Liquid types

We present Logically Qualified Data Types, abbreviated to Liquid Types, a system that combines Hindley-Milner type inference with Predicate Abstraction to automatically infer dependent types precise enough to prove a variety of safety properties. Liquid types allow programmers to reap many of the benefits of dependent types, namely static verification of critical properties and the elimination of expensive run-time checks, without the heavy price of manual annotation. We have implemented liquid type inference in DSOLVE, which takes as input an OCAML program and a set of logical qualifiers and infers dependent types for the expressions in the OCAML program. To demonstrate the utility of our approach, we describe experiments using DSOLVE to statically verify the safety of array accesses on a set of OCAML benchmarks that were previously annotated with dependent types as part of the DML project. We show that when used in conjunction with a fixed set of array bounds checking qualifiers, DSOLVE reduces the amount of manual annotation required for proving safety from 31% of program text to under 1%.

[1]  John C. Mitchell,et al.  Algorithmic aspects of type inference with subtypes , 1992, POPL '92.

[2]  Matthias Felleisen,et al.  Componential set-based analysis , 1997, TOPL.

[3]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[4]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[5]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[6]  George C. Necula,et al.  Dependent Types for Low-Level Programming , 2007, ESOP.

[7]  Shuvendu K. Lahiri,et al.  A Reachability Predicate for Analyzing Low-Level Software , 2007, TACAS.

[8]  Kenneth Knowles,et al.  Type Reconstruction for General Refinement Types , 2007, ESOP.

[9]  K. Rustan M. Leino,et al.  Flexible Immutability with Frozen Objects , 2008, VSTTE.

[10]  Joël Ouaknine,et al.  Automated Compositional Abstraction Refinement for Concurrent C Programs: A Two-Level Approach , 2003, SoftMC@CAV.

[11]  Shuvendu K. Lahiri,et al.  Unifying type checking and property checking for low-level code , 2009, POPL '09.

[12]  Lennart Augustsson,et al.  Cayenne—a language with dependent types , 1998, ICFP '98.

[13]  Lars Birkedal,et al.  Ynot: dependent types for imperative programs , 2008, ICFP 2008.

[14]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[15]  Jens Palsberg,et al.  Inference of User-Defined Type Qualifiers and Qualifier Rules , 2006, ESOP.

[16]  Miodrag Potkonjak,et al.  MediaBench: a tool for evaluating and synthesizing multimedia and communications systems , 1997, Proceedings of 30th Annual International Symposium on Microarchitecture.

[17]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[18]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[19]  Jeffrey S. Foster,et al.  Type qualifiers: lightweight specifications to improve software quality , 2002 .

[20]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[21]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[22]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[23]  Michael I. Schwartzbach,et al.  The pointer assertion logic engine , 2000, PLDI '01.

[24]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[25]  Robin Milner,et al.  Principal type-schemes for functional programs , 1982, POPL '82.

[26]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[27]  Alexander Aiken,et al.  Scalable error detection using boolean satisfiability , 2005, POPL '05.

[28]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[29]  Thomas J. Barter,et al.  The box , 1997, SIGGRAPH '97.

[30]  Jayadev Misra,et al.  Assertion Graphs for Verifying and Synthesizing Programs , 1978 .

[31]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[32]  Frank Pfenning,et al.  Eliminating array bound checking through dependent types , 1998, PLDI.

[33]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[34]  Frank Pfenning,et al.  Refinement types for ML , 1991, PLDI '91.

[35]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[36]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[37]  David Walker,et al.  Dynamic Typing with Dependent Types , 2004, IFIP TCS.

[38]  Per Martin-Löf,et al.  Constructive mathematics and computer programming , 1984 .

[39]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[40]  François Pottier,et al.  Simplifying subtyping constraints , 1996, ICFP '96.

[41]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[42]  Thomas W. Reps,et al.  A framework for numeric analysis of array operations , 2005, POPL '05.

[43]  Amr Sabry,et al.  The essence of compiling with continuations , 1993, PLDI '93.

[44]  Kenneth Knowles,et al.  Compositional reasoning and decidable checking for dependent contract types , 2009, PLPV '09.

[45]  George C. Necula,et al.  CCured in the real world , 2003, PLDI '03.

[46]  Shuvendu K. Lahiri,et al.  Verifying properties of well-founded linked lists , 2006, POPL '06.

[47]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[48]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[49]  Chao Wang,et al.  Model checking C programs using F-Soft , 2005, 2005 International Conference on Computer Design.

[50]  Kenneth Knowles,et al.  Hybrid type checking , 2010, TOPL.

[51]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[52]  Alex Groce,et al.  Efficient Verification of Sequential and Concurrent C Programs , 2004, Formal Methods Syst. Des..

[53]  Martin Odersky,et al.  Type Inference with Constrained Types , 1999, Theory Pract. Object Syst..

[54]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[55]  K. Rustan M. Leino,et al.  Annotation inference for modular checkers , 2001, Inf. Process. Lett..

[56]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[57]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..