types.bib

% types.bib -- Bibliography for work related to types in programming languages


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Immutability
%%%


@InProceedings{PoratBKM2000,
  author = 	 "Sara Porat and Marina Biberstein and Larry Koved and
                  Bilba Mendelson",
  title = 	 "Automatic detection of immutable fields in {Java}",
  crossref =     "CASCON2000",
  NEEDpages = 	 "*",
  abstract =
   "This paper introduces techniques to detect mutability of fields and classes
    in Java. A variable is considered to be mutable if a new value is stored
    into it, as well as if any of its reachable variables is mutable. We
    present a static flow-sensitive analysis algorithm which can be applied to
    any Java component. The analysis classifies fields and classes as either
    mutable or immutable. In order to facilitate open-world analysis, the
    algorithm identifies situations that expose variables to potential
    modification by code outside the component, as well as situations where
    variables are modified by the analyzed code. We also present an
    implementation of the analysis which focuses on detecting mutability of
    class variables, so as to avoid isolation problems. The implementation
    incorporates intra- and inter-procedural data-flow analyses and is shown to
    be highly scalable. Experimental results demonstrate the effectiveness of
    the algorithms."
}


@InProceedings{BibersteinGP01,
  author = 	 "Marina Biberstein and Joseph Gil and Sara Porat",
  title = 	 "Sealing, encapsulation, and mutability",
  crossref =     "ECOOP2001",
  pages = 	 "28--52",
}


@InProceedings{SkoglundW2001,
  author = 	 "Mats Skoglund and Tobias Wrigstad",
  title = 	 "A mode system for read-only references in {Java}",
  crossref =     "FTFJP2001",
  NEEDpages = 	 "*",
}


@TechReport{MuellerPoetzsch-Heffter01a,
  author      = { M{\"u}ller, P. and Poetzsch-Heffter, A. },
  title       = { Universes: A Type System
                 for Alias and Dependency Control },
  institution = { Fernuniversit{\"a}t Hagen },
  year        = 2001,
  number      = 279,
  note        = {  }
}


@Article{DietlM2005,
  author = 	 "Werner Dietl and Peter M{\"u}ller",
  authorASCII =  "Peter Muller / Peter Mueller",
  title = 	 "Universes: Lightweight ownership for {JML}",
  journal = 	 JOT,
  year = 	 2005,
  volume = 	 4,
  number = 	 8,
  pages = 	 "5--32",
  month = 	 oct
}


@InProceedings{DietlDM2007,
  author = 	 "Werner Dietl and Sophia Drossopoulou and Peter M{\"u}ller",
  authorASCII =  "Peter Muller",
  title = 	 "{G}eneric {U}niverse {T}ypes",
  titleASCII = 	 "Generic Universe Types",
  crossref =     "ECOOP2007",
  pages = 	 "28--53",
  abstract =
   "Ownership is a powerful concept to structure the object store and to
    control aliasing and modifications of objects. This paper presents an
    ownership type system for a Java-like programming language with generic
    types. Like our earlier Universe type system, Generic Universe Types
    enforce the owner-as-modifier discipline. This discipline does not restrict
    aliasing, but requires modifications of an object to be initiated by its
    owner. This allows owner objects to control state changes of owned objects,
    for instance, to maintain invariants. Generic Universe Types require a
    small annotation overhead and provide strong static guarantees.  They are
    the first type system that combines the owner-as-modifier discipline with
    type genericity.",
}


@Article{KnieselT2001,
  author = 	 "G{\"u}nter Kniesel and Dirk Theisen",
  title = 	 "{JAC} --- Access right based encapsulation for {Java}",
  journal = 	 j-spe,
  year = 	 2001,
  volume =	 31,
  number =	 6,
  pages =	 "555--576"
}


@InProceedings{PechtchanskiS2002,
  author = 	 "Igor Pechtchanski and Vivek Sarkar",
  title = 	 "Immutability specification and its applications",
  crossref =     "JavaGrande2002",
  pages =	 "202--211",
  abstract =
   "A location is said to be immutable if its value and the values of selected
    locations reachable from it are guaranteed to remain unchanged during a
    specified time interval. We introduce a framework for immutability
    specification, and discuss its application to code optimization. Compared
    to a final declaration, an immutability assertion in our framework can
    express a richer set of immutability properties along three dimensions ---
    lifetime, reachability and context. We present a framework for processing
    and verifying immutability annotations in Java, as well as extending
    optimizations so as to exploit immutability information. Preliminary
    experimental results show that a significant number (82\%) of read accesses
    could potentially be classified as immutable in our framework. Further, use
    of immutability information yields substantial reductions (33\% to 99\%) in
    the number of dynamic read accesses, and also measurable speedups in the
    range of 5\% to 10\% for certain benchmark programs."
}


@InProceedings{BoylandNR2001,
  author = 	 "John Boyland and James Noble and William Retert",
  title = 	 "Capabilities for sharing:
                  A generalisation of uniqueness and read-only",
  crossref =     "ECOOP2001",
  pages =	 "2--27",
  abstract =
   "Many languages and language extensions include annotations on pointer
    variables such as ``read-only,'' ``unique,'' and ``borrowed''; many more
    annotations have been proposed but not implemented. Unfortunately, all
    these annotations are described individually and formalised independently -
    assuming they are formalised at all. In this paper, we show how these
    annotations can be subsumed into a general capability system for
    pointers. This system separates mechanism (defining the semantics of
    sharing and exclusion) from policy (defining the invariants that are
    intended to be preserved). The capability system has a well-defined
    semantics which can be used as a reference for the correctness of various
    extended type systems using annotations. Furthermore, it supports research
    in new less-restrictive type systems that permit a wider range of idioms to
    be statically checked."
}


@InProceedings{Boyland2005,
  author = 	 "John Boyland",
  title = 	 "Why we should not add \texttt{readonly} to {Java} (yet)",
  crossref =     "FTFJP2005",
  NEEDpages = 	 "",
  abstract =
   "In this paper, I examine some of reasons that ``readonly'' style
    qualifiers have been proposed for Java, and also the principles behind the
    rules for these new qualifiers. I find that there is a mismatch between
    some of the motivating problems and the proposed solutions. Thus I urge
    Java designers to proceed with caution when adopting a solution to these
    sets of problems.",
}


@Misc{JSR163,
  author = 	 "Robert Field",
  title = 	 "{JSR} 163: {Java} Platform Profiling Architecture",
  howpublished = "\url{https://jcp.org/en/jsr/detail?id=163}",
  month = 	 sep # "~30,",
  year = 	 2004,
}

@Misc{JSR175,
  author = 	 "Joshua Bloch",
  title = 	 "{JSR} 175: A Metadata Facility for the {Java} Programming Language",
  howpublished = "\url{https://jcp.org/en/jsr/detail?id=175}",
  month = 	 sep # "~30,",
  year = 	 2004,
}


@Misc{JSR175-PFD2,
  author = 	 "Joshua Bloch",
  title = 	 "{JSR175}: A Program Annotation Facility for the {Java} Programming Language: Proposed Final Draft 2",
  howpublished = "\url{https://jcp.org/en/jsr/detail?id=175}",
  month = 	 aug # "~12,",
  year = 	 2004,
}


@Misc{JSR198,
  author = 	 "Jose Cronembold",
  title = 	 "{JSR} 198:  A Standard Extension {API} for {Integrated} {Development} {Environments}",
  howpublished = "\url{https://jcp.org/en/jsr/detail?id=198}",
  month = 	 may # "~8,",
  year = 	 2006,
}


@Misc{JSR199,
  author = 	 "Peter von der Ahe",
  title = 	 "{JSR} 199: {Java} Compiler {API}",
  howpublished = "\url{https://jcp.org/en/jsr/detail?id=199}",
  month = 	 dec # "~11,",
  year = 	 2006,
}

@Misc{JSR250,
  author = 	 "Rajiv Mordani",
  title = 	 "{JSR} 250: Common Annotations for the {Java} Platform",
  howpublished = "\url{https://jcp.org/en/jsr/detail?id=250}",
  month = 	 may # "~11,",
  year = 	 2006,
}

@Misc{JSR269,
  author = 	 "Joe Darcy",
  title = 	 "{JSR} 269: Pluggable Annotation Processing {API}",
  howpublished = "\url{https://jcp.org/en/jsr/detail?id=269}",
  month = 	 may # "~17,",
  year = 	 2006,
  note = 	 "Public review version",
}


@Misc{JSR305,
  author = 	 "William Pugh",
  title = 	 "{JSR} 305: Annotations for Software Defect Detection",
  howpublished = "\url{https://jcp.org/en/jsr/detail?id=305}",
  month = 	 aug # "~29,",
  year = 	 2006,
  note = 	 "JSR Review Ballot version",
}


@InProceedings{HaackPSS2007,
  author = 	 "Christian Haack and Erik Poll and Jan Sch{\"a}fer and Aleksy Schubert",
  title = 	 "Immutable objects for a {Java}-like language",
  crossref =     "ESOP2007",
  pages = 	 "347--362",
}


@InProceedings{HaackP2009,
  author = 	 "Haack, Christian and Poll, Erik",
  title = 	 "Type-Based Object Immutability with Flexible Initialization",
  crossref =     "ECOOP2009",
  pages = 	 "520--545",
  abstract =
   "We present a type system for checking object immutability, read-only
    references, and class immutability in an open or closed world. To allow
    object initialization outside object constructors (which is often needed in
    practice), immutable objects are initialized in lexically scoped
    regions. The system is simple and direct; its only type qualifiers specify
    immutability properties. No auxiliary annotations, e.g., ownership types,
    are needed, yet good support for deep immutability is provided. To express
    object confinement, as required for class immutability in an open world, we
    use qualifier polymorphism. The system has two versions: one with explicit
    specification commands that delimit the object initialization phase, and
    one where such commands are implicit and inferred. In the latter version,
    all annotations are compatible with Java's extended annotation syntax, as
    proposed in JSR 308.",
}


@MastersThesis{Noack2010,
  author = 	 "Gunther Noack",
  title = 	 "{TIFI}+: A Type Checker for Object Immutability with Flexible Initialization",
  school = 	 "University of Kaiserslautern",
  year = 	 2010,
  type = 	 "Diploma thesis",
  month = 	 mar,
}


@InProceedings{CoblenzNAMS2017,
  author =       "Coblenz, Michael and Nelson, Whitney and Aldrich, Jonathan and Myers, Brad and Sunshine, Joshua",
  title =        "Glacier: Transitive class immutability for {Java}",
  crossref =  "ICSE2017",
  pages =     "496--506",
}


@PhdThesis{Coblenz2020,
  author = 	 "Michael Coblenz",
  title = 	 "User-Centered Design of Principled Programming Languages",
  school = 	 "Carnegie Mellon University",
  year = 	 2020,
  month = 	 "aug",
  note = 	 "TR CMU-CS-20-127",
}


@InProceedings{Milanova2018,
  author = 	 "Ana Milanova",
  title = 	 "Definite reference mutability",
  crossref =  "ECOOP2018",
  pages = 	 "25:1--25:30",
}


@InProceedings{CoblenzSAMWS2016,
  author = 	 "Coblenz, Michael and Sunshine, Joshua and Aldrich, Jonathan and Myers, Brad and Weber, Sam and Shull, Forrest",
  title = 	 "Exploring Language Support for Immutability",
  crossref =  "ICSE2016",
  pages = 	 "736-747",
}


@MastersThesis{Sun2021,
  author = 	 "Lian Sun",
  title = 	 "An Immutability Type System for Classes and Objects: Improvements, Experiments, and Comparisons",
  school = 	 UWaterlooECE,
  year = 	 2021,
  address = 	 UWaterlooaddr,
  month = 	 apr,
}


%%%
%%% Interning (aka canonicalization, hash-consing)
%%%


@Article{Ershov58,
  author = 	 "A. P. Ershov",
  title = 	 "On programming of arithmetic operations",
  journal = 	 CACM,
  year = 	 1958,
  volume = 	 1,
  number = 	 8,
  pages = 	 "3--6",
  month = 	 aug,
}


@Book{Allen78,
  author = 	 "John R. Allen",
  title = 	 "Anatomy of LISP",
  publisher = 	 "McGraw-Hill",
  year = 	 1978,
  address = 	 "New York",
}


@TechReport{Goto74,
  author = 	 "E. Goto",
  title = 	 "Monocopy and associative algorithms in an extended {Lisp}",
  institution =  "Information Science Laboratory, University of Tokyo",
  year = 	 1974,
  number = 	 "74-03",
  address = 	 "Tokyo, Japan",
  month = 	 may,
}


