Control Flow Analysis for the 1r-calculus Chiara Bodei, Pierpaolo Degano, 1 Flemming Nielson, Hanne Riis Nielson 2 1 Dipartimento di Informatica, Universith di Pisa Corso Italia 40, 1-56100 Pisa, Italy {chiara, degano}@di, unipi, it 2 Computer Science Department, Aarhus University Ny Munkegade, DK-8000 Aarhus C, Denmark {fn, hrn}@daimi, aau. dk Abstract. Control Flow Analysis is a static technique for predicting safe and computable approximations to the set of values that the objects of a program may assume during its execution. We present an analysis for the 7r-calculus that shows how names will be bound to actual channels at run time. The formula- tion of the analysis requires no extensions to the 1r-calculus, except for assign- ing "channels" to the occurrences of names within restrictions, and assigning "binders" to the occurrences of names within input prefixes. The result of our analysis establishes a super-set of the set of names to which a given name may be bound and of the set of names that may be sent along a given channel. Applications of our analysis include establishing simple security properties of processes. One example is that P has no leaks, i.e. P offers communication through public channels only, and confines its secret names within itself. 1 Introduction Program analysis aims at analysing properties of a program that hold in all executions - regardless of the actual data upon which the program operates and regardless of the specific environment in which it executes. Traditionally, program analysis has been used in compilers for "optimizing" the implementa- tion of programming languages. Various classes of programming languages have then given rise to specific techniques. For example, Data Flow Analysis [11] was mainly developed for imperative languages but is also used for object-oriented languages, and Control Flow Analysis [18] was mainly developed for functional languages but can be used also for object-oriented languages [14] and languages with concurrency [9]. Program analysis provides automatic and decidable methods for analysing properties of programs. Since most of them implicitly involve questions about ter- mination, the properties are intended to "err on the safe side". For each analysis an ordering is imposed on the properties, for example stipulating that a prop- erty is larger than another if more values satisfy the former than the latter. The properties are then interpreted in such a way that an analysis remains correct even when it produces a larger property than ideally possible. This corresponds