Type-directed Bounding of Collections in Reactive Programs

TL;DR

This paper introduces a scalable, type-based static analysis method for verifying that collection sizes in reactive programs do not exceed specified bounds, using refinement types with execution counters.

Contribution

It presents a novel refinement type system with AST counters for flow-sensitive tracking, enabling effective verification of collection bounds in reactive programs.

Findings

Technique is scalable and effective on reactive programs.

Verification conditions are solvable by existing SMT solvers.

Approach handles flow-sensitive information through AST counters.

Abstract

Our aim is to statically verify that in a given reactive program, the length of collection variables does not grow beyond a given bound. We propose a scalable type-based technique that checks that each collection variable has a given refinement type that specifies constraints about its length. A novel feature of our refinement types is that the refinements can refer to AST counters that track how many times an AST node has been executed. This feature enables type refinements to track limited flow-sensitive information. We generate verification conditions that ensure that the AST counters are used consistently, and that the types imply the given bound. The verification conditions are discharged by an off-the-shelf SMT solver. Experimental results demonstrate that our technique is scalable, and effective at verifying reactive programs with respect to requirements on length of collections.