@InProceedings{VaziriTFD2007,
  author = 	 "Mandana Vaziri and Frank Tip and Stephen Fink and Julian Dolby",
  title = 	 "Declarative object identity using relation types",
  crossref =     "ECOOP2007",
  pages = 	 "54--78",
}


@InProceedings{MarinovO2003,
  author = 	 "Darko Marinov and Robert O'Callahan",
  title = 	 "Object equality profiling",
  crossref =     "OOPSLA2003",
  pages = 	 "313--325",
  abstract =
   "We present \emph{Object Equality Profiling} (OEP), a new technique for
    helping programmers discover optimization opportunities in programs. OEP
    discovers opportunities for replacing a set of equivalent object instances
    with a single representative object. Such a set represents an opportunity for
    automatically or manually applying optimizations such as hash consing, heap
    compression, lazy allocation, object caching, invariant hoisting, and
    more. To evaluate OEP, we implemented a tool to help programmers reduce the
    memory usage of Java programs. Our tool performs a dynamic analysis that
    records all the objects created during a particular program run. The tool
    partitions the objects into equivalence classes, and uses collected timing
    information to determine when elements of an equivalence class could have
    been safely collapsed into a single representative object without affecting
    the behavior of that program run. We report the results of applying this
    tool to benchmarks, including two widely used Web application servers. Many
    benchmarks exhibit significant amounts of object equivalence, and in most
    benchmarks our profiler identifies optimization opportunities clustered
    around a small number of allocation sites. We present a case study of using
    our profiler to find simple manual optimizations that reduce the average
    space used by live objects in two SpecJVM benchmarks by 47\% and 38\%
    respectively.",
}


@InProceedings{ZendraC99,
  author = 	 "Olivier Zendra and Dominique Colnet",
  title = 	 "Towards safer aliasing with the {Eiffel} language",
  crossref =     "IWAOOS99",
  pages = 	 "153--154",
}


@InProceedings{120750,
 author = {Richard J. Fateman},
 title = {Canonical representations in Lisp and applications to computer algebra systems},
 booktitle = {ISSAC '91: Proceedings of the 1991 international symposium on Symbolic and algebraic computation},
 year = {1991},
 isbn = {0-89791-437-6},
 pages = {360--369},
 address  = {Bonn, West Germany},
 doi = {https://doi.acm.org/10.1145/120694.120750},
 }


@article{231195,
 author = {Richard J. Fateman and Mark Hayden},
 title = {Speeding up Lisp-based symbolic mathematics},
 journal = {SIGSAM Bull.},
 volume = {30},
 number = {1},
 year = {1996},
 issn = {0163-5824},
 pages = {25--30},
 doi = {https://doi.acm.org/10.1145/231191.231195},
 }


@InProceedings{FilliatreC2006,
  author = 	 "Jean-Christophe Filli\^{a}tre and Sylvain Conchon",
  authorASCII =	 "Jean-Christophe Filliatre and Sylvain Conchon",
  title = 	 "Type-safe modular hash-consing",
  crossref =     "ML2006",
  pages = 	 "12--19",
}


%% These last few citations are unrelated to interning, but seemed to be at
%% first glance.

@article{359667,
 author = {Jay M. Spitzen and Karl N. Levitt and Lawrence Robinson},
 title = {An example of hierarchical design and proof},
 journal = CACM,
 volume = {21},
 month = dec,
 number = {12},
 year = {1978},
 issn = {0001-0782},
 pages = {1064--1075},
 doi = {https://doi.acm.org/10.1145/359657.359667},
 }


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Type qualifiers in general (not immutability)
%%%

@InProceedings{FosterFFA99,
  author =    "Jeffrey S. Foster and Manuel F{\"{a}}hndrich and
               Alexander Aiken",
  title =     "A theory of type qualifiers",
  crossref =     "PLDI99",
  pages =     "192--203",
  doi = {10.1145/301618.301665},
}


@Article{FosterJKA2006,
  author = 	 "Jeffrey S. Foster and Robert Johnson and John Kodumal and Alex Aiken ",
  title = 	 "Flow-insensitive type qualifiers",
  journal = 	 TOPLAS,
  year = 	 2006,
  volume = 	 28,
  number = 	 6,
  pages = 	 "1035--1087",
  month = 	 nov,
  abstract =
   "We describe flow-insensitive type qualifiers, a lightweight, practical
    mechanism for specifying and checking properties not captured by
    traditional type systems. We present a framework for adding new,
    user-specified type qualifiers to programming languages with static type
    systems, such as C and Java. In our system, programmers add a few type
    qualifier annotations to their program, and automatic type qualifier
    inference determines the remaining qualifiers and checks the annotations
    for consistency. We describe a tool CQual for adding type qualifiers to the
    C programming language. Our tool CQual includes a visualization component
    for displaying browsable inference results to the programmer. Finally, we
    present several experiments using our tool, including inferring const
    qualifiers, finding security vulnerabilities in several popular C programs,
    and checking initialization data usage in the Linux kernel. Our results
    suggest that inference and visualization make type qualifiers lightweight,
    that type qualifier inference scales to large programs, and that type
    qualifiers are applicable to a wide variety of problems.",
}


@InProceedings{foster:PLDI02,
  author =    {Jeffrey S. Foster and Tachio Terauchi and Alex Aiken},
  title =     "Flow-sensitive type qualifiers",
  crossref =     "PLDI2002",
  pages =     {1--12},
}


@Manual{ElsmanFA99,
  title = 	 "Carillon --- A System to Find {Y2K} Problems in {C} Programs",
  author = 	 "Martin Elsman and Jeffrey S. Foster and Alexander Aiken",
  month = 	 jul # "~30,",
  year = 	 1999,
  abstract =
   "Carillon is a simple, fast, and effective type-based system for finding Y2K
    errors in C programs. Carillon extends the standard C type system with a
    user-defined set of date-related type qualifiers. The user annotates
    date-related functions with the appropriate qualifiers, and Carillon checks
    the program for Y2K errors.
    \par
    Carillon displays the results of the Y2K analysis in an interactive Emacs
    buffer. Program variables are colored according to the kind of Y2K
    information they may contain, and the user can click on program variables
    to see the exact Y2K type inferred by the analysis.
    \par
    The system has been used successfully to verify Y2K readiness of programs
    and to locate Y2K errors.",
  URL =          "www.cs.berkeley.edu/Research/Aiken/carillon/",
}


@InProceedings{GreenfieldboyceF2007,
  author = 	 "David Greenfieldboyce and Jeffrey S. Foster",
  title = 	 "Type qualifier inference for {Java}",
  crossref =     "OOPSLA2007",
  pages = 	 "321--336",
  abstract =
   "Java's type system provides programmers with strong guarantees of type and
    memory safety, but there are many important properties not captured by
    standard Java types. We describe JQual, a tool that adds user-defined type
    qualifiers to Java, allowing programmers to quickly and easily incorporate
    extra lightweight, application-specific type checking into their
    programs. JQual provides type qualifier inference, so that programmers need
    only add a few key qualifier annotations to their program, and then JQual
    infers any remaining qualifiers and checks their consistency. We explore
    two applications of JQual. First, we introduce opaque and enum qualifiers
    to track C pointers and enumerations that flow through Java code via the
    JNI. In our benchmarks we found that these C values are treated correctly,
    but there are some places where a client could potentially violate
    safety. Second, we introduce a readonly qualifier for annotating references
    that cannot be used to modify the objects they refer to.  We found that
    JQual is able to automatically infer readonly in many places on method
    signatures. These results suggest that type qualifiers and type qualifier
    inference are a useful addition to Java.",
}


@Misc{GreenfieldboyceF2005,
  author = 	 "David Greenfieldboyce and Jeffrey S. Foster",
  title = 	 "Type qualifiers for {Java}",
  howpublished = "\url{http://www.cs.umd.edu/Grad/scholarlypapers/papers/greenfiledboyce.pdf}",
  month = 	 aug # "~8,",
  year = 	 2005,
  supersededby = "GreenfieldboyceF2007",
}


@InProceedings{ChinMM2005,
  author = 	 "Brian Chin and Shane Markstrum and Todd Millstein",
  title = 	 "Semantic type qualifiers",
  crossref =     "PLDI2005",
  pages = 	 "85--95",
  abstract =
   "We present a new approach for supporting user-defined type refinements,
    which augment existing types to specify and check additional invariants of
    interest to programmers. We provide an expressive language in which users
    define new refinements and associated type rules. These rules are
    automatically incorporated by an \emph{extensible typechecker} during
    static typechecking of programs. Separately, a \emph{soundness checker}
    automatically proves that each refinement's type rules ensure the intended
    invariant, for all possible programs. We have formalized our approach and
    have instantiated it as a framework for adding new type qualifiers to C
    programs. We have used this framework to define and automatically prove
    sound a host of type qualifiers of different sorts, including \texttt{pos}
    and \texttt{neg} for integers, \texttt{tainted} and \texttt{untainted} for
    strings, and \texttt{nonnull} and \texttt{unique} for pointers, and we have
    applied our qualifiers to ensure important invariants on open-source C
    programs.",
}


@InProceedings{ChinMMP2006,
  author = 	 "Brian Chin and Shane Markstrum and Todd Millstein and Jens Palsberg",
  title = 	 "Inference of user-defined type qualifiers and qualifier rules",
  crossref =     "ESOP2006",
  pages = 	 "264--278",
}


@InProceedings{MandelbaumWH2003,
  author = 	 "Yitzhak Mandelbaum and David Walker and Robert Harper",
  title = 	 "An effective theory of type refinements",
  crossref =     "ICFP2003",
  pages = 	 "213--225",
  abstract =
   "We develop an explicit two level system that allows programmers to reason
    about the behavior of effectful programs. The first level is an ordinary
    ML-style type system, which confers standard properties on program
    behavior. The second level is a conservative extension of the first that
    uses a logic of type refinements to check more precise properties of
    program behavior. Our logic is a fragment of intuitionistic linear logic,
    which gives programmers the ability to reason locally about changes of
    program state. We provide a generic resource semantics for our logic as
    well as a sound, decidable, syntactic refinement-checking system. We also
    prove that refinements give rise to an optimization principle for
    programs. Finally, we illustrate the power of our system through a number
    of examples.",
}


@InProceedings{deline04typestates,
  author = 	 "Robert DeLine and Manuel F{\"a}hndrich",
  title = 	 "Typestates for objects",
  crossref =     "ECOOP2004",
  pages =	 "465--490",
}


@InProceedings{DeLineF2001,
  author = 	 "Robert DeLine and Manuel F{\"a}hndrich",
  title = 	 "Enforcing high-level protocols in low-level software",
  crossref =     "PLDI2001",
  pages = 	 "59--69",
}


@InProceedings{ShankarTFW2001,
  author = 	 "Umesh Shankar and Kunal Talwar and Jeffrey S. Foster and David Wagner",
  title = 	 "Detecting format string vulnerabilities with type qualifiers",
  crossref =     "USENIXSec2001",
  NEEDpages = 	 "*",
}


@InProceedings{VolpanoS97,
  author = 	 "Dennis M. Volpano and Geoffrey Smith",
  title = 	 "A type-based approach to program security",
  crossref =     "TAPSOFT97",
  pages = 	 "607--621",
}


@InProceedings{PalsbergO95,
  author = 	 "Jens Palsberg and Peter {\O}rb{\ae}k",
  authorASCII =	 "Peter Orbaek",
  title = 	 "Trust in the $\lambda$-calculus",
  crossref =     "SAS95",
  pages = 	 "314--329",
}


@InProceedings{PratikakisSH2004,
  author = 	 "Polyvios Pratikakis and Jaime Spacco and Michael Hicks",
  title = 	 "Transparent proxies for {Java} futures",
  crossref =     "OOPSLA2004",
  pages = 	 "206--223",
}


@InProceedings{JohnsonW2004,
  author = 	 "Rob Johnson and David Wagner",
  title = 	 "Finding user/kernel pointer bugs with type inference",
  crossref =     "USENIXSec2004",
  pages = 	 "119--134",
}


@Article{YelickSPMLKHGGCA1998,
  author = 	 "Kathy Yelick and Luigi Semenzato and Geoff Pike and Carleton Miyamoto and Ben Liblit and Arvind Krishnamurthy and Paul Hilfinger and Susan Graham and David Gay and Phil Colella and Alex Aiken",
  title = 	 "Titanium: A high-performance {Java} dialect",
  journal = 	 "Concurrency: Practice and Experience",
  year = 	 1998,
  volume = 	 10,
  number = 	 "11--13",
  pages = 	 "825--836",
  month = 	 sep # "--" # nov,
  abstract =
   "Titanium is a language and system for high-performance parallel
    scientific computing. Titanium uses Java as its base, thereby leveraging
    the advantages of that language and allowing us to focus attention on
    parallel computing issues. The main additions to Java are immutable
    classes, multidimensional arrays, an explicitly parallel SPMD model of
    computation with a global address space, and zone-based memory
    management. We discuss these features and our design approach, and
    report progress on the development of Titanium, including our current
    driving application: a three-dimensional adaptive mesh refinement
    parallel Poisson solver.",
}


