Abstract
This paper presents novel techniques for checking the soundness of a type system automatically using a software model checker. Our idea is to systematically generate every type correct intermediate program state (within some finite bounds), execute the program one step forward if possible using its small step operational semantics, and then check that the resulting intermediate program state is also type correct--but do so efficiently by detecting similarities in this search space and pruning away large portions of the search space. Thus, given only a specification of type correctness and the small step operational semantics for a language, our system automatically checks type soundness by checking that the progress and preservation theorems hold for the language (albeit for program states of at most some finite size). Our preliminary experimental results on several languages--including a language of integer and boolean expressions, a simple imperative programming language, an object-oriented language which is a subset of Java, and a language with ownership types--indicate that our approach is feasible and that our search space pruning techniques do indeed significantly reduce what is otherwise an extremely large search space. Our paper thus makes contributions both in the area of checking soundness of type systems, and in the area of reducing the state space of a software model checker.
- J. Aldrich, V. Kostadinov, and C. Chambers. Alias annotations for program understanding. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), November 2002. Google Scholar
Digital Library
- B. E. Aydemir et al. Mechanized metatheory for the masses: The POPLMARK challenge, May 2005. http://www.cis.upenn.edu/ plclub/wiki-static/poplmark.pdf.Google Scholar
- T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In Programming Language Design and Implementation (PLDI), June 2001. Google Scholar
Digital Library
- C. Boyapati, S. Khurshid, and D. Marinov. Korat: Automated testing based on Java predicates. In International Symposium on Software Testing and Analysis (ISSTA), July 2002. Winner of an ACM SIGSOFT distinguished paper award. Google Scholar
Digital Library
- C. Boyapati, R. Lee, and M. Rinard. Ownership types for safe programming: Preventing data races and deadlocks. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), November 2002. Google Scholar
Digital Library
- C. Boyapati, B. Liskov, and L. Shrira. Ownership types for object encapsulation. In Principles of Programming Languages (POPL), January 2003. Google Scholar
Digital Library
- C. Boyapati, B. Liskov, L. Shrira, C. Moh, and S. Richman. Lazy modular upgrades in persistent object stores. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 2003. Google Scholar
Digital Library
- C. Boyapati and M. Rinard. A parameterized type system for race-free Java programs. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 2001. Google Scholar
Digital Library
- C. Boyapati, A. Salcianu, W. Beebee, Jr., and M. Rinard. Ownership types for safe region-based memory management in Real-Time Java. In Programming Language Design and Implementation (PLDI), June 2003. Google Scholar
Digital Library
- R. E. Bryant. Symbolic boolean manipulation with ordered binary decision diagrams. ACM Computing Surveys 24(3), 1992. Google Scholar
Digital Library
- S. Chaki, E. Clarke, A. Groce, S. Jha, and H. Veith. Modular verification of software components in C. In International Conference on Software Engineering (ICSE), June 2003. Google Scholar
Digital Library
- J. Cheney and A. Momigliano. Mechanized metatheory model-checking. In Principle and Practice of Declarative Programming (PPDP), July 2007. Google Scholar
Digital Library
- D. G. Clarke, J. M. Potter, and J. Noble. Ownership types for flexible alias protection. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 1998. Google Scholar
Digital Library
- E. M. Clarke, O. Grumberg, and D. A. Peled. Model Checking. MIT Press, 1999. Google Scholar
Digital Library
- J. Corbett, M. Dwyer, J. Hatcliff, C. Pasareanu, Robby, S. Laubach, and H. Zheng. Bandera: Extracting finite-state models from Java source code. In International Conference on Software Engineering (ICSE), June 2000. Google Scholar
Digital Library
- P. Darga and C. Boyapati. Efficient software model checking of data structure properties. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 2006. Google Scholar
Digital Library
- R. DeLine and M. Fahndrich. Enforcing high-level protocols in low-level software. In Programming Language Design and Implementation (PLDI), June 2001. Google Scholar
Digital Library
- C. DeMartini, R. Iosif, and R. Sisto. A deadlock detection tool for concurrent Java programs. Software-Practice and Experience (SPE) 29(7), June 1999. Google Scholar
Digital Library
- J. Dolby, M. Vaziri, and F. Tip. Checking properties of heap-manipulating procedures using a constraint solver. In European Software Engineering Conference and Foundations of Software Engineering (ESEC/FSE), September 2007.Google Scholar
- S. Drossopoulou and S. Eisenbach. Java is type safe-probably. In European Conference for Object-Oriented Programming (ECOOP), June 1997.Google Scholar
Cross Ref
- M. Dwyer, J. Hatcliff, M. Hoosier, and Robby. Building your own software model checker using the Bogor extensible model checking framework. In Computer Aided Verification (CAV), January 2005. Google Scholar
Digital Library
- N. Een and A. Biere. Effective preprocessing in SAT through variable and clause elimination. In Theory and Applications of Satisfiability Testing (SAT), June 2005. Google Scholar
Digital Library
- C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In Principles of Programming Languages (POPL), January 2005. Google Scholar
Digital Library
- P. Godefroid. Model checking for programming languages using VeriSoft. In Principles of Programming Languages (POPL), January 1997. Google Scholar
Digital Library
- P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In Programming Language Design and Implementation (PLDI), June 2005. Google Scholar
Digital Library
- S. Graf and H. Saidi. Construction of abstract state graphs with PVS. In Computer Aided Verification (CAV), June 1997. Google Scholar
Digital Library
- W. Grieskamp, N. Tillmann, and W. Shulte. XRT-Exploring runtime for .NET: Architecture and applications. In Workshop on Software Model Checking (SoftMC), July 2005.Google Scholar
