Abstract
We present a generic analysis approach to the imperative relationship update problem, in which destructive updates temporarily violate a global invariant of interest. Such invariants can be conveniently and concisely specified with dependent refinement types, which are efficient to check flow-insensitively. Unfortunately, while traditional flow-insensitive type checking is fast, it is inapplicable when the desired invariants can be temporarily broken. To overcome this limitation, past works have directly ratcheted up the complexity of the type analysis and associated type invariants, leading to inefficient analysis and verbose specifications. In contrast, we propose a generic lifting of modular refinement type analyses with a symbolic analysis to efficiently and effectively check concise invariants that hold almost everywhere. The result is an efficient, highly modular flow-insensitive type analysis to optimistically check the preservation of global relationship invariants that can fall back to a precise, disjunctive symbolic analysis when the optimistic assumption is violated. This technique permits programmers to temporarily break and then re-establish relationship invariants--a flexibility that is crucial for checking relationships in real-world, imperative languages. A significant challenge is selectively violating the global type consistency invariant over heap locations, which we achieve via almost type-consistent heaps. To evaluate our approach, we have encoded the problem of verifying the safety of reflective method calls in dynamic languages as a refinement type checking problem. Our analysis is capable of validating reflective call safety at interactive speeds on commonly-used Objective-C libraries and applications.
Supplemental Material
- A. Ahmed, M. Fluet, and G. Morrisett. L3: A linear language with locations. Fundam. Inform., 77 (4), 2007. Google Scholar
Digital Library
- A. Aiken, J. S. Foster, J. Kodumal, and T. Terauchi. Checking and inferring local non-aliasing. In PLDI, 2003. Google Scholar
Digital Library
- J. Berdine, C. Calcagno, and P. W. O'Hearn. Symbolic execution with separation logic. In APLAS, 2005. Google Scholar
Digital Library
- J. Berdine, C. Calcagno, B. Cook, D. Distefano, P. W. O'Hearn, T. Wies, and H. Yang. Shape analysis for composite data structures. In CAV, 2007. Google Scholar
Digital Library
- E. Bodden, A. Sewe, J. Sinschek, H. Oueslati, and M. Mezini. Taming Reflection: Aiding static analysis in the presence of reflection and custom class loaders. In ICSE, 2011. Google Scholar
Digital Library
- M. Braux and J. Noyé. Towards partially evaluating reflection in Java. In PEPM, 2000. Google Scholar
Digital Library
- C. Cadar, D. Dunbar, and D. R. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, 2008. Google Scholar
Digital Library
- C. Calcagno, D. Distefano, P. W. O'Hearn, and H. Yang. Compositional shape analysis by means of bi-abduction. In POPL, 2009. Google Scholar
Digital Library
- B.-Y. E. Chang and X. Rival. Relational inductive shape analysis. In POPL, 2008. Google Scholar
Digital Library
- A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise analysis of string expressions. In SAS, 2003. Google Scholar
Digital Library
- R. Chugh, D. Herman, and R. Jhala. Dependent types for JavaScript. In OOPSLA, 2012. Google Scholar
Digital Library
- J. Condit, M. Harren, Z. R. Anderson, D. Gay, and G. C. Necula. Dependent types for low-level programming. In ESOP, 2007. Google Scholar
Digital Library
- D. Coughlin and B.-Y. E. Chang. Fissile Type Analysis: Modular checking of almost everywhere invariants (extended version), 2013.Google Scholar
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, 1979. Google Scholar
Digital Library
- D. Distefano, P. W. O'Hearn, and H. Yang. A local shape analysis based on separation logic. In TACAS, 2006. Google Scholar
Digital Library
- S. Drossopoulou, A. Francalanza, P. Müller, and A. J. Summers. A unified framework for verification techniques for object invariants. In ECOOP, 2008. Google Scholar
Digital Library
- M. Fähndrich and R. DeLine. Adoption and focus: Practical linear types for imperative programming. In PLDI, 2002. Google Scholar
Digital Library
- C. Flanagan. Hybrid type checking. In POPL, 2006. Google Scholar
Digital Library
- T. Freeman and F. Pfenning. Refinement types for ML. In PLDI, 1991. Google Scholar
Digital Library
- M. Furr, J.-h. D. An, and J. S. Foster. Profile-guided static typing for dynamic scripting languages. In OOPSLA, 2009. Google Scholar
Digital Library
- P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In PLDI, 2005. Google Scholar
Digital Library
- B. S. Gulavani, S. Chakraborty, G. Ramalingam, and A. V. Nori. Bottom-up shape analysis. In SAS, 2009. Google Scholar
Digital Library
- W. R. Harris, S. Sankaranarayanan, F. Ivancic, and A. Gupta. Program analysis via satisfiability modulo path programs. In POPL, 2010. Google Scholar
Digital Library
- Y. P. Khoo, B.-Y. E. Chang, and J. S. Foster. Mixing type checking and symbolic execution. In PLDI, 2010. Google Scholar
Digital Library
- V. Laviron, B.-Y. E. Chang, and X. Rival. Separating shape graphs. In ESOP, 2010. Google Scholar
Digital Library
- B. Livshits, J. Whaley, and M. S. Lam. Reflection analysis for Java. In APLAS, 2005. Google Scholar
Digital Library
- M. J. Parkinson. Local Reasoning for Java. PhD thesis, University of Cambridge, Computer Laboratory, 2005.Google Scholar
- J. G. Politz, A. Guha, and S. Krishnamurthi. Semantics and types for objects with first-class member names. In FOOL, 2012.Google Scholar
- J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS, 2002. Google Scholar
Digital Library
- P. M. Rondon, M. Kawaguchi, and R. Jhala. Liquid types. In PLDI, 2008. Google Scholar
Digital Library
- P. M. Rondon, M. Kawaguchi, and R. Jhala. Low-level liquid types. In POPL, 2010. Google Scholar
Digital Library
- M. Sagiv, T. Reps, and R. Wilhelm. Solving shape-analysis problems in languages with destructive updating. ACM Trans. Program. Lang. Syst., 20 (1), 1998. Google Scholar
Digital Library
- R. Tate, J. Chen, and C. Hawblitzel. Inferable object-oriented typed assembly language. In PLDI, 2010. Google Scholar
Digital Library
- S. Tobin-Hochstadt and M. Felleisen. The design and implementation of Typed Scheme. In POPL, 2008. Google Scholar
Digital Library
- O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. TAJ: Effective taint analysis of web applications. In PLDI, 2009. Google Scholar
Digital Library
- H. Xi. Imperative programming with dependent types. In LICS, 2000. Google Scholar
Digital Library
- H. Xi and F. Pfenning. Dependent types in practical programming. In POPL, 1999. Google Scholar
Digital Library
Index Terms
Fissile type analysis: modular checking of almost everywhere invariants
Recommendations
Fissile type analysis: modular checking of almost everywhere invariants
POPL '14: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesWe present a generic analysis approach to the imperative relationship update problem, in which destructive updates temporarily violate a global invariant of interest. Such invariants can be conveniently and concisely specified with dependent refinement ...
Flexible type analysis
Run-time type dispatch enables a variety of advanced optimization techniques for polymorphic languages, including tag-free garbage collection, unboxed function arguments, and flattened data structures. However, modern type-preserving compilers transform ...
Flexible type analysis
ICFP '99: Proceedings of the fourth ACM SIGPLAN international conference on Functional programmingRun-time type dispatch enables a variety of advanced optimization techniques for polymorphic languages, including tag-free garbage collection, unboxed function arguments, and flattened data structures. However, modern type-preserving compilers transform ...







Comments