skip to main content
research-article

Fissile type analysis: modular checking of almost everywhere invariants

Published:08 January 2014Publication History
Skip Abstract Section

Abstract

We present a generic analysis approach to the imperative relationship update problem, in which destructive updates temporarily violate a global invariant of interest. Such invariants can be conveniently and concisely specified with dependent refinement types, which are efficient to check flow-insensitively. Unfortunately, while traditional flow-insensitive type checking is fast, it is inapplicable when the desired invariants can be temporarily broken. To overcome this limitation, past works have directly ratcheted up the complexity of the type analysis and associated type invariants, leading to inefficient analysis and verbose specifications. In contrast, we propose a generic lifting of modular refinement type analyses with a symbolic analysis to efficiently and effectively check concise invariants that hold almost everywhere. The result is an efficient, highly modular flow-insensitive type analysis to optimistically check the preservation of global relationship invariants that can fall back to a precise, disjunctive symbolic analysis when the optimistic assumption is violated. This technique permits programmers to temporarily break and then re-establish relationship invariants--a flexibility that is crucial for checking relationships in real-world, imperative languages. A significant challenge is selectively violating the global type consistency invariant over heap locations, which we achieve via almost type-consistent heaps. To evaluate our approach, we have encoded the problem of verifying the safety of reflective method calls in dynamic languages as a refinement type checking problem. Our analysis is capable of validating reflective call safety at interactive speeds on commonly-used Objective-C libraries and applications.

Skip Supplemental Material Section

Supplemental Material

d1_left_t6.mp4

References

  1. A. Ahmed, M. Fluet, and G. Morrisett. L3: A linear language with locations. Fundam. Inform., 77 (4), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. A. Aiken, J. S. Foster, J. Kodumal, and T. Terauchi. Checking and inferring local non-aliasing. In PLDI, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. J. Berdine, C. Calcagno, and P. W. O'Hearn. Symbolic execution with separation logic. In APLAS, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. J. Berdine, C. Calcagno, B. Cook, D. Distefano, P. W. O'Hearn, T. Wies, and H. Yang. Shape analysis for composite data structures. In CAV, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. E. Bodden, A. Sewe, J. Sinschek, H. Oueslati, and M. Mezini. Taming Reflection: Aiding static analysis in the presence of reflection and custom class loaders. In ICSE, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. M. Braux and J. Noyé. Towards partially evaluating reflection in Java. In PEPM, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. C. Cadar, D. Dunbar, and D. R. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. C. Calcagno, D. Distefano, P. W. O'Hearn, and H. Yang. Compositional shape analysis by means of bi-abduction. In POPL, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. B.-Y. E. Chang and X. Rival. Relational inductive shape analysis. In POPL, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise analysis of string expressions. In SAS, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. R. Chugh, D. Herman, and R. Jhala. Dependent types for JavaScript. In OOPSLA, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. J. Condit, M. Harren, Z. R. Anderson, D. Gay, and G. C. Necula. Dependent types for low-level programming. In ESOP, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. Coughlin and B.-Y. E. Chang. Fissile Type Analysis: Modular checking of almost everywhere invariants (extended version), 2013.Google ScholarGoogle Scholar
  14. P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Distefano, P. W. O'Hearn, and H. Yang. A local shape analysis based on separation logic. In TACAS, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. S. Drossopoulou, A. Francalanza, P. Müller, and A. J. Summers. A unified framework for verification techniques for object invariants. In ECOOP, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. M. Fähndrich and R. DeLine. Adoption and focus: Practical linear types for imperative programming. In PLDI, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. C. Flanagan. Hybrid type checking. In POPL, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. T. Freeman and F. Pfenning. Refinement types for ML. In PLDI, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. M. Furr, J.-h. D. An, and J. S. Foster. Profile-guided static typing for dynamic scripting languages. In OOPSLA, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In PLDI, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. B. S. Gulavani, S. Chakraborty, G. Ramalingam, and A. V. Nori. Bottom-up shape analysis. In SAS, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. W. R. Harris, S. Sankaranarayanan, F. Ivancic, and A. Gupta. Program analysis via satisfiability modulo path programs. In POPL, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Y. P. Khoo, B.-Y. E. Chang, and J. S. Foster. Mixing type checking and symbolic execution. In PLDI, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. V. Laviron, B.-Y. E. Chang, and X. Rival. Separating shape graphs. In ESOP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. B. Livshits, J. Whaley, and M. S. Lam. Reflection analysis for Java. In APLAS, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. M. J. Parkinson. Local Reasoning for Java. PhD thesis, University of Cambridge, Computer Laboratory, 2005.Google ScholarGoogle Scholar
  29. J. G. Politz, A. Guha, and S. Krishnamurthi. Semantics and types for objects with first-class member names. In FOOL, 2012.Google ScholarGoogle Scholar
  30. J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. P. M. Rondon, M. Kawaguchi, and R. Jhala. Liquid types. In PLDI, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. P. M. Rondon, M. Kawaguchi, and R. Jhala. Low-level liquid types. In POPL, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. M. Sagiv, T. Reps, and R. Wilhelm. Solving shape-analysis problems in languages with destructive updating. ACM Trans. Program. Lang. Syst., 20 (1), 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. R. Tate, J. Chen, and C. Hawblitzel. Inferable object-oriented typed assembly language. In PLDI, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. S. Tobin-Hochstadt and M. Felleisen. The design and implementation of Typed Scheme. In POPL, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. TAJ: Effective taint analysis of web applications. In PLDI, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. H. Xi. Imperative programming with dependent types. In LICS, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. H. Xi and F. Pfenning. Dependent types in practical programming. In POPL, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Fissile type analysis: modular checking of almost everywhere invariants

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!