DOCSLIB.ORG

The Checker Framework Manual: Custom Pluggable Types for Java

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Checker Framework Manual: Custom Pluggable Types for Java The Checker Framework Manual: Custom pluggable types for Java https://checkerframework.org/ Version 2.5.7 (4 Nov 2018) For the impatient: Section 1.3 (page 13) describes how to install and use pluggable type-checkers. Contents 1 Introduction 12 1.1 How to read this manual . 13 1.2 How it works: Pluggable types . 13 1.3 Installation . 13 1.4 Example use: detecting a null pointer bug . 13 2 Using a checker 15 2.1 Writing annotations . 15 2.2 Running a checker . 16 2.2.1 Using annotated libraries . 16 2.2.2 Distributing your annotated project . 17 2.2.3 Summary of command-line options . 17 2.2.4 Checker auto-discovery . 19 2.2.5 Shorthand for built-in checkers . 19 2.3 What the checker guarantees . 19 2.4 Tips about writing annotations . 20 2.4.1 Write annotations before you run a checker . 20 2.4.2 How to get started annotating legacy code . 20 2.4.3 Annotations indicate non-exceptional behavior . 22 2.4.4 Subclasses must respect superclass annotations . 22 2.4.5 Annotations on constructor invocations . 23 2.4.6 What to do if a checker issues a warning about your code . 24 3 Nullness Checker 26 3.1 What the Nullness Checker checks . 26 3.2 Nullness annotations . 27 3.2.1 Nullness qualifiers . 27 3.2.2 Nullness method annotations . 28 3.2.3 Initialization qualifiers . 28 3.2.4 Map key qualifiers . 28 3.3 Writing nullness annotations . 29 3.3.1 Implicit qualifiers . 29 3.3.2 Default annotation . 29 3.3.3 Conditional nullness . 29 3.3.4 Nullness and arrays . 30 3.3.5 Run-time checks for nullness . 30 3.3.6 Additional details . 30 3.3.7 Inference of @NonNull and @Nullable annotations . 31 3.4 Suppressing nullness warnings . 31 3.4.1 Suppressing warnings with assertions and method calls . 31 2 3.5 Examples . 32 3.5.1 Tiny examples . 32 3.5.2 Example annotated source code . 32 3.6 Tips for getting started . 32 3.7 Other tools for nullness checking . 33 3.7.1 Which tool is right for you? . 34 3.7.2 Incompatibility note about FindBugs @Nullable ........................ 35 3.7.3 Relationship to Optional<T> .................................. 35 3.8 Initialization Checker . 36 3.8.1 Initialization qualifiers . 38 3.8.2 How an object becomes initialized . 39 3.8.3 Partial initialization . 40 3.8.4 Method calls from the constructor . 40 3.8.5 Initialization of circular data structures . 42 3.8.6 How to handle warnings . 43 3.8.7 More details about initialization checking . 44 3.8.8 Rawness Initialization Checker . 45 4 Map Key Checker 50 4.1 Map key annotations . 50 4.2 Default annotations . 50 4.2.1 Default for lower bounds . 51 4.3 Examples . 51 4.4 Inference of @KeyFor annotations . 52 5 Optional Checker for possibly-present data 54 5.1 How to run the Optional Checker . 54 5.2 Optional annotations . 54 6 Interning Checker 56 6.1 Interning annotations . 57 6.2 Annotating your code with @Interned .................................. 57 6.2.1 Implicit qualifiers . 57 6.2.2 InternedDistinct: values not equals() to any other value . 57 6.3 What the Interning Checker checks . 58 6.3.1 Limitations of the Interning Checker . 59 6.4 Examples . 59 6.5 Other interning annotations . 59 7 Lock Checker 60 7.1 What the Lock Checker guarantees . 60 7.2 Lock annotations . 60 7.2.1 Type qualifiers . 60 7.2.2 Declaration annotations . 62 7.3 Type-checking rules . 62 7.3.1 Polymorphic qualifiers . 62 7.3.2 Dereferences . 63 7.3.3 Primitive types, boxed primitive types, and Strings . 63 7.3.4 Overriding . 63 7.3.5 Side effects . 63 7.4 Examples . 63 7.4.1 Examples of @GuardedBy . 64 3 7.4.2 @GuardedBy({“a”, “b”}) is not a subtype of @GuardedBy({“a”}) . 65 7.4.3 Examples of @Holding . 65 7.4.4 Examples of @EnsuresLockHeld and @EnsuresLockHeldIf . 66 7.4.5 Example of @LockingFree, @ReleasesNoLocks, and @MayReleaseLocks . 66 7.4.6 Polymorphism and method formal parameters with unknown guards . 67 7.5 More locking details . 68 7.5.1 Two types of locking: monitor locks and explicit locks . 68 7.5.2 Held locks and held expressions; aliasing . 68 7.5.3 Run-time checks for locking . ..
