Symbolic Boolean manipulation with ordered binary-decision diagrams
ACM Computing Surveys (CSUR)
The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
A syntactic approach to type soundness
Information and Computation
Elements of Style: Analyzing a Software Design Feature with a Counterexample Detector
IEEE Transactions on Software Engineering - Special issue: best papers of the 1996 international symposium on software testing and analysis ISSTA'96
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Javalight is type-safe—definitely
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Ownership types for flexible alias protection
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A deadlock detection tool for concurrent Java programs
Software—Practice & Experience
Featherweight Java: a minimal core calculus for Java and GJ
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A type system for expressive security policies
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
Symbolic execution and program testing
Communications of the ACM
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A parameterized type system for race-free Java programs
OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Types and programming languages
Types and programming languages
Region-based memory management in cyclone
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Symbolic Model Checking
Korat: automated testing based on Java predicates
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Ownership types for safe programming: preventing data races and deadlocks
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
An analyzable annotation language
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Alias annotations for program understanding
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Ownership types for object encapsulation
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symmetry Reduction Criteria for Software Model Checking
Proceedings of the 9th International SPIN Workshop on Model Checking of Software
Construction of Abstract State Graphs with PVS
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Better Verification Through Symmetry
CHDL '93 Proceedings of the 11th IFIP WG10.2 International Conference sponsored by IFIP WG10.2 and in cooperation with IEEE COMPSOC on Computer Hardware Description Languages and their Applications
Modular verification of software components in C
Proceedings of the 25th International Conference on Software Engineering
Ownership types for safe region-based memory management in real-time Java
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Lazy modular upgrades in persistent object stores
OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications
TestEra: Specification-Based Testing of Java Programs Using SAT
Automated Software Engineering
Dynamic partial-order reduction for model checking software
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CMC: a pragmatic approach to model checking real code
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
Efficient software model checking of data structure properties
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Mechanized metatheory model-checking
Proceedings of the 9th ACM SIGPLAN international conference on Principles and practice of declarative programming
Ott: effective tool support for the working semanticist
ICFP '07 Proceedings of the 12th ACM SIGPLAN international conference on Functional programming
Checking properties of heap-manipulating procedures with a constraint solver
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Polyglot: an extensible compiler framework for Java
CC'03 Proceedings of the 12th international conference on Compiler construction
Effective preprocessing in SAT through variable and clause elimination
SAT'05 Proceedings of the 8th international conference on Theory and Applications of Satisfiability Testing
Building your own software model checker using the bogor extensible model checking framework
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
An incremental heap canonicalization algorithm
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
JavaCOP: Declarative pluggable types for java
ACM Transactions on Programming Languages and Systems (TOPLAS)
Time and alternation: an automata based framework to software model checking
Proceedings of the 2010 ACM Symposium on Applied Computing
Efficient modular glass box software model checking
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Modular and automated type-soundness verification for language extensions
Proceedings of the 18th ACM SIGPLAN international conference on Functional programming
| Hi-index | 0.00 |
This paper presents novel techniques for checking the soundness of a type system automatically using a software model checker. Our idea is to systematically generate every type correct intermediate program state (within some finite bounds), execute the program one step forward if possible using its small step operational semantics, and then check that the resulting intermediate program state is also type correct--but do so efficiently by detecting similarities in this search space and pruning away large portions of the search space. Thus, given only a specification of type correctness and the small step operational semantics for a language, our system automatically checks type soundness by checking that the progress and preservation theorems hold for the language (albeit for program states of at most some finite size). Our preliminary experimental results on several languages--including a language of integer and boolean expressions, a simple imperative programming language, an object-oriented language which is a subset of Java, and a language with ownership types--indicate that our approach is feasible and that our search space pruning techniques do indeed significantly reduce what is otherwise an extremely large search space. Our paper thus makes contributions both in the area of checking soundness of type systems, and in the area of reducing the state space of a software model checker.