210 research outputs found
Concurrent Typestate-Oriented Programming in Java
We describe a generative approach that enables concurrent typestate-oriented
programming in Java and other mainstream languages. The approach allows
programmers to implement objects exposing a state-sensitive interface using a
high-level synchronization abstraction that synchronizes methods with the
states of the receiver object in which those methods have an effect. An
external tool takes care of generating all the boilerplate code that implements
the synchronization logic. Behavioral types are used to specify object
protocols. The tool integrates protocol conformance verification with the
synchronization logic so that protocol violations are promptly detected at
runtime.Comment: In Proceedings PLACES 2019, arXiv:1904.0039
Behavioral types in programming languages
A recent trend in programming language research is to use behav- ioral type theory to ensure various correctness properties of large- scale, communication-intensive systems. Behavioral types encompass concepts such as interfaces, communication protocols, contracts, and choreography. The successful application of behavioral types requires a solid understanding of several practical aspects, from their represen- tation in a concrete programming language, to their integration with other programming constructs such as methods and functions, to de- sign and monitoring methodologies that take behaviors into account. This survey provides an overview of the state of the art of these aspects, which we summarize as the pragmatics of behavioral types
Modular session types for objects
Session types allow communication protocols to be specified
type-theoretically so that protocol implementations can be verified by static
type checking. We extend previous work on session types for distributed
object-oriented languages in three ways. (1) We attach a session type to a
class definition, to specify the possible sequences of method calls. (2) We
allow a session type (protocol) implementation to be modularized, i.e.
partitioned into separately-callable methods. (3) We treat session-typed
communication channels as objects, integrating their session types with the
session types of classes. The result is an elegant unification of communication
channels and their session types, distributed object-oriented programming, and
a form of typestate supporting non-uniform objects, i.e. objects that
dynamically change the set of available methods. We define syntax, operational
se-mantics, a sound type system, and a sound and complete type checking
algorithm for a small distributed class-based object-oriented language with
structural subtyping. Static typing guarantees that both sequences of messages
on channels, and sequences of method calls on objects, conform to
type-theoretic specifications, thus ensuring type-safety. The language includes
expected features of session types, such as delegation, and expected features
of object-oriented programming, such as encapsulation of local state.Comment: Logical Methods in Computer Science (LMCS), International Federation
for Computational Logic, 201
Resource Usage Protocols for Iterators
We discuss usage protocols for iterator objects that prevent concurrent modifications of the underlying collection while iterators are in progress. We formalize these protocols in Java-like object interfaces, enriched with separation logic contracts. We present examples of iterator clients and proofs that they adhere to the iterator protocol, as well as examples of iterator implementations and proofs that they implement the iterator interface
Safe Automated Refactoring for Intelligent Parallelization of Java 8 Streams
Streaming APIs are becoming more pervasive in mainstream Object-Oriented programming languages and platforms. For example, the Stream API introduced in Java 8 allows for functional-like, MapReduce-style operations in processing both finite, e.g., collections, and infinite data structures. However, using this API efficiently involves subtle considerations such as determining when it is best for stream operations to run in parallel, when running operations in parallel can be less efficient, and when it is safe to run in parallel due to possible lambda expression side-effects. Also, streams may not run all operations in parallel depending on particular collectors used in reductions. In this paper, we present an automated refactoring approach that assists developers in writing efficient stream code in a semantics-preserving fashion. The approach, based on a novel data ordering and typestate analysis, consists of preconditions and transformations for automatically determining when it is safe and possibly advantageous to convert sequential streams to parallel, unorder or de-parallelize already parallel streams, and optimize streams involving complex reductions. The approach was implemented as a plug-in to the popular Eclipse IDE, uses the WALA and SAFE analysis frameworks, and was evaluated on 11 Java projects consisting of ∼642K lines of code. We found that 57 of 157 candidate streams (36.31%) were refactorable, and an average speedup of 3.49 on performance tests was observed. The results indicate that the approach is useful in optimizing stream code to their full potential
Coping with the reality: adding crucial features to a typestate-oriented language
Detecting programming errors and vulnerabilities in software is increasingly important,
and building tools that help with this task is an area of investigation, crucial for the
industry these days. When programming in an object-oriented language, one naturally
defines stateful objects that are non-uniform, i.e., their methods’ availability depends
on their internal state. One might represent their intended usage protocol with an automaton
or a state machine. Behavioral types allow to statically check if all the code of a
program respects the usage protocol of each object.
In this thesis we present a tool that extends Java with typestate definitions. These
typestates are associated with Java classes and define the behavior of instances of those
classes, specifying the sequences of method calls allowed. This tool checks statically that
method calls happen in order, following the specified behavior.
