Results 1  10
of
21
CCured: TypeSafe Retrofitting of Legacy Code
 PRINCIPLES OF PROGRAMMING LANGUAGES
, 2002
"... In this paper we propose a scheme that combines type inference and runtime checking to make existing C programs type safe. We describe the CCured type system, which extends that of C by separating pointer types according to their usage. This type system allows both pointers whose usage can be verif ..."
Abstract

Cited by 332 (9 self)
 Add to MetaCart
In this paper we propose a scheme that combines type inference and runtime checking to make existing C programs type safe. We describe the CCured type system, which extends that of C by separating pointer types according to their usage. This type system allows both pointers whose usage can be verified statically to be type safe, and pointers whose safety must be checked at run time. We prove a type soundness result and then we present a surprisingly simple type inference algorithm that is able to infer the appropriate pointer kinds for existing C programs. Our experience with the CCured system shows that the inference is very effective for many C programs, as it is able to infer that most or all of the pointers are statically verifiable to be type safe. The remaining pointers are instrumented with efficient runtime checks to ensure that they are used safely. The resulting performance loss due to runtime checks is 0–150%, which is several times better than comparable approaches that use only dynamic checking. Using CCured we have discovered programming bugs in established C programs such as several SPECINT95 benchmarks.
Inheritance As Implicit Coercion
 Information and Computation
, 1991
"... . We present a method for providing semantic interpretations for languages with a type system featuring inheritance polymorphism. Our approach is illustrated on an extension of the language Fun of Cardelli and Wegner, which we interpret via a translation into an extended polymorphic lambda calculus. ..."
Abstract

Cited by 120 (3 self)
 Add to MetaCart
. We present a method for providing semantic interpretations for languages with a type system featuring inheritance polymorphism. Our approach is illustrated on an extension of the language Fun of Cardelli and Wegner, which we interpret via a translation into an extended polymorphic lambda calculus. Our goal is to interpret inheritances in Fun via coercion functions which are definable in the target of the translation. Existing techniques in the theory of semantic domains can be then used to interpret the extended polymorphic lambda calculus, thus providing many models for the original language. This technique makes it possible to model a rich type discipline which includes parametric polymorphism and recursive types as well as inheritance. A central difficulty in providing interpretations for explicit type disciplines featuring inheritance in the sense discussed in this paper arises from the fact that programs can typecheck in more than one way. Since interpretations follow the type...
Bisimilarity for a FirstOrder Calculus of Objects with Subtyping
 In Proceedings of the TwentyThird Annual ACM Symposium on Principles of Programming Languages
, 1996
"... Bisimilarity (also known as `applicative bisimulation ') has attracted a good deal of attention as an operational equivalence for calculi. It approximates or even equals Morrisstyle contextual equivalence and admits proofs of program equivalence via coinduction. It has an elementary construc ..."
Abstract

Cited by 43 (2 self)
 Add to MetaCart
Bisimilarity (also known as `applicative bisimulation ') has attracted a good deal of attention as an operational equivalence for calculi. It approximates or even equals Morrisstyle contextual equivalence and admits proofs of program equivalence via coinduction. It has an elementary construction from the operational definition of a language. We consider bisimilarity for one of the typed object calculi of Abadi and Cardelli. By defining a labelled transition system for the calculus in the style of Crole and Gordon and using a variation of Howe's method we establish two central results: that bisimilarity is a congruence, and that it equals contextual equivalence. So two objects are bisimilar iff no amount of programming can tell them apart. Our third contribution is to show that bisimilarity soundly models the equational theory of Abadi and Cardelli. This is the first study of contextual equivalence for an object calculus and the first application of Howe's method to subtyping. By the...
Formally optimal boxing
 In POPL '94 [37
"... An important implementation decision in polymorphically typed functional programming languages is whether to represent data in boxed or unboxed form and when to transform them from one representation to the other. Using a language with explicit representation types and boxing/unboxing operations w ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
An important implementation decision in polymorphically typed functional programming languages is whether to represent data in boxed or unboxed form and when to transform them from one representation to the other. Using a language with explicit representation types and boxing/unboxing operations we axiomatize equationally the set of all explicitly boxed versions, called completions, of a given source program. In a twostage process we give some of the equations a rewriting interpretation that captures eliminating boxing/unboxing operations without relying on a specific implementation or even semantics of the underlying language. The resulting reduction systems operate on congruence classes of completions defined by the remaining equations E, which can be understood as moving boxing/unboxing operations along data flow paths in the source program. We call a completion eopt formally optimal if every other completion for the same program (and at the same representation type) reduces to eopt under this twostage reduction. We show that every source program has formally optimal completions, which are unique modulo E. This is accomplished by first “polarizing ” the equations in E and orienting them to obtain two canonical (confluent and strongly normalizing) rewriting systems. The completions produced by Leroy’s and Poulsen’s algorithms are generally not formally optimal in our sense. The rewriting systems have been implemented and applied to some simple Standard ML programs. Our results show that the amount of boxing and unboxing operations is also in practice substantially reduced in comparison to Leroy’s completions. This analysis is intended to be integrated into Tofte’s regionbased implementation of Standard ML currently underway at DIKU.
Reference Counting as a Computational Interpretation of Linear Logic
 Journal of Functional Programming
, 1996
"... We develop formal methods for reasoning about memory usage at a level of abstraction suitable for establishing or refuting claims about the potential applications of linear logic for static analysis. In particular, we demonstrate a precise relationship between type correctness for a language based o ..."
Abstract

