Adaptive Constraint Solving for Information Flow Analysis

In program analysis, unknown properties for terms are typically represented symbolically as variables. Bound constraints on these variables can then specify multiple optimisation goals for computer programs and nd application in areas such as type theory, security, alias analysis and resource reasoning. Resolution of bound constraints is a problem steeped in graph theory; interdependencies between the variables is represented as a constraint graph. Additionally, constants are introduced into the system as concrete bounds over these variables and constants themselves are ordered over a lattice which is, once again, represented as a graph. Despite graph algorithms being central to bound constraint solving, most approaches to program optimisation that use bound constraint solving have treated their graph theoretic foundations as a black box. Little has been done to investigate the computational costs or design e cient graph algorithms for constraint resolution. Emerging examples of these lattices and bound constraint graphs, particularly from the domain of language-based security, are showing that these graphs and lattices are structurally diverse and could be arbitrarily large. Therefore, there is a pressing need to investigate the graph theoretic foundations of bound constraint solving. In this thesis, we investigate the computational costs of bound constraint solving from a graph theoretic perspective for Information Flow Analysis (IFA); IFA is a sub- eld of language-based security which veri es whether con dentiality and integrity of classified information is preserved as it is manipulated by a program. We present a novel framework based on graph decomposition for solving the (atomic) bound constraint problem for IFA. Our approach enables us to abstract away from connections between individual vertices to those between sets of vertices in both the constraint graph and an accompanying security lattice which defines ordering over constants. Thereby, we are able to achieve significant speedups compared to state-of-the-art graph algorithms applied to bound constraint solving. More importantly, our algorithms are highly adaptive in nature and seamlessly adapt to the structure of the constraint graph and the lattice. The computational costs of our approach is a function of the latent scope of decomposition in the constraint graph and the lattice; therefore, we enjoy the fastest runtime for every point in the structure-spectrum of these graphs and lattices. While the techniques in this dissertation are developed with IFA in mind, they can be extended to other application of the bound constraints problem, such as type inference and program analysis frameworks which use annotated type systems, where constants are ordered over a lattice

Practical Datatype Specializations with Phantom Types and Recursion Schemes

Datatype specialization is a form of subtyping that captures program invariants on data structures that are expressed using the convenient and intuitive datatype notation. Of particular interest are structural invariants such as well-formedness. We investigate the use of phantom types for describing datatype specializations. We show that it is possible to express statically-checked specializations within the type system of Standard ML. We also show that this can be done in a way that does not lose useful programming facilities such as pattern matching in case expressions.Comment: 25 pages. Appeared in the Proc. of the 2005 ACM SIGPLAN Workshop on M

Executable Refinement Types

This dissertation introduces executable refinement types, which refine structural types by semi-decidable predicates, and establishes their metatheory and accompanying implementation techniques. These results are useful for undecidable type systems in general. Particular contributions include: (1) Type soundness and a logical relation for extensional equivalence for executable refinement types (though type checking is undecidable); (2) hybrid type checking for executable refinement types, which blends static and dynamic checks in a novel way, in some sense performing better statically than any decidable approximation; (3) a type reconstruction algorithm - reconstruction is decidable even though type checking is not, when suitably redefined to apply to undecidable type systems; (4) a novel use of existential types with dependent types to ensure that the language of logical formulae is closed under type checking (5) a prototype implementation, Sage, of executable refinement types such that all dynamic errors are communicated back to the compiler and are thenceforth static errors.Comment: Ph.D. dissertation. Accepted by the University of California, Santa Cruz, in March 2014. 278 pages (295 including frontmatter

Type Classes for Lightweight Substructural Types

Linear and substructural types are powerful tools, but adding them to standard functional programming languages often means introducing extra annotations and typing machinery. We propose a lightweight substructural type system design that recasts the structural rules of weakening and contraction as type classes; we demonstrate this design in a prototype language, Clamp. Clamp supports polymorphic substructural types as well as an expressive system of mutable references. At the same time, it adds little additional overhead to a standard Damas-Hindley-Milner type system enriched with type classes. We have established type safety for the core model and implemented a type checker with type inference in Haskell.Comment: In Proceedings LINEARITY 2014, arXiv:1502.0441

