Flow-sensitive type qualifiers

We present a system for extending standard type systems with flow-sensitive type qualifiers. Users annotate their programs with type qualifiers, and inference checks that the annotations are correct. In our system only the type qualifiers are modeled flow-sensitively---the underlying standard types are unchanged, which allows us to obtain an efficient constraint-based inference algorithm that integrates flow-insensitive alias analysis, effect inference, and ideas from linear type systems to support strong updates. We demonstrate the usefulness of flow-sensitive type qualifiers by finding a number of new locking bugs in the Linux kernel.

[1]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[2]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[3]  David K. Gifford,et al.  Polymorphic effect systems , 1988, POPL '88.

[4]  Andrew K. Wright Typing References by Effect Inference , 1992, ESOP.

[5]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[6]  Mads Tofte,et al.  Implementation of the typed call-by-value λ-calculus using a stack of regions , 1994, POPL '94.

[7]  William Landi,et al.  An extended form of must alias analysis for dynamic allocation , 1995, POPL '95.

[8]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[9]  Alexander Aiken,et al.  Better static memory management: improving region-based analysis of higher-order languages , 1995, PLDI '95.

[10]  Torben Æ. Mogensen,et al.  Tractable Constraints in Finite Semilattices , 1996, Sci. Comput. Program..

[11]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[12]  Suresh Jagannathan,et al.  Single and loving it: must-alias analysis for higher-order languages , 1998, POPL '98.

[13]  David Walker,et al.  Typed memory management in a calculus of capabilities , 1999, POPL '99.

[14]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[15]  Robert O'Callahan,et al.  A simple, comprehensive type system for Java bytecode subroutines , 1999, POPL 1999.

[16]  Alexander Aiken,et al.  A theory of type qualifiers , 1999, PLDI '99.

[17]  David Walker,et al.  Alias Types , 2000, ESOP.

[18]  David Walker,et al.  Alias Types for Recursive Data Structures , 2000, Types in Compilation.

[19]  Jakob Rehof,et al.  Scalable context-sensitive flow analysis using instantiation constraints , 2000, PLDI '00.

[20]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[21]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[22]  Barton P. Miller,et al.  Typestate Checking of Machine Code , 2001, ESOP.

[23]  James Cheney,et al.  Cyclone User''s Manual, Version 0.1.3 , 2001 .

[24]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[25]  Jakob Rehof,et al.  Type-base flow analysis: from polymorphic subtyping to CFL-reachability , 2001, POPL '01.

[26]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[27]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[28]  Jeffrey S. Foster,et al.  Checking Programmer-Specified Non-Aliasing , 2001 .

[29]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[30]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[31]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[32]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[33]  Atsushi Igarashi,et al.  Resource usage analysis , 2002, POPL '02.

[34]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.