research-article

Public Access

Granullar: gradual nullable types for Java

Authors:

Dan Brotherston,

Ondřej LhotákAuthors Info & Claims

CC 2017: Proceedings of the 26th International Conference on Compiler Construction

Pages 87 - 97

https://doi.org/10.1145/3033019.3033032

Published: 05 February 2017 Publication History

Abstract

Object-oriented languages like Java and C# allow the null value for all references. This supports many flexible patterns, but has led to many errors, security vulnerabilities, and system crashes. % Static type systems can prevent null-pointer exceptions at compile time, but require annotations, in particular for used libraries. Conservative defaults choose the most restrictive typing, preventing many errors, but requiring a large annotation effort. Liberal defaults choose the most flexible typing, requiring less annotations, but giving weaker guarantees. Trusted annotations can be provided, but are not checked and require a large manual effort. None of these approaches provide a strong guarantee that the checked part of the program is isolated from the unchecked part: even with conservative defaults, null-pointer exceptions can occur in the checked part.

This paper presents Granullar, a gradual type system for null-safety. Developers start out verifying null-safety for the most important components of their applications. At the boundary to unchecked components, runtime checks are inserted by Granullar to guard the verified system from being polluted by unexpected null values. This ensures that null-pointer exceptions can only occur within the unchecked code or at the boundary to checked code; the checked code is free of null-pointer exceptions.

We present Granullar for Java, define the checked-unchecked boundary, and how runtime checks are generated. We evaluate our approach on real world software annotated for null-safety. We demonstrate the runtime checks, and acceptable compile-time and run-time performance impacts. Granullar enables combining a checked core with untrusted libraries in a safe manner, improving on the practicality of such a system.

References

[1]

C. Andreae, J. Noble, S. Markstrum, and T. Millstein. A framework for implementing pluggable type systems. In Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), pages 57–74. ACM, 2006.

Digital Library

[2]

F. Bañados Schwerter, R. Garcia, and É. Tanter. A theory of gradual effect systems. In International Conference on Functional Programming (ICFP), pages 283–295. ACM, 2014.

Digital Library

[3]

G. Bracha. Pluggable type systems. In OOPSLA Workshop on Revival of Dynamic Languages, 2004.

[4]

P. Chalin and P. R. James. Non-null references by default in java: Alleviating the nullity annotation burden. In European Conference on Object-Oriented Programming (ECOOP), pages 227–247. Springer, 2007.

Digital Library

[5]

B. Cornu, E. T. Barr, L. Seinturier, and M. Monperrus. Casper: Automatic tracking of null dereferences to inception with causality traces. Journal of Systems and Software, 122:52–62, 2016.

Digital Library

[6]

W. Dietl, S. Dietzel, M. D. Ernst, K. Mu¸slu, and T. W. Schiller. Building and using pluggable type-checkers. In International Conference on Software Engineering (ICSE), pages 681–690. ACM, 2011.

Digital Library

[7]

T. Ekman and G. Hedin. The JastAdd extensible Java compiler. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 1–18. ACM, 2007.

Digital Library

[8]

T. Ekman and G. Hedin. Pluggable checking and inferencing of nonnull types for Java. Journal of Object Technology, 6(9):455–475, 2007.

[9]

M. Fähndrich and K. R. M. Leino. Declaring and checking non-null types in an object-oriented language. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 302–312. ACM, 2003.

Digital Library

[10]

M. Fähndrich and S. Xia. Establishing object invariants with delayed types. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 337–350. ACM, 2007.

Digital Library

[11]

C. S. Gordon, W. Dietl, M. D. Ernst, and D. Grossman. Java UI: effects for controlling UI object access. In European Conference on Object-Oriented Programming (ECOOP), pages 179–204. Springer, 2013.

Digital Library

[12]

D. Greenfieldboyce and J. S. Foster. Type qualifier inference for java. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 321–336. ACM, 2007.

Digital Library

[13]

J. Gronski, K. Knowles, A. Tomb, S. N. Freund, and C. Flanagan. Sage: Hybrid checking for flexible specifications. In Scheme and Functional Programming Workshop, pages 93–104, 2006.

[14]

G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-oriented programming. In European Conference on Object-Oriented Programming (ECOOP), pages 220– 242. Springer, 1997.

[15]

M. M. Papi, M. Ali, T. L. Correa Jr, J. H. Perkins, and M. D. Ernst. Pluggable type-checking for custom type qualifiers in Java. Technical report, MIT CSAIL, 2007.

