practical pluggable types via the checker framework
play

Practical pluggable types via the Checker Framework Matthew Papi, - PowerPoint PPT Presentation

Oct 17, 2022 •427 likes •801 views

void print( @Readonly Object x) { List< @NonNull String> lst; } Practical pluggable types via the Checker Framework Matthew Papi, Mahmood Ali, Telmo Correa Jr., Jeff Perkins, Michael Ernst MIT Problem 1: Javas type checking Type

  1. void print( @Readonly Object x) { List< @NonNull String> lst; … } Practical pluggable types via the Checker Framework Matthew Papi, Mahmood Ali, Telmo Correa Jr., Jeff Perkins, Michael Ernst MIT

  2. Problem 1: Java’s type checking • Type checking prevents many bugs int i = “hello”; // type error • Type checking doesn’t prevent enough bugs java.lang. NullPointerException at checkers.util.GraphQualifierHierarchy.isSubtype(GraphQualifierHierarchy.java:21 at checkers.types.QualifierHierarchy.isSubtype(QualifierHierarchy.java:70) at checkers.types.TypeHierarchy.isSubtypeImpl(TypeHierarchy.java:100) at checkers.types.TypeHierarchy.isSubtype(TypeHierarchy.java:64) at checkers.basetype.BaseTypeChecker.isSubtype(BaseTypeChecker.java:305) at checkers.basetype.BaseTypeVisitor.commonAssignmentCheck(BaseTypeVisitor.java:48 at checkers.basetype.BaseTypeVisitor.commonAssignmentCheck(BaseTypeVisitor.java:46 at checkers.basetype.BaseTypeVisitor.checkArguments(BaseTypeVisitor.java:597) at checkers.basetype.BaseTypeVisitor.visitMethodInvocation(BaseTypeVisitor.java:27 at com.sun.tools.javac.tree.JCTree$JCMethodInvocation.accept(JCTree.java:1315) at com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:67) at checkers.basetype.BaseTypeVisitor.scan(BaseTypeVisitor.java:110) at com.sun.source.util.TreeScanner.visitExpressionStatement(TreeScanner.java:239) at com.sun.tools.javac.tree.JCTree$JCExpressionStatement.accept(JCTree.java:1155) at com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:67) at checkers.basetype.BaseTypeVisitor.scan(BaseTypeVisitor.java:110) at com.sun.source.util.TreeScanner.scanAndReduce(TreeScanner.java:80)

  3. Problem 1: Java’s type checking • Type checking prevents many bugs int i = “hello”; // type error • Type checking doesn’t prevent enough bugs – Null dereferences – Incorrect equality tests – Incorrect mutation – SQL injection – Privacy violations – Misformatted data – ...

  4. Solution: Pluggable type systems • Design a type system to solve a specific problem • Write type qualifiers in your code (or, type inference) @NonNull Date d = ...; d.getMonth(); // no possible NPE • Type checker warns about violations (bugs) % javac -processor NullnessChecker MyFile.java MyFile.java:149: dereference of possibly-null reference bb2 if (vars1.containsAll(bb2.vars)) ^

  5. Problem 2: Implementing pluggable types • Modify a compiler: hard • Previous frameworks: too weak • Alternatives to case studies: – Soundness proof for core calculus – Toy examples • Hampers understanding and use of type systems • A type system is valuable only if it helps developers to find and prevent errors – Case studies are necessary

  6. Example: Type systems for immutability println(@Readonly Object x) { … } @Readonly Object[] getSigners() { … } Map<@Immutable Date, Object> cache; • Formalisms, proofs, etc. • Crucial insight from case studies – Javari type system [Birka 2004]: 160 KLOC – IGJ type system [Zibin 2007]: 106 KLOC • Larger case studies have revealed even more

  7. Solution: The Checker Framework • Enables creation of pluggable types for Java • Expressive – Can create realistic type systems • Concise – Most checks are built in – Declarative syntax for common cases • Scalable – Large programs – Full Java language – Java toolchain • Aids programmers and type system designers

  8. Contributions • Syntax for type qualifiers in Java • Checker Framework for writing type checkers • 5 checkers written using the framework • Case studies enabled by the infrastructure • Insights about the type systems

  9. Syntax for type qualifiers • Java 7 : annotate any use of a type List<@NonNull String> myStrings; myGraph = (@Immutable Graph) tmpGraph; class UnmodifiableList<T> implements @Readonly List<@Readonly T> {} • Backward ‐ compatible : compile with any Java compiler List</*@NonNull*/ String> myStrings;

  10. Tool integration • IDE support: javac, Eclipse, Netbeans – IntelliJ planned • Annotated JDK • Type inference: 3 tools • Building type checkers: – ETH Zurich, MIT, Radboud U., U. of Buenos Aires, U. of California at Los Angeles, U. of Saarland, U. of Washington, U. of Wisconsin – Milwaukee, Washington State U., … • Integrating with other tools: – IBM, INRIA, JetBrains, MIT, Oxford, Sun, Victoria University of Wellington, …

