5,637 research outputs found
Inferring Concise Specifications of APIs
Modern software relies on libraries and uses them via application programming
interfaces (APIs). Correct API usage as well as many software engineering tasks
are enabled when APIs have formal specifications. In this work, we analyze the
implementation of each method in an API to infer a formal postcondition.
Conventional wisdom is that, if one has preconditions, then one can use the
strongest postcondition predicate transformer (SP) to infer postconditions.
However, SP yields postconditions that are exponentially large, which makes
them difficult to use, either by humans or by tools. Our key idea is an
algorithm that converts such exponentially large specifications into a form
that is more concise and thus more usable. This is done by leveraging the
structure of the specifications that result from the use of SP. We applied our
technique to infer postconditions for over 2,300 methods in seven popular Java
libraries. Our technique was able to infer specifications for 75.7% of these
methods, each of which was verified using an Extended Static Checker. We also
found that 84.6% of resulting specifications were less than 1/4 page (20 lines)
in length. Our technique was able to reduce the length of SMT proofs needed for
verifying implementations by 76.7% and reduced prover execution time by 26.7%
OpenJML: Software verification for Java 7 using JML, OpenJDK, and Eclipse
OpenJML is a tool for checking code and specifications of Java programs. We
describe our experience building the tool on the foundation of JML, OpenJDK and
Eclipse, as well as on many advances in specification-based software
verification. The implementation demonstrates the value of integrating
specification tools directly in the software development IDE and in automating
as many tasks as possible. The tool, though still in progress, has now been
used for several college-level courses on software specification and
verification and for small-scale studies on existing Java programs.Comment: In Proceedings F-IDE 2014, arXiv:1404.578
How functional programming mattered
In 1989 when functional programming was still considered a niche topic, Hughes wrote a visionary paper arguing convincingly ‘why functional programming matters’. More than two decades have passed. Has functional programming really mattered? Our answer is a resounding ‘Yes!’. Functional programming is now at the forefront of a new generation of programming technologies, and enjoying increasing popularity and influence. In this paper, we review the impact of functional programming, focusing on how it has changed the way we may construct programs, the way we may verify programs, and fundamentally the way we may think about programs
Partial Evaluation of String Obfuscations for Java Malware Detection
The fact that Java is platform independent gives hackers the opportunity to write exploits that can target users on any platform, which has a JVM implementation. Metasploit is a well-known source of Javaexploits and to circumvent detection by Anti Virus (AV) software, obfuscation techniques are routinely applied to make an exploit more difficult to recognise. Popular obfuscation techniques for Java include stringobfuscation and applying reflection to hide method calls; two techniques that can either be used together or independently. This paper shows how to apply partial evaluation to remove these obfuscations and thereby improve AV matching. The paper presents a partial evaluator for Jimple, which is an intermediate language for JVM bytecode designed for optimisation and program analysis, and demonstrates how partially evaluated Jimple code, when transformed back into Java, improves the detection rates of a number of commercial AV products
Programming with Purity Reflection: Peaceful Coexistence of Effects, Laziness, and Parallelism
We present purity reflection, a programming language feature that enables higher-order functions to inspect the purity of their function arguments and to vary their behavior based on this information. The upshot is that operations on data structures can selectively use lazy and/or parallel evaluation while ensuring that side effects are never lost or re-ordered. The technique builds on a recent Hindley-Milner style type and effect system based on Boolean unification which supports both effect polymorphism and complete type inference. We illustrate that avoiding the so-called \u27poisoning problem\u27 is crucial to support purity reflection.
We propose several new data structures that use purity reflection to switch between eager and lazy, sequential and parallel evaluation. We propose a DelayList, which is maximally lazy but switches to eager evaluation for impure operations. We also propose a DelayMap which is maximally lazy in its values, but also exploits eager and parallel evaluation.
We implement purity reflection as an extension of the Flix programming language. We present a new effect-aware form of monomorphization that eliminates purity reflection at compile-time. And finally, we evaluate the cost of this new monomorphization on compilation time and on code size, and determine that it is minimal
Koka: Programming with Row Polymorphic Effect Types
We propose a programming model where effects are treated in a disciplined
way, and where the potential side-effects of a function are apparent in its
type signature. The type and effect of expressions can also be inferred
automatically, and we describe a polymorphic type inference system based on
Hindley-Milner style inference. A novel feature is that we support polymorphic
effects through row-polymorphism using duplicate labels. Moreover, we show that
our effects are not just syntactic labels but have a deep semantic connection
to the program. For example, if an expression can be typed without an exn
effect, then it will never throw an unhandled exception. Similar to Haskell's
`runST` we show how we can safely encapsulate stateful operations. Through the
state effect, we can also safely combine state with let-polymorphism without
needing either imperative type variables or a syntactic value restriction.
Finally, our system is implemented fully in a new language called Koka and has
been used successfully on various small to medium-sized sample programs ranging
from a Markdown processor to a tier-splitted chat application. You can try out
Koka live at www.rise4fun.com/koka/tutorial.Comment: In Proceedings MSFP 2014, arXiv:1406.153
Can We Run in Parallel? Automating Loop Parallelization for TornadoVM
With the advent of multi-core systems, GPUs and FPGAs, loop parallelization
has become a promising way to speed-up program execution. In order to stay up
with time, various performance-oriented programming languages provide a
multitude of constructs to allow programmers to write parallelizable loops.
Correspondingly, researchers have developed techniques to automatically
parallelize loops that do not carry dependences across iterations, and/or call
pure functions. However, in managed languages with platform-independent
runtimes such as Java, it is practically infeasible to perform complex
dependence analysis during JIT compilation. In this paper, we propose
AutoTornado, a first of its kind static+JIT loop parallelizer for Java programs
that parallelizes loops for heterogeneous architectures using TornadoVM (a
Graal-based VM that supports insertion of @Parallel constructs for loop
parallelization).
AutoTornado performs sophisticated dependence and purity analysis of Java
programs statically, in the Soot framework, to generate constraints encoding
conditions under which a given loop can be parallelized. The generated
constraints are then fed to the Z3 theorem prover (which we have integrated
with Soot) to annotate canonical for loops that can be parallelized using the
@Parallel construct. We have also added runtime support in TornadoVM to use
static analysis results for loop parallelization. Our evaluation over several
standard parallelization kernels shows that AutoTornado correctly parallelizes
61.3% of manually parallelizable loops, with an efficient static analysis and a
near-zero runtime overhead. To the best of our knowledge, AutoTornado is not
only the first tool that performs program-analysis based parallelization for a
real-world JVM, but also the first to integrate Z3 with Soot for loop
parallelization
- …