Load more

Recommended publications
  • Novell SUSE Linux Package Description and Support Level Information for Contracted Customers and Partners
    Novell SUSE Linux Package Description and Support Level Information for Contracted Customers and Partners Definitions and Support Level Descriptions ACC: Additional Customer Contract necessary L1: Installation and problem determination, which means technical support Configuration designed to provide compatibility information, installation assistance, usage support, on-going maintenance and basic troubleshooting. Level 1 Support is not intended to correct product defect errors. L2: Reproduction of problem isolation, which means technical support designed to Potential Issues duplicate customer problems, isolate problem area and provide resolution for problems not resolved by Level 1 Support. L3: Code Debugging and problem resolution, which means technical support designed Patch Provision to resolve complex problems by engaging engineering in resolution of product defects which have been identified by Level 2 Support. Servicelevel Package Short Name Package Description SLES10 SP3 s390x 844-ksc-pcf Korean 8x4x4 Johab Fonts L2 a2ps Converts ASCII Text into PostScript L2 aaa_base SUSE Linux Base Package L3 aaa_skel Skeleton for Default Users L3 aalib An ASCII Art Library L2 aalib-32bit An ASCII Art Library L2 aalib-devel Development Package for AAlib L2 aalib-devel-32bit Development Package for AAlib L2 acct User-Specific Process Accounting L3 acl Commands for Manipulating POSIX Access Control Lists L3 adaptec-firmware Firmware files for Adaptec SAS Cards (AIC94xx Series) L3 agfa-fonts Professional TrueType Fonts L2 aide Advanced Intrusion Detection Environment L2 alsa Advanced Linux Sound Architecture L3 alsa-32bit Advanced Linux Sound Architecture L3 alsa-devel Include Files and Libraries mandatory for Development. L2 alsa-docs Additional Package Documentation. L2 amanda Network Disk Archiver L2 amavisd-new High-Performance E-Mail Virus Scanner L3 amtu Abstract Machine Test Utility L2 ant A Java-Based Build Tool L3 anthy Kana-Kanji Conversion Engine L2 anthy-devel Include Files and Libraries mandatory for Development.
    [Show full text]
  • Release 2.0.0 Florian Mounier
    pygal Documentation Release 2.0.0 Florian Mounier December 01, 2016 Contents 1 Sexy python charting 1 2 Simple python charting 3 3 Index 5 Python Module Index 105 i ii CHAPTER 1 Sexy python charting 1 pygal Documentation, Release 2.0.0 2 Chapter 1. Sexy python charting CHAPTER 2 Simple python charting pygal.Bar()(1,3,3,7)(1,6,6,4).render() 3 pygal Documentation, Release 2.0.0 4 Chapter 2. Simple python charting CHAPTER 3 Index 3.1 Documentation 3.1.1 First steps Caution: First you need to install pygal, see installing. When it’s done, you are ready to make your first chart: import pygal # First import pygal bar_chart= pygal.Bar() # Then create a bar graph object bar_chart.add('Fibonacci',[0,1,1,2,3,5,8, 13, 21, 34, 55]) # Add some values bar_chart.render_to_file('bar_chart.svg') # Save the svg to a file Now you should have a svg file called bar_chart.svg in your current directory. You can open it with various programs such as your web browser, inkscape or any svg compatible viewer. The resulting chart will be tho following: bar_chart= pygal.Bar() bar_chart.add('Fibonacci',[0,1,1,2,3,5,8, 13, 21, 34, 55]) bar_chart.render() Caution: pygal relies on svg css styling. This is sadly not fully supported by gnome librsvg and therefore can lead to black svg being displayed. This is not a bug in pygal. See this bugzilla search To make a multiple series graph just add another one: bar_chart= pygal.Bar() bar_chart.add('Fibonacci',[0,1,1,2,3,5,8, 13, 21, 34, 55]) bar_chart.add('Padovan',[1,1,1,2,2,3,4,5,7,9, 12]) bar_chart.render() If you want to stack