[16]

X. Qi and A. C. Myers. Masked types for sound object initialization. In Principles Of Programming Languages (POPL), pages 53–65. ACM, 2009.

Digital Library

[17]

M. Servetto, J. Mackay, A. Potanin, and J. Noble. The billion-dollar fix. In European Conference on Object-Oriented Programming (ECOOP), pages 205–229. Springer, 2013.

[18]

J. Siek and W. Taha. Gradual typing for objects. In European Conference on Object-Oriented Programming (ECOOP), pages 2–27. Springer, 2007.

Digital Library

[19]

J. G. Siek and W. Taha. Gradual typing for functional languages. In Scheme and Functional Programming Workshop, volume 6, pages 81–92, 2006.

[20]

A. J. Summers and P. Müller. Freedom before commitment: a lightweight type system for object initialisation. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 1013–1032. ACM, 2011.

Digital Library

Cited By

Zhuang YKuo WTseng S(2024)Resolving the Java Representation Exposure Problem with an AST-Based Deep Copy and Flexible Alias Ownership SystemElectronics10.3390/electronics1302035013:2(350)Online publication date: 14-Jan-2024
https://doi.org/10.3390/electronics13020350
Yoo JErnst MJust RFilkov VRay BZhou M(2024)Verifying the Option Type with Rely-Guarantee ReasoningProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695036(367-380)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695036
Madsen Mvan de Pol J(2021)Relational nullable types with Boolean unificationProceedings of the ACM on Programming Languages10.1145/34854875:OOPSLA(1-28)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3485487
Show More Cited By

Index Terms

Granullar: gradual nullable types for Java
1. Software and its engineering
  1. Software notations and tools
    1. Compilers
    2. General programming languages
      1. Language features
      2. Language types
        Object oriented languages

Recommendations

NullAway: practical type-based null safety for Java
ESEC/FSE 2019: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

NullPointerExceptions (NPEs) are a key source of crashes in modern Java programs. Previous work has shown how such errors can be prevented at compile time via code annotations and pluggable type checking. However, such systems have been difficult to ...
Label dependent lambda calculus and gradual typing

Dependently-typed programming languages are gaining importance, because they can guarantee a wide range of properties at compile time. Their use in practice is often hampered because programmers have to provide very precise types. Gradual typing is a ...
Practical pluggable types for java
ISSTA '08: Proceedings of the 2008 international symposium on Software testing and analysis

This paper introduces the Checker Framework, which supports adding pluggable type systems to the Java language in a backward-compatible way. A type system designer defines type qualifiers and their semantics, and a compiler plug-in enforces the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CC 2017: Proceedings of the 26th International Conference on Compiler Construction

February 2017

141 pages

ISBN:9781450352338

DOI:10.1145/3033019

General Chair:
Peng Wu
Huawei, USA
,
Program Chair:
Sebastian Hack
Saarland University, Germany

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 February 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CC '17

CC '17: Compiler Construction

February 5 - 6, 2017

TX, Austin, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
453
Total Downloads

Downloads (Last 12 months)103
Downloads (Last 6 weeks)18

Reflects downloads up to 14 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhuang YKuo WTseng S(2024)Resolving the Java Representation Exposure Problem with an AST-Based Deep Copy and Flexible Alias Ownership SystemElectronics10.3390/electronics1302035013:2(350)Online publication date: 14-Jan-2024
https://doi.org/10.3390/electronics13020350
Yoo JErnst MJust RFilkov VRay BZhou M(2024)Verifying the Option Type with Rely-Guarantee ReasoningProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695036(367-380)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695036
Madsen Mvan de Pol J(2021)Relational nullable types with Boolean unificationProceedings of the ACM on Programming Languages10.1145/34854875:OOPSLA(1-28)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3485487
Estep SSmaragdakis Y(2019)Gradual program analysisProceedings Companion of the 2019 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3359061.3361082(52-53)Online publication date: 20-Oct-2019
https://dl.acm.org/doi/10.1145/3359061.3361082
Banerjee SClapp LSridharan MDumas MPfahl DApel SRusso A(2019)NullAway: practical type-based null safety for JavaProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338919(740-750)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3338919
Kellogg MDort VMillstein SErnst MTip FBodden E(2018)Lightweight verification of array indexingProceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3213846.3213849(3-14)Online publication date: 12-Jul-2018
https://dl.acm.org/doi/10.1145/3213846.3213849

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents