Non-structural subtype entailment in automata theory

Decidability of non-structural subtype entailment is a long standing open problem in programming language theory. In this paper, we apply automata theoretic methods to characterize the problem equivalently by using regular expressions and word equations. This characterization induces new results on non-structural subtype entailment, constitutes a promising starting point for further investigations on decidability, and explains for the first time why the problem is so difficult. The difficulty is caused by implicit word equations that we make explicit

Especialización de GBA para seguridad en la web

El objetivo de este trabajo fue estudiar la técnica de GBA con el propósito de descubrir y proponer las modificaciones necesarias para aplicarla en la detección de vulnerabilidades de seguridad de tipo inyección. Para lograr el objetivo propuesto fue esencial estudiar y comprender adecuadamente tanto el problema en cuestión como la técnica utilizada. Respecto al estudio de la técnica, además de intentar comprender su funcionamiento de manera analítica, buscamos implementarlo para así integrar las ideas en un entorno operativo. Logramos la implementación del algoritmo GBA modificado con una eficiencia razonable que permite el tratamiento de programas que sean representativos del problema, utilizando un lenguaje simple pero expresivo (basado en el propuesto por Thiemman). El resultado consiste en la descripción de los conceptos aprendidos (tanto respecto del problema como de la técnica de solución) y en la descripción de los primeros pasos dados hacia la capacidad de utilizar la técnica en este problema.Facultad de Informátic

Subtype satisfiability and entailment

Subtype constraints were introduced in advanced programming language research for designing subtype systems and program analysis algorithms. Two logical problems arise in this context: subtype satisfiability and subtype entailment. Subtype satisfiability underlies subtype inference; subtype entailment is for simplifying subtyping constraints in the same application. In this thesis, we investigate both problems systematically for a number of dialects of subtyping constraint languages that may vary in the following dimensions: types may be simple (finite) or recursive (infinite), type constants may be ordered in lattices or in general partially ordered sets, subtyping can be structural or non-structural, depending on whether least and greatest types are permitted. We use and develop new formal reasoning techniques based on automata, unification, and modal logic. Subtype satisfiability is well understood for all dialects with constants ordered in a lattice. Although cubic time algorithms are given by Palsberg and O\u27Keefe (1995), Pottier (1996), and Palsberg, Wand, and O\u27Keefe (1997), little is known about dialects where constants belong to arbitrary partially ordered sets. We present a uniform treatment to determine the complexities of all these classes. As a consequence, we settle a problem left open by Tiuryn and Wand in 1993 and also subsume complexity bounds given by Wand and Tiuryn (1993), Tiuryn (1992), and Frey (2002). Our results are based on a new connection between modal logic and subtype constraints that we present. Subtype entailment is known to be hard even for simple subtype constraint languages. Rehof and Henglein determined the complexity of structural subtype entailment with type constants ordered in a lattice. They proved coNP-completeness for simple types (1997) and PSPACE-completeness for recursive types (1998). Furthermore, they showed that non-structural subtype entailment is PSPACE-hard and is conjectured PSPACE-complete for the case with only two type constants for the least and greatest types respectively (1998). Yet the problem still remains open today. We argue that the difficulty occurs due to e ects linked to non-regular word languages. In order to do so, we precisely characterize subtype entailment by finite word automata with word equations. This characterization induces new results on non-structural subtype entailment, constituting a promising starting point for future investigation on decidability.Diese Arbeit untersucht zwei logische Probleme der programmiersprachlichen Typinferenz: Erfüllbarkeit und Subsumption von Teiltyp-Constraints. Wir untersuchen diese Probleme systematisch für eine Reihe von Constraintsprachen. Dabei greifen wir auf Methoden der computationalen Logik, Unifikations- und Automatentheorie zurück. Teiltyp-Erfüllbarkeit ist für den Fall wohl verstanden, dass die Typkonstanten in einem Verband angeordnet sind (Palsberg und O\u27Keefe (1995), Pottier (1996), Palsberg, Wand und O\u27Keefe (1997)). Der allgemeinere Fall mit beliebig angeordneten Konstanten wurde bislang weniger untersucht. Wir stellen einen ersten universellen Ansatz vor, indem wir erstmals einen Zusammenhang zwischen Teiltyp-Constraints und Modallogik aufzeigen. Dadurch lösen wir unter Anderem ein seit 1993 offenes Komplexitätsproblem von Wand und Tiuryn. Teiltyp-Subsumption ist selbst für einfachste Constraintsprachen von hoher Komplexität. Rehof und Henglein zeigten dies für den strukturellen Verbandsfall (mit zwei Typkonstanten 1997, 1998), ließen jedoch den nicht-strukturellen Fall offen. In dieser Arbeit betrachten wir den einfachsten nicht-strukturellen Fall. Hier zeigen wir, dass versteckte Wortgleichungen neue Schwierigkeiten verursachen. Hierzu charakterisieren wir Teiltyp-Subsumption durch spezielle endliche Automaten mit Wortgleichungen. Unsere Charakterisierung liefert partielle Entscheidbarkeitsresulte zur nichtstrukturellen Teiltyp-Subsumption und kann als Grundlage für künftige Untersuchungen dienen