    [Show full text]
  • Seed Selection for Successful Fuzzing
    Seed Selection for Successful Fuzzing Adrian Herrera Hendra Gunadi Shane Magrath ANU & DST ANU DST Australia Australia Australia Michael Norrish Mathias Payer Antony L. Hosking CSIRO’s Data61 & ANU EPFL ANU & CSIRO’s Data61 Australia Switzerland Australia ABSTRACT ACM Reference Format: Mutation-based greybox fuzzing—unquestionably the most widely- Adrian Herrera, Hendra Gunadi, Shane Magrath, Michael Norrish, Mathias Payer, and Antony L. Hosking. 2021. Seed Selection for Successful Fuzzing. used fuzzing technique—relies on a set of non-crashing seed inputs In Proceedings of the 30th ACM SIGSOFT International Symposium on Software (a corpus) to bootstrap the bug-finding process. When evaluating a Testing and Analysis (ISSTA ’21), July 11–17, 2021, Virtual, Denmark. ACM, fuzzer, common approaches for constructing this corpus include: New York, NY, USA, 14 pages. https://doi.org/10.1145/3460319.3464795 (i) using an empty file; (ii) using a single seed representative of the target’s input format; or (iii) collecting a large number of seeds (e.g., 1 INTRODUCTION by crawling the Internet). Little thought is given to how this seed Fuzzing is a dynamic analysis technique for finding bugs and vul- choice affects the fuzzing process, and there is no consensus on nerabilities in software, triggering crashes in a target program by which approach is best (or even if a best approach exists). subjecting it to a large number of (possibly malformed) inputs. To address this gap in knowledge, we systematically investigate Mutation-based fuzzing typically uses an initial set of valid seed and evaluate how seed selection affects a fuzzer’s ability to find bugs inputs from which to generate new seeds by random mutation.
    [Show full text]
  • Debreach: Selective Dictionary Compression to Prevent BREACH and CRIME
    debreach: Selective Dictionary Compression to Prevent BREACH and CRIME A THESIS SUBMITTED TO THE FACULTY OF THE GRADUATE SCHOOL OF THE UNIVERSITY OF MINNESOTA BY Brandon Paulsen IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE Professor Peter A.H. Peterson July 2017 © Brandon Paulsen 2017 Acknowledgements First, I’d like to thank my advisor Peter Peterson and my lab mate Jonathan Beaulieu for their insights and discussion throughout this research project. Their contributions have undoubtedly improved this work. I’d like to thank Peter specifically for renew- ing my motivation when my project appeared to be at a dead–end. I’d like to thank Jonathan specifically for being my programming therapist. Next, I’d like to thank my family and friends for constantly supporting my aca- demic goals. In particular, I’d like to thank my mom and dad for their emotional support and encouragement. I’d like to thank my brother Derek and my friend Paul “The Wall” Vaynshenk for being great rock climbing partners, which provided me the escape from work that I needed at times. I’d like to again thank Jonathan Beaulieu and Xinru Yan for being great friends and for many games of Settlers of Catan. I’d like to thank Laura Krebs for helping me to discover my passion for academics and learning. Finally, I’d like to thank my fellow graduate students and the computer science faculty of UMD for an enjoyable graduate program. I’d also like to thank Professor Bethany Kubik and Professor Haiyang Wang for serving on my thesis committee.
    [Show full text]
  • Multi Software Product Lines in the Wild
    AperTO - Archivio Istituzionale Open Access dell'Università di Torino Multi software product lines in the wild This is the author's manuscript Original Citation: Availability: This version is available http://hdl.handle.net/2318/1667454 since 2020-07-06T10:51:50Z Publisher: Association for Computing Machinery Published version: DOI:10.1145/3168365.3170425 Terms of use: Open Access Anyone can freely access the full text of works made available as "Open Access". Works made available under a Creative Commons license can be used according to the terms and conditions of said license. Use of all other works requires consent of the right holder (author or publisher) if not exempted from copyright protection by the applicable law. (Article begins on next page) 27 September 2021 Multi Software Product Lines in the Wild Michael Lienhardt Ferruccio Damiani [email protected] [email protected] Università di Torino Università di Torino Italy Italy Simone Donetti Luca Paolini [email protected] [email protected] Università di Torino Università di Torino Italy Italy ABSTRACT 1 INTRODUCTION Modern software systems are often built from customizable and A Software Product Line (SPL) is a set of similar programs, called inter-dependent components. Such customizations usually define variants, with a common code base and well documented variabil- which features are offered by the components, and may depend ity [1, 6, 19]. Modern software systems are often built as complex on backend components being configured in a specific way. As assemblages of customizable components that out-grow the expres- such system become very large, with a huge number of possible siveness of SPLs.
    [Show full text]
  • Pygal Documentation Release 2.0.0
    pygal Documentation Release 2.0.0 Florian Mounier June 06, 2016 Contents 1 Sexy python charting 1 2 Simple python charting 3 3 Index 5 Python Module Index 97 i ii CHAPTER 1 Sexy python charting 1 pygal Documentation, Release 2.0.0 2 Chapter 1. Sexy python charting CHAPTER 2 Simple python charting pygal.Bar().add('1',[1,3,3,7]).add('2',[1,6,6,4]).render() 3 pygal Documentation, Release 2.0.0 4 Chapter 2. Simple python charting CHAPTER 3 Index 3.1 Documentation 3.1.1 First steps Caution: First you need to install pygal, see installing. When it’s done, you are ready to make your first chart: import pygal # First import pygal bar_chart= pygal.Bar() # Then create a bar graph object bar_chart.add('Fibonacci',[0,1,1,2,3,5,8, 13, 21, 34, 55]) # Add some values bar_chart.render_to_file('bar_chart.svg') # Save the svg to a file Now you should have a svg file called bar_chart.svg in your current directory. You can open it with various programs such as your web browser, inkscape or any svg compatible viewer. The resulting chart will be tho following: bar_chart= pygal.Bar() bar_chart.add('Fibonacci',[0,1,1,2,3,5,8, 13, 21, 34, 55]) bar_chart.render() Caution: pygal relies on svg css styling. This is sadly not fully supported by gnome librsvg and therefore can lead to black svg being displayed. This is not a bug in pygal. See this bugzilla search To make a multiple series graph just add another one: bar_chart= pygal.Bar() bar_chart.add('Fibonacci',[0,1,1,2,3,5,8, 13, 21, 34, 55]) bar_chart.add('Padovan',[1,1,1,2,2,3,4,5,7,9, 12]) bar_chart.render() If
    [Show full text]
  • Indicators for Missing Maintainership in Collaborative Open Source Projects
    TECHNISCHE UNIVERSITÄT CAROLO-WILHELMINA ZU BRAUNSCHWEIG Studienarbeit Indicators for Missing Maintainership in Collaborative Open Source Projects Andre Klapper February 04, 2013 Institute of Software Engineering and Automotive Informatics Prof. Dr.-Ing. Ina Schaefer Supervisor: Michael Dukaczewski Affidavit Hereby I, Andre Klapper, declare that I wrote the present thesis without any assis- tance from third parties and without any sources than those indicated in the thesis itself. Braunschweig / Prague, February 04, 2013 Abstract The thesis provides an attempt to use freely accessible metadata in order to identify missing maintainership in free and open source software projects by querying various data sources and rating the gathered information. GNOME and Apache are used as case studies. License This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license. Keywords Maintenance, Activity, Open Source, Free Software, Metrics, Metadata, DOAP Contents List of Tablesx 1 Introduction1 1.1 Problem and Motivation.........................1 1.2 Objective.................................2 1.3 Outline...................................3 2 Theoretical Background4 2.1 Reasons for Inactivity..........................4 2.2 Problems Caused by Inactivity......................4 2.3 Ways to Pass Maintainership.......................5 3 Data Sources in Projects7 3.1 Identification and Accessibility......................7 3.2 Potential Sources and their Exploitability................7 3.2.1 Code Repositories.........................8 3.2.2 Mailing Lists...........................9 3.2.3 IRC Chat.............................9 3.2.4 Wikis............................... 10 3.2.5 Issue Tracking Systems...................... 11 3.2.6 Forums............................... 12 3.2.7 Releases.............................. 12 3.2.8 Patch Review........................... 13 3.2.9 Social Media............................ 13 3.2.10 Other Sources..........................
    [Show full text]
  • Turbo.Lua Documentation Release 2.1.2
    Turbo.lua Documentation Release 2.1.2 John Abrahamsen Nov 02, 2018 Contents 1 Hello World 3 2 Supported Architectures 5 3 Supported Operating Systems7 4 Installation 9 5 Object oriented Lua 11 6 Packaging 13 7 Dependencies 15 8 License 17 9 Tutorials 19 9.1 Get Started With Turbo.......................................... 19 9.1.1 Installing Turbo......................................... 19 9.1.2 Hello World........................................... 20 9.1.3 Request parameters....................................... 20 9.1.4 Routes.............................................. 20 9.1.5 Serving Static Files....................................... 21 9.1.6 JSON Output.......................................... 22 9.2 Asynchronous modules......................................... 22 9.2.1 Overview............................................ 22 9.2.2 Example module........................................ 24 10 API documentation 27 10.1 Turbo.lua API Versioning........................................ 27 10.1.1 Preliminaries.......................................... 27 10.1.2 Module Version......................................... 27 10.2 turbo.web – Core web framework.................................... 28 10.2.1 RequestHandler class...................................... 28 10.2.2 HTTPError class........................................ 32 10.2.3 StaticFileHandler class..................................... 32 10.2.4 RedirectHandler class...................................... 33 10.2.5 Application class........................................ 33
    [Show full text]
  • Fundamental Data Structures Contents
    Fundamental Data Structures Contents 1 Introduction 1 1.1 Abstract data type ........................................... 1 1.1.1 Examples ........................................... 1 1.1.2 Introduction .......................................... 2 1.1.3 Defining an abstract data type ................................. 2 1.1.4 Advantages of abstract data typing .............................. 4 1.1.5 Typical operations ...................................... 4 1.1.6 Examples ........................................... 5 1.1.7 Implementation ........................................ 5 1.1.8 See also ............................................ 6 1.1.9 Notes ............................................. 6 1.1.10 References .......................................... 6 1.1.11 Further ............................................ 7 1.1.12 External links ......................................... 7 1.2 Data structure ............................................. 7 1.2.1 Overview ........................................... 7 1.2.2 Examples ........................................... 7 1.2.3 Language support ....................................... 8 1.2.4 See also ............................................ 8 1.2.5 References .......................................... 8 1.2.6 Further reading ........................................ 8 1.2.7 External links ......................................... 9 1.3 Analysis of algorithms ......................................... 9 1.3.1 Cost models ......................................... 9 1.3.2 Run-time analysis
    [Show full text]
  • Replacing C Library Code with Rust
    Replacing C library code with Rust: What I learned with librsvg Federico Mena Quintero [email protected] GUADEC 2017 Manchester, UK What uses librsvg? GNOME platform and desktop: gtk+ indirectly through gdk-pixbuf thumbnailer via gdk-pixbuf eog gstreamer-plugins-bad What uses librsvg? Fine applications: gnome-games (gnome-chess, five-or-more, etc.) gimp gcompris claws-mail darktable What uses librsvg? Desktop environments mate-panel Evas / Enlightenment emacs-x11 What uses librsvg? Things you may not expect ImageMagick Wikipedia ← they have been awesome Long History ● First commit, Eazel, 2001 ● Experiment instead of building a DOM, stream in SVG by using libbxml2’s SAX parser ● Renderer used libart ● Gill → Sodipodi → Inkscape ● Librsvg was being written while the SVG spec was being written ● Ported to Cairo eventually – I’ll remove the last libart-ism any day