Cited by 35 (0 self)
 Add to MetaCart
We develop formal methods for reasoning about memory usage at a level of abstraction suitable for establishing or refuting claims about the potential applications of linear logic for static analysis. In particular, we demonstrate a precise relationship between type correctness for a language based on linear logic and the correctness of a referencecounting interpretation of the primitives that the language draws from the rules for the `of course' operation. Our semantics is `lowlevel' enough to express sharing and copying while still being `highlevel ' enough to abstract away from details of memory layout. This enables the formulation and proof of a result describing the possible runtime reference counts of values of linear type. Contents 1 Introduction 1 2 Operational Semantics with Memory 4 3 A Programming Language Based on Linear Logic 9 4 Semantics 14 5 Properties of the Semantics 24 6 Linear Logic and Memory 27 7 Discussion 32 A Proofs of the Main Theorems 36 Acknowledgements...
A Semantics of Object Types
 Proc. IEEE Symposium on Logic in Computer Science
, 1994
"... : We give a semantics for a typed object calculus, an extension of System F with object subsumption and method override. We interpret the calculus in a per model, proving the soundness of both typing and equational rules. This semantics suggests a syntactic translation from our calculus into a simpl ..."
Abstract

Cited by 35 (7 self)
 Add to MetaCart
: We give a semantics for a typed object calculus, an extension of System F with object subsumption and method override. We interpret the calculus in a per model, proving the soundness of both typing and equational rules. This semantics suggests a syntactic translation from our calculus into a simpler calculus with neither subtyping nor objects. 1. Objects, Records, and Functions Despite the many formal accounts of objectoriented languages, the meaning and the properties of object types remain unclear. In particular, the soundness of object subtyping depends on invariants difficult to capture with standard type constructions; attempts based on record types have been inspiring but not compelling. In order to study object types in a clear setting, we give semantics to an extension of Girard's System F [Girard, Lafont, Taylor 1989] with subtyping, recursion, and some basic object constructs. Like all common objectoriented languages, this calculus supports object subsumption and metho...
Reasoning with Continuations II: Full Abstraction for Models of Control
 In Proceedings of the 1990 ACM Conference on Lisp and Functional Programming
, 1990
"... A fully abstract model of a programming language assigns the same meaning to two terms if and only if they have the same operational behavior. Such models are wellknown for functional languages but little is known about extended functional languages with sophisticated control structures. We show th ..."
Abstract

Cited by 33 (4 self)
 Add to MetaCart
A fully abstract model of a programming language assigns the same meaning to two terms if and only if they have the same operational behavior. Such models are wellknown for functional languages but little is known about extended functional languages with sophisticated control structures. We show that a direct model with error values and the conventional continuation model are adequate for functional languages augmented with first and higherorder control facilities, respectively. Furthermore, both models become fully abstract on adding a control delimiter and a parallel conditional to the programming languages.
Foundations for the Implementation of HigherOrder Subtyping
, 1997
"... We show how to implement a calculus with higherorder subtyping and subkinding by replacing uses of implicit subsumption with explicit coercions. To ensure this can be done, a polymorphic function is adjusted to take, as an additional argument, a proof that its type constructor argument has the desi ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
We show how to implement a calculus with higherorder subtyping and subkinding by replacing uses of implicit subsumption with explicit coercions. To ensure this can be done, a polymorphic function is adjusted to take, as an additional argument, a proof that its type constructor argument has the desired kind. Such a proof is extracted from the derivation of a kinding judgement and may in turn require proof coercions, which are extracted from subkinding judgements. This technique is formalized as a typedirected translation from a calculus of higherorder subtyping to a subtypingfree calculus. This translation generalizes an existing result for secondorder subtyping calculi (such as F ). We also discuss two interpretations of subtyping, one that views it as type inclusion and another that views it as the existence of a wellbehaved coercion, and we show, by a typetheoretic construction, that our translation is the minimum consequence of shifting from the inclusion interpretation to th...
An operational semantics and type safety proof for multiple inheritance in C++
 IN OOPSLA '06: PROCEEDINGS OF THE 21ST ANNUAL ACM SIGPLAN CONFERENCE ON OBJECTORIENTED PROGRAMMING SYSTEMS, LANGUAGES, AND APPLICATIONS
, 2006
"... We present an operational semantics and type safety proof for multiple inheritance in C++. The semantics models the behaviour of method calls, field accesses, and two forms of casts in C++ class hierarchies exactly, and the type safety proof was formalized and machinechecked in Isabelle/HOL. Our se ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
We present an operational semantics and type safety proof for multiple inheritance in C++. The semantics models the behaviour of method calls, field accesses, and two forms of casts in C++ class hierarchies exactly, and the type safety proof was formalized and machinechecked in Isabelle/HOL. Our semantics enables one, for the first time, to understand the behaviour of operations on C++ class hierarchies without referring to implementationlevel artifacts such as virtual function tables. Moreover, it can—as the semantics is executable—act as a reference for compilers, and it can form the basis for more advanced correctness proofs of, e.g., automated program transformations. The paper presents the semantics and type safety proof, and a discussion of the many subtleties that we encountered in modeling the intricate multiple inheritance model of C++.