%%%
%%% Non-null (nonnull) types and nullness/nullity analysis
%%%


@InProceedings{FahndrichL2003:OOPSLA,
  author = 	 "Manuel F{\"a}hndrich and K. Rustan M. Leino",
  authorASCII =  "Manuel Fahndrich",
  title = 	 "Declaring and checking non-null types in an
                  object-oriented language",
  crossref =     "OOPSLA2003",
  pages = 	 "302--312",
  abstract =
   "Distinguishing non-null references from possibly-null references at the
    type level can detect null-related errors in object-oriented programs at
    compile-time. This paper gives a proposal for retrofitting a language such
    as C\# or Java with non-null types. It addresses the central complications
    that arise in constructors, where declared non-null fields may not yet have
    been initialized, but the partially constructed object is already
    accessible. The paper reports experience with an implementation for
    annotating and checking null-related properties in C\# programs.",
}


@InProceedings{FahndrichLeino03:IWACO,
  author = {Manuel F{\"a}hndrich and K. Rustan M. Leino},
  authorASCII = {Manuel Fahndrich and K. Rustan M. Leino},
  title = {Heap Monotonic Typestates},
  crossref =  "IWACO2003",
  pages = "58-72",
  abstract =
   "The paper defines the class of heap monotonic typestates. The
    monotonicity of such typestates enables sound checking algorithms
    without the need for non-aliasing regimes of pointers. The basic idea is
    that data structures evolve over time in a manner that only makes their
    representation invariants grow stronger, never weaker. This assumption
    guarantees that existing object references with particular typestates
    remain valid in all program futures, while still allowing objects to
    attain new stronger typestates. The system is powerful enough to
    establish properties of circular data structures."
}


@InProceedings{FahndrichX2007,
  author = 	 "Manuel F{\"a}hndrich and Songtao Xia",
  authorASCII =	 "Manuel Fahndrich and Songtao Xia",
  title = 	 "Establishing object invariants with delayed types",
  crossref =     "OOPSLA2007",
  pages = 	 "337--350",
}


@InProceedings{SummersM2011,
  author = 	 "Summers, Alexander J. and M{\"u}ller, Peter",
  authorASCII = 	 "Summers, Alexander J. and Muller, Peter",
  authorASCII = 	 "Summers, Alexander J. and Mueller, Peter",
  title = 	 "Freedom before commitment: A lightweight type system for object initialisation",
  crossref =     "OOPSLA2011",
  pages = 	 "1013--1032",
  url = {https://doi.acm.org/10.1145/2048066.2048142},
}


@InProceedings{ChalinR2005,
  author = 	 "Chalin, Patrice and Rioux, Fr{\'e}d{\'e}ric",
  authorASCII =  "Chalin, Patrice and Rioux, Frederic",
  title = 	 "Non-null references by default in the {Java} {Modeling} {Language}",
  crossref =     "SAVCBS2005",
  NOpages = 	 "*",
  abstract =
   "Based on our experiences and those of our peers, we hypothesized that in
    Java code, the majority of declarations that are of reference types are
    meant to be non-null. Unfortunately, the Java Modeling Language (JML), like
    most interface specification and object-oriented programming languages,
    assumes that such declarations are possibly-null by default. As a
    consequence, developers need to write specifications that are more verbose
    than necessary in order to accurately document their module interfaces. In
    practice, this results in module interfaces being left incompletely and
    inaccurately specified. In this paper we present the results of a study
    that confirms our hypothesis. Hence, we propose an adaptation to JML that
    preserves its language design goals and that allows developers to specify
    that declarations of reference types are to be interpreted as non-null by
    default. We explain how this default is safer and results in less writing
    on the part of specifiers than null-by-default. The paper also reports on
    an implementation of the proposal in some of the JML tools.",
}


@TechReport{ChalinJ2006,
  author = 	 "Patrice Chalin and Perry James",
  title = 	 "Non-null references by default in {Java}:  Alleviating the nullity annotation burden",
  institution =  "Concordia University",
  year = 	 2006,
  type = 	 "ENCS-CSE",
  number = 	 "2006-003",
  address = 	 Montreal,
  month = 	 dec,
  note = 	 "Revision 3s",
  supersededby = "ChalinJ2007",
}

@InProceedings{ChalinJ2007,
  author = 	 "Patrice Chalin and Perry R. James",
  title = 	 "Non-null references by default in {Java}:  Alleviating the nullity annotation burden",
  crossref =     "ECOOP2007",
  pages = 	 "227--247",
  abstract =
   "With Java 5 annotations, we note a marked increase in tools that statically
    detect potential null dereferences. To be effective such tools require that
    developers annotate declarations with nullity modifiers and have annotated
    API libraries. Unfortunately, in our experience specifying moderately large
    code bases, the use of non-null annotations is more labor intensive than it
    should be.  Motivated by this experience, we conducted an empirical study
    of 5 open source projects totaling 700 KLOC which confirms that on average,
    3/4 of declarations are meant to be non-null, by design. Guided by these
    results, we propose adopting a non-null-by-default semantics. This new
    default has advantages of better matching general practice, lightening
    developer annotation burden and being safer. We adapted the Eclipse JDT
    Core to support the new semantics, including the ability to read the
    extensive API library specifications written in the Java Modeling Language
    (JML\@). Issues of backwards compatibility are addressed.",
}


@Article{ChalinJR2008,
  author = 	 "P. Chalin and P.R. James and F. Rioux",
  title = 	 "Reducing the use of nullable types through non-null by default and monotonic non-null",
  journal = 	 "IET Software",
  year = 	 2008,
  volume = 	 2,
  number = 	 6,
  pages = 	 "515--531",
  month = 	 dec,
  abstract =
   "With Java 5 annotations, the authors note a marked increase in tools that
    can statically detect potential null dereferences. To be effective, such
    tools require that developers annotate declarations with nullity modifiers
    and have annotated API libraries. Unfortunately, in the experience of the
    authors, specifying moderately large code bases, the use of non-null
    annotations is more labour intensive than it should be. Motivated by this
    experience, the authors conducted an empirical study of five open source
    projects totalling 700K lines-of-code, which confirms that, on average, 75\%
    of reference declarations are meant to be non-null, by design. Guided by
    these results, the authors propose the adoption of non-null-by-default
    semantics. This new default has advantages of better matching general
    practice, lightening developer annotation burden and being safer. The
    authors also describe the Eclipse Java Modelling Language (JML) Java
    Development Tooling (JDT), a tool supporting the new semantics, including
    the ability to read the extensive API library specifications written in the
    JML. Issues of backwards compatibility are addressed. In a second phase of
    the empirical study, the authors analysed the uses of null and noted that
    over half of the nullable field references are only assigned non-null
    values. For this category of reference, the authors introduce the concept
    of monotonic non-null type and illustrate the benefits of its use.",
}


@TechReport{ChalinJK2007,
  author = 	 "Patrice Chalin and Perry R. James and George Karabotsos",
  title = 	 "The architecture of {JML4}, a proposed integrated verification environment for {JML}",
  institution =  "Concordia University",
  year = 	 2007,
  type = 	 "ENCS-CSE",
  number = 	 "2007-006",
  month = 	 may,
  note = 	 "Revision 1",
}


@InProceedings{CieleckiFJJ2006,
  author = 	 "Maciej Cielecki and J\c{e}drzej Fulara and Krzysztof Jakubczyk and {\L}ukasz Jancewicz and Jacek Chrzaszcz and Aleksy Schubert and {\L}ukasz Kami{\'n}ski",
  authorASCII = 	 "Maciej Cielecki and Jedrzej Fulara and Krzysztof Jakubczyk and Lukasz Jancewicz and Jacek Chrzaszcz and Aleksy Schubert and Lukasz Kaminski",
  title = 	 "Propagation of {JML} non-null annotations in {Java} programs",
  crossref =     "PPPJ2006",
  pages = 	 "135--140",
  abstract =
   "Development of high quality code is notably difficult. Tools that help
    maintaining the proper quality of code produced by programmers can be very
    useful: they may increase the quality of produced software and help
    managers to ensure that the product is ready for the market. One of such
    tools is ESC/Java2, a static checker of Java Modeling Language
    annotations. These annotations can be used to ensure that a certain
    assertion is satisfied during the execution of the program, among the
    others --- to ensure that a certain variable never has a null
    value. Unfortunately, using ESC/Java2 can be very troublesome and
    time-consuming for programmers, as it lacks a friendly user interface and a
    function that propagates annotations. We present CANAPA, a tool that can
    highly reduce time and effort of eliminating null pointer exceptions in
    Java code. This tool can automatically propagate JML non-null annotations
    and comes with a handy Eclipse plug-in. We believe that functionality of
    CANAPA will minimize the effort required to benefit from using the JML
    non-null checking.",
}


@PhdThesis{Ekman2006,
  author = 	 "Torbj{\"o}rn Ekman",
  authorASCII =	 "Torbjorn Ekman",
  title = 	 "Extensible compiler construction",
  school = 	 "Lund University Department of Computer Science",
  year = 	 2006,
  address = 	 "Lund, Sweden",
}


@InProceedings{EkmanH2007:JastAdd,
  author = 	 "Torbj{\"o}rn Ekman and G{\"o}rel Hedin",
  authorASCII =	 "Torbjorn Ekman and Gorel Hedin",
  title = 	 "The {JastAdd} extensible {Java} compiler",
  crossref =     "OOPSLA2007",
  pages = 	 "1--18",
}


@Article{EkmanH2007:NonNull,
  author = 	 "Torbj{\"o}rn Ekman and G{\"o}rel Hedin",
  authorASCII =	 "Torbjorn Ekman and Gorel Hedin",
  title = 	 "Pluggable checking and inferencing of non-null types for {Java}",
  journal = 	 JOT,
  year = 	 2007,
  volume = 	 6,
  number = 	 9,
  pages = 	 "455--475",
  month = 	 oct,
  abstract =
   "We have implemented a non-null type checker for Java and a new non-null
    inferencing algorithm for analyzing legacy code. The tools are modular
    extensions to the JastAdd extensible Java compiler, illustrating how
    pluggable type systems can be achieved. The resulting implementation is
    compact, less than 230 lines of code for the non-null checker and 460
    for the inferencer. Non-null checking is a local analysis with little
    effect on compilation time. The inferencing algorithm is a
    whole-program analysis, yet it runs sufficiently fast for practical
    use, less than 10 seconds for 100.000 lines of code. We ran our
    inferencer on a large part of the JDK library, and could detect that
    around 70\% of the dereferences, and around 24\% of the method return
    values, were guaranteed to be non-null.",
}


@MastersThesis{Engelen2006,
  author = 	 "Arnout F. M. Engelen",
  title = 	 "Nullness analysis of {Java} source code",
  school = 	 "University of Nijmegen Dept. of Computer Science",
  year = 	 2006,
  month = 	 aug # "~10,",
  abstract =
   "The research question for this project is as follows:  What is the
    current state of the art in annotation assistance, and what are the most
    relevant requirements and design considerations when implementing an
    annotations assistant?",
  usesDaikon = 1,
  OLDdownloads = "http://www.cs.ru.nl/iii/onderwijs/afstudereninfo/scripties/2006/ArnoutEngelenScriptie.pdf PDF",
  downloads = "http://www.cs.ru.nl/mtl/scripties/2006/ArnoutEngelenScriptie.pdf PDF",
}


@InProceedings{HovemeyerP2004,
  author = 	 "David Hovemeyer and William Pugh",
  title = 	 "Finding bugs is easy",
  crossref =     "OOPSLACompanion2004",
  pages = 	 "132--136",
  abstract =
   "Many techniques have been developed over the years to automatically
   find bugs in software. Often, these techniques rely on formal methods
   and sophisticated program analysis. While these techniques are valuable,
   they can be difficult to apply, and they aren't always effective in
   finding real bugs.
   \par
   \emph{Bug patterns} are code idioms that are often errors. We have
   implemented automatic detectors for a variety of bug patterns found in
   Java programs. In this extended abstract, we describe how we have used
   bug pattern detectors to find serious bugs in several widely used Java
   applications and libraries. We have found that the effort required to
   implement a bug pattern detector tends to be low, and that even
   extremely simple detectors find bugs in real applications.
   \par
   From our experience applying bug pattern detectors to real programs, we
   have drawn several interesting conclusions. First, we have found that
   even well tested code written by experts contains a surprising number of
   obvious bugs. Second, Java (and similar languages) have many language
   features and APIs which are prone to misuse. Finally, that simple
   automatic techniques can be effective at countering the impact of both
   ordinary mistakes and misunderstood language features.",
}


