Papers by Chandrasekhar Boyapati
The Java Virtual Machine Language (JVML) is rapidly emerging as the de-facto standard for represe... more The Java Virtual Machine Language (JVML) is rapidly emerging as the de-facto standard for representing portable code and Java Virtual Machines (JVMs) are increasingly being used as standard platforms for running applications. But how suitable are the JVMs and the associated JVML for this purpose? This paper argues that JVML has a serious drawback in that it is not extensible enough. This lack of extensibility hinders the process of deploying new innovations in applications that run on the JVM platform. This paper also describes how a standard for portable code can be designed to be significantly more extensible than JVML. The paper explores the issues involved in designing such an extensible virtual machine (EVM), and reviews some recent research on formal techniques like type systems, logic frameworks, and analysis algorithms to show how an EVM can safely execute untrusted code.
Ispd, 2004
Making software reliable is one of the most important technological challenges facing our society... more Making software reliable is one of the most important technological challenges facing our society today. This thesis presents a new type system that addresses this problem by statically preventing several important classes of programming errors. If a program type checks, we guarantee at compile time that the program does not contain any of those errors.
Ownership types for safe object-oriented programming
Safe Runtime Downcasts With Ownership Types
This paper describes an efficient technique for supporting safe runtime downcasts with ownership ... more This paper describes an efficient technique for supporting safe runtime downcasts with ownership types. This technique uses the type passing approach, but avoids the associated significant space overhead by stor-ing runtime ownership information only for objects that are potentially ...
A Type System for Preventing Data Races and Deadlocks in Java Programs
Our system also allows programmers to use recursive tree-based data structures to describe the pa... more Our system also allows programmers to use recursive tree-based data structures to describe the partial order. For ex-ample, programmers can specify that nodes in a tree must be locked in the tree-order. Our system allows mutations to the data structure that change the partial ...
A parameterized type system for race-free Java programs
Proceedings of the 16th ACM SIGPLAN conference on Object oriented programming, systems, languages, and applications - OOPSLA '01, 2001
This paper presents a new static type system for multi-threaded programs; any well-typed program ... more This paper presents a new static type system for multi-threaded programs; any well-typed program in our system is free of data races. Our type system is significantly more ex-pressive than previous such type systems. In particular, our system lets programmers write generic code to ...
Object-oriented databases allow objects that are ma- nipulated by programs to be stored reliably ... more Object-oriented databases allow objects that are ma- nipulated by programs to be stored reliably so that they can be used again later and shared with other programs. Since objects in the OODB may live a long time, there may be a need to upgrade them: to change their code and storage representation. This paper describes a tech- nique for upgrading
ACM Symposium on Principles of Programming Languages (POPL), January 2003
object encapsulation and enable local reasoning about program correctness in object-oriented lang... more object encapsulation and enable local reasoning about program correctness in object-oriented languages. However, a type system that enforces strict object encapsulation is too constraining: it does not allow ecient implementation of important constructs like iterators. This paper argues that the right way to solve the problem is to allow objects of classes de ned in the same module to have privileged access to each other's representations; we show how to do this for inner classes. This approach allows programmers to express constructs like iterators and yet supports local reasoning about the correctness of the classes, because a class and its inner classes together can be reasoned about as a module. The paper also sketches how we use our variant of ownership types to enable ecient software upgrades in persistent object stores.
Persistent object stores require a way to automatically upgrade persistent objects, to change the... more Persistent object stores require a way to automatically upgrade persistent objects, to change their code and storage representation. Automatic upgrades are a challenge for such systems. Upgrades must be performed in a way that is efficient both in space and time, and that does not stop application access to the store. In addition, however, the approach must be modular: it must allow programmers to reason locally about the correctness of their upgrades similar to the way they would reason about regular code. This paper provides solutions to both problems.The paper first defines upgrade modularity conditions that any upgrade system must satisfy to support local reasoning about upgrades. The paper then describes a new approach for executing upgrades efficiently while satisfying the upgrade modularity conditions. The approach exploits object encapsulation properties in a novel way. The paper also describes a prototype implementation and shows that our upgrade system imposes only a small...
A parameterized type system for race-free Java programs
ACM SIGPLAN Notices, 2001
This paper presents a new static type system for multi-threaded programs; any well-typed program ... more This paper presents a new static type system for multi-threaded programs; any well-typed program in our system is free of data races. Our type system is significantly more ex-pressive than previous such type systems. In particular, our system lets programmers write generic code to ...
Ownership types for safe programming
ACM SIGPLAN Notices, 2002
ACM SIGPLAN Notices, 2006
This paper presents novel language and analysis techniques that significantly speed up software m... more This paper presents novel language and analysis techniques that significantly speed up software model checking of data structure properties. Consider checking a red-black tree implementation. Traditional software model checkers systematically generate all red-black tree states (within some given bounds) and check every red-black tree operation (such as insert, delete, or lookup) on every red-black tree state. Our key idea is as follows. As our checker checks a red-black tree operation o on a red-black tree state s, it uses program analysis techniques to identify other red-black tree states s 1 , s 2 , ..., s k on which the operation o behaves similarly. Our analyses guarantee that if o executes correctly on s, then o will execute correctly on every s i . Our checker therefore does not need to check o on any s i once it checks o on s. It thus safely prunes those state transitions from its search space, while still achieving complete test coverage within the bounded domain. Our preliminary results show orders of magnitude improvement over previous approaches. We believe our techniques can make model checking significantly faster, and thus enable checking of much larger programs and complex program properties than currently possible.
ACM SIGPLAN Notices, 2008
This paper presents novel techniques for checking the soundness of a type system automatically us... more This paper presents novel techniques for checking the soundness of a type system automatically using a software model checker. Our idea is to systematically generate every type correct intermediate program state (within some finite bounds), execute the program one step forward if possible using its small step operational semantics, and then check that the resulting intermediate program state is also type correct-but do so efficiently by detecting similarities in this search space and pruning away large portions of the search space. Thus, given only a specification of type correctness and the small step operational semantics for a language, our system automatically checks type soundness by checking that the progress and preservation theorems hold for the language (albeit for program states of at most some finite size). Our preliminary experimental results on several languages-including a language of integer and boolean expressions, a simple imperative programming language, an object-oriented language which is a subset of Java, and a language with ownership types-indicate that our approach is feasible and that our search space pruning techniques do indeed significantly reduce what is otherwise an extremely large search space. Our paper thus makes contributions both in the area of checking soundness of type systems, and in the area of reducing the state space of a software model checker.
Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation - PLDI '03, 2003
The Real-Time Specification for Java (RTSJ) allows a program to create real-time threads with har... more The Real-Time Specification for Java (RTSJ) allows a program to create real-time threads with hard real-time constraints. Real-time threads use region-based memory management to avoid unbounded pauses caused by interference from the garbage collector. The RTSJ uses runtime checks to ensure that deleting a region does not create dangling references and that real-time threads do not access references to objects allocated in the garbage-collected heap. This paper presents a static type system that guarantees that these runtime checks will never fail for well-typed programs. Our type system therefore 1) provides an important safety guarantee for real-time programs and 2) makes it possible to eliminate the runtime checks and their associated overhead.
ACM SIGSOFT Impact Paper Award 2012
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering - FSE '12, 2012
Korat
Proceedings of the international symposium on Software testing and analysis - ISSTA '02, 2002
This paper presents Korat, a novel framework for automated testing of Java programs. Given a form... more This paper presents Korat, a novel framework for automated testing of Java programs. Given a formal specification for a method, Korat uses the method precondition to automatically generate all (nonisomorphic) test cases up to a given small size. Korat then executes the method on each test case, and uses the method postcondition as a test oracle to check the correctness
Korat
Proceedings of the international symposium on Software testing and analysis - ISSTA '02, 2002
ACM SIGPLAN Notices, 2003
Persistent object stores require a way to automatically upgrade persistent objects, to change the... more Persistent object stores require a way to automatically upgrade persistent objects, to change their code and storage representation. Automatic upgrades are a challenge for such systems. Upgrades must be performed in a way that is efficient both in space and time, and that does not stop application access to the store. In addition, however, the approach must be modular: it must allow programmers to reason locally about the correctness of their upgrades similar to the way they would reason about regular code. This paper provides solutions to both problems.
Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '03, 2003
Ownership types provide a statically enforceable way of specifying object encapsulation and enabl... more Ownership types provide a statically enforceable way of specifying object encapsulation and enable local reasoning about program correctness in object-oriented languages. However, a type system that enforces strict object encapsulation is too constraining: it does not allow efficient implementation of important constructs like iterators. This paper argues that the right way to solve the problem is to allow objects of classes defined in the same module to have privileged access to each other's representations; we show how to do this for inner classes. This approach allows programmers to express constructs like iterators and yet supports local reasoning about the correctness of the classes, because a class and its inner classes together can be reasoned about as a module. The paper also sketches how we use our variant of ownership types to enable efficient software upgrades in persistent object stores.
A Type System for Safe Region-Based Memory Management in Real-Time Java
The Real-Time Specification for Java (RTSJ) allows a pro- gram to create real-time threads with h... more The Real-Time Specification for Java (RTSJ) allows a pro- gram to create real-time threads with hard real-time con- straints. Real-time threads use immortal memory and region-based memory management to avoid unbounded pauses caused by interference from the garbage collector. The RTSJ uses runtime checks to ensure that deleting a re- gion does not create dangling references and that real-time threads
Uploads
Papers by Chandrasekhar Boyapati