The tool was implemented in Kotlin as a plugin for the Checker Framework. It is a
new implementation of the Mungo tool and supports prevention of null pointer errors,
state transitions depending on return values, assurance of protocol completion, droppable
states, and association of protocols with classes from the standard Java library or
from third-party libraries. Additionally, the tool integrates behavioral types with access
permissions, allowing objects to be shared in a controlled way using a language of
assertions. This language of assertions supports concepts like packing and unpacking,
including unpacking of aliases objects, and transferring of permissions between aliases.
To relieve the programmer from manually writing all the necessary assertions, the tool
implements an inference algorithm which analyzes the code statically and, given the uses
of objects, constructs all the required assertions.A deteção de erros de programação e vulnerabilidades no software é cada vez mais
importante, e a criação de ferramentas que ajudem nesta tarefa é uma área de investigação
crucial para a indústria atualmente. Ao programar numa linguagem orientada a
objetos, definem-se naturalmente objetos com estado que não são uniformes, ou seja, a
disponibilidade dos seus métodos depende do seu estado interno. Pode-se representar
o protocolo de uso pretendido com um autómato ou uma máquina de estados. Os tipos
comportamentais permitem verificar estaticamente se todo o código de um programa
respeita o protocolo de uso de cada objeto.
Nesta tese apresentamos uma ferramenta que estende o Java com definições de typestates.
Esses estão associados às classes Java e definem o comportamento das instâncias
dessas classes, especificando as sequências de chamadas de métodos permitidas. Esta ferramenta
verifica estaticamente se as chamadas de métodos ocorrem pela ordem correta,
seguindo o comportamento especificado.
A ferramenta foi implementada em Kotlin como um plugin para o Checker Framework.
É uma implementação nova da ferramenta Mungo e suporta a prevenção de erros de
ponteiro nulo, transições de estado dependendo de valores de retorno, asseguração da
conclusão dos protocolos, objetos que podem ser «largados», e a associação de protocolos
com classes da biblioteca padrão do Java ou de terceiros. Além disso, esta integra tipos
comportamentais com permissões de acesso, permitindo que objetos possam ser partilhados
por meio de uma linguagem de asserções. Esta linguagem de asserções oferece
suporte para conceitos como packing e unpacking, incluindo unpacking de objetos partilhados,
e transferência de permissões entre variáveis que apontam para o mesmo objeto.
Para aliviar o programador de escrever manualmente todas as asserções necessárias, a
ferramenta implementa um algoritmo de inferência que analisa o código estaticamente e,
consoante os usos dos objetos, constrói todas as asserções necessárias
Method for Statically Checking an Object-oriented Computer Program Module
A method for statically checking an object-oriented computer program module includes the step of identifying objects within a computer program module, at least one of the objects having a plurality of references thereto, possibly from multiple clients. A discipline of permissions is imposed on the objects identified within the computer program module. The permissions enable tracking, from among a discrete set of changeable states, a subset of states each object might be in. A determination is made regarding whether the imposed permissions are violated by a potential reference to any of the identified objects. The results of the determination are output to a user
On Using VeriFast, VerCors, Plural, and KeY to Check Object Usage
Marco Giunti: Partially supported by Dstl, reference: ACC2028868.
Publisher Copyright:
© João Mota Marco Giunti and António Ravara;Typestates are a notion of behavioral types that describe protocols for stateful objects, specifying the available methods for each state. Ensuring methods are called in the correct order (protocol compliance), and that, if and when the program terminates, all objects are in the final state (protocol completion) is crucial to write better and safer programs. Objects of this kind are commonly shared among different clients or stored in collections, which may also be shared. However, statically checking protocol compliance and completion when objects are shared is challenging. To evaluate the support given by state of the art verification tools in checking the correct use of shared objects with protocol, we present a survey on four tools for Java: VeriFast, VerCors, Plural, and KeY. We describe the implementation of a file reader, linked-list, and iterator, check for each tool its ability to statically guarantee protocol compliance and completion, even when objects are shared in collections, and evaluate the programmer’s effort in making the code acceptable to these tools. With this study, we motivate the need for lightweight methods to verify the presented kinds of programs.publishersversionpublishe
Automated Verification of Specifications with Typestates and Access Permissions
We propose an approach to formally verify Plural specifications of concurrent programs based on access permissions and typestates, by model-checking automatically generated abstract state-machines. Our approach captures all possible relevant behaviors of abstract concurrent programs implementing the specification. We describe the formal methodology employed in our technique and provide an example as proof of concept for the state-machine construction rules. We implemented the fully automated algorithm to generate and verify models as a freely available plug-in of the Plural tool, called Pulse. We tested Pulse on the full specification of a Multi Threaded Task Server commercial application and showed that this approach scales well and is efficient in finding errors in specifications that could not be previously detected with the Data Flow Analysis (DFA) capabilities of Plural
Behavioural Types: from Theory to Tools
This book presents research produced by members of COST Action IC1201: Behavioural Types for Reliable Large-Scale Software Systems (BETTY), a European research network that was funded from October 2012 to October 2016. The technical theme of BETTY was the use of behavioural type systems in programming languages, to specify and verify properties of programs beyond the traditional use of type systems to describe data processing. A significant area within behavioural types is session types, which concerns the use of type-theoretic techniques to describe communication protocols so that static typechecking or dynamic monitoring can verify that protocols are implemented correctly. This is closely related to the topic of choreography, in which system design starts from a description of the overall communication flows. Another area is behavioural contracts, which describe the obligations of interacting agents in a way that enables blame to be attributed to the agent responsible for failed interaction. Type-theoretic techniques can also be used to analyse potential deadlocks due to cyclic dependencies between inter-process interactions.
