State of the Union: Type Inference Via Craig Interpolation

Jhala, Ranjit; Majumdar, Rupak; Xu, Ru-Gang

doi:10.1007/978-3-540-71209-1_43

Cited by 17 publications

(11 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It remains for future work to similarly consider an extension of Dminor with first-class blame as a contracts language. Some other prior work on dependent type systems has specifically targeted correct access to union types in COBOL (Komondoor et al, 2005) and in C (Jhala et al, 2007).…”

Section: Related Workmentioning

confidence: 99%

Semantic subtyping with an SMT solver

Bierman¹,

Gordon²,

Hriţcu³

et al. 2012

J. Funct. Prog.

View full text Add to dashboard Cite

We study a first-order functional language with the novel combination of the ideas of refinement type (the subset of a type to satisfy a Boolean expression) and type-test (a Boolean expression testing whether a value belongs to a type). Our core calculus can express a rich variety of typing idioms; for example, intersection, union, negation, singleton, nullable, variant, and algebraic types are all derivable. We formulate a semantics in which expressions denote terms, and types are interpreted as first-order logic formulas. Subtyping is defined as valid implication between the semantics of types. The formulas are interpreted in a specific model that we axiomatize using standard first-order theories. On this basis, we present a novel type-checking algorithm able to eliminate many dynamic tests and to detect many errors statically. The key idea is to rely on a Satisfiability Modulo Theories solver to compute subtyping efficiently. Moreover, using a satisfiability modulo theories solver allows us to show the uniqueness of normal forms for non-deterministic expressions, provide precise counterexamples when type-checking fails, detect empty types, and compute instances of types statically and at run-time.

show abstract

Section: Related Workmentioning

confidence: 99%

Semantic subtyping with an SMT solver

Bierman¹,

Gordon²,

Hriţcu³

et al. 2012

J. Funct. Prog.

View full text Add to dashboard Cite

show abstract

“…The work on the C programming language [9,2] deals with a language that allows subtle pointer and address arithmetic manipulations, but already contains significant static type information. PHP is a dynamically type safe language in that the run-time system stores dynamic type information, which makes e.g.…”

Section: Related Workmentioning

confidence: 99%

Runtime Instrumentation for Precise Flow-Sensitive Type Analysis

Kneuss

Suter

Kunčak

2010

Runtime Verification

View full text Add to dashboard Cite

Abstract. We describe a combination of runtime information and static analysis for checking properties of complex and configurable systems. The basic idea of our approach is to 1) let the program execute and thereby read the important dynamic configuration data, then 2) invoke static analysis from this runtime state to detect possible errors that can happen in the continued execution. This approach improves analysis precision, particularly with respect to types of global variables and nested data structures. It also enables the resolution of modules that are loaded based on dynamically computed information. We describe an implementation of this approach in a tool that statically computes possible types of variables in PHP applications, including detailed types of nested maps (arrays). PHP is a dynamically typed language; PHP programs extensively use nested value maps, as well as 'include' directives whose arguments are dynamically computed file names. We have applied our analysis tool to over 50'000 lines of PHP code, including the popular DokuWiki software, which has a plug-in architecture. The analysis identified 200 problems in the code and in the type hints of the original source code base. Some of these problems can cause exploits, infinite loops, and crashes. Our experiments show that dynamic information simplifies the development of the analysis and decreases the number of false alarms compared to a purely static analysis approach.

show abstract

“…For instance, type inference was applied to Cobol [19,20] to determine subtypes of existing types and to check for type equivalence. Static analysis and model checking have been used on Cobol to determine when a scalar type should be better regarded as a record type [21] and to determine unions the variants of which are consistently accessed through discriminators [22,23].…”

Section: Related Workmentioning

confidence: 99%