Practical pluggable types for java

This paper introduces the Checker Framework, which supports adding pluggable type systems to the Java language in a backward-compatible way. A type system designer defines type qualifiers and their semantics, and a compiler plug-in enforces the semantics. Programmers can write the type qualifiers in their programs and use the plug-in to detect or prevent errors. The Checker Framework is useful both to programmers who wish to write error-free code, and to type system designers who wish to evaluate and deploy their type systems. The Checker Framework includes new Java syntax for expressing type qualifiers; declarative and procedural mechanisms for writing type-checking rules; and support for flow-sensitive local type qualifier inference and for polymorphism over types and qualifiers. The Checker Framework is well-integrated with the Java language and toolset. We have evaluated the Checker Framework by writing 5 checkers and running them on over 600K lines of existing code. The checkers found real errors, then confirmed the absence of further errors in the fixed code. The case studies also shed light on the type systems themselves.

[1]  Frank Pfenning,et al.  Dependent Types in Logic Programming , 1992, Types in Logic Programming.

[2]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[3]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[4]  F. Petrus Cuperus,et al.  Eiffel Analysis, Design and Programming Language , 2005 .

[5]  Michael D. Ernst,et al.  Javari: adding reference immutability to Java , 2005, OOPSLA '05.

[6]  Darko Marinov,et al.  Object equality profiling , 2003, OOPSLA.

[7]  Kathryn S. McKinley,et al.  Data flow analysis for software prefetching linked data structures in Java , 2001, Proceedings 2001 International Conference on Parallel Architectures and Compilation Techniques.

[8]  Michael D. Ernst,et al.  Parameter reference immutability: formal definition, inference tool, and comparison , 2009, Automated Software Engineering.

[9]  John A. Allen,et al.  The anatomy of lisp , 1980 .

[10]  Torbjörn Ekman,et al.  Pluggable checking and inferencing of nonnull types for Java , 2007, J. Object Technol..

[11]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[12]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[13]  Michael D. Ernst,et al.  Inference of Reference Immutability , 2008, ECOOP.

[14]  Michael D. Ernst,et al.  Efficient incremental algorithms for dynamic detection of likely invariants , 2004, SIGSOFT '04/FSE-12.

[15]  Michael D. Ernst,et al.  Pluggable type-checking for custom type qualifiers in Java , 2007 .

[16]  Michael D. Ernst,et al.  A practical type system and language for reference immutability , 2004, OOPSLA '04.

[17]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[18]  Dirk Theisen,et al.  JAC—Access right based encapsulation for Java , 2001, Softw. Pract. Exp..

[19]  Guy L. Steele,et al.  Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley)) , 2005 .

[20]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[21]  K. Rustan M. Leino,et al.  Declaring and checking non-null types in an object-oriented language , 2003, OOPSLA 2003.

[22]  Martin Elsman,et al.  Carillon - a System to Find Y2K Problems in C Programs , 1999 .

[23]  Frank Tip,et al.  Declarative Object Identity Using Relation Types , 2007, ECOOP.

[24]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[25]  Patrice Chalin,et al.  Non-null References by Default in Java: Alleviating the Nullity Annotation Burden , 2007, ECOOP.

[26]  Olivier Zendra,et al.  Towards Safer Aliasing with the Eiffel Language , 1999, ECOOP Workshops.

[27]  Andrei P. Ershov On programming of arithmetic operations , 1958, CACM.

[28]  Tobias Wrigstad,et al.  A mode system for read-only references in Java , 2001 .

[29]  Shane Markstrum,et al.  A framework for implementing pluggable type systems , 2006, OOPSLA '06.

[30]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[31]  Jens Palsberg,et al.  Trust in the lambda-Calculus , 1997, J. Funct. Program..

[32]  Philip W. L. Fong Pluggable verification modules: an extensible protection mechanism for the JVM , 2004, OOPSLA.

[33]  Jeffrey S. Foster,et al.  Type qualifier inference for java , 2007, OOPSLA.

[34]  Alexander Aiken,et al.  Checking and inferring local non-aliasing , 2003, PLDI '03.

[35]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[36]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[37]  Bilha Mendelson,et al.  Automatic detection of immutable fields in Java , 2000, CASCON.

[38]  Shane Markstrum,et al.  Semantic type qualifiers , 2005, PLDI '05.

[39]  David Hovemeyer,et al.  Evaluating and tuning a static analysis to find null pointer bugs , 2005, PASTE '05.

[40]  Adrian Birka Compiler-Enforced Immutability for the Java Language , 2003 .

[41]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[42]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[43]  David A. Wagner,et al.  Finding User/Kernel Pointer Bugs with Type Inference , 2004, USENIX Security Symposium.

[44]  Gilad Bracha Pluggable Type Systems , 2004 .

[45]  Jean-Christophe Filliâtre,et al.  Type-safe modular hash-consing , 2006, ML '06.

[46]  Todd Millstein,et al.  Practical pluggable types for java , 2005 .

[47]  Michael D. Ernst,et al.  Object and reference immutability using Java generics , 2007, ESEC-FSE '07.

[48]  Michael D. Ernst,et al.  Tools for enforcing and inferring reference immutability in Java , 2007, OOPSLA '07.