23,063 research outputs found
EffectiveSan: Type and Memory Error Detection using Dynamically Typed C/C++
Low-level programming languages with weak/static type systems, such as C and
C++, are vulnerable to errors relating to the misuse of memory at runtime, such
as (sub-)object bounds overflows, (re)use-after-free, and type confusion. Such
errors account for many security and other undefined behavior bugs for programs
written in these languages. In this paper, we introduce the notion of
dynamically typed C/C++, which aims to detect such errors by dynamically
checking the "effective type" of each object before use at runtime. We also
present an implementation of dynamically typed C/C++ in the form of the
Effective Type Sanitizer (EffectiveSan). EffectiveSan enforces type and memory
safety using a combination of low-fat pointers, type meta data and type/bounds
check instrumentation. We evaluate EffectiveSan against the SPEC2006 benchmark
suite and the Firefox web browser, and detect several new type and memory
errors. We also show that EffectiveSan achieves high compatibility and
reasonable overheads for the given error coverage. Finally, we highlight that
EffectiveSan is one of only a few tools that can detect sub-object bounds
errors, and uses a novel approach (dynamic type checking) to do so.Comment: To appear in the Proceedings of 39th ACM SIGPLAN Conference on
Programming Language Design and Implementation (PLDI2018
Ensuring Query Compatibility with Evolving XML Schemas
During the life cycle of an XML application, both schemas and queries may
change from one version to another. Schema evolutions may affect query results
and potentially the validity of produced data. Nowadays, a challenge is to
assess and accommodate the impact of theses changes in rapidly evolving XML
applications.
This article proposes a logical framework and tool for verifying
forward/backward compatibility issues involving schemas and queries. First, it
allows analyzing relations between schemas. Second, it allows XML designers to
identify queries that must be reformulated in order to produce the expected
results across successive schema versions. Third, it allows examining more
precisely the impact of schema changes over queries, therefore facilitating
their reformulation
Using standard typing algorithms incrementally
Modern languages are equipped with static type checking/inference that helps programmers to keep a clean programming style and to reduce errors. However, the ever-growing size of programs and their continuous evolution require building fast and efficient analysers. A promising solution is incrementality, aiming at only re-typing the diffs, i.e. those parts of the program that change or are inserted, rather than the entire codebase. We propose an algorithmic schema that drives an incremental usage of existing, standard typing algorithms with no changes. Ours is a grey-box approach: just the shape of the input, that of the results and some domain-specific knowledge are needed to instantiate our schema. Here, we present the foundations of our approach and the conditions for its correctmess. We show it at work to derive two different incremental typing algorithms. The first type checks an imperative language to detect information flow and non-interference, and the second infers types for a functional language. We assessed our proposal on a prototypical imple- mentation of an incremental type checker. Our experiments show that using the type checker incrementally is (almost) always rewardin
Mungo and StMungo: tools for typechecking protocols in Java
We present two tools that support static typechecking of communica- tion protocols in Java. Mungo associates Java classes with typestate specifications, which are state machines defining permitted sequences of method calls. StMungo translates a communication protocol specified in the Scribble protocol description language into a typestate specification for each role in the protocol by following the message sequence. Role implementations can be typechecked by Mungo to ensure that they satisfy their protocols, and then compiled as usual with javac. We demonstrate the Scribble, StMungo and Mungo toolchain via a typechecked POP3 client that can communicate with a real-world POP3 server
Using Standard Typing Algorithms Incrementally
Modern languages are equipped with static type checking/inference that helps
programmers to keep a clean programming style and to reduce errors. However,
the ever-growing size of programs and their continuous evolution require
building fast and efficient analysers. A promising solution is incrementality,
so one only re-types those parts of the program that are new, rather than the
entire codebase. We propose an algorithmic schema driving the definition of an
incremental typing algorithm that exploits the existing, standard ones with no
changes. Ours is a grey-box approach, meaning that just the shape of the input,
that of the results and some domain-specific knowledge are needed to
instantiate our schema. Here, we present the foundations of our approach and we
show it at work to derive three different incremental typing algorithms. The
first two implement type checking and inference for a functional language. The
last one type-checks an imperative language to detect information flow and
non-interference. We assessed our proposal on a prototypical implementation of
an incremental type checker. Our experiments show that using the type checker
incrementally is (almost) always rewarding.Comment: corrected and updated; experimental results adde
- …