ISSTA 2023 Workshops
32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023)
Powered by
Conference Publishing Consulting

25th ACM International Workshop on Formal Techniques for Java-like Programs (FTfJP 2023), July 18, 2023, Seattle, WA, USA

FTfJP 2023 – Proceedings

Contents - Abstracts - Authors

25th ACM International Workshop on Formal Techniques for Java-like Programs (FTfJP 2023)


Title Page

Welcome from the Chairs
Welcome to the 25th Workshop on Formal Techniques for Java-like Programs (FTfJP 2023), co-located with ECOOP and ISSTA 2023 and held in Seattle, WA on July 18, 2023. Welcome whether you are participating live in the workshop or reading the presented papers afterwards. The historical ‘Java-like’ in the workshop name is more accurately ‘Just-about-any’ — the workshop encompasses both practical and theoretical techniques for formally reasoning about the correctness and security of software in any language.


Verifying C++ Dynamic Binding
Niels Mommen ORCID logo and Bart JacobsORCID logo
(KU Leuven, Belgium)
We propose an approach for modular verification of programs written in an object-oriented language where, like in C++, the same virtual method call is bound to different methods at different points during the construction or destruction of an object. Our separation logic combines Parkinson and Bierman's abstract predicate families with essentially explicitly tracking each subobject's vtable pointer. Our logic supports polymorphic destruction. Virtual inheritance is not yet supported. We formalized our approach and implemented it in our VeriFast tool for semi-automated modular formal verification of C++ programs.

Publisher's Version
Correctness-by-Construction Meets Refinement Types
Baber Rehman ORCID logo
(University of Hong Kong, China)
Type systems provide specifications and enable reasoning about the programs. Among other benefits, type systems provide guarantees of the absence of certain (ill-typed) program behaviors. Refinement types further enrich the expressiveness of type systems by allowing a predicate alongside the type. The crucial divide by zero and null pointer errors are safely eliminated with refinement types. Interestingly, Correctness-by-Construction (CbC) also provides a way to set specifications for the programs. The specifications are provided for the smaller modules. Larger programs are built by composing the functionally correct smaller modules. Therefore, CbC naturally results in verified and correct programs following the program specifications. In this short paper, we highlight that CbC meets refinement types in a sense that both approaches provide specifications for program correctness and larger programs are built by composing the functionally correct smaller modules.

Publisher's Version
Towards Verified Scalable Parallel Computing with Coq and Spark
Frédéric LoulergueORCID logo and Jolan Philippe ORCID logo
(University of Orléans, France; IMT Atlantique, France)
SyDPaCC (Systematic Development of programs for Parallel and Cloud Computing) is a framework for the Coq interactive theorem prover. It allows to systematically develop correct parallel programs from specifications via verified and automated program transformations. The obtained programs are scalable, i.e. able to run on numerous processors. SyDPaCC produces programs written in the multi-paradigm and functional programming language OCaml with calls to the BSML (Bulk Synchronous parallel ML) parallel programming library. In this paper we present ongoing work towards an extension of SyDPaCC to be able to produce Scala programs using Apache Spark for parallel processing.

Publisher's Version

Runtime Checking and Static Analysis

Points-to Analysis for Context-Oriented JavaScript Programs
Sergio Cardenas ORCID logo, Paul Leger ORCID logo, Hiroaki Fukuda ORCID logo, and Nicolás Cardozo ORCID logo
(University of Los Andes, Colombia; Universidad Católica del Norte, Chile; Shibaura Institute of Technology, Japan)
Static analyses, as points-to analysis, are useful to determine and assure different properties about a program, such as security or type safety. While existing analyses are effective in programs restricted to static features, precision declines in the presence of dynamic language features, and even further when the system behavior changes dynamically. As a consequence, improved points-to sets algorithms taking into account such language features and uses are required. In this paper, we present and extension of the point-to sets analysis to incorporate the language abstractions introduced by context-oriented programming adding the capability for programs to adapt their behavior dynamically to the system’s execution context. To do this, we extend WALA to detect the context-oriented language abstractions, and their representation within the system, to capture the dynamic behavior, in the particular case of the Context Traits JavaScript language extension. To prove the effectiveness of our extension, we evaluate the precision of the points-to set analysis with respect to the state of the art, over a set of context-oriented programs taken from the literature.

Publisher's Version Info
Runtime Verification of Hash Code in Mutable Classes
Davide AnconaORCID logo, Angelo FerrandoORCID logo, and Viviana MascardiORCID logo
(University of Genoa, Italy)
Most mainstream object-oriented languages provide a notion of equality between objects which can be customized to be weaker than reference equality, and which is coupled with the customizable notion of object hash code. This feature is so pervasive in object-oriented code that incorrect redefinition or use of equality and hash code may have a serious impact on software reliability and safety.
Despite redefinition of equality and hash code in mutable classes is unsafe, many widely used API libraries do that in Java and other similar languages. When objects of such classes are used as keys in hash tables, programs may exhibit unexpected and unpredictable behavior. In this paper we propose a runtime verification solution to avoid or at least mitigate this issue.
Our proposal uses RML, a rewriting-based domain specific language for runtime verification which is independent from code instrumentation and the programming language used to develop the software to be verified.