BETTY was organised into four Working Groups: (1) Foundations; (2) Security; (3) Programming Languages; (4) Tools and Applications. Working Groups 1–3 produced “state-of-the-art reports”, which originally intended to take snapshots of the field at the time the network started, but grew into substantial survey articles including much research carried out during the network [1–3]. The situation for Working Group 4 was different. When the network started, the community had produced relatively few implementations of programming languages or tools. One of the aims of the network was to encourage more implementation work, and this was a great success. The community as a whole has developed a greater interest in putting theoretical ideas into practice. The sixteen chapters in this book describe systems that were either completely developed, or substantially extended, during BETTY. The total of 41 co-authors represents a significant proportion of the active participants in the network (around 120 people who attended at least one meeting). The book is a report on the new state of the art created by BETTY in
xv
xvi Preface
the area of Working Group 4, and the title “Behavioural Types: from Theory to Tools” summarises the trajectory of the community during the last four years. The book begins with two tutorials by Atzei et al. on contract-oriented design of distributed systems. Chapter 1 introduces the CO2 contract specifi- cation language and the Diogenes toolchain. Chapter 2 describes how timing constraints can be incorporated into the framework and checked with the CO2
middleware.
Part of the CO2 middleware is a monitoring system, and the theme
of monitoring continues in the next two chapters. In Chapter 3, Attard et al. present detectEr, a runtime monitoring tool for Erlang programs that allows correctness properties to be expressed in Hennessy-Milner logic. In Chapter 4, which is the first chapter about session types, Neykova and Yoshida describe a runtime verification framework for Python programs. Communication protocols are specified in the Scribble language, which is based on multiparty session types.
The next three chapters deal with choreographic programming. In Chap- ter 5, Debois and Hildebrandt present a toolset for working with dynamic condition response (DCR) graphs, which are a graphical formalism for choreography. Chapter 6, by Lange et al., continues the graphical theme with ChorGram, a tool for synthesising global graphical choreographies from collections of communicating finite-state automata. Giallorenzo et al., in Chapter 7, consider runtime adaptation. They describe AIOCJ, a choreographic programming language in which runtime adaptation is supported with a guarantee that it doesn’t introduce deadlocks or races.
Deadlock analysis is important in other settings too, and there are two more chapters about it. In Chapter 8, Padovani describes the Hypha tool, which uses a type-based approach to check deadlock-freedom and lock-freedom of systems modelled in a form of pi-calculus. In Chapter 9, Garcia and Laneve present a tool for analysing deadlocks in Java programs; this tool, called JaDA, is based on a behavioural type system.
The next three chapters report on projects that have added session types to functional programming languages in order to support typechecking of communication-based code. In Chapter 10, Orchard and Yoshida describe an implementation of session types in Haskell, and survey several approaches to typechecking the linearity conditions required for safe session implemen- tation. In Chapter 11, Melgratti and Padovani describe an implementation of session types in OCaml. Their system uses runtime linearity checking. In Chapter 12, Lindley and Morris describe an extension of the web programming
language Links with session types; their work contrasts with the previous two chapters in being less constrained by an existing language design.
Continuing the theme of session types in programming languages, the next two chapters describe two approaches based on Java. Hu’s work, presented in Chapter 13, starts with the Scribble description of a multiparty session type and generates an API in the form of a collection of Java classes, each class containing the communication methods that are available in a particular state of the protocol. Dardha et al., in Chapter 14, also start with a Scribble specification. Their StMungo tool generates an API as a single class with an associated typestate specification to constrain sequences of method calls. Code that uses the API can be checked for correctness with the Mungo typechecker.
Finally, there are two chapters about programming with the MPI libraries. Chapter 15, by Ng and Yoshida, uses an extension of Scribble, called Pabble, to describe protocols that parametric in the number of runtime roles. From a Pabble specification they generate C code that uses MPI for communication and is guaranteed correct by construction. Chapter 16, by Ng et al., describes the ParTypes framework for analysing existing C+MPI programs with respect to protocols defined in an extension of Scribble.
We hope that the book will serve a useful purpose as a report on the activities of COST Action IC1201 and as a survey of programming languages and tools based on behavioural types
- …