Semantic Types for Class-based Objects

We investigate semantics-based type assignment for class-based object-oriented programming. Our motivation is developing a theoretical basis for practical, expressive, type-based analysis of the functional behaviour of object-oriented programs. We focus our research using Featherweight Java, studying two notions of type assignment:- one using intersection types, the other a ‘logical’ restriction of recursive types. We extend to the object-oriented setting some existing results for intersection type systems. In doing so, we contribute to the study of denotational semantics for object-oriented languages. We define a model for Featherweight Java based on approximation, which we relate to our intersection type system via an Approximation Result, proved using a notion of reduction on typing derivations that we show to be strongly normalising. We consider restrictions of our system for which type assignment is decidable, observing that the implicit recursion present in the class mechanism is a limiting factor in making practical use of the expressive power of intersection types. To overcome this, we consider type assignment based on recursive types. Such types traditionally suffer from the inability to characterise convergence, a key element of our approach. To obtain a semantic system of recursive types for Featherweight Java we study Nakano’s systems, whose key feature is an approximation modality which leads to a ‘logical’ system expressing both functional behaviour and convergence. For Nakano’s system, we consider the open problem of type inference. We introduce insertion variables (similar to the expansion variables of Kfoury and Wells), which allow to infer when the approximation modality is required. We define a type inference procedure, and conjecture its soundness based on a technique of Cardone and Coppo. Finally, we consider how Nakano’s approach may be applied to Featherweight Java and discuss how intersection and logical recursive types may be brought together into a single system

Type Inference with Non-structural Subtyping

We present an O(n ) time type inference algorithm for a type system with a largest type ?, a smallest type ?, and the usual ordering between function types. The algorithm infers type annotations of minimal size, and it works equally well for recursive types. For the problem of typability, our algorithm is simpler than the one of Kozen, Palsberg, and Schwartzbach for type inference without ?. This may be surprising, especially because the system with ? is strictly more powerful

Type Inference with Non-structural Subtyping

We present an O(n 3 ) time type inference algorithm for a type system with a largest type ?, a smallest type ?, and the usual ordering between function types. The algorithm infers type annotations of least shape, and it works equally well for recursive types. For the problem of typability, our algorithm is simpler than the one of Kozen, Palsberg, and Schwartzbach for type inference without ?. This may be surprising, especially because the system with ? is strictly more powerful. Formal Aspects of Computing, 9:49--67, 1997. y Massachusetts Institute of Technology, NE43--340, 545 Technology Square, Cambridge, MA 02139, USA. E-mail: [email protected]. z Work supported by the National Science Foundation under grants CCR-9304144 and CCR-9404646. x College of Computer Science, Northeastern University, 360 Huntington Avenue, 161CN, Boston, MA 02115, USA. E-mail: [email protected]. -- 151 Coolidge Avenue #211, Watertown, MA 02172, USA. E-mail: [email protected]. 1 Intro..

Type Inference with Non-structural Subtyping ∗

We present an O(n 3) time type inference algorithm for a type system with a largest type ⊤, a smallest type ⊥, and the usual ordering between function types. The algorithm infers type annotations of least shape, and it works equally well for recursive types. For the problem of typability, our algorithm is simpler than the one of Kozen, Palsberg, and Schwartzbach for type inference without ⊥. This may be surprising, especially because the system with ⊥ is strictly more powerful

Type inference with non-structural subtyping

Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent publications in the BRICS Report Series. Copies may be obtained by contacting: BRIC