- D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y. Wang, and J. Cheney. Region-based memory management in Cyclone. In Programming Language Design and Implementation (PLDI), June 2001. Google Scholar
Digital Library
- T. A. Henzinger, R. Jhala, and R. Majumdar. Lazy abstraction. In Principles of Programming Languages (POPL), January 2002. Google Scholar
Digital Library
- G. Holzmann. The model checker SPIN. Transactions on Software Engineering (TSE) 23(5), May 1997. Google Scholar
Digital Library
- A. Igarashi, B. Pierce, and P. Wadler. Featherweight Java: A minimal core calculus for Java and GJ. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 1999. Google Scholar
Digital Library
- R. Iosif. Symmetry reduction criteria for software model checking. In SPIN workshop on Model Checking of Software (SPIN), April 2002. Google Scholar
Digital Library
- C. N. Ip and D. Dill. Better verification through symmetry. In Computer Hardware Description Languages, April 1993. Google Scholar
Digital Library
- D. Jackson. Software Abstractions: Logic, Language, and Analysis. MIT Press, 2006. Google Scholar
Digital Library
- D. Jackson and C. Damon. Elements of style: Analyzing a software design feature with a counterexample detector. IEEE Transactions on Software Engineering (TSE) 22(7), July 1996. Google Scholar
Digital Library
- S. Khurshid and D. Marinov. TestEra: Specification-based testing of Java programs using SAT. In Automated Software Engineering (ASE), November 2001. Google Scholar
Digital Library
- S. Khurshid, D. Marinov, and D. Jackson. An analyzable annotation language. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), November 2002. Google Scholar
Digital Library
- S. Khurshid, C. S. Pasareanu, and W. Visser. Generalized symbolic execution for model checking and testing. In Tools and Algorithms for Construction and Analysis of Systems (TACAS), April 2003. Google Scholar
Digital Library
- J. C. King. Symbolic execution and program testing. In Communications of the ACM (CACM) 19(7), August 1976. Google Scholar
Digital Library
- G. T. Leavens, A. L. Baker, and C. Ruby. Preliminary design of JML: A behavioral interface specification language for Java. Technical Report TR 98-06i, Department of Computer Science, Iowa State University, May 1998.Google Scholar
- D. Marinov, A. Andoni, D. Daniliuc, S. Khurshid, and M. Rinard. An evaluation of exhaustive testing for data structures. Technical Report TR-921, MIT Laboratory for Computer Science, September 2003.Google Scholar
- K. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, 1993. Google Scholar
Digital Library
- M. Musuvathi and D. Dill. An incremental heap canonicalization algorithm. In SPIN workshop on Model Checking of Software (SPIN), August 2005. Google Scholar
Digital Library
- M. Musuvathi, D. Y. W. Park, A. Chou, D. R. Engler, and D. Dill. CMC: A pragmatic approach to model checking real code. In Operating System Design and Implementation (OSDI), December 2002. Google Scholar
Digital Library
- A. C. Myers. JFlow: Practical mostly-static information flow control. In Principles of Programming Languages (POPL), January 1999. Google Scholar
Digital Library
- G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Principles of Programming Languages (POPL), January 2002. Google Scholar
Digital Library
- T. Nipkow and D. von Oheimb. Java light is type-safe---definitely. In Principles of Programming Languages (POPL), January 1998. Google Scholar
Digital Library
- N. Nystrom, M. R. Clarkson, and A. C. Myers. Polyglot: An extensible compiler framework for Java. In Compiler Construction (CC), April 2003. Google Scholar
Digital Library
- J. Offutt and R. Untch. Mutation 2000: Uniting the orthogonal. In Mutation 2000: Mutation Testing in the Twentieth and the Twenty First Centuries, October 2000.Google Scholar
- B. C. Pierce. Types and Programming Languages. MIT Press, 2002. Google Scholar
Digital Library
- P. Sewell, F. Z. Nardelli, S. Owens, G. Peskine, T. Ridge, S. Sarkar, and R. Strnisa. Ott: Effective tool support for the working semanticist. In International Conference on Functional Programming (ICFP), October 2007. Google Scholar
Digital Library
- M. Vaziri and D. Jackson. Checking properties of heap-manipulating procedures using a constraint solver. In Tools and Algorithms for Construction and Analysis of Systems (TACAS), April 2003. Google Scholar
Digital Library
- W. Visser, K. Havelund, G. Brat, and S. Park. Model checking programs. In Automated Software Engineering (ASE), September 2000. Google Scholar
Digital Library
- D. Walker. A type system for expressive security policies. In Principles of Programming Languages (POPL), January 2000. Google Scholar
Digital Library
- G. Winskel. The Formal Semantics of Programming Languages. MIT Press, 1993. Google Scholar
Digital Library
- A. K. Wright and M. Felleisen. A syntactic approach to type soundness. In Information and Computation 115(1), November 1994. Google Scholar
Digital Library
Index Terms
Efficient software model checking of soundness of type systems
Recommendations
Efficient software model checking of soundness of type systems
OOPSLA '08: Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applicationsThis paper presents novel techniques for checking the soundness of a type system automatically using a software model checker. Our idea is to systematically generate every type correct intermediate program state (within some finite bounds), execute the ...
Type systems for the masses: deriving soundness proofs and efficient checkers
Onward! 2015: 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!)The correct definition and implementation of non-trivial type systems is difficult and requires expert knowledge, which is not available to developers of domain-specific languages (DSLs) in practice. We propose Veritas, a workbench that simplifies the ...
Efficient modular glass box software model checking
OOPSLA '10: Proceedings of the ACM international conference on Object oriented programming systems languages and applicationsGlass box software model checking incorporates novel techniques to identify similarities in the state space of a model checker and safely prune large numbers of redundant states without explicitly checking them. It is significantly more efficient than ...







Comments