comefrom, that describ e the control ow structs: Control structures, e ect systems; D.3.4 [Pro- prop erties of expressions. An expression that do es not gramming Languages] { Pro cessors: Compilers, op- havea goto e ect is said to be continuation fol lowing timization. b ecause it will always call its passed return continua- tion. An expression that do es not havea comefrom ef- General Terms: Languages, Theory,Veri cation. fect is said to b e continuation discarding b ecause it will never preserve its return continuation for later use. Un- Additional Key Words and Phrases: e ect systems, typ e observable control e ects can be masked by the e ect systems, control e ects, e ect masking, control ow system. Control e ect soundness theorems guarantee analysis, FX-87. that the e ects computed statically by the e ect sys- tem are a conservative approximation of the dynamic b ehavior of an expression. 1 Intro duction The e ect system that we describ e p erforms certain kinds of control ow analysis that were not previously First-class continuations add a great deal of expressive feasible. We discuss how this analysis can enable a va- power to a programming language as they p ermit the riety of compiler optimizations, including parallel ex- implementation of a wide varietyofcontrol structures, pression scheduling in the presence of complex control including jumps, error-handlers, and coroutines [F87]. structures, and stack allo cation of continuations. The With this p ower comes substantial semantic [MR88] and e ect system we describ e has b een implemented as an implementation [CHO88] complexities. Thus it would extension to the FX-87 programming language. be very useful to be able to precisely identify which expressions in a program use rst-class continuations and in what manner. We present a new static metho d for control ow anal- This researchwas supp orted by the Defense Advanced Research ysis that p erforms certain kinds of analysis that were Pro jects Agency of the Department of Defense and was monitored by the Oce of Naval Research under contract numb er N00014- not previously feasible. Sp eci cally,wehave develop ed 83-K-0125. the rst static metho d of determining which expressions may not exhibit sequential control ow in a program- 1 CAI, Ecole des Mines, 60 bvd Saint-Michel, 75272, PARIS, ming language with rst-class continuations. France E-mail: [email protected] Our static analysis technique is based on the use of an 2 LCS, Massachusetts Institute of Technology , 545 Techno- e ect system [LG88] to classify the p ossible control do- logy Square, Cambridge, MA 02139, USA E-mail: main b ehavior of expressions. An e ect system is based [email protected]. EDU on a kinded typ e system for the second-order lambda calculus [M79]. Kinds are the \typ es" of descriptions which include typ es and e ects. Our typ e and e ect system has three base kinds: types, which describ e the value that an expression may return; e ects, which de- scrib e the side-e ects that an expression mayhave; and 1 regions, which are used to describ e where side-e ects or goto e ects, the problem of a variable \redef- may o ccur. An expression that do es not have an ob- inition" by a \return" inside its define form is servable e ect is said to b e pure. Expressions that are avoided. In the same manner, mutations that are pure are referentially transparent. p erformed by taking advantage of the implementa- Typ es, e ects and regions are closely interrelated; in tion of recursive de nitions by letrec [B89] can b e prohibited. particular, a function typ e incorp orates a latent e ect that describ es the side-e ects that the function may p erform when it is applied, and a reference typ e in- Control e ects let the compiler writer p erform safe corp orates a region that describ es where the reference optimizations in the presence of rst-class continu- is allo cated. The kind system is used to verify the well- ations. For instance, if a given cwcc expression has formedness of descriptions; the typ e and e ect system a masked control e ect, then the internal contin- is used to verify the well-formedness of expressions. uation will be used only as a \downward funarg" We can use an e ect system for control ow analysis [S78] and thus the expression's continuation struc- by intro ducing two typ es of control e ects, goto and ture control frames can b e stack allo cated. comefrom, that describ e the control ow prop erties of expressions. An expression that do es not havea goto e ect is said to b e continuation fol lowing b ecause it will Control e ects also allow sequential semantics to b e pre- always call its return continuation in the usual way. An served in the presence of b oth rst-class continuations expression that do es not havea comefrom e ect is said and automatic compile-time detection of parallelism. to b e continuation discarding b ecause it will never pre- When compiling for a parallel target machine, the com- serve its return continuation for later use. This \dou- piler can guarantee sequential semantics which is in- ble negation" style of de nitions is necessary when one timately related to the notion of continuations, which wants to express conservative approximations of run- represent the state of a sequential evaluation by con- time program b ehaviors. sidering that control e ects interfere with all e ects. Unobservable control e ects can b e masked by the ef- In the remainder of this pap er we describ e the kernel fect system. Our masking rule applies to expressions language KFX of FX-87 Section 2, integrate control that are externally well-b ehaved, even if they use con- e ects into KFX Section 3, state two control e ect tinuations internally. Control e ect soundness theorems soundness theorems Section 4, give precise conditions guarantee that the e ects computed statically by the when it is p ossible to mask unobservable control e ects e ect system are a conservative approximation of the Section 5, survey related work Section 6, and sum- dynamic b ehavior of an expression. marize our results Section 7. We showhow our e ect system can b e used with the pro cedure call-with-current-continuation inspired from [R86], hereafter noted cwcc. This pro cedure allows rst-class access to the current continuation. Simpler 2 KFX - A Kernel Language for control structures based on lab els and jumps can be FX-87 treated in a similar way. Control e ects are useful to the programmer, the lan- guage designer and the compiler writer: For p edagogical purp oses we will study control e ects in the context of KFX, the kernel language of FX-87. Control e ects let the programmer sp ecify, in FX-87 [GJLS87][LG88] is a p olymorphic typ ed language machine-veri able form, the exp ected run-time that allows side-e ects and rst-class functions. Its syn- control b ehavior of a given program, thus increas- tax and most of its standard op erations are strongly in- ing do cumentation, mo dularity and maintainabil- spired byScheme [R86] which will b e used in most of our ity of programs. Control e ects also provide a pro- examples. The language KFX has the following Kind, grammer with a new framework in which to rea- Description Region, E ect and Typ e and Expression son ab out languages with rst-class continuations. domains where I is the domain of identi ers: Moreover, when unobservable control e ects are masked, a programmer knows that an expression K ::= region will b e well-b ehaved. effect Control e ects let the language designer limit the type use of continuations to simplify the semantics of the language. For instance, by saying that top- R ::= I level de nitions are not allowed to have comefrom @I region constant 2 F ::= I Note that twice is abstracted over the typ e t of the pure no e ect argumentof f and its latent e ect e. The typ e of twice write R write on R is: read R read on R twice : poly t type alloc R allo cation on R poly e effect maxeff F0 F1 combination subr pure subr e t t T ::= I subr e t t subr F T T function poly I K T p olymorphic typ e The typ e and e ect rules for application, abstraction, ref T R reference to T in 1 p olymorphic abstraction and pro jection follow. Just as region R \:" is used to denote the \typ e of " relation, \!" is used D ::= R to denote the \e ect of " relation.