@InProceedings{HovemeyerP2007:JSR305,
  author = 	 "David Hovemeyer and William Pugh",
  title = 	 "Status report on {JSR}-305: Annotations for software defect detection",
  crossref =     "OOPSLACompanion2007",
  pages = 	 "799--800",
  abstract =
   "Java Specification Request 305 defines a set of annotations that can
    understood by multiple static analysis tools. Rather than push the
    bleeding edge of static analysis, this JSR represents an attempt to
    satisfy different static analysis tool vendors and address the
    engineering issues required to make these annotations widely useful.",
}


@InProceedings{HovemeyerSP2005,
  author = 	 "David Hovemeyer and Jaime Spacco and William Pugh",
  title = 	 "Evaluating and tuning a static analysis to find null pointer bugs",
  crossref =     "PASTE2005",
  pages = 	 "13--19",
  abstract =
   "Using static analysis to detect memory access errors, such as null pointer
    dereferences, is not a new problem.  However, much of the previous work has
    used rather sophisticated analysis techniques in order to detect such
    errors.  In this paper we show that simple analysis techniques can be used
    to identify many such software defects, both in production code and in
    student code.  In order to make our analysis both simple and effective, we
    use a non-standard analysis which is neither complete nor sound.  However,
    we find that it is effective at finding an interesting class of software
    defects.  We describe the basic analysis we perform, as well as the
    additional errors we can detect using techniques such as annotations and
    inter-procedural analysis.  In studies of both production software and
    student projects, we find false positive rates of around 20\% or less.  In
    the student code base, we find that our static analysis techniques are
    able to pinpoint 50\% to 80\% of the defects leading to a null pointer
    exception at runtime.",
}


@InProceedings{HovemeyerP2007,
  author = 	 "David Hovemeyer and William Pugh",
  title = 	 "Finding more null pointer bugs, but not too many",
  crossref =     "PASTE2007",
  pages = 	 "9--14",
}


@Article{AyewahHMPP2008,
  author = 	 "Ayewah, Nathaniel and Hovemeyer, David and Morgenthaler, J. David and Penix, John and Pugh, William",
  title = 	 "Using static analysis to find bugs",
  journal = 	 IEEESoftware,
  year = 	 2008,
  volume = 	 25,
  number = 	 5,
  pages = 	 "22--29",
  month = 	 sep,
}


@MastersThesis{Artho2001,
  author = 	 "Cyrille Artho",
  title = 	 "Finding faults in multi-threaded programs",
  school = 	 "Swiss Federal Institute of Technology",
  year = 	 2001,
  month = 	 mar # "~15,",
  abstract =
   "Multi-threaded programming creates the fundamental problem that the
    execution of a program is no longer deterministic, because the thread
    schedule is not controlled by the application. This causes traditional
    testing methods to be rather ineffective. Trilogy, producing many
    multi-threaded server programs, also has to deal with the limitations of
    regression testing. New approaches to this problem --- static and extended
    dynamic checking --- promise to ameliorate the situation. Many tools are in
    development that try to find faults in multi-threaded programs in new ways.
    \par
    The first part of this report describes a detailed evaluation of a wide
    variety of dynamic and static checkers. That comparison always had the
    applicability to industrial software in mind. While none of the checking
    tools was a clear winner, certain tools are more useful in practice than
    others.
    \par
    Because simple cases are the most common ones in practice, the decision was
    made to extend Jlint, a simple, fast static Java program checker. The new
    Jlint can now also check for deadlocks in synchronized blocks in Java,
    which results in improved faultfinding capabilities. The extensions and
    their usefulness in an industrial environment are described in the second
    part of the report. Jlint has been applied to many core packages of
    Trilogy, and also a few other software packages, and shown various degrees
    of success.",
}


@Unpublished{MaleP2007,
  author = 	 "Chris Male and David J. Pearce",
  title = 	 "Non-null type inference with type aliasing for {Java}",
  note = 	 "\url{http://www.mcs.vuw.ac.nz/~djp/files/MP07.pdf}",
  month = 	 aug # "~20,",
  year = 	 2007,
  abstract =
   "Java's annotation mechanism allows us to extend its type system with
    non-null types. Type checking is a cumbersome approach to enforcing them,
    since conditionals provide the main source of nullness information. We
    present a novel non-null type inference system which extracts nullness
    information and type aliasing relationships from conditionals. We formalise
    this for a subset of Java Bytecode and report on experiences using an
    implementation of it.",
}


@InProceedings{MalePPD2008,
  author = 	 "Chris Male and David Pearce and Alex Potanin and Constantine Dymnikov",
  title = 	 "Java bytecode verification for {@NonNull} types",
  crossref =     "CC2008",
  pages = 	 "229--244",
  abstract =
   "Java's annotation mechanism allows us to extend its type system with
    non-null types. However, checking such types cannot be done using the
    existing bytecode verification algorithm. We extend this algorithm to
    verify non-null types using a novel technique that identifies aliasing
    relationships between local variables and stack locations in the
    JVM. We formalise this for a subset of Java Bytecode and report on
    experiences using our implementation.",
}


@InProceedings{Spoto2008,
  author = 	 "Fausto Spoto",
  title = 	 "Nullness analysis in boolean form",
  crossref =     "SEFM2008",
  NEEDpages = 	 "*",
  abstract =
   "Attempts to dereference \texttt{null} result in an exception or a
    segmentation fault. Hence it is important to know those program points
    where this might occur and prove the others (or the entire program)
    \emph{safe}. Nullness analysis of computer programs checks or infers
    non-\texttt{null} annotations for variables and object fields. Most
    nullness analyses currently use run-time checks or are incorrect or only
    verify manual annotations. We use here abstract interpretation to build and
    prove correct a static nullness analysis for Java bytecode which
    \emph{infers} non-\texttt{null} annotations. It is based on Boolean
    formulas, implemented with binary decision diagrams. Our experiments show
    it faster and more precise than the correct nullness analysis by Hubert,
    Jensen and Pichardie. We deal with static fields and exceptions, which is
    not the case of most other analyses. We claim that the result is
    theoretically clean and the implementation strong and scalable.",
}


@InProceedings{CousotC76:ISP,
  author =       "Patrick M. Cousot and Radhia Cousot",
  title = 	 "Static determination of dynamic properties of programs",
  booktitle = "2nd International Symposium on Programming",
  pages = 	 "106--130",
  year = 	 1976,
  address = 	 "Paris, France",
  month = 	 apr,
}


@InProceedings{HubertJP2008,
  author = 	 "Laurent Hubert and Thomas Jensen and David Pichardie",
  title = 	 "Semantic foundations and inference of non-null annotations",
  crossref =     "FMOODS2008",
  pages = 	 "132--149",
}


@INPROCEEDINGS{hubert09:soundly_handling_static_fields,
   AUTHOR = {Laurent Hubert and David Pichardie},
   TITLE = {Soundly Handling Static Fields: Issues, Semantics
                   and Analysis},
   BOOKTITLE = {Proceedings of ByteCode'09},
   INSTITUTION = {CNRS/INRIA/IRISA},
   YEAR = 2009,
   MONTH = {March},
   NOTE = {(To Appear)},
   PDF = {http://www.trebuh.net/publi/2009bytecode.pdf},
   SLIDES = {http://www.trebuh.net/publi/2009bytecode_slides.pdf},
}


@InProceedings{NandaS2009,
  author = 	 "Mangala Gowri Nanda and Saurabh Sinha",
  title = 	 "Accurate interprocedural null-dereference analysis for {Java}",
  crossref =     "ICSE2009",
  pages = 	 "133--143",
  abstract =
   "Null dereference is a commonly occurring defect in Java programs, and
    many static-analysis tools identify such defects. However, most of the
    existing tools perform a limited interprocedural analysis. In this
    paper, we present an interprocedural path-sensitive and
    context-sensitive analysis for identifying null dereferences. Starting
    at a dereference statement, our approach performs a backward
    demand-driven analysis to identify precisely paths along which null
    values may flow to the dereference. The demand-driven analysis avoids an
    exhaustive program exploration, which lets it scale to large
    programs. We present the results of empirical studies conducted using
    large open-source and commercial products. Our results show that: (1)
    our approach detects fewer false positives, and significantly more
    interprocedural true positives, than other commonly used tools; (2) the
    analysis scales to large subjects; and (3) the identified defects are
    often deleted in subsequent releases, which indicates that the reported
    defects are important.",
}


@Article{FreundM1999,
  author = 	 "Freund, Stephen N. and Mitchell, John C.",
  title = 	 "A type system for object initialization in the {Java} bytecode language",
  journal = 	 TOPLAS,
  year = 	 1999,
  volume = 	 21,
  number = 	 6,
  pages = 	 "1196--1250",
  month = 	 nov,
}


@InCollection{MeyerKS2010,
  author = 	 "Meyer, Bertrand and Kogtenkov, Alexander and Stapf, Emmanuel",
  title = 	 "Avoid a Void: The Eradication of Null Dereferencing",
  booktitle = 	 "Reflections on the Work of C.A.R. Hoare",
  pages = 	 "189--211",
  publisher = "Springer",
  year = 	 2010,
  chapter = 	 9,
  address = 	 "London",
  abstract =
   "All object-oriented programs, but also those in C or Pascal as soon as they
    use pointers, are subject to the risk of run-time crash due to ``null
    pointer dereferencing''. Until recently this was the case even in statically
    typed languages. Tony Hoare has called this problem his ``billion-dollar
    mistake''. In the type system of ISO-standard Eiffel, the risk no longer
    exists: void safety (the absence of null pointer dereferencing) has become
    a property guaranteed by the type system and enforced by the compiler. The
    mechanism is fully implemented and major libraries and applications have
    been made void-safe. This presentation describes the principles of Eiffel's
    void safety, their implementation and the lessons gained.",
}


@InProceedings{Meyer2005,
  author = 	 "Bertrand Meyer",
  title = 	 "Attached Types and Their Application to Three Open Problems of Object-oriented Programming",
  crossref =     "ECOOP2005",
  pages = 	 "1--32",
}


@Misc{julia-web-interface,
  key =          {Julia},
  title = 	 {Web interface to the {Julia} analyzer},
  howpublished = {\url{http://julia.scienze.univr.it}}
}

@InProceedings{Spoto10:LPAR,
  author = 	 {Spoto, F.},
  title = 	 {The Nullness Analyser of {Julia}},
  crossref =     "LPAR2010",
  pages = 	 "405-424",
}


@Article{SpotoMP09,
  author = 	 {Spoto, Fausto and Mesnard, Fred and Payet, {\'E}tienne},
  authorASCII = 	 {Spoto, Fausto and Mesnard, Fred and Payet, Etienne},
  title =        {A Termination Analyser for {Java} Bytecode Based on Path-Length},
  journal = 	 TOPLAS,
  year = 	 2010,
  volume =       32,
  number =       3
}

@inproceedings{PayetS07,
  author    = {Payet, {\'E}tienne and Spoto, Fausto},
  authorASCII    = {Payet, Etienne and Spoto, Fausto},
  title     = {Magic-Sets Transformation for the Analysis of {Java} Bytecode},
  crossref =     "SAS2007",
  pages     = {452--467},
}

@Article{Spoto10,
  author = 	 {Spoto, Fausto},
  title = 	 {Precise null-Pointer Analysis},
  journal = 	 {Software and Systems Modeling},
  year =         2010
}


@InProceedings{PayetS2011,
  author = 	 "{\'E}tienne Payet and Fausto Spoto",
  authorASCII =	 "Etienne Payet and Fausto Spoto",
  title = 	 "Static Analysis of {Android} Programs",
  crossref =     "CADE2011",
  pages = 	 "439--445",
  abstract =
   "Android is a programming language based on Java and an operating system
    for mobile or embedded devices. It features an extended event-based library
    and dynamic inflation of graphical views from declarative XML layout
    files. A static analyzer for Android programs must consider such features,
    for correctness and precision. This article is a description of how we
    extended the Julia system, based on abstract interpretation, to run
    formally correct analyses of Android programs. We have analyzed with Julia
    the Android sample applications by Google and a few larger open-source
    programs. Julia has found, automatically, bugs and flaws both in the Google
    samples and in the open-source programs.",
}


