Semantic type qualifiers

We present a new approach for supporting user-defined type refinements, which augment existing types to specify and check additional invariants of interest to programmers. We provide an expressive language in which users define new refinements and associated type rules. These rules are automatically incorporated by an extensible typechecker during static typechecking of programs. Separately, a soundness checkerautomatically proves that each refinement's type rules ensure the intended invariant, for all possible programs. We have formalized our approach and have instantiated it as a framework for adding new type qualifiers to C programs. We have used this framework to define and automatically prove sound a host of type qualifiers of different sorts, including pos and neg for integers, tainted and untainted for strings, and nonnull and unique for pointers, and we have applied our qualifiers to ensure important invariants on open-source C programs.

[1]  Karl Crary,et al.  An expressive, scalable type theory for certified code , 2002, ICFP '02.

[2]  Didier Rémy,et al.  Objective ML: An Effective Object-Oriented Extension to ML , 1998, Theory Pract. Object Syst..

[3]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[4]  Guy L. Steele,et al.  Java Language Specification, Second Edition: The Java Series , 2000 .

[5]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[6]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[7]  Sorin Lerner,et al.  Automatically proving the correctness of compiler optimizations , 2003, PLDI '03.

[8]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[9]  Frank Pfenning,et al.  Eliminating array bound checking through dependent types , 1998, PLDI.

[10]  Alexander Aiken,et al.  A theory of type qualifiers , 1999, PLDI '99.

[11]  P. Martin-Lof,et al.  Constructive mathematics and computer programming , 1984, Philosophical Transactions of the Royal Society of London. Series A, Mathematical and Physical Sciences.

[12]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[13]  Peter Sestoft,et al.  Partial evaluation and automatic program generation , 1993, Prentice Hall international series in computer science.

[14]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[15]  Matthias Felleisen,et al.  A Syntactic Approach to Type Soundness , 1994, Inf. Comput..

[16]  Andrew W. Appel,et al.  Foundational proof-carrying code , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[17]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[18]  Per Martin-Löf,et al.  Constructive mathematics and computer programming , 1984 .

[19]  Craig Chambers,et al.  Alias annotations for program understanding , 2002, OOPSLA '02.

[20]  James Gosling The Java Language Specification - Second Edition , 2000 .

[21]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[22]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[23]  David Holmes,et al.  The Java Programming Language, Third Edition , 2000 .

[24]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[25]  James Cheney,et al.  Region-based memory management in cyclone , 2002, PLDI '02.

[26]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[27]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[28]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[29]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[30]  MillsteinTodd,et al.  Semantic type qualifiers , 2005 .

[31]  David A. Wagner,et al.  Finding User/Kernel Pointer Bugs with Type Inference , 2004, USENIX Security Symposium.

[32]  Thierry Coquand,et al.  The Calculus of Constructions , 1988, Inf. Comput..

[33]  Mads Tofte,et al.  Implementation of the typed call-by-value λ-calculus using a stack of regions , 1994, POPL '94.

[34]  Karl Crary,et al.  From system F to typed assembly language , 1999, TOPL.

[35]  Robin Milner,et al.  Definition of standard ML , 1990 .

[36]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[37]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI.

[38]  Sorin Lerner,et al.  Automated soundness proofs for dataflow analyses and transformations via local rules , 2005, POPL '05.

[39]  David Walker,et al.  An effective theory of type refinements , 2003, ACM SIGPLAN Notices.

[40]  K. Rustan M. Leino,et al.  Declaring and checking non-null types in an object-oriented language , 2003, OOPSLA.

[41]  John Tang Boyland,et al.  Alias burying: Unique variables without destructive reads , 2001, Softw. Pract. Exp..

[42]  Greg Nelson,et al.  Simplification by Cooperating Decision Procedures , 1979, TOPL.

[43]  Robert DeLine,et al.  Typestates for Objects , 2004, ECOOP.

[44]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.