In this paper, we show that the unsoundness discovered by Amin and Tate (2016) in Java’s wildcards is avoidable, even in the absence of a nullness-aware type system.
The key insight of this paper is that soundness in type systems that implicitly introduce existential types through subtyping hinges on still making sure there are suitable witness types when introducing existentially quantified type variables.
To show that this approach is viable, this paper formalizes a core calculus and proves it sound.
We used a static analysis based on our approach to look for potential issues in a vast corpus of Java code and found <i>none</i> (with 1 false positive).
This confirms both that Java's unsoundness has minimal practical consequence,
and that our approach can avoid it entirely with minimal false positives.
Sat 10 DecDisplayed time zone: Auckland, Wellington change
13:30 - 15:00 | |||
13:30 30mResearch paper | On incorrectness logic for Quantum programs OOPSLA Peng Yan University of Technology Sydney, Hanru Jiang Yanqi Lake Beijing Institute of Mathematical Sciences and Applications, China, Nengkun Yu Stony Brook University, USA DOI | ||
14:00 30mResearch paper | Weighted programming: a programming paradigm for specifying mathematical models OOPSLA Kevin Batz RWTH Aachen University, Adrian Gallus RWTH Aachen University, Benjamin Lucien Kaminski Saarland University and University College London, Joost-Pieter Katoen RWTH Aachen University, Tobias Winkler RWTH Aachen University DOI | ||
14:30 30mTalk | Wildcards Need Witness Protection OOPSLA Kevin Bierhoff Google DOI | ||