  11. Outline • Syntax for type qualifiers in Java • Checker Framework for writing type checkers • 5 checkers written using the framework • Case studies enabled by the infrastructure • Insights about the type systems • Conclusion

  12. A complete, useful type checker @TypeQualifier @SubtypeOf(Unqualified.class) public @interface Encrypted { } To use it: 1. Write @Encrypted in your program void send(@Encrypted String message) { … } 2. Compile your program javac -processor BasicChecker -Aquals=Encrypted MyProgram.java

  13. Built ‐ in features • Arbitrary type qualifier hierarchy • Subtyping: inheritance, overriding, assignment • Polymorphism – Types (Java generics) – Type qualifiers • Type qualifier inference (flow ‐ sensitivity) • Implicit and default qualifiers • …

  14. Defining a type system @TypeQualifier public @interface NonNull { }

  15. Defining a type system 1. Type qualifier hierarchy 2. Type introduction rules 3. Other type rules @TypeQualifier public @interface NonNull { }

  16. Defining a type system 1. Type qualifier hierarchy 2. Type introduction rules 3. Other type rules @TypeQualifier @SubtypeOf( Nullable.class ) public @interface NonNull { }

  17. Defining a type system 1. Type qualifier hierarchy new Date() 2. Type introduction rules “hello ” + getName() Boolean.TRUE 3. Other type rules @TypeQualifier @SubtypeOf( Nullable.class ) @ImplicitFor(trees={ NEW_CLASS, PLUS, BOOLEAN_LITERAL, ... } ) public @interface NonNull { }

  18. Defining a type system 1. Type qualifier hierarchy synchronized(expr) { … 2. Type introduction rules } 3. Other type rules Warn if expr may be null void visitSynchronized(SynchronizedTree node) { ExpressionTree expr = node.getExpression(); AnnotatedTypeMirror type = getAnnotatedType(expr); if (! type.hasAnnotation(NONNULL)) checker.report(Result.failure(...), expr); }

  19. Type refinement Date d1, d2, d3; // may be null d1 = new Date(); d1.getMonth(); // OK: d1 is non-null assert d2 != null; d2.getMonth(); // OK if (d3 != null) { d3.getMonth(); // OK } Type ‐ checks as if annotations/casts were present “Local flow ‐ sensitive type qualifier inference”

  20. Outline • Syntax for type qualifiers in Java • Checker Framework for writing type checkers • 5 checkers written using the framework • Case studies enabled by the infrastructure • Insights about the type systems • Conclusion

  21. Sample type checkers • Basic checker (subtyping) • Null dereferences (@NonNull) • Errors in equality testing (@Interned) • Reference immutability (Javari) • Reference & object immutability (IGJ) < 500 LOC per checker

  22. Outline • Syntax for type qualifiers in Java • Checker Framework for writing type checkers • 5 checkers written using the framework • Case studies enabled by the infrastructure • Insights about the type systems • Conclusion

  23. Case studies • Annotated existing Java programs • Found bugs in every codebase – Verified by a human and fixed • As of summer 2007: 360 KLOC – Now: > 1 MLOC – Scales to > 200 KLOC

  24. Checkers are easy to use • Natural part of workflow • Feels like Java • Few false positives – Easy to understand and fix

  25. Annotations are not too verbose • Examples: – Nullness: 1 per 75 lines – Interning: 124 in 220 KLOC revealed 11 bugs • Careful choice of defaults • Type refinement • Possible to annotate part of program • Fewer annotations in new code

  26. Comparison: other Nullness tools Null pointer errors False Annotations warnings written Found Missed Checker Framework 8 0 4 35 FindBugs 0 8 1 0 Jlint 0 8 8 0 PMD 0 8 0 0 • Checking a 4KLOC program • The other tools find bugs besides null dereferences

  27. Outline • Syntax for type qualifiers in Java • Checker Framework for writing type checkers • 5 checkers written using the framework • Case studies enabled by the infrastructure • Insights about the type systems • Conclusion

  28. Lessons learned • Type systems – Interning – Nullness – Javari – IGJ • Polymorphism • Framework design • Others: supertype qualifiers, simple type systems, inference, syntax, language integration, toolchain, …

  29. Interning type system • New approach to finding equality errors – Purely type system – Fully backward compatible – Permits both interned and uninterned instances

  30. Nullness type system • New default: non ‐ null except locals (NNEL) • Signatures: non ‐ null # anno- • Locals: nullable Default tations Ratio – Inspired by practical use @Nullable 382 11 – Exploits flow sensitivity @NonNull 80 2.3 NNEL 35 1.0 – Applicable to other type systems • Nullness differs from other type systems – More application invariants – Run ‐ time checks – Needs flow ‐ sensitivity

