1 / 7

Building and using pluggable type systems

print( @Readonly Object x) { List< @NonNull String> lst; … }. Building and using pluggable type systems. Michael D. Ernst University of Washington. Mahmood Ali MIT. The Checker Framework http://types.cs.washington.edu/. Type checking has been wildly successful, but….

corbin
Download Presentation

Building and using pluggable type systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. print(@Readonly Object x) { List<@NonNull String> lst; … } • Building and using • pluggable type systems Michael D. Ernst University of Washington Mahmood Ali MIT The Checker Framework http://types.cs.washington.edu/

  2. Type checking has been wildly successful, but… Type checking prevents too few bugs The annotation you write: The property you care about: • Null dereferences @NonNull • Mutation and side-effects @Immutable • Concurrency: locking @GuardedBy • Security: encryption, @Encryptedtainting @Untainted • Aliasing @Linear • Equality tests @Interned • Strings: localization, @Localizedregular expression syntax, @Regexsignature format@FullyQualified • Typestate (e.g., open/closed files)@State • You can write your own checker!

  3. Solution: Pluggable type systems • Design a custom type system • Write type qualifiers in code @Immutable Date date = new Date(0); date.setTime(70); • Type checker warnsabout violations (bugs) compile-time error % javac -processor NullnessChecker MyFile.java MyFile.java:149: dereference of possibly-null reference bb2 allVars = bb2.vars; ^

  4. Features • Full type system • Inheritance • Overriding • Generics (type and qualifier polymorphism) • Local type inference • Qualifier defaults • Warning suppression • Tool integration: javac, Eclipse, Ant, Maven • Global inference tools: nullness, mutability

  5. Results: Effective and easy to use • Effective: found >300 bugs, in the JDK, Google Collections, Lucene, Xerces, ASM, SVNKit, … • Few false positives • Easy to use • Used by students in the first CS majors class at UW • My group has annotated 3 million lines of code • Annotations are not verbose • Fewer than 1 per 75 lines

  6. Writing a new checker: Taint checker The complete code To use it: • Write @Untainted in your program List getPosts(@Untainted String category) {…} • Compile your program javac -processor BasicChecker -Aquals=Untainted MyProgram.java @TypeQualifier @SubtypeOf(Unqualified.class) @ImplicitFor(trees = {STRING_LITERAL}) public @interface Untainted { } Simple type-checkers are very easy to write; complicated ones are possible to write

  7. Pluggable type-checking • Java 8 syntax for type annotations • Write in comments during transition to Java 8 • Checker Framework for creating type checkers • Featureful, effective, easy to use, scalable • Prevent bugs at compile time • Create custom type-checkers • Learn more, or download the Checker Framework: http://types.cs.washington.edu/jsr308 (or, web search for “Checker Framework” or “JSR 308”)

More Related