research-article

A foundation for flow-based program matching: using temporal logic and model checking

Authors:

Damien Doligez,

René Rydhof Hansen,

Julia L. Lawall,

Gilles MullerAuthors Info & Claims

POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pages 114 - 126

https://doi.org/10.1145/1480881.1480897

Published: 21 January 2009 Publication History

Abstract

Reasoning about program control-flow paths is an important functionality of a number of recent program matching languages and associated searching and transformation tools. Temporal logic provides a well-defined means of expressing properties of control-flow paths in programs, and indeed an extension of the temporal logic CTL has been applied to the problem of specifying and verifying the transformations commonly performed by optimizing compilers. Nevertheless, in developing the Coccinelle program transformation tool for performing Linux collateral evolutions in systems code, we have found that existing variants of CTL do not adequately support rules that transform subterms other than the ones matching an entire formula. Being able to transform any of the subterms of a matched term seems essential in the domain targeted by Coccinelle.

In this paper, we propose an extension to CTL named CTLVW (CTL with variables and witnesses) that is a suitable basis for the semantics and implementation of the Coccinelles program matching language. Our extension to CTL includes existential quantification over program fragments, which allows metavariables in the program matching language to range over different values within different control-flow paths, and a notion of witnesses that record such existential bindings for use in the subsequent program transformation process. We formalize CTL-VW and describe its use in the context of Coccinelle. We then assess the performance of the approach in practice, using a transformation rule that fixes several reference count bugs in Linux code.

References

[1]

Ki Yung Ahn and Tim Sheard. Shared subtypes: subtyping recursive parametrized algebraic data types. In Haskell '08: Proceedings of the 1st ACM SIGPLAN Haskell symposium, pages 75--86, New York, NY, USA, 2008. ACM.

Digital Library

[2]

James Cheney and Ralf Hinze. First-class phantom types. Technical Report CUCIS TR2003-1901, Cornell University, 2003.

[3]

Dominic Duggan and John Ophel. Type-checking multi-parameter type classes. J. Funct. Program., 12 (2): 133--158, 2002.

Digital Library

[4]

Louis-Julien Guillemette and Stefan Monnier. A type-preserving compiler in Haskell. In ICFP '08: Proceeding of the 13th ACM SIGPLAN international conference on Functional programming, pages 75--86, New York, NY, USA, 2008. ACM.

Digital Library

[5]

Mark P. Jones. Type classes with functional dependencies. In Proc. of ESOP 2000, number 1782 in Lecture Notes in Computer Science. Springer-Verlag, 2000.

Digital Library

[6]

Christine Paulin-Mohring. Inductive definitions in the system Coq-rules and properties. In M. Bezem and J. Groote, editors, International conference on Typed Lambda Calculi and Applications. LNCS 664, Springer-Verlag, 1993.

Digital Library

[7]

Simon Peyton Jones, Mark P. Jones, and Erik Meijer. Type classes: exploring the design space. In Haskell Workshop, Amsterdam, June 1997.

[8]

Simon Peyton Jones, Dimitrios Vytiniotis, Stephanie Weirich, and Geoffrey Washburn. Simple unification-based type inference for gadts. In International Conference on Functional Programming, Portland, Oregon, September 2006.

Digital Library

[9]

Frank Pfenning and Carsten Schürmann. System description: Twelf -- a meta-logical framework for deductive systems. In International Conference on Automated Deduction, volume 1632 of Lecture Notes in Artificial Intelligence, pages 202--206, July 1999.

Digital Library

[10]

Tom Schrijvers and Martin Sulzmann. Unified Type Checking for Type Classes and Type Functions, 2008. Poster at the International Conference on Functional Programming (ICFP'08).

[11]

Tom Schrijvers, Simon Peyton Jones, Manuel Chakravarty, and Martin Sulzmann. Type checking with open type functions. In ICFP '08: Proceeding of the 13th ACM SIGPLAN international conference on Functional programming, pages 51--62, New York, NY, USA, 2008. ACM.

Digital Library

[12]

Tim Sheard. Languages of the future. In OOPSLA '04: Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, pages 116--119, New York, NY, USA, 2004. ACM Press. ISBN 1-58113-833-4.

Digital Library

[13]

Matthieu Sozeau and Nicolas Oury. First-class type classes. In 21th International Conference on Theorem Proving in Higher Order Logics, pages 278--293. LNCS 5170, Springer-Verlag, 2008.

Digital Library

[14]

Peter J. Stuckey and Martin Sulzmann. A theory of overloading. ACM Transactions on Programming Languages and Systems (TOPLAS), 27 (6): 1--54, 2005.

Digital Library

[15]

Martin Sulzmann, Manuel Chakravarty, Simon Peyton Jones, and Kevin Donnelly. System F with type equality coercions. In ACM SIGPLAN International Workshop on Types in Language Design and Implementation (TLDI'07). ACM, 2007.

Digital Library

[16]

Martin Sulzmann, Gregory J. Duck, Simon Peyton-Jones, and Peter J. Stuckey. Understanding functional dependencies via Constraint Handling Rules. J. Funct. Program., 17 (1): 83--129, 2007.

Digital Library

[17]

Philip Wadler and Stephen Blott. How to make ad-hoc polymorphism less ad hoc. In Symposium on Principles of Programming Languages, Austin, TX, January 1989.

Digital Library

[18]

Hongwei Xi, Chiyan Chen, and Gang Chen. Guarded recursive datatype constructors. In Symposium on Principles of Programming Languages, pages 224--235, New Orleans, LA, January 2003.