  31. Javari type system • Enhancements: – Permit covariant method parameters class Super { void mymethod(Object x); } class Sub { void mymethod(@Readonly Object x); } – Improved type parameter inference – Improved treatment of fields

Recommend

Pluggable type systems reconsidered ISSTA 2018 Impact Paper Award for Practical Pluggable

Pluggable type systems reconsidered ISSTA 2018 Impact Paper Award for Practical Pluggable

Pluggable type systems reconsidered ISSTA 2018 Impact Paper Award for Practical Pluggable Types for Java Michael D. Ernst University of Washington https://checkerframework.org/ Optional Type Checking int x = &quot;hello world&quot;;

629 views • 60 slides
I WANT YOU TO FIGHT BAD CODE! Get the tools &amp; demos from: http://types.cs.washington.edu/

I WANT YOU TO FIGHT BAD CODE! Get the tools &amp; demos from: http://types.cs.washington.edu/

I WANT YOU TO FIGHT BAD CODE! Get the tools &amp; demos from: http://types.cs.washington.edu/ checker-framework/2012-oscon/ Developing and Using Pluggable Type Systems Werner M. Dietl Michael D. Ernst University of Washington Computer

582 views • 26 slides
The Design, Implementation and Evaluation of a Pluggable Type Checker for Thread-Locality in Java

The Design, Implementation and Evaluation of a Pluggable Type Checker for Thread-Locality in Java

The Design, Implementation and Evaluation of a Pluggable Type Checker for Thread-Locality in Java By: Amanj Sherwany 2011 http://www.amanj.me Background Loci is a static checker for thread- Informationsteknologi locality for Java-like

931 views • 50 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
A Pluggable Framework for Composable HPC Scheduling Libraries Max Grossman 1 , Vivek Kumar 2 ,

A Pluggable Framework for Composable HPC Scheduling Libraries Max Grossman 1 , Vivek Kumar 2 ,

A Pluggable Framework for Composable HPC Scheduling Libraries Max Grossman 1 , Vivek Kumar 2 , Nick Vrvilo 1 , Zoran Budimlic 1 , Vivek Sarkar 1 1 Habanero Extreme Scale So=ware Research Group, Rice University 2 IIIT-Delhi AsHES 2017 - May 29 2017

596 views • 36 slides
Dialog Typing paves way for dialog to negotiate communication properties NE Exe Checker - (All)

Dialog Typing paves way for dialog to negotiate communication properties NE Exe Checker - (All)

Dialog Typing paves way for dialog to negotiate communication properties NE Exe Checker - (All) Private types - No Readable types Desired level Accept - No Modifiable types of visibility/ Receiver Sender Reject control? - Fewer private

544 views • 8 slides
The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision

The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision

The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision Group. UIB. SPAIN Julin Proenza. UIB. Oct 2008 The aim of this presentation Introduce the basic concepts of model checking from a practical

804 views • 68 slides
LEDBAT architecture framework consisting of pluggable components

LEDBAT architecture framework consisting of pluggable components

LEDBAT architecture framework consisting of pluggable components draft-mayutan-ledbat-congestionarchitecture-00.txt Mayutan Arumaithurai, Xiaoming Fu, K.K Ramakrishnan March 22, 2010 M. Arumaithurai, X. Fu, K.K. Ramakrishnan () LEDBAT WG

430 views • 16 slides
Practical Analog Filters Overview Types of practical filters Filter specifications

Practical Analog Filters Overview Types of practical filters Filter specifications

Practical Analog Filters Overview Types of practical filters Filter specifications Tradeoffs Many examples J. McNames Portland State University ECE 222 Practical Analog Filters Ver. 1.04 1 Ideal Filters Lowpass Highpass

643 views • 48 slides
ARC Framework Co-Developers The ARC Framework A Practical Toolkit For Parents ARC Rick Simon,

ARC Framework Co-Developers The ARC Framework A Practical Toolkit For Parents ARC Rick Simon,

4/18/2013 1 ARC Framework Co-Developers The ARC Framework A Practical Toolkit For Parents ARC Rick Simon, M.Ed., LCPC Kristine Kinniburgh, LICSW Margaret Blaustein, PHD Clinical Therapist Director of Training &amp; Education Trauma Center

598 views • 47 slides
Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of

Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of

Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of Mozilla Sander van Geloven FOSDEM, Brussels February 1, 2020 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

611 views • 39 slides
Nuspell: the new spell checker FOSS spell checker implemented in C++14 with aid of Mozilla.

Nuspell: the new spell checker FOSS spell checker implemented in C++14 with aid of Mozilla.

Nuspell: the new spell checker FOSS spell checker implemented in C++14 with aid of Mozilla. Sander van Geloven FOSDEM, Brussels February 2, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

327 views • 21 slides
Have some fun Checker: Checker: http://www.cs.caltech.edu/~ vhuang/cs 20/c/applet/more.html

Have some fun Checker: Checker: http://www.cs.caltech.edu/~ vhuang/cs 20/c/applet/more.html

Have some fun Checker: Checker: http://www.cs.caltech.edu/~ vhuang/cs 20/c/applet/more.html 1 Local Beam Search Run multiple searches to find the Run multiple searches to find the solution The best K states are selected. Like

636 views • 24 slides
Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed

Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed

Design and Practical Guideline to a CORBA-based-Communication Framework DWARF : Distributed Wearable Augmented Reality Framework Studienarbeit Lothar Richter Chair for Applied Software Engineering Summary Development of a short and easy

430 views • 30 slides
Enabling Practical SDN Security Applications with OFX (The O pen F low e X tension Framework)

Enabling Practical SDN Security Applications with OFX (The O pen F low e X tension Framework)

Enabling Practical SDN Security Applications with OFX (The O pen F low e X tension Framework) John Sonchack, Adam J. Aviv, Eric Keller, and Jonathan M. Smith Outline Introduction Overview of OFX Using OFX Benchmarks 2 Basic Networking:

604 views • 35 slides
Disproportionate Costs in the EC Water Framework Directive The Concept and its Practical

Disproportionate Costs in the EC Water Framework Directive The Concept and its Practical

Disproportionate Costs in the EC Water Framework Directive The Concept and its Practical Implementation By Benjamin Grlach 1 and Britta Pielen 2 Paper presented at the envecon 2007 Applied Environmental Economics Conference London, 23 March

414 views • 17 slides
Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 31 Model-checker Specify the model of the system Specify the requirements Model-checker will automatically check if system

1.72k views • 112 slides
Stitch: The Sound Type-Indexed Type Checker Richard A. Eisenberg Bryn Mawr College

Stitch: The Sound Type-Indexed Type Checker Richard A. Eisenberg Bryn Mawr College

Stitch: The Sound Type-Indexed Type Checker Richard A. Eisenberg Bryn Mawr College rae@cs.brynmawr.edu Wednesday, April 25, 2018 New York City Haskell Users' Group New York, NY, USA A brief history of Haskell types type classes (Wadler

806 views • 48 slides
PROPOSAL For a Modular, Pluggable 802.11 MAC Model To Facilitate Experimentation and

PROPOSAL For a Modular, Pluggable 802.11 MAC Model To Facilitate Experimentation and

PROPOSAL For a Modular, Pluggable 802.11 MAC Model To Facilitate Experimentation and Contributions IBM Research - Zurich, Switzerland September 3-4, 2015 Andras Varga 1 IEEE 802.11 Model Goals 1. Full-featured, validated model

558 views • 23 slides
Whats new in Sudo 1.8? Pluggable modules for Sudo

Whats new in Sudo 1.8? Pluggable modules for Sudo

Whats new in Sudo 1.8? Pluggable modules for Sudo Introduc=on to Sudo Sudo allows a system administrator to give users the ability

439 views • 24 slides
META-NET and META Hans Uszkoreit Co-funded, by, the, 7th, Framework, Programme, of, the,

META-NET and META Hans Uszkoreit Co-funded, by, the, 7th, Framework, Programme, of, the,

META-NET and META Hans Uszkoreit Co-funded, by, the, 7th, Framework, Programme, of, the, European, Commission, through, the, contract, T4ME,, grant, agreement, no.:, 249119. Language Technology Everywhere spell checker in Microsoft Word

624 views • 33 slides
Using a Grammar Checker for Evaluation and Postprocessing of Statistical Machine Translation Sara

Using a Grammar Checker for Evaluation and Postprocessing of Statistical Machine Translation Sara

Using a Grammar Checker for Evaluation and Postprocessing of Statistical Machine Translation Sara Stymne and Lars Ahrenberg Link oping University, Sweden LREC May 20, 2010 Using a Grammar Checker for Evaluation and Postprocessing of

755 views • 29 slides
Public-key cryptography in Tor and pluggable transports Tanja Lange Technische Universiteit

Public-key cryptography in Tor and pluggable transports Tanja Lange Technische Universiteit

Public-key cryptography in Tor and pluggable transports Tanja Lange Technische Universiteit Eindhoven 09 June 2016 1 / 17 Tor Attend Rogers talk on Friday. 2 / 17 Motivation Network Sender Receiver Eavesdropper

327 views • 21 slides
Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

COMP 520 Fall 2010 Type checking (1) Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks: determine the types of all expressions; check that values and variables are used correctly; and resolve

631 views • 30 slides

More recommend