1 / 16

Semantic Type Qualifiers

Semantic Type Qualifiers. Chien-Huei Chen Huseyin Sinecan 05.18.2006. Type Systems. A natural discipline Specify properties Checking properties. Problem: Statically checks properties. Augmenting properties of types Program designers cannot estimate evrythng

cole-mclaughlin
Download Presentation

Semantic Type Qualifiers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Semantic Type Qualifiers Chien-Huei Chen Huseyin Sinecan 05.18.2006

  2. Type Systems • A natural discipline • Specify properties • Checking properties • Problem: • Statically checks properties • Augmenting properties of types • Program designers cannot estimate evrythng • Qualifiers (no need to add many annotations) Semantic Type Qualifiers

  3. The Clarity Project • A novel framework for user-defined type qualifiers for C programs • It provides a declarative language in which users can define new qualifiers • An extensible typechecker employs these user-defined rules to automatically check annotated C programs. (University of California, Los Angeles) Semantic Type Qualifiers

  4. The Cqual Project • A tool for adding type qualifiers to C • Same purpose with Clarity • Uses a fixed set of type rules across all type refinements • Not expressive enough to handle many common situations Semantic Type Qualifiers

  5. Where to use qualifiers • Deadlock detection • Format-String Vulnerability Detectionby using a tainted qualifier to mark untrusted data and by requiring that printf-like functions take untainted data • const InferenceThe qualifier const is used in ANSI C programs to state that certain names will not be used to write to a location Ex: foo (const int * x) *additional const annotations* • … Semantic Type Qualifiers

  6. Classes of qualifiers • The Clarity framework supports 2 common types of qualifiers • Value qualifiers (pertain to the value) • pos • nonnull - Reference qualifiers(pertain to the address) • unique • unaliased Semantic Type Qualifiers

  7. pos qualifier • 1. value qualifier pos(int Expr E) • 2. case E of • 3. decl int Const C: • 4. C, where C > 0 • 5. | decl int Expr E1, E2: • 6. E1 * E2, where pos(E1) && pos(E2) • 7. | decl int Expr E1: • 8. -E1, where neg(E1) • 9. invariant value(E) > 0 A user-defined type qualifier and associated type rules for positive integers. Semantic Type Qualifiers

  8. A type qualifier for unaliased variables • ref qualifier unaliased(T Var X) ondecl disallow &X invariant forall T** P: *P != location(X) • Indicates the variable´s address, not the value • ondecl : Can be given at declaration • Disallow : Cannot have its address taken Semantic Type Qualifiers

  9. Sample Example: • qualifier nonzero(int Expr E) case E of decl int Const C: C, where C != 0 | decl int Expr E1: E1, where pos(E1) | decl int Expr E1: E1, where neg(E1) | decl int Expr E: -E, where nonzero(E) | decl int Expr E1, E2: E1 * E2, where nonzero(E1) && nonzero(E2)restrict decl int Expr E1, E2: E1 / E2, where nonzero(E2)invariant Value(E) != 0 • int y0 = 20;int z0;…………………………………………………………z0 = x / y0; Semantic Type Qualifiers

  10. Example1: nonnull qualifier nonnull(T* Expr E) case E of decl T LValue X: &X | new restrict decl T* Expr E: *E, where nonnull(E) invariant Value(E) != null Semantic Type Qualifiers

  11. Example1(cont.) • In original link_list.c …………….158 struct list_head *first = list->next;159 struct list_head *last = list->prev;160 struct list_head *at = head->next;compiled with nonnull qualifierExpression list->next breaks rule 'Restricts: Dref(WCExpr(E)) where Qual(nonnull, E)' under qualifier nonnull at examples/link_list.c:158 Semantic Type Qualifiers

  12. Example1(cont.) • In order to get rid of all the errors, we first try to add a qualifier nonnull to the function. • In the function:void list_add(struct list_head *new, struct list_head* __attribute__((nonnull)) head){ __list_add(new, head, head->next);} Semantic Type Qualifiers

  13. Example1(cont.) • Mail from one of the author:There is also a notion of "reference qualifiers" for talking about properties of memory locations…..However, reference qualifiers are not very well developed at this point and are very difficult to use in a practical way in the current framework, due to its flow insensitivity. Semantic Type Qualifiers

  14. Example2: locked and unlocked Original example file: void f(struct obj* o) { acquire_lock(&o->lock); do_stuff(o); g(o); release_lock(&lock_o->lock); } void g(struct obj* o) { if (1) { acquire_lock(&o->lock); /* bug: deadlock */ do_stuff(o); release_lock(&o->lock); } } Semantic Type Qualifiers

  15. Example2(cont.) void f(struct obj* __attribute__((unlocked)) o) { struct obj* __attribute__((locked)) lock_o; acquire_lock(&o->lock); lock_o = castto(o,struct obj* __attribute__((locked))); do_stuff(o); g(lock_o); release_lock(&o->lock); } void g(struct obj* __attribute__((unlocked)) o) { struct obj* __attribute__((locked)) lock_o; if (1) { acquire_lock(&o->lock); /* bug: deadlock */ lock_o = castto(o,struct obj* __attribute__((locked))); do_stuff(o); release_lock(&o->lock); } } Semantic Type Qualifiers

  16. Example2(cont.) g(lock_o); do not match with function type void (struct dummy * __attribute__((__unlocked__)) o ) at examples/deadlock.c:32Total Errors: 1 Semantic Type Qualifiers

More Related