Publisher's Version
Gradual Guarantee for FJ with lambda-Expressions
Pedro Ângelo ORCID logo, Viviana Bono ORCID logo, Mariangiola Dezani-Ciancaglini ORCID logo, and Mário Florido ORCID logo
(University of Porto, Portugal; University of Turin, Italy)
We present FJ&λ⋆, a new core calculus that extends Featherweight Java (FJ) with interfaces, λ-expressions, intersection types and a form of dynamic type. Intersection types can be used anywhere, in particular to specify target types of λ-expressions. The dynamic type is exploited to specify parts of the class tables and programs we want to exclude temporarily from static typing. Our main result is the gradual guarantee, which says that if a program is well typed in a class table, then replacing type annotations (from the program and from the class table) with the dynamic type always produces a program that is still well typed in the obtained class table. Furthermore, if a typed program evaluates to a value in a class table, then replacing type annotations with dynamic types always produces a program that evaluates to the same value in the obtained class table.

Publisher's Version Published Artifact Archive submitted (500 kB) Artifacts Available

Static Types

Dependency-Free Capture Tracking
Edward Lee ORCID logo, Kavin Satheeskumar ORCID logo, and Ondřej Lhoták ORCID logo
(University of Waterloo, Canada)
Type systems usually characterize the shapes of values but not usually their free variables. Many desirable safety properties could be guaranteed by the type system if it knew exactly which variables were free in values.
There has been much recent work investigating such systems, with an eventual goal of incorporating a capture tracking system into Scala. These systems are unfortunately complicated by advanced features in Scala's type system, particularly dependent types. We explore what a capture tracking system could look like without the full complication of dependent

Publisher's Version
Verifying Well-Typedness Preservation of Refactorings using Scope Graphs
Luka Miljak ORCID logo, Casper Bach Poulsen ORCID logo, and Flip van Spaendonck ORCID logo
(TU Delft, Netherlands; TU Eindhoven, Netherlands)
The goal of automated refactoring is to reduce maintenance effort. To realize this, programmers need to be able to trust or manually check that refactorings actually preserve behavior. To allow programmers to focus on such checks, automated refactorings should preserve program well-typedness. However, historically automated refactorings in popular IDEs could break well-typedness. The reason is that modern languages have complex name binding semantics which makes it hard to guarantee well-typedness in general.
In recent work, scope graphs have been proposed as a uniform model for name binding. The model supports complex name binding patterns, and its uniformity makes it attractive to consider for verifying that refactorings preserve well-typedness. This paper explores how to prove that refactorings preserve well-typedness, using scope graphs. We consider a simple refactoring for merging modules in a toy module language, and prove that this refactoring preserves well-typedness. We give a generic template for proving well-typedness preservation using scope graphs, and discuss how this template relates to refactorings more generally.

Publisher's Version


Using Rewrite Strategies for Efficient Functional Automatic Differentiation
Timon Böhler ORCID logo, David Richter ORCID logo, and Mira Mezini ORCID logo
(TU Darmstadt, Germany; hessian.AI, Germany)
Automatic Differentiation (AD) has become a dominant technique in ML. AD frameworks have first been implemented for imperative languages using tapes. Meanwhile, functional implementations of AD have been developed, often based on dual numbers, which are close to the formal specification of differentiation and hence easier to prove correct. But these papers have focussed on correctness not efficiency. Recently, it was shown how an approach using dual numbers could be made efficient through the right optimizations. Optimizations are highly dependent on order, as one optimization can enable another. It can therefore be useful to have fine-grained control over the scheduling of optimizations. One method expresses compiler optimizations as rewrite rules, whose application can be combined and controlled using strategy languages. Previous work describes the use of term rewriting and strategies to generate high-performance code in a compiler for a functional language. In this work, we implement dual numbers AD in a functional array programming language using rewrite rules and strategy combinators for optimization. We aim to combine the elegance of differentiation using dual numbers with a succinct expression of the optimization schedule using a strategy language. We give preliminary evidence suggesting the viability of the approach on a micro-benchmark.

Publisher's Version
Constructing Structured SSA from FJ
Kenny Zhuo Ming Lu ORCID logo and Daniel Yu Hian Low ORCID logo
(Singapore University of Technology and Design, Singapore)
We propose a novel approach of constructing structured SSA forms. Specifically, our declarative algorithm converts a Featherweight Java (FJ) program into its structured SSA form in a single pass. We prove that the proposed algorithm produces valid SSA forms which are semantically consistent with respect to the original source programs. We verify the resulting SSA forms are minimal. We demonstrate that structured SSA form can serve as a unified intermediate representation for both compiler optimization and program verification pipelines. We implemented the algorithm as a library.

Publisher's Version

proc time: 3.45