Digital Library

Cited By

He LSu PZhang CCai YMa JDruschel PKaufmann AMace JFlinn JSeltzer M(2023)One Simple API Can Cause Hundreds of Bugs An Analysis of Refcounting Bugs in All Modern Linux KernelsProceedings of the 29th Symposium on Operating Systems Principles10.1145/3600006.3613162(52-65)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3600006.3613162
Yamaguchi DIwatsuka T(2022)Two-Stage Patch Synthesis for API Migration from Single API Usage Example2022 29th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC57359.2022.00036(239-248)Online publication date: Dec-2022
https://doi.org/10.1109/APSEC57359.2022.00036
Koyuncu ALiu KBissyandé TKim DKlein JMonperrus MLe Traon Y(2020)FixMiner: Mining relevant fix patterns for automated program repairEmpirical Software Engineering10.1007/s10664-019-09780-zOnline publication date: 14-Mar-2020
https://doi.org/10.1007/s10664-019-09780-z
Show More Cited By

Index Terms

A foundation for flow-based program matching: using temporal logic and model checking

Recommendations

A foundation for flow-based program matching: using temporal logic and model checking
POPL '09

Reasoning about program control-flow paths is an important functionality of a number of recent program matching languages and associated searching and transformation tools. Temporal logic provides a well-defined means of expressing properties of control-...
Temporal Logic Query Checking: A Tool for Model Exploration

Temporal logic query checking was first introduced by W. Chan in order to speed up design understanding by discovering properties not known a priori. A query is a temporal logic formula containing a special symbol ?_1, known as a placeholder. Given a ...
Model checking discounted temporal properties
Tools and algorithms for the construction and analysis of systems (TACAS 2004)

Temporal logic is two-valued: formulas are interpreted as either true or false. When applied to the analysis of stochastic systems, or systems with imprecise formal models, temporal logic is therefore fragile: even small changes in the model can lead to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2009

464 pages

ISBN:9781605583792

DOI:10.1145/1480881

General Chair:
Zhong Shao
Yale University, USA
,
Program Chair:
Benjamin C. Pierce
University of Pennsylvania, USA

ACM SIGPLAN Notices Volume 44, Issue 1
POPL '09
January 2009
453 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1594834
Issue’s Table of Contents

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 January 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

POPL09

Sponsor:

POPL09: The 36th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

January 21 - 23, 2009

GA, Savannah, USA

Acceptance Rates

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '25

Sponsor:
sigplan

The 52nd Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 19 - 25, 2025

Denver , CO , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

36
Total Citations
View Citations
640
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)1

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

He LSu PZhang CCai YMa JDruschel PKaufmann AMace JFlinn JSeltzer M(2023)One Simple API Can Cause Hundreds of Bugs An Analysis of Refcounting Bugs in All Modern Linux KernelsProceedings of the 29th Symposium on Operating Systems Principles10.1145/3600006.3613162(52-65)Online publication date: 23-Oct-2023
https://dl.acm.org/doi/10.1145/3600006.3613162
Yamaguchi DIwatsuka T(2022)Two-Stage Patch Synthesis for API Migration from Single API Usage Example2022 29th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC57359.2022.00036(239-248)Online publication date: Dec-2022
https://doi.org/10.1109/APSEC57359.2022.00036
Koyuncu ALiu KBissyandé TKim DKlein JMonperrus MLe Traon Y(2020)FixMiner: Mining relevant fix patterns for automated program repairEmpirical Software Engineering10.1007/s10664-019-09780-zOnline publication date: 14-Mar-2020
https://doi.org/10.1007/s10664-019-09780-z
Gui JXiao XLi DKim CChen HBalenson D(2019)Progressive processing of system-behavioral queryProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359818(378-389)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3359789.3359818
Lu KWang PLi GZhou X(2018)Untrusted Hardware Causes Double-Fetch Problems in the I/O MemoryJournal of Computer Science and Technology10.1007/s11390-018-1842-333:3(587-602)Online publication date: 11-May-2018
https://doi.org/10.1007/s11390-018-1842-3
Koyuncu ABissyandé TKim DKlein JMonperrus MLe Traon YBultan TSen K(2017)Impact of tool support in patch constructionProceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3092703.3092713(237-248)Online publication date: 10-Jul-2017
https://dl.acm.org/doi/10.1145/3092703.3092713
Zhao YLeung HYang YZhou YXu B(2017)Towards an understanding of change types in bug fixing codeInformation and Software Technology10.1016/j.infsof.2017.02.00386:C(37-53)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.1016/j.infsof.2017.02.003
Newman CBartman BCollard MMaletic J(2017)Simplifying the construction of source code transformations via automatic syntactic restructuringsJournal of Software: Evolution and Process10.1002/smr.183129:4Online publication date: 20-Jan-2017
https://doi.org/10.1002/smr.1831
(2015)Global transformations for legacy parallel applications via structural analysis and rewritingParallel Computing10.1016/j.parco.2015.01.00143:C(1-26)Online publication date: 1-Mar-2015
https://dl.acm.org/doi/10.1016/j.parco.2015.01.001
Sun CZhang HLou JZhang HWang QZhang DKhoo SCheung SOrso AStorey M(2014)Querying sequential software engineering dataProceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering10.1145/2635868.2635902(700-710)Online publication date: 11-Nov-2014
https://dl.acm.org/doi/10.1145/2635868.2635902
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents