Desynchronized Multi-State Abstractions for Open Programs in Dynamic Languages

  • Arlen CoxEmail author
  • Bor-Yuh Evan Chang
  • Xavier Rival
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9032)


Dynamic language library developers face a challenging problem: ensuring that their libraries will behave correctly for a wide variety of client programs without having access to those client programs. This problem stems from the common use of two defining features for dynamic languages: callbacks into client code and complex manipulation of attribute names within objects. To remedy this problem, we introduce two state-spanning abstractions. To analyze callbacks, the first abstraction desynchronizes a heap, allowing partitions of the heap that may be affected by a callback to an unknown function to be frozen in the state prior to the call. To analyze object attribute manipulation, building upon an abstraction for dynamic language heaps, the second abstraction tracks attribute name/value pairs across the execution of a library. We implement these abstractions and use them to verify modular specifications of class-, trait-, and mixin-implementing libraries.


Function Call Open Object Open Program Abstract Domain Separation Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [Bae et al.(2014)Bae, Cho, Lim, and Ryu]
    Bae, S.G., Cho, H., Lim, I., Ryu, S.: SAFE\(_{\mbox{\scriptsize WAPI}}\): Web API misuse detector for web applications. In: FSE 2014 (2014)Google Scholar
  2. [Bodin et al.(2014)Bodin, Charguéraud, Filaretti, Gardner, Maffeis, Naudziuniene, Schmitt, and Smith]
    Bodin, M., Charguéraud, A., Filaretti, D., Gardner, P., Maffeis, S., Naudziuniene, D., Schmitt, A., Smith, G.: A trusted mechanised JavaScript specification. In: POPL, pp. 87–100 (2014)Google Scholar
  3. [Chang and Leino(2005)]
    Bor-Yuh Evan Chang and K. Rustan M. Leino. Abstract interpretation with alien expressions and heap structures. In: VMCAI, pp. 147–163 (2005)Google Scholar
  4. [Charlton et al.(2012)Charlton, Horsfall, and Reus]
    Charlton, N., Horsfall, B., Reus, B.: Crowfoot: A verifier for higher-order store programs. In: VMCAI, pp. 136–151 (2012)Google Scholar
  5. [Chugh et al.(2012a)Chugh, Herman, and Jhala]
    Chugh, R., Herman, D., Jhala, R.: Dependent types for JavaScript. In: OOPSLA, pp. 587–606 (2012a)Google Scholar
  6. [Chugh et al.(2012b)Chugh, Rondon, and Jhala]
    Chugh, R., Rondon, P.M., Jhala, R.: Nested refinements: a logic for duck typing. In: POPL, pp. 231–244 (2012b)Google Scholar
  7. [Cousot and Cousot(1977)]
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)Google Scholar
  8. [Cox et al.(2014)Cox, Chang, and Rival]
    Cox, A., Chang, B.-Y.E., Rival, X.: Automatic analysis of open objects in dynamic language programs. In: Müller-Olm, M., Seidl, H. (eds.) Static Analysis. LNCS, vol. 8723, pp. 134–150. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  9. [Dillig et al.(2010)Dillig, Dillig, and Aiken]
    Dillig, I., Dillig, T., Aiken, A.: Fluid Updates: Beyond Strong vs. Weak Updates. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 246–266. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. [Dillig et al.(2011)Dillig, Dillig, and Aiken]
    Dillig, I., Dillig, T., Aiken, A.: Precise reasoning for programs using containers. In: POPL, pp. 187–200 (2011)Google Scholar
  11. [Gardner et al.(2012)Gardner, Maffeis, and Smith]
    Gardner, P., Maffeis, S., Smith, G.D.: Towards a program logic for JavaScript. In: POPL, pp. 31–44 (2012)Google Scholar
