ABSTRACT
Java's type system provides programmers with strong guarantees of type and memory safety, but there are many important properties not captured by standard Java types. We describe JQual, a tool that adds user-defined type qualifiers to Java, allowing programmers to quickly and easily incorporateextra lightweight, application-specific type checking into their programs. JQual provides type qualifier inference, so that programmers need only add a few key qualifier annotations to their program, and then JQual infers any remaining qualifiers and checks their consistency. We explore two applications of JQual. First, we introduce opaque and enumqualifiers to track C pointers and enumerations that flow through Java code via the JNI. In our benchmarks we found that these C values are treated correctly, but there are some places where a client could potentially violate safety. Second,we introduce a read only qualifier for annotating references that cannot be used to modify the objects they refer to. We found that JQual is able to automatically infer read only in many places on method signatures. These results suggest that type qualifiers and type qualifier inference are a useful addition to Java.
- SourceForge. http://www.sourceforge.net.Google Scholar
- SPEC JVM98 Benchmarks. http://www.spec.org/jvm98/.Google Scholar
- Java Enterprise Edition HttpServletRequest API, 2006. http://java.sun.com/javaee/5/docs/api/javax/servlet/http/HttpServletReq%uest.html.Google Scholar
- A. Aiken, J. S. Foster, J. Kodumal, and T. Terauchi. Checking and Inferring Local Non-Aliasing. In PLDI'03, pages 129--140, June 2003. Google Scholar
Digital Library
- C. Andreae, J. Noble, S. Markstrum, and T. Millstein. A framework for implementing pluggable type systems. In OOPSLA'06: Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, pages 57--74, New York, NY, USA, 2006. ACM Press. Google Scholar
Digital Library
- K. Arnold, J. Gosling, and D. Holmes. The Java Programming Language. Addison-Wesley, 4th edition, 2006. Google Scholar
Digital Library
- S. Artzi, M. D. Ernst, D. Glasse, and A. Kiezun. Combined static and dynamic mutability analysis. Technical Report MIT-CSAIL-TR-2006-065, MIT CSAIL, Sept. 2006.Google Scholar
- A. Birka and M. D. Ernst. A practical type system and language for reference immutability. In OOPSLA'04, pages 35--49, Oct. 2004. Google Scholar
Digital Library
- P. Broadwell, M. Harren, and N. Sastry. Scrash: A System for Generating Secure Crash Information. In Usenix Security'03, Aug. 2003. Google Scholar
Digital Library
- B. Chin, S. Markstrum, and T. Millstein. Semantic type qualifiers. In PLDI'05, pages 85--95, 2005. Google Scholar
Digital Library
- B. Chin, S. Markstrum, T. Millstein, and J. Palsberg. Inference of User-Defined Type Qualifiers and Qualifier Rules. In ESOP'06, pages 264--278, Mar. 2006. Google Scholar
Digital Library
- J. Dean, D. Grove, and C. Chambers. Optimizatin of Object-Oriented Programs Using Static Class Hierarchy Analysis. In ECOOP'95, pages 77--101, Aug. 1995. Google Scholar
Digital Library
- M. D. Ernst and D. Coward. JSR 308: Annotations on Java types. http://jcp.org/en/jsr/detail?id=308, October 17 2006.Google Scholar
- J. S. Foster, M. Fähndrich, and A. Aiken. A Theory of Type Qualifiers. In PLDI'99, pages 192--203, May 1999. Google Scholar
Digital Library
- J. S. Foster, R. Johnson, J. Kodumal, and A. Aiken. Flow-Insensitive Type Qualifiers. ACM TOPLAS, 28(6):1035--1087, Nov. 2006. Google Scholar
Digital Library
- J. S. Foster, T. Terauchi, and A. Aiken. Flow-Sensitive Type Qualifiers. In PLDI'02, pages 1--12, June 2002. Google Scholar
Digital Library
- T. E. Foundation. Eclipse Project. Web pages at http://www.eclipse.org.Google Scholar
- T. Fraser, J. Nick L. Petroni, and W. A. Arbaugh. Applying flow-sensitive CQUAL to verify MINIX authorization check placement. In PLAS'06, 2006. Google Scholar
Digital Library
- T. Freeman and F. Pfenning. Refinement types for ml. In PLDI'91, pages 268--277, New York, NY, USA, 1991. ACM Press. Google Scholar
Digital Library
- M. Furr and J. S. Foster. Polymorphic Type Inference for the JNI. In ESOP'06, pages 309--324, Mar. 2006. Google Scholar
Digital Library
- V. Haldar, D. Chandra, and M. Franz. Dynamic taint propagation for java. In ACSAC'05: Proceedings of the 21st Annual Computer Security Applications Conference, pages 303--311, Washington, DC, USA, 2005. IEEE Computer Society. Google Scholar
Digital Library
- A. Igarashi, B. C. Pierce, and P. Wadler. Featherweight Java: a minimal core calculus for Java and GJ. ACM TOPLAS, 23(3):396--450, 2001. Google Scholar
Digital Library
- Java-Gnome Developers. Java bindings for the gnome and gtk libraries. http://java-gnome.sourceforge.net.Google Scholar
- R. Johnson and D. Wagner. Finding User/Kernel Bugs With Type Inference. In Usenix Security'04, Aug. 2004. Google Scholar
Digital Library
- M. S. Lam, J. Whaley, V. B. Livshits, M. C. Martin, D. Avots, M. Carbin, and C. Unkel. Context-sensitive program analysis as database queries. In PODS'05, pages 1--12, 2005. Google Scholar
Digital Library
- O. Lhoták and L. Hendren. Scaling Java points-to analysis using Spark. In CC'03, pages 153-169, 2003. language concept for enhancing software reliability. IEEE Trans. Softw. Eng., 12(1):157--171, 1986. Google Scholar
Digital Library
- O. Lhoták and L. Hendren. Jedd: a BDD-based Relational Extension of Java. In PLDI'04, pages 158--169, 2004. Google Scholar
Digital Library
- S. Liang. The Java Native Interface: Programmer's Guide and Specification. Addison-Wesley, 1999. Google Scholar
Digital Library
- Y. Liu and A. Milanova. Ownership and Immutability Inference for UML-based Object Access Control. In ICSE'07, pages 323--332, 2007. 2005. Google Scholar
Digital Library
- V. B. Livshits and M. S. Lam. Finding security errors in Java programs with static analysis. In Proceedings of the 14th Usenix Security Symposium, pages 271--286, Aug. 2005. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized Object Sensitivity for Points--to Analysis for Java. ACM TSEM, 14(1):1--41, 2005. Google Scholar
Digital Library
- R. Milner. A Theory of Type Polymorphism in Programming. JCSS, 17:348--375, 1978.Google Scholar
Cross Ref
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In CC'02, pages 213--228, Apr. 2002. Google Scholar
Digital Library
- P. Pratikakis, J. Spacco, and M. Hicks. Transparent Proxies for Java Futures. In OOPSLA'04, pages 206--223, 2004. Google Scholar
Digital Library
- W. Pugh. JSR 305: Annotations for Software Defect Detection, 2006. http://jcp.org/en/jsr/detail?id=305.Google Scholar
- J. Rehof and M. Fähndrich. Type-Based Flow Analysis: From Polymorphic Subtyping to CFL-Reachability. In POPL'01, pages 54--66, Jan. 2001. Google Scholar
Digital Library
- T. Reps. Undecidability of context-sensitive data-independence analysis. ACM Trans. Program. Lang. Syst., 22(1):162--186,2000 Google Scholar
Digital Library
- T. Reps, S. Horwitz, and M. Sagiv. Precise Interprocedural Dataflow Analysis via Graph Reachability. In POPL'95, pages 49--61, Jan. 1995. Google Scholar
Digital Library
- A. Rountev. Precise Identification of Side-effect-free Methods in Java. In ICSM'04, pages 82--91, Sept. 2004. Google Scholar
Digital Library
- B. G. Ryder. Dimensions of Precision in Reference Analysis of Object-oriented Programming Languages. In CC'03, pages 126--137, 2003. Google Scholar
Digital Library
- A. Salcianu and M. Rinard. Purity and Side Effect Analysis for Java Programs. In VMCAI'05, Jan. 2005. Google Scholar
Digital Library
- U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting Format String Vulnerabilities with Type Qualifiers. In Usenix Security'01, Aug. 2001. Google Scholar
Digital Library
- M. Sridharan and R. Bodik. Refinement-based Contextsensitive Points-to Analysis for Java. In PLDI'06, pages 387--400, 2006. Google Scholar
Digital Library
- M. Sridharan, D. Gopan, L. Shan, and R. Bodik. Demanddriven Points-to Analysis for Java. In OOPSLA'05, pages 59--76, 2005. Google Scholar
Digital Library
- R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng., 12(1):157--171, 1986. Google Scholar
Digital Library
- M. S. Tschantz. Javari: Adding reference immutability to Java. Master's thesis, MIT Dept. of EECS, Aug. 2006. MITCSAIL-TR-2006-059.Google Scholar
- M. S. Tschantz and M. D. Ernst. Javari: Adding reference immutability to Java. In OOPSLA'05, pages 211--230, Oct. 2005. Google Scholar
Digital Library
- J. Whaley and M. S. Lam. Cloning-based Context-sensitive Pointer Alias Analysis using Binary Decision Diagrams. In PLDI'04, pages 131--144, 2004. Google Scholar
Digital Library
- X. Zhang, A. Edwards, and T. Jaeger. Using CQUAL for Static Analysis of Authorization Hook Placement. In Usenix Security'02, Aug. 2002. Google Scholar
Digital Library
Index Terms
Type qualifier inference for java
Recommendations
Object and reference immutability using Java generics
ESEC-FSE '07: Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineeringA compiler-checked immutability guarantee provides useful documentation, facilitates reasoning, and enables optimizations. This paper presents Immutability Generic Java (IGJ), a novel language extension that expresses immutability without changing Java'...
Type qualifier inference for java
Proceedings of the 2007 OOPSLA conferenceJava's type system provides programmers with strong guarantees of type and memory safety, but there are many important properties not captured by standard Java types. We describe JQual, a tool that adds user-defined type qualifiers to Java, allowing ...
A practical type system and language for reference immutability
OOPSLA '04: Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applicationsThis paper describes a type system that is capable of expressing and enforcing immutability constraints. The specific constraint expressed is that the abstract state of the object to which an immutable reference refers cannot be modified using that ...







Comments