@inproceedings{AlbertAGPZ07,
  author    = {Albert, E. and
               Arenas, P. and
               Genaim, S. and
               Puebla, G. and
               Zanardini, D.},
  authorNOTE = "The paper uses the authors' initials rather than first names.",
  title     = {Cost Analysis of {Java} Bytecode},
  crossref =     "ESOP2007",
  pages     = {157--172},
}

@article{KleinN06,
  author    = {Klein, Gerwin and Nipkow, Tobias},
  title     = {A Machine-Checked Model for a {Java}-like Language, Virtual
               Machine, and Compiler},
  journal   = TOPLAS,
  volume    = 28,
  number    = 4,
  year      = 2006,
  pages     = {619--695}
}

@Article{Bryant86,
  author =       {Bryant, Randal E.},
  title =        {Graph-Based Algorithms for {Boolean} Function Manipulation},
  journal =      IEEETC,
  year =         {1986},
  volume =       {35},
  number =       {8},
  pages =        {677--691}
}


@InProceedings{BrotherstonDL2017,
  author = 	 "Brotherston, Dan and Dietl, Werner and Lhot\'{a}k, Ond\v{r}ej",
  authorASCII =  "Brotherston, Dan and Dietl, Werner and Lhotak, Ondrej",
  title = 	 "Granullar: Gradual nullable types for {Java}",
  crossref =  "CC2017",
  pages = 	 "87-97",
}


@InProceedings{BanerjeeCS2019,
  author = 	 "Banerjee, Subarno and Clapp, Lazaro and Sridharan, Manu",
  title = 	 "{NullAway}: Practical type-based null safety for {Java}",
  crossref =  "FSE2019",
  pages = 	 "740-750",
}


@Misc{NullAwayTool,
  author = 	 "{Uber Technologies Inc.}",
  title = 	 "{NullAway}: Fast Annotation-Based Null Checking for {Java}",
  howpublished = "\url{https://github.com/uber/NullAway}",
  month = 	 oct,
  year = 	 2017,
}


@Misc{InferEradicate2019,
  author = 	 "Facebook, Inc.",
  title = 	 "Infer : Eradicate",
  howpublished = "\url{https://fbinfer.com/docs/checker-eradicate/}",
  month = 	 jan,
  year = 	 2019,
}


@Misc{Nullsafe2022,
  author = 	 "Artem Pianykh and Ilya Zorin and Dmitry Lyubarskiy",
  title = 	 "Retrofitting null-safety onto {Java} at {Meta}",
  howpublished = "\url{https://engineering.fb.com/2022/11/22/developer-tools/meta-java-nullsafe/}",
  month = 	 nov,
  year = 	 2022,
}


%%%
%%% Initialization
%%%

@InProceedings{GilS2009,
  author = 	 "Joseph (Yossi) Gil and Tali Shragai",
  title = 	 "Are we ready for a safer construction environment?",
  crossref =     "ECOOP2009",
  pages = 	 "495--519",
  doi = {http://dx.doi.org/10.1007/978-3-642-03013-0_23},
}


@InProceedings{QiM2009,
  author = 	 "Qi, Xin and Myers, Andrew C.",
  title = 	 "Masked types for sound object initialization",
  crossref =  "POPL2009",
  pages = 	 "53-65",
}

@InProceedings{HenryMCM2012,
  author = 	 "Henry, Gr\'{e}goire and Mauny, Michel and Chailloux, Emmanuel and Manoury, Pascal",
  title = 	 "Typing unmarshalling without marshalling types",
  crossref =  "ICFP2012",
  pages = 	 "287-298",
}

@InProceedings{BettiniBL2005,
  author = 	 "Bettini, Lorenzo and Bono, Viviana and Likavec, Silvia",
  title = 	 "Safe and flexible objects",
  crossref =  "SAC2005",
  pages = 	 "1258-1263",
}

@InProceedings{HubertJMP2010,
  author = 	 "Hubert, Laurent and Jensen, Thomas and Monfort, Vincent and Pichardie, David",
  title = 	 "Enforcing secure object initialization in {Java}",
  crossref =  "ESORICS2010",
  pages = 	 "101--115",
}


@InProceedings{NietoZLCP2020,
  author = 	 "Abel Nieto and Yaoyu Zhao and Ondřej Lhot{\'a}k and Angela Chang and Justin Pu",
  title = 	 "Scala with Explicit Nulls",
  crossref =  "ECOOP2020",
  pages = 	 "25:1--25:26",
}


@MastersThesis{NietoRodriguez2019,
  author = 	 "Nieto Rodriguez, Abel",
  title = 	 "Scala with Explicit Nulls",
  school = 	 UWaterlooCS,
  year = 	 2019,
  address = 	 UWaterlooaddr,
  month = 	 dec,
}


@Misc{PianykhZL2022,
  author = 	 "Artem Pianykh and Ilya Zorin and Dmitry Lyubarskiy",
  title = 	 "Retrofitting null-safety onto {Java} at {Meta}",
  howpublished = "\url{https://engineering.fb.com/2022/11/22/developer-tools/meta-java-nullsafe/}",
  month = 	 nov,
  year = 	 2022,
}


%%%
%%% Pluggable type systems
%%%

@Misc{checker-framework-website-20100203,
  key = 	 "Checker Framework",
  title = 	 "{Checker Framework} website",
  howpublished = "\url{http://types.cs.washington.edu/checker-framework/}",
  month = 	 feb # "~3,",
  year = 	 2010,
  IGNOREnote = 	 "Accessed Feb 3, 2010",
}

@Misc{annotation-file-utilities-website-20100203,
  key = 	 "Annotation File Utilities",
  title = 	 "{Annotation File Utilities} website",
  howpublished = "\url{http://types.cs.washington.edu/annotation-file-utilities/}",
  month = 	 feb # "~3,",
  year = 	 2010,
  IGNOREnote = 	 "Accessed Feb 3, 2010",
}

@InProceedings{Bracha2004,
  author = 	 "Gilad Bracha",
  title = 	 "Pluggable type systems",
  crossref =     "RDL2004",
  NEEDpages = 	 "*",
  abstract =
   "Traditionally, statically typed programming languages incorporate a
    built-in static type system. This system is typically mandatory: every
    legal program must successfully typecheck according to the rules of the
    type system. In contrast, optional type systems are neither syntactically
    nor semantically required, and have no effect on the dynamic semantics of
    the language. This in turn enables pluggable type systems [Bra03, Bra04],
    allowing multiple type systems to be used simultaneously and/or
    sequentially for various semantic analyses. We argue that pluggable types
    can provide most of the advantages of mandatory type systems without most
    of the drawbacks.",
}


@InProceedings{Fong2004,
  author = 	 "Philip W. L. Fong",
  title = 	 "Pluggable verification modules: An extensible protection mechanism for the {JVM}",
  crossref =     "OOPSLA2004",
  pages = 	 "404--418",
}


@InProceedings{BurdyP2006,
  author = 	 "Lilian Burdy and Mariela Pavlova",
  title = 	 "Java bytecode specification and verification",
  crossref =     "SAC2006",
  pages = 	 "1835--1839",
  doi = {https://doi.acm.org/10.1145/1141277.1141708},
  abstract =
   "We propose a framework for establishing the correctness of untrusted Java
    bytecode components w.r.t. to complex functional and/or security
    policies. To this end, we define a bytecode specification language (BCSL)
    and a weakest precondition calculus for sequential Java bytecode. BCSL and
    the calculus are expressive enough for verifying non-trivial properties of
    programs, and cover most of sequential Java bytecode, including exceptions,
    subroutines, references, object creation and method calls. Our approach
    does not require that bytecode components are provided with their source
    code. Nevertheless, we provide a means to compile JML annotations into BCSL
    annotations by defining a compiler from the Java Modeling Language (JML) to
    BCSL. Our compiler can be used in combination with most Java compilers to
    produce extended class files from JML-annotated Java source programs. All
    components, including the verification condition generator and the compiler
    are implemented and integrated in the Java Applet Correctness Kit (JACK).",
}


@InProceedings{BartheBCGHLPR2006,
  author = 	 "G. Barthe and L. Burdy and J. Charles and B. Gr{\'e}goire and M. Huisman and J.-L. Lanet and M. Pavlova and A. Requet",
  title = 	 "{JACK}:  A tool for validation of security and behaviour of {Java} applications",
  crossref =     "FMCO2006",
  NEEDpages = 	 "*",
}


@InProceedings{AndreaeNMM2006,
  author = 	 "Chris Andreae and James Noble and Shane Markstrum and Todd Millstein",
  title = 	 "A framework for implementing pluggable type systems",
  crossref =     "OOPSLA2006",
  pages = 	 "57--74",
  abstract =
   "Pluggable types have been proposed to support multiple type systems in the
    same programming language. We have designed and implemented JavaCOP, a
    program constraint system for implementing practical pluggable type systems
    for Java. JavaCOP enforces user-defined typing constraints written in a
    declarative and expressive rule language. We have validated our design by
    (re)implementing a range of type systems and program checkers. By using a
    program constraint system to implement pluggable types, programmers are
    able to check that their programs will operate correctly in restricted
    environments, adhere to strict programming rules, avoid null pointer errors
    or scoped memory exceptions, and meet style guidelines, while programming
    language researchers can easily experiment with novel type systems.",
}
@Misc{MillsteinJavaCOP,
  author = 	 "Todd Millstein",
  howpublished = "Personal communication",
  month = 	 aug # "~5,",
  year = 	 2007,
}


@TechReport{MarkstrumMEM2008,
  author = 	 "Shane Markstrum and Daniel Marino and Matthew Esquivel and Todd Millstein",
  title = 	 "Practical enforcement and testing of pluggable type systems",
  institution =  "UCLA",
  year = 	 2008,
  number = 	 "CSD-TR-080013",
  month = 	 apr,
}


@Article{MarkstrumMEMAN2010,
  author = 	 "Shane Markstrum and Daniel Marino and Matthew Esquivel and Todd Millstein and Chris Andreae and James Noble",
  title = 	 "{JavaCOP}: Declarative pluggable types for {Java}",
  journal = 	 TOPLAS,
  year = 	 2010,
  volume = 	 32,
  number = 	 2,
  pages = 	 "1--37",
  month = 	 jan,
}

@InProceedings{NystromCM2003,
  author = 	 "N. Nystrom and M. R. Clarkson and A. C. Myers",
  title = 	 "Polyglot: An extensible compiler framework for {Java}",
  crossref =     "CC2003",
  pages =        "138--152",
}


@Misc{SampsonQuala2014,
  author = 	 "Adrian Sampson",
  title = 	 "Quala: Custom type systems for {Clang}",
  howpublished = "\url{https://www.cs.cornell.edu/~asampson/blog/quala.html}",
  month = 	 aug,
  year = 	 2014,
}


@InProceedings{Mackie2016,
  author = 	 "Christopher A. Mackie",
  title = 	 "Preventing signedness errors in numerical computations in {Java}",
  crossref =  "FSE2016",
  pages = 	 "1148-1150",
  abstract =
   "We have developed and implemented a type system, the Signedness
    Type System, that captures usage of signed and unsigned integers in
    Java programs. This type system enables developers to detect errors
    regarding unsigned integers at compile time, and guarantees that
    such errors cannot occur at run time. In a case study. our type
    system proved easy to use and detected a previously unknown
    bug. Our type system is implemented as the Signedness Checker and
    will be available with the Checker Framework
    (\url{http://CheckerFramework.org/}).",
  downloads = "https://checkerframework.org/ implementation",
}


@InProceedings{Santino2016,
  author = 	 "Joseph Santino",
  title = 	 "Enforcing correct array indexes with a type system",
  crossref =  "FSE2016",
  pages = 	 "1142-1144",
  abstract =
   "We have built the Index Checker, a type checker that issues
    warnings about array, list, and string accesses that are
    potentially unsafe. An example is shown in Figure 1. As with any
    sound tool, some of its warnings may be false positives. If the
    Index Checker issues no warning, then the programmer is guaranteed
    that no array access will cause an IndexOutOfBoundsException at run
    time (modulo suppressed warnings and unchecked code). The Index
    Checker ships with knowledge of Java APIs. The developer can
    optionally write a few type annotations in the program to make the
    Index Checker more precise. Our system includes five new type
    qualifiers, defined in Figure 2, that can be applied to integral
    types such as Java int. These are dependent types that indicate the
    relationship between the int and given arrays. Figures 3 and 4 show
    the relationship among these type qualifiers. The type system also
    contains a type qualifier for arrays, @MinLen, which is a lower
    bound on its length and permits use of literal integers to access
    the array or to construct a new array. The Index Checker is built
    upon the Checker Framework (http://CheckerFramework.org/).",
}