now Federico takes over ● Librsvg was mostly unmaintained in 2015 ● Took over maintenance in February 2015 ● Started the Rust port in October 2016 Pain points: librsvg’s CVEs ● CVE-2011-3146 - invalid cast of RsvgNode type, crash ● CVE-2015-7557 - out-of-bounds heap read in list-of-points ● CVE-2015-7558 - Infinite loop / stack overflow from cyclic element references (thanks to Benjamin Otte for the epic fix) ● CVE-2016-4348 - NOT OUR PROBLEM - integer overflow when writing PNGs in Cairo (rowstride computation) ● CVE-2017-11464 - Division by zero in Gaussian blur code (my bad, sorry) ● Many non-CVEs found through fuzz testing and random SVGs on the net ● https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=librsvg
    [Show full text]
  • How 10 Open Source Projects Manage Unsafe Code Tim Mcnamara @Mclicks Introduction About Me I Tweet About Rust
    Is it safe to use unsafe? How 10 open source projects manage unsafe code Tim McNamara @mClicks Introduction About me I tweet about Rust. I tweet about Rust. hps://twier.com/mClicks I waste me on talking about Rust I waste me on talking about Rust hps://reddit.com/u/mClicks I do live coding in Rust I do live coding in Rust hps://twitch.tv/mClicks I make videos about Rust I make videos about Rust hps://youtube.com/mClicks I write books about Rust I write books about Rust hps://rusnacon.com/ My goal My goal To shorten the me it takes for you to learn Rust by 100h. Unsafe guidelines for the impatient Use #[deny(unsafe_code)] Use #[deny(unsafe_code)] Add comments to all unsafe blocks Use #[deny(unsafe_code)] Add comments to all unsafe blocks Ask someone who is not familiar with the code to review the comment. If they do not understand why the unsafe block is safe, then the comment (or perhaps the code) should be revised. Objective: safety Objective: safety Remember: other people make mistakes Objective: safety Remember: other people make mistakes Your job is to create a system that makes it very hard for a stressed, overworked and distracted staff members from doing the wrong thing. Let’s learn about how other projects manage the risk of unsafe blocks. Let’s learn about how other projects manage the risk of unsafe blocks. But first, a story. Lemons and limes Warning Disallowing unsafe blocks in your project is insucient Using only safe Rust, it is possible to create code that is guaranteed to crash.
    [Show full text]
  • 1. Why POCS.Key
    Symptoms of Complexity Prof. George Candea School of Computer & Communication Sciences Building Bridges A RTlClES A COMPUTER SCIENCE PERSPECTIVE OF BRIDGE DESIGN What kinds of lessonsdoes a classical engineering discipline like bridge design have for an emerging engineering discipline like computer systems Observation design?Case-study editors Alfred Spector and David Gifford consider the • insight and experienceof bridge designer Gerard Fox to find out how strong the parallels are. • bridges are normally on-time, on-budget, and don’t fall ALFRED SPECTORand DAVID GIFFORD • software projects rarely ship on-time, are often over- AS Gerry, let’s begin with an overview of THE DESIGN PROCESS bridges. AS What is the procedure for designing and con- GF In the United States, most highway bridges are budget, and rarely work exactly as specified structing a bridge? mandated by a government agency. The great major- GF It breaks down into three phases: the prelimi- ity are small bridges (with spans of less than 150 nay design phase, the main design phase, and the feet) and are part of the public highway system. construction phase. For larger bridges, several alter- There are fewer large bridges, having spans of 600 native designs are usually considered during the Blueprints for bridges must be approved... feet or more, that carry roads over bodies of water, preliminary design phase, whereas simple calcula- • gorges, or other large obstacles. There are also a tions or experience usually suffices in determining small number of superlarge bridges with spans ap- the appropriate design for small bridges. There are a proaching a mile, like the Verrazzano Narrows lot more factors to take into account with a large Bridge in New Yor:k.
    [Show full text]