Subtype satisfiability and entailment

Subtype constraints were introduced in advanced programming language research for designing subtype systems and program analysis algorithms. Two logical problems arise in this context: subtype satisfiability and subtype entailment. Subtype satisfiability underlies subtype inference; subtype entailment is for simplifying subtyping constraints in the same application. In this thesis, we investigate both problems systematically for a number of dialects of subtyping constraint languages that may vary in the following dimensions: types may be simple (finite) or recursive (infinite), type constants may be ordered in lattices or in general partially ordered sets, subtyping can be structural or non-structural, depending on whether least and greatest types are permitted. We use and develop new formal reasoning techniques based on automata, unification, and modal logic. Subtype satisfiability is well understood for all dialects with constants ordered in a lattice. Although cubic time algorithms are given by Palsberg and O\u27Keefe (1995), Pottier (1996), and Palsberg, Wand, and O\u27Keefe (1997), little is known about dialects where constants belong to arbitrary partially ordered sets. We present a uniform treatment to determine the complexities of all these classes. As a consequence, we settle a problem left open by Tiuryn and Wand in 1993 and also subsume complexity bounds given by Wand and Tiuryn (1993), Tiuryn (1992), and Frey (2002). Our results are based on a new connection between modal logic and subtype constraints that we present. Subtype entailment is known to be hard even for simple subtype constraint languages. Rehof and Henglein determined the complexity of structural subtype entailment with type constants ordered in a lattice. They proved coNP-completeness for simple types (1997) and PSPACE-completeness for recursive types (1998). Furthermore, they showed that non-structural subtype entailment is PSPACE-hard and is conjectured PSPACE-complete for the case with only two type constants for the least and greatest types respectively (1998). Yet the problem still remains open today. We argue that the difficulty occurs due to e ects linked to non-regular word languages. In order to do so, we precisely characterize subtype entailment by finite word automata with word equations. This characterization induces new results on non-structural subtype entailment, constituting a promising starting point for future investigation on decidability.Diese Arbeit untersucht zwei logische Probleme der programmiersprachlichen Typinferenz: Erfüllbarkeit und Subsumption von Teiltyp-Constraints. Wir untersuchen diese Probleme systematisch für eine Reihe von Constraintsprachen. Dabei greifen wir auf Methoden der computationalen Logik, Unifikations- und Automatentheorie zurück. Teiltyp-Erfüllbarkeit ist für den Fall wohl verstanden, dass die Typkonstanten in einem Verband angeordnet sind (Palsberg und O\u27Keefe (1995), Pottier (1996), Palsberg, Wand und O\u27Keefe (1997)). Der allgemeinere Fall mit beliebig angeordneten Konstanten wurde bislang weniger untersucht. Wir stellen einen ersten universellen Ansatz vor, indem wir erstmals einen Zusammenhang zwischen Teiltyp-Constraints und Modallogik aufzeigen. Dadurch lösen wir unter Anderem ein seit 1993 offenes Komplexitätsproblem von Wand und Tiuryn. Teiltyp-Subsumption ist selbst für einfachste Constraintsprachen von hoher Komplexität. Rehof und Henglein zeigten dies für den strukturellen Verbandsfall (mit zwei Typkonstanten 1997, 1998), ließen jedoch den nicht-strukturellen Fall offen. In dieser Arbeit betrachten wir den einfachsten nicht-strukturellen Fall. Hier zeigen wir, dass versteckte Wortgleichungen neue Schwierigkeiten verursachen. Hierzu charakterisieren wir Teiltyp-Subsumption durch spezielle endliche Automaten mit Wortgleichungen. Unsere Charakterisierung liefert partielle Entscheidbarkeitsresulte zur nichtstrukturellen Teiltyp-Subsumption und kann als Grundlage für künftige Untersuchungen dienen

Amortised resource analysis for object-oriented programs

As software systems rise in size and complexity, the need for verifying some of their properties increases. One important property to be verified is the resource usage, i.e. how many resources the program will need for its execution, where resources include execution time, memory, power, etc. Resource usage analysis is important in many areas, in particular embedded systems and cloud computing. Thus, resource analysis has been widely researched and some different approaches to this have been proposed based in particular on recurrence solving, abstract interpretation and amortised analysis. In the amortised analysis technique, a nonnegative number, called potential, is assigned to a data structure. The amortised cost of operations is then defined by its actual cost plus the difference in potential of the data structure before and after performing the operation. Amortised analysis has been used for automatic resource analysis of functional and object-oriented programs. The potentials are defined using refined types and typing rules then ensure that potential and actual resource usage is accounted for correctly. The automatic inference of the potential functions can then be achieved by type inference. In the case of functional programs, the structure of the types is known. Thus, type inference can be reduced to solving linear arithmetic constraints. For object-oriented programs, however, the refined types are more complicated because of the general nature of objects: they can be used to define any data structure. Thus, the type inference must discover not only the potential functions for the data structure but also the data structures themselves. Other features of object-oriented programs that complicate the analysis are aliasing and imperative update. Hofmann and Jost presented in 2006 a type system for amortised heap-space analysis of object-oriented programs, called Resource Aware JAva (RAJA). However, they left the problem of type inference open. In this thesis we present a type inference algorithm for the RAJA system. We were able to reduce the type inference problem to the novel problem of satisfiability of arithmetic constraints over infinite trees and we developed a heuristic algorithm for satisfiability of these constraints. We proved the soundness of the type inference algorithm and developed an OCaml implementation and experimental evaluation that shows that we can compute linear upper-bounds to the heap-space requirements of many programs, including sorting algorithms for lists such as insertion sort and merge sort and also programs that contain different interacting objects that describe real-life scenarios like a bank account. Another contribution of this thesis is a type checking algorithm for the RAJA system that is useful for verifying the types discovered by the type inference by using the \emph{proof carrying code} technology