@MastersThesis{Sherwany2011,
  author = 	 "Sherwany, Amanj",
  title = 	 "The Design, Implementation and Evaluation of a Pluggable Type Checker for Thread-Locality in {Java}",
  school = 	 "Uppsala University, Department of Information Technology",
  year = 	 2011,
  address = 	 "Uppsala, Sweden",
}


@InProceedings{GerakiosBS2013,
  author = 	 "Gerakios, Prodromos and Biboudis, Aggelos and Smaragdakis, Yannis",
  title = 	 "Reified type parameters using Java annotations",
  crossref =  "GPCE2013",
  pages = 	 "61-64",
}


@InProceedings{HuangM2012,
  author = 	 "Huang, Wei and Milanova, Ana",
  title = 	 "{ReImInfer}: Method purity inference for {Java}",
  crossref =  "FSE2012",
  pages = 	 "1-4",
}


@InProceedings{KechagiaS2017,
  author = 	 "Kechagia, Maria and Spinellis, Diomidis",
  title = 	 "Type checking for reliable {APIs}",
  crossref =  "WAPI2017",
  pages = 	 "15-18",
}


@InProceedings{ChenD2018,
  author = 	 "Charles Zhuo Chen and Werner Dietl",
  title = 	 "Don't miss the end: Preventing unsafe end-of-file comparisons",
  crossref =  "NFM2018",
  pages = 	 "87-94",
}


@MastersThesis{Ta2018,
  author = 	 "Mier Ta",
  title = 	 "Context sensitive typechecking and inference: Ownership and immutability",
  school = 	 UWaterlooECE,
  year = 	 2018,
  address = 	 UWaterlooaddr,
}


@MastersThesis{Valgma2018,
  author = 	 "Lembit Valgma",
  title = 	 "Usable and Sound Static Analysis through its Integration into Automated and Interactive Workflows",
  school = 	 "U. of Tartu",
  year = 	 2018,
  address = 	 "Tartu, Estonia",
}

@MastersThesis{Chen2018,
  author = 	 "Zhuo Chen",
  title = 	 "Pluggable properties for program understanding: Ontic type checking and inference",
  school = 	 "U. of Waterloo",
  year = 	 2018,
  address = 	 "Waterloo, Ontario, Canada",
}


@InProceedings{Kellogg2019,
  author = 	 "Kellogg, Martin",
  title = 	 "Compile-time detection of machine image sniping",
  crossref =  "ASE2019",
  pages = 	 "1256-1258",
}


@InProceedings{HeDG2019,
  author = 	 "He, Jingzhu and Dai, Ting and Gu, Xiaohui",
  title = 	 "{TFix}: Automatic timeout bug fixing in production server systems",
  crossref =  "ICDCS2019",
  pages = 	 "612-623",
}


@TechReport{GschwindV2018,
  author = 	 "Sascha Gschwind and Renato Venzin",
  title = 	 "Googletest to {CUTE} converter",
  institution =  "University of Applied Sciences Rapperswil",
  year = 	 2018,
  address = 	 "Rapperswil, Switzerland",
}


@InProceedings{BagheriKM2020,
  author = 	 "Bagheri, Hamid and Kang, Eunsuk and Mansoor, Niloofar",
  title = 	 "Synthesis of assurance cases for software certification",
  crossref =  "ICSENIER2020",
  pages = 	 "61-64",
}


@InProceedings{KohlerEWMS2020,
  author = 	 "K{\"o}hler, Mirko and Eskandani, Nafise and Weisenburger, Pascal and Margara, Alessandro and Salvaneschi, Guido",
  authorASCII =  "Kohler, Mirko and Eskandani, Nafise and Weisenburger, Pascal and Margara, Alessandro and Salvaneschi, Guido",
  title = 	 "Rethinking safe consistency in distributed object-oriented programming",
  crossref =  "OOPSLA2020",
  NEEDpages = 	 "*",
}

@MastersThesis{Xing2020,
  author = 	 "Weitian Xing",
  title = 	 "Light-weight verification of cryptographic {API} usage",
  school = 	 "U. of Waterloo",
  year = 	 2020,
  address = 	 "Waterloo, Ontario, Canada",
}


@InProceedings{XingCD2021,
  author = 	 "Xing, Weitian and Cheng, Yuanhui and Dietl, Werner",
  title = 	 "Ensuring correct cryptographic algorithm and provider usage at compile time",
  crossref =  "FTFJP2021",
  pages = 	 "43–50",
}


@InProceedings{Bergstein2012,
  author = 	 "Paul L. Bergstein",
  title = 	 "Documenting {Java} Database Access with Type Annotations",
  crossref =  "WORLDCOMP2012",
  NEEDpages = 	 "*",
}


@MastersThesis{Wang2021,
  author = 	 "Di Wang",
  title = 	 "Interval Type Inference: Improvements and Evaluations",
  school = 	 UWaterlooECE,
  year = 	 2021,
  address = 	 UWaterlooaddr,
  month = 	 dec,
}


@InProceedings{BravettiFGHJKR2020,
  author = 	 "Bravetti, Mario and Francalanza, Adrian and Golovanov, Iaroslav and H{\"u}ttel, Hans and Jakobsen, Mathias S. and Kettunen, Mikkel K. and Ravara, Ant\'{o}nio",
  title = 	 "Behavioural types for memory and method safety in a core object-oriented language",
  crossref =  "APLAS2020",
  pages = 	 "105–124",
}


@MastersThesis{daLuzMotaM2021,
  author = 	 "da Luz Mota, Jo\~{a}o Daniel",
  authorASCII =  "da Luz Mota, Joao Daniel",
  title = 	 "Coping with the reality: adding crucial features to a typestate-oriented language",
  school = 	 "Universidade Nova de Lisboa, Faculdade de Ci\^{e}ncias e Tocnologia",
  year = 	 2021,
  month = 	 feb,
}


@InProceedings{MotaGR2021,
  author = 	 "Mota, Jo\~{a}o and Giunti, Marco and Ravara, Ant\'{o}nio",
  authorASCII =  "Mota, Joao and Giunti, Marco and Ravara, Antonio",
  title = 	 "Java Typestate Checker",
  crossref =  "Coordination2021",
  pages = 	 "121–133",
}


@Article{Kogtenkov2017,
  author = 	 "Alexander V. Kogtenkov",
  title = 	 "Null safety benchmarks for object initialization",
  journal = "Proceedings of the Institute for System Programming of RAS",
  year = 	 2017,
  volume = 	 29,
  number = 	 6,
  pages = 	 "135-150",
}


@InProceedings{LiBOK2016,
  author = 	 "Li, Li and Bissyand\'{e}, Tegawend\'{e} F. and Octeau, Damien and Klein, Jacques",
  title = 	 "Reflection-aware static analysis of {Android} apps",
  crossref =  "ASE2016",
  pages = 	 "756-761",
}


@MastersThesis{Lanzinger2021,
  author = 	 "Florian Lanzinger",
  title = 	 "Property Types in {Java}: Combining Type Systems and Deductive Verification",
  school = 	 "Karlsruher Institut f{\"u}r Technologie",
  year = 	 2021,
  month = 	 "feb",
}

@Article{LanzingerWUD2021,
  author = 	 "Lanzinger, Florian and Weigl, Alexander and Ulbrich, Mattias and Dietl, Werner",
  title = 	 "Scalability and Precision by Combining Expressive Type Systems and Deductive Verification",
  journal = 	 PACMPL,
  year = 	 2021,
  volume = 	 5,
  number = 	 "OOPSLA",
  month = 	 oct,
  articleno = 143,
}


@MastersThesis{Harper2010,
  author = 	 "Artemus Harper",
  title = 	 "Applying uniqueness to the {Java} language",
  school = 	 "Washington State University",
  year = 	 2010,
}


@InProceedings{TangPNV2011,
  author = 	 "Daniel Tang and Ales Plsek and Kelvin Nilsen and Jan Vitek",
  title = 	 "A Static Memory Safety Annotation System for {Safety} {Critical} {Java}",
  crossref =  "RTSS2011",
}


@PhdThesis{Kellogg2022,
  author = 	 "Martin Kellogg",
  title = 	 "Lightweight Verification via Specialized Typecheckers",
  school = 	 UWCSE,
  year = 	 2022,
  address = 	 UWCSEaddr,
  month = 	 jun,
}


@Misc{reinvent-compliance-talk,
  OPTkey = 	 "",
  author = 	 "Woolf, Chad and Cook, Byron and McAndrew, Tom",
  title = 	 "Automate Compliance Verification on {AWS} Using Provable Security",
  howpublished = "\url{https://www.youtube.com/watch?v=BbXK_-b3DTk}",
  month = 	 dec,
  year = 	 "2019",
  note = 	 "Accessed 25 August 2020",
}


@Book{McAllester1989,
  author = 	 "David A. McAllester",
  title = 	 "Ontic: A Knowledge Representation System for Mathematics",
  publisher = 	 "MIT Press",
  year = 	 1989,
  series = 	 "The {MIT} {Press} Series in Artificial Intelligence",
}

@article{DBLP:journals/ai/Shankar93,
  author       = {Natarajan Shankar},
  title        = {David A. McAllester, Ontic: {A} Knowledge Representation System for
                  Mathematics},
  journal      = {Artif. Intell.},
  volume       = {62},
  number       = {2},
  pages        = {355--362},
  year         = {1993},
  url          = {https://doi.org/10.1016/0004-3702(93)90083-N},
  doi          = {10.1016/0004-3702(93)90083-N},
  timestamp    = {Sat, 27 May 2017 14:24:42 +0200},
  biburl       = {https://dblp.org/rec/journals/ai/Shankar93.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Parameterized types (generics)
%%%


@InProceedings{BrachaOSW98,
  author = 	 "Gilad Bracha and Martin Odersky and David Stoutamire and Philip Wadler",
  title = 	 "Making the Future Safe for the Past: Adding Genericity to the {Java} Programming Language",
  crossref =     "OOPSLA98",
  pages =	 "183--200",
}


@InProceedings{Duggan99,
  author = 	 "Dominic Duggan",
  title = 	 "Modular type-based reverse engineering of parameterized
                  types in {Java} code",
  crossref =     "OOPSLA99",
  pages =	 "97--113",
}


@InProceedings{WangS01,
  author = 	 "Tiejun Wang and Scott Smith",
  title = 	 "Precise constraint-based type inference for {Java}",
  crossref =     "ECOOP2001",
  pages = 	 "99--117",
  abstract =
   "Precise type information is invaluable for analysis and optimization of
    object-oriented programs. Some forms of polymorphism found in
    object-oriented languages pose significant difficulty for type inference,
    in particular data polymorphism. Agesen's Cartesian Product Algorithm (CPA)
    can analyze programs with parametric polymorphism in a reasonably precise
    and efficient manner, but CPA loses precision for programs with data
    polymorphism. This paper presents a precise constraint-based type inference
    system for Java. It uses Data Polymorphic CPA, a constraint-based type
    inference algorithm which extends CPA with the ability to accurately and
    efficiently analyze data polymorphic programs. The system is implemented
    for the full Java language, and is used to statically verify the
    correctness of Java downcasts. Benchmark results are given which show the
    system performs very well: it is significantly more accurate and is nearly
    as efficient as CPA. The implementation itself contains a number of novel
    optimizations which proved necessary to achieve scalability."
}


@InProceedings{GagnonHM2000,
  author = 	 "Etienne Gagnon and Laurie J. Hendren and Guillaume Marceau",
  title = 	 "Efficient inference of static types for {Java} bytecode",
  crossref =     "SAS2000",
  pages = 	 "199--219",
  abstract =
   "Even though Java bytecode has a significant amount of type information
    embedded in it, there are no explicit types for local variables. However,
    knowing types for local variables is very useful for both program
    optimization and decompilation. In this paper, we present an efficient and
    practical algorithm for inferring static types for local variables in a
    3-address, stackless, representation of Java bytecode.
    \par
    By decoupling the type inference problem from the low level bytecode
    representation, and abstracting it into a constraint system, we show that
    there exists verifiable bytecode that cannot be statically typed. Further,
    we show that, without transforming the program, the static typing problem
    is NP-hard. In order to develop a practical approach we have developed an
    algorithm that works efficiently for the usual cases and then applies
    efficient program transformations to simplify the hard cases.
    \par
    Our solution is an multi-stage algorithm. In the first stage, we propose an
    efficient algorithm that infers static types for most bytecode found in
    practice. In case this stage fails, the second stage is applied. It
    consists of a simple and efficient variable splitting operation that
    renders most bytecode typeable using the algorithm of stage one. Finally,
    for completeness of the algorithm, we present a final stage that
    efficiently transforms and infers types for all remaining bytecode (such
    bytecode is likely to be a contrived example, and not code produced from a
    compiler).
    \par
    We have implemented this algorithm in the Soot framework. Our experimental
    results show that all of the 17,000 methods used in our tests were
    successfully typed, 99.8\% of those required only the first stage, 0.2\%
    required the second stage, and no methods required the third stage."
}