  12. [Gardner et al.(2013)Gardner, Naudziuniene, and Smith]
    Gardner, P., Naudziuniene, D., Smith, G.: JuS: Squeezing the sense out of JavaScript programs. In: JSTools (2013)Google Scholar
  13. [Gulwani and Tiwari(2006)]
    Gulwani, S., Tiwari, A.: Combining abstract interpreters. In: PLDI, pp. 376–386 (2006)Google Scholar
  14. [Halbwachs and Péron(2008)]
    Halbwachs, N., Péron, M.: Discovering properties about arrays in simple programs. In: PLDI, pp. 339–348 (2008)Google Scholar
  15. [Hardekopf et al.(2014)Hardekopf, Wiedermann, Churchill, and Kashyap]
    Hardekopf, B., Wiedermann, B., Churchill, B.R., Kashyap, V.: Widening for control-flow. In: VMCAI, pp. 472–491 (2014)Google Scholar
  16. [Hoare(1969)]
    Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969)CrossRefzbMATHGoogle Scholar
  17. [Jensen et al.(2009)Jensen, Møller, and Thiemann]
    Jensen, S.H., Møller, A., Thiemann, P.: Type analysis for JavaScript. In: SAS, pp. 238–255 (2009)Google Scholar
  18. [Jensen et al.(2010)Jensen, Møller, and Thiemann]
    Jensen, S.H., Møller, A., Thiemann, P.: Interprocedural analysis with lazy propagation. In: SAS, pp. 320–339 (2010)Google Scholar
  19. [Kashyap et al.(2013)Kashyap, Sarracino, Wagner, Wiedermann, and Hardekopf]
    Kashyap, V., Sarracino, J., Wagner, J., Wiedermann, B., Hardekopf, B.: Type refinement for static analysis of JavaScript. In: DLS, pp. 17–26 (2013)Google Scholar
  20. [Krishnawami(2011)]
    Krishnawami, N.R.: Verifying Higher-Order Imperative Programs with HIgher-Order Separation Logic. PhD thesis, Carnegie Mellon University (2011)Google Scholar
  21. [Lee et al.(2012)Lee, Won, Jin, Cho, and Ryu]
    Lee, H., Won, S., Jin, J., Cho, J., Ryu, S.: SAFE: Formal specification and implementation of a scalable analysis framework for ECMAScript. In: FOOL 2012 (2012)Google Scholar
  22. [Madhavan et al.(2012)Madhavan, Ramalingam, and Vaswani]
    Madhavan, R., Ramalingam, G., Vaswani, K.: Modular heap analysis for higher-order programs. In: SAS, pp. 370–387 (2012)Google Scholar
  23. [Nguyen et al.(2014)Nguyen, Tobin-Hochstadt, and Horn]
    Nguyen, P.C., Tobin-Hochstadt, S., Van Horn, D.: Soft contract verification. In: ICFP (2014)Google Scholar
  24. [Reynolds(2002)]
    Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: LICS, pp. 55–74 (2002)Google Scholar
  25. [Rinetzky et al.(2005)Rinetzky, Sagiv, and Yahav]
    Rinetzky, N., Sagiv, M., Yahav, E.: Interprocedural shape analysis for cutpoint-free programs. In: SAS, pp. 284–302 (2005)Google Scholar
  26. [Schwinghammer et al.(2011)Schwinghammer, Birkedal, Reus, and Yang]
    Schwinghammer, J., Birkedal, L., Reus, B., Yang, H.: Nested Hoare triples and frame rules for higher-order store. Logical Methods in Computer Science 7(3) (2011)Google Scholar
  27. [Sridharan et al.(2012)Sridharan, Dolby, Chandra, Schäfer, and Tip]
    Sridharan, M., Dolby, J., Chandra, S., Schäfer, M., Tip, F.: Correlation Tracking for Points-To Analysis of JavaScript. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol. 7313, pp. 435–458. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  28. [Suter et al.(2011)Suter, Köksal, and Kuncak]
    Suter, P., Köksal, A.S., Kuncak, V.: Satisfiability modulo recursive programs. In: SAS, pp. 298–315 (2011)Google Scholar
  29. [Xu et al.(2009)Xu, Jones, and Claessen]
    Xu, D.N., Jones, S.L.P., Claessen, K.: Static contract checking for Haskell. In: POPL, pp. 41–52 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.University of Colorado BoulderBoulderUSA
  2. 2.INRIA/CNRS/ENSParisFrance

Personalised recommendations