@InProceedings{Agesen95,
  author = 	 "Ole Agesen",
  title = 	 "The cartesian product algorithm: Simple and precise type
                  inference of parametric polymorphism",
  crossref =     "ECOOP95",
  pages =	 "2--26",
}


@InProceedings{IgarashiPW01:Raw,
  author = 	 "Atsushi Igarashi and Benjamin C. Pierce and Philip Wadler",
  title = 	 "A Recipe for Raw Types",
  crossref =     "FOOL2001",
  NEEDpages = 	 "",
  abstract =
   "The design of GJ (Bracha, Odersky, Stoutamire and Wadler), an extension of
    Java with parametric polymorphism, was significantly affected by the issue
    of compatibility between legacy Java code and new GJ code. In particular,
    the introduction of raw types made it easier to interface polymorphic code
    with monomorphic code. In GJ, for example, a polymorphic class List<X>,
    parameterized by the element type X, provides not only parameterized types
    such as List<Object> or List<String> but also the raw type List; then, a
    Java class using List can be compiled without adding element types to where
    List is used. Raw types, therefore, can reduce (or defer, at least)
    programmers' burden of modifying their old Java code to match with new
    polymorphic code.
    \par
    From the type-theoretic point of view, raw types are close to existential
    types in the sense that clients using a raw type C expect some
    implementation of a polymorphic class of the same name C. Unlike ordinary
    existential types, however, raw types allow several unsafe operations such
    as coercion from the raw type List, whose element type is abstract, to
    List<T> for any concrete type T. In this paper, basing on Featherweight GJ,
    proposed by the authors as a tiny core language of GJ, we formalize a type
    system and direct reduction semantics of raw types. The bottom type, which
    is subtype of any type, plays a key role in our type-preserving reduction
    semantics. In the course of the work, we have found a flaw in the typing
    rules from the GJ specification; type soundness is stated with respect to a
    repaired version of the type system.",
}


@InProceedings{FlattKF98,
  author = 	 "Matthew Flatt and Shriram Krishnamurthi and Matthias Felleisen",
  title = 	 "Classes and mixins",
  crossref =     "POPL98",
  pages =	 "171--183",
}

@article{MitchellP88,
 author = {John C. Mitchell and Gordon D. Plotkin},
 title = {Abstract types have existential type},
 journal = TOPLAS,
 volume = {10},
 number = {3},
 year = {1988},
 issn = {0164-0925},
 pages = {470--502},
 doi = {https://doi.acm.org/10.1145/44501.45065},
}

@InProceedings{CartwrightS98:NextGen,
  author = 	 "Robert Cartwright and Guy L. {Steele Jr}",
  title = 	 "Compatible genericity with run-time types for the {Java}
                  programming language",
  crossref =     "OOPSLA98",
  pages =	 "201--215",
}

@InProceedings{IgarashiV2002,
  author = 	 "Atsushi Igarashi and Mirko Viroli",
  title = 	 "On Variance-Based Subtyping for Parametric Types",
  crossref =     "ECOOP2002",
  pages =	 "441--469",
}

@article{1152650,
 author = {Atsushi Igarashi and Mirko Viroli},
 title = {Variant parametric types: A flexible subtyping scheme for generics},
 journal = TOPLAS,
 volume = {28},
 number = {5},
 year = {2006},
 issn = {0164-0925},
 pages = {795--847},
 doi = {https://doi.acm.org/10.1145/1152649.1152650},
 }


@InProceedings{MyersBL97,
  author = 	 "Andrew C. Myers and Joseph A. Bank and Barbara Liskov",
  title = 	 "Parameterized types for {Java}",
  crossref =     "POPL97",
  pages =	 "132--145",
}


@InProceedings{vonDincklageD2004,
  author =	 "Daniel von Dincklage and Amer Diwan",
  title =	 "Converting {Java} classes to use generics",
  crossref =     "OOPSLA2004",
  pages = 	 "1--14",
  abstract =
   "Generics offer significant software engineering benefits since they provide
    code reuse without compromising type safety. Thus generics will be added to
    the Java language in the next release. While this extension to Java will
    help programmers when they are writing new code, it will not help legacy
    code unless it is rewritten to use generics. In our experience, manually
    modifying existing programs to use generics is complex and can be error
    prone and labor intensive. We describe a system, Ilwith, that (i) converts
    non-generic classes to generic classes and (ii) rewrites their clients to
    use the newly generified classes. Our experiments with a number of Java
    container classes show that our system is effective in modifying legacy
    code to use generics.",
}


@Article{cardelli85understanding,
  author = 	 "Luca Cardelli and Peter Wegner",
  title = 	 "On understanding types, data abstraction, and polymorphism",
  journal = 	 "ACM Computing Surveys",
  year = 	 1985,
  volume =	 17,
  number =	 4,
  pages =	 "471--522",
  month =	 dec
}


@Misc{java-treemap-buildFromSorted,
  author = 	 "Doug Lea",
  howpublished = "Personal communication",
  month = 	 aug # "~1,",
  year = 	 2004
}


@misc{sun-url-jsr14,
    howpublished = {\url{https://jcp.org/jsr/detail/14.html}},
    author = {{JavaSoft, Sun Microsystems}},
    title = "Prototype for {JSR014}: Adding Generics to the {Java} Programming Language v. 1.3",
    year = 2001,
    month = may # "~7,",
}

@misc{bracha98gjspec,
    author = "Gilad Bracha and Martin Odersky and David Stoutamire and Philip Wadler",
    title = "{GJ} Specification",
    howpublished = "\url{http://www.cis.unisa.edu.au/~pizza/gj/Documents/#gj-specification}",
    year = 1998,
    month = may,
}


@InProceedings{YuKS2004,
  author = 	 "Dachuan Yu and Andrew Kennedy and Don Syme",
  title = 	 "Formalization of generics for the {.NET} common language runtime",
  crossref =     "POPL2004",
  pages =	 "39--51",
}


@InProceedings{PotaninNCB2006,
  author = 	 "Alex Potanin and James Noble and Dave Clarke and Robert Biddle",
  title = 	 "{Generic} {Ownership} for {Generic} {Java}",
  crossref =     "OOPSLA2006",
  pages = 	 "311--324",
}


@InProceedings{PlotkinA1993,
  author = 	 "Plotkin, Gordon D. and Abadi, Mart{\'\i}n",
  authorASCII =	 "Plotkin, Gordon D. and Abadi, Martin",
  title = 	 "A Logic for Parametric Polymorphism",
  crossref =  "TLCA1993",
  pages = 	 "361--375",
}

@InProceedings{AbadiPG1989,
  author = 	 "Abadi, Mart{\'\i}n and Benjamin Pierce and Plotkin, Gordon",
  authorASCII =  "Abadi, Martin and Benjamin Pierce and Plotkin, Gordon",
  title = 	 "Faithful ideal models for recursive polymorphic types",
  crossref =  "LICS1989",
  pages = 	 "216--225",
}

@InProceedings{AltidorS2014,
  author = 	 "Altidor, John and Smaragdakis, Yannis",
  title = 	 "Refactoring {Java} Generics by Inferring Wildcards, in Practice",
  crossref =  "OOPSLA2014",
  pages = 	 "271–290",
}


@InProceedings{Grigore2017,
  author = 	 "Grigore, Radu",
  title = 	 "Java generics are {Turing} complete",
  crossref =  "POPL2017",
  pages = 	 "73--85",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Type and effect systems
%%%


@TechReport{GiffordJLS87,
  author = 	 "David K. Gifford and Pierre Jouvelot and John M. Lucassen
                  and Mark Sheldon",
  title = 	 "FX-87 Reference Manual",
  institution =  MITLCS,
  year = 	 1987,
  number =	 "MIT/LCS/TR-407",
  address =	 MITaddr,
  month =	 sep
}

@InProceedings{LucassenG88,
  author = 	 "John M. Lucassen and David K. Gifford",
  title = 	 "Polymorphic effect systems",
  crossref =     "POPL88",
  pages =	 "47--57",
}


@InProceedings{JouvelotG91,
  author = 	 "Pierre Jouvelot and David K. Gifford",
  title = 	 "Algebraic reconstruction of types and effects",
  crossref =     "POPL91",
  pages =	 "303--310",
}

@InProceedings{TalpinJ92,
  author = 	 "Jean-Pierre Talpin and Pierre Jouvelot",
  title = 	 "The type and effect discipline",
  crossref =     "LICS92",
  pages =	 "162--173",
}

@article{Wright1994SATS,
  author = "Andrew K. Wright and Matthias Felleisen",
  title =  "A Syntactic Approach to Type Soundness",
  journal =  IandC,
  year = 1994,
  volume = 115,
  pages = "38--94",
}

@InCollection{NiNi99tes,
  author =       "F. Nielson and H. R. Nielson",
  title =        "Type and Effect Systems",
  booktitle =    "Correct System Design",
  publisher =    "Springer-Verlag",
  year =         1999,
  OMITeditor =       "E. R. Olderog and B. Steffen",
  number =       1710,
  series =       LNCS,
  pages =        "114--136",
  abstract =
   "The design and implementation of a correct system can benefit
    from employing static techniques for ensuring that the dynamic
    behaviour satisfies the specification. Many programming languages
    incorporate types for ensuring that certain operations are only
    applied to data of the appropriate form. A natural extension of
    type checking techniques is to enrich the types with annotations
    and effects that further describe intensional aspects of the dynamic
    behaviour.",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Inference
%%%

@InProceedings{OxhojPS92,
  author = 	 "Nicholas Oxh{\o}j and Jens Palsberg and Michael I. Schwartzbach",
  authorASCII =  "Nicholas Oxhoj",
  title = 	 "Making Type Inference Practical",
  crossref =     "ECOOP92",
  pages =	 "329--349",
}

@InProceedings{PlevyakC94,
  author = 	 "John Plevyak and Andrew A. Chien",
  title = 	 "Precise concrete type inference for object-oriented languages",
  crossref =     "OOPSLA94",
  pages =	 "324--340",
  doi = {https://doi.acm.org/10.1145/191080.191130},
}

@InProceedings{PalsbergS91,
  author = 	 "Jens Palsberg and Michael I. Schwartzbach",
  title = 	 "Object-oriented type inference",
  crossref =     "OOPSLA91",
  pages =	 "146--161",
}

@InProceedings{OhoriB89,
  author = 	 "Atsushi Ohori and Peter Buneman",
  title = 	 "Static type inference for parametric classes",
  crossref =     "OOPSLA89",
  pages =	 "445--456",
}

@InProceedings{EifrigST95,
  author = 	 "Jonathan Eifrig and Scott Smith and Valery Trifonov",
  title = 	 "Sound polymorphic type inference for objects",
  crossref =     "OOPSLA95",
  pages =	 "169--184",
}


@InProceedings{SpoonS2004,
  author = 	 {S. Alexander Spoon and Olin Shivers},
  title = 	 {Demand-Driven Type Inference with Subgoal Pruning: Trading Precision for Scalability},
  crossref =     "ECOOP2004",
  pages =        "51--74",
}

@InProceedings{FlanaganFKWF96,
  author = 	 {Cormac Flanagan and Matthew Flatt and Shriram Krishnamurthi and Stephanie Weirich and Matthias Felleisen},
  title = 	 {Catching Bugs in the Web of Program Invariants},
  crossref =     "PLDI96",
  pages =        "23--32",
}


%   booktitle = 	 {Proceedings of the ECOOP '98 International Workshop: Experiences in Object-Oriented Reengineering},
@InProceedings{RapicaultBDD98,
  author = 	 {Pascal Rapicault and Mireille Blay-Fornarino and St{\'e}phane Ducasse and Anne-Marie Dery},
  authorASCII =  "Stephane Ducasse",
  title = 	 {Dynamic Type Inference to Support Object-Oriented Reengineering in {Smalltalk}},
  crossref =     "OOR98",
  pages =        "76--77",
}


@InProceedings{PolishchukLS2007,
  author = 	 "Marina Polishchuk and Ben Liblit and Chlo{\"e} Schulze",
  authorASCII =	 "Chloe Schulze",
  title = 	 "Dynamic heap type inference for program understanding and debugging",
  crossref =     "POPL2007",
  pages = 	 "39--46",
  abstract =
   "C programs can be difficult to debug due to lax type enforcement
    and low-level access to memory. We present a dynamic analysis
    for C that checks heap snapshots for consistency with program
    types. Our approach builds on ideas from physical subtyping and
    conservative garbage collection. We infer a program-defined type
    for each allocated storage location or identify ``untypable'' blocks
    that reveal heap corruption or type safety violations. The analysis
    exploits symbolic debug information if present, but requires no
    annotation or recompilation beyond a list of defined program types
    and allocated heap blocks. We have integrated our analysis into the
    GNU Debugger (gdb), and describe our initial experience using this
    tool with several small to medium-sized programs.",
}


@InProceedings{LiuM2007,
  author = 	 "Y. Liu and A. Milanova",
  title = 	 "Ownership and Immutability Inference for {UML}-based Object Access Control",
  crossref =     "ICSE2007",
  pages = 	 "323--332",
}


@InProceedings{WrigstadPMZV2009,
  author = 	 "Wrigstad, Tobias and Pizlo, Filip and Meawad, Fadi and Zhao, Lei and Vitek, Jan",
  title = 	 "Loci: Simple Thread-Locality for {J}ava",
  crossref =     "ECOOP2009",
  pages = 	 "445--469",
}


@InProceedings{TangPJ2010,
  author = 	 "Tang, Daniel and Plsek, Ales and Vitek, Jan",
  title = 	 "Static checking of safety critical {Java} annotations",
  crossref =     "JTRES2010",
  pages = 	 "148--154",
}


@MastersThesis{Li2017,
  author = 	 "Jianchu Li",
  title = 	 "A general pluggable type inference framework and its use for data-flow analysis",
  school = 	 "U. of Waterloo",
  year = 	 2017,
  address = 	 "Waterloo, Ontario, Canada",
}


@InProceedings{XiangLD2020,
  author = 	 "Xiang, Tongtong and Luo, Jeff Y. and Dietl, Werner",
  title = 	 "Precise inference of expressive units of measurement types",
  crossref =  "OOPSLA2020",
  articleno = 142,
  numpages = 28,
  abstract =
   "Ensuring computations are unit-wise consistent is an important task
    in software development. Numeric computations are usually performed
    with primitive types instead of abstract data types, which results in
    very weak static guarantees about correct usage and conversion of
    units. This paper presents PUnits, a pluggable type system for
    expressive units of measurement types and a precise, whole-program
    inference approach for these types. PUnits can be used in three modes:
    (1) modularly check the correctness of a program, (2) ensure a
    possible unit typing exists, and (3) annotate a program with
    units. Annotation mode allows human inspection and is essential since
    having a valid typing does not guarantee that the inferred
    specification expresses design intent. PUnits is the first units type
    system with this capability. Compared to prior work, PUnits strikes a
    novel balance between expressiveness, inference complexity, and
    annotation effort. We implement PUnits for Java and evaluate it by
    specifying the correct usage of frequently used JDK methods. We
    analyze 234k lines of code from eight open-source scientific computing
    projects with PUnits. We compare PUnits against an encapsulation-based
    units API (the javax.measure package) and discovered unit errors that
    the API failed to find. PUnits infers 90 scientific units for five of
    the projects and generates well-specified applications. The
    experiments show that PUnits is an effective, sound, and scalable
    alternative to using encapsulation-based units APIs, enabling Java
    developers to reap the performance benefits of using primitive types
    instead of abstract data types for unit-wise consistent scientific
    computations.",
  usesDaikonAsTestSubject = 1,
}


@PhdThesis{Huang2014,
  author = 	 "Wei Huang",
  title = 	 "An inference and checking framework for context-sensitive pluggable types",
  school = 	 "Rennselaer Polytechnic Institute",
  year = 	 2014,
}


@InProceedings{MilanovaV2011,
  author = 	 "Milanova, Ana and Vitek, Jan",
  title = 	 "Static Dominance Inference",
  crossref =  "TOOLS2011",
  pages = 	 "211--227",
}


@InProceedings{ParreauxC2022,
  author = 	 "Parreaux, Lionel and Chau, Chun Yin",
  title = 	 "{MLstruct}: principal type inference in a Boolean algebra of structural types",
  crossref =  "OOPSLA2022",
  pages = 	 "449--478",
}

@InProceedings{DolanM2017,
  author = 	 "Dolan, Stephen and Mycroft, Alan",
  title = 	 "Polymorphism, subtyping, and type inference in {MLsub}",
  crossref =  "POPL2017",
  pages = 	 "60--72",
}

@inproceedings{vogels2011annotation,
  title={Annotation inference for separation logic based verifiers},
  author={Vogels, Fr{\'e}d{\'e}ric and Jacobs, Bart and Piessens, Frank and Smans, Jan},
  booktitle={International Conference on Formal Methods for Open Object-Based Distributed Systems},
  pages={319--333},
  year={2011},
}


@TechReport{YanM2014,
  author = 	 "Qiuchen Yan and Stephen McCamant",
  title = 	 "Conservative signed/unsigned type inference for binaries using minimum cut",
  institution =  "Department of Computer Science and Engineering, University of Minnesota",
  year = 	 2014,
  number = 	 "14-006",
  abstract =
   "Recovering variable types or other structural information from binaries is useful for
    reverse engineering in security, and to facilitate other kinds of analysis on
    binaries. However such reverse engineering tasks often lack precise problem
    definitions; some information is lost during compilation, and existing tools can
    exhibit a variety of errors. As a step in the direction of more principled reverse
    engineering algorithms, we isolate a sub-task of type inference, namely determining
    whether each integer variable is declared as signed or unsigned. The difficulty of
    this task arises from the fact that signedness information in a binary, when present
    at all, is associated with operations rather than with data locations. We propose a
    graph-based algorithm in which variables represent nodes and edges connect variables
    with the same signedness. In a program without casts or conversions, signed and
    unsigned variables would form distinct connected components, but when casts are
    present, signed and unsigned variables will be connected. Reasoning that developers
    prefer source code without casts, we compute a minimum cut between signed and
    unsigned variables, which corresponds to a minimal set of casts required for a legal
    typing. We evaluate this algorithm by erasing signedness information from debugging
    symbols, and testing how well our tool can recover it. Applying an intra-procedural
    version of the algorithm to the GNU Coreutils, we we observe that many variables are
    unconstrained as to signedness, but that it almost all cases our tool recovers either
    the type from the original source, or a type that yields the same program behavior.",
}


@InProceedings{Mairson1990,
  author = 	 "Mairson, Harry G.",
  title = 	 "Deciding {ML} typability is complete for deterministic exponential time",
  crossref =  "POPL90",
  pages = 	 "382-401",
  abstract = {A well known but incorrect piece of functional programming folklore is that ML expressions can be efficiently typed in polynomial time. In probing the truth of that folklore, various researchers, including Wand, Buneman, Kanellakis, and Mitchell, constructed simple counterexamples consisting of typable ML programs having length n, with principal types having Ω(2cn) distinct type variables and length Ω(22cn). When the types associated with these ML constructions were represented as directed acyclic graphs, their sizes grew as Ω(2cn). The folklore was even more strongly contradicted by the recent result of Kanellakis and Mitchell that simply deciding whether or not an ML expression is typable is PSPACE-hard.We improve the latter result, showing that deciding ML typability is DEXPTIME-hard. As Kanellakis and Mitchell have shown containment in DEXPTIME, the problem is DEXPTIME-complete. The proof of DEXPTIME-hardness is carried out via a generic reduction: it consists of a very straightforward simulation of any deterministic one-tape Turing machine M with input χ running in Ο(c|χ|) time by a polynomial-sized ML formula ΦM,χ, such that M accepts χ iff ΦM,χ is typable. The simulation of the transition function δ of the Turing Machine is realized uniquely through terms in the lambda calculus without the use of the polymorphic let construct. We use let for two purposes only: to generate an exponential amount of blank tape for the Turing Machine simulation to begin, and to compose an exponential number of applications of the ML formula simulating state transition.It is purely the expressive power of ML polymorphism to succinctly express function composition which results in a proof of DEXPTIME-hardness. We conjecture that lower bounds on deciding typability for extensions to the typed lambda calculus can be regarded precisely in terms of this expressive capacity for succinct function composition.To further understand this lower bound, we relate it to the problem of proving equality of type variables in a system of type equations generated from an ML expression with let-polymorphism. We show that given an oracle for solving this problem, deciding typability would be in PSPACE, as would be the actual computation of the principal type of the expression, were it indeed typable.},
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Machine learning for type inference
%%%


@InProceedings{HellendoornBBA2018,
  author = 	 "Vincent J. Hellendoorn and Christian Bird and Earl T. Barr and Miltiadis Allamanis",
  title = 	 "Deep learning type inference",
  crossref =  "FSE2018",
  pages = 	 "152–162",
  doi = {10.1145/3236024.3236051},
}


@InProceedings{RaychevVK2015,
  author = 	 "Raychev, Veselin and Vechev, Martin and Krause, Andreas",
  title = 	 "Predicting Program Properties from ``{Big Code}''",
  crossref =     "POPL2015",
  pages = 	 "111--124",
}


@InProceedings{HassonUEM2018,
  author = 	 "Hassan, Mostafa and Urban, Caterina and Eilers, Marco and M{\"u}ller, Peter",
  title = 	 "{MaxSMT}-based type inference for {Python} 3",
  crossref =  "CAV2018",
  pages = 	 "12--19",
}

@InProceedings{XuZCPX2016,
  author = 	 "Xu, Zhaogui and Zhang, Xiangyu and Chen, Lin and Pei, Kexin and Xu, Baowen",
  title = 	 "Python probabilistic type inference with natural language support",
  crossref =  "FSE2016",
  pages = 	 "607--618",
}

@InProceedings{PengGLGLZL2022,
  author = 	 "Peng, Yun and Gao, Cuiyun and Li, Zongjie and Gao, Bowei and Lo, David and Zhang, Qirun and Lyu, Michael",
  title = 	 "Static inference meets deep learning: a hybrid type inference approach for {Python}",
  crossref =  "ICSE2022",
  pages = 	 "2019--2030",
  doi = {10.1145/3510003.3510038},
}

@InProceedings{PradelGLC2020,
  author = 	 "Michael Pradel and Georgios Gousios and Jason Liu and Satish Chandra",
  title = 	 "{TypeWriter}: neural type prediction with search-based validation",
  crossref =  "FSE2020",
  pages = 	 "209--220",
  doi = {10.1145/3368089.3409715},
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Ownership
%%%


@InProceedings{ClarkD2002,
  author = 	 "Dave Clarke and Sophia Drossopoulou",
  title = 	 "Ownership, encapsulation and the disjointness of type and
                  effect",
  crossref =     "OOPSLA2002",
  pages =	 "292--310",
}

@PhdThesis{Clark2001,
  author = 	 "David Clarke",
  title = 	 "Object Ownership and Containment",
  school = 	 "University of New South Wales",
  year = 	 2001,
  address =	 "Sydney, Australia"
}

@InProceedings{ClarkeW2003:FOOL,
  author = 	 "David Clarke and Tobias Wrigstad",
  title = 	 "External uniqueness",
  crossref = 	 "FOOL2003",
  NEEDpages = 	 "*",
}

@InProceedings{ClarkeW2003:ECOOP,
  author = 	 "Dave Clarke and Tobias Wrigstad",
  title = 	 "External uniqueness is unique enough",
  crossref =     "ECOOP2003",
  pages = 	 "176--200",
}

@InProceedings{ClarkeNP2001,
  author = 	 "David G. Clarke and James Noble and John M. Potter",
  title = 	 "Simple ownership types for object containment",
  crossref =     "ECOOP2001",
  pages =	 "53--76",
}

@InProceedings{ClarkePN98,
  author = 	 "David G. Clarke and John M. Potter and James Noble",
  title = 	 "Ownership types for flexible alias protection",
  crossref =     "OOPSLA98",
  pages =	 "48--64",
}


@InProceedings{YuP2006,
  author = 	 "Yi Lu and John Potter",
  title = 	 "Protecting representation with effect encapsulation",
  crossref =     "POPL2006",
  pages = 	 "359--371",
}


@InProceedings{Boyland2003,
  author = 	 "John Boyland",
  title = 	 "Checking interference with fractional permissions",
  crossref =     "SAS2003",
  pages =	 "55--72",
}


@InProceedings{ZhaoB2009,
  author = 	 "Yang Zhao and John Boyland",
  title = 	 "Assuring lock usage in multithreaded programs with fractional permissions",
  crossref =     "ASWEC2009",
  pages = 	 "277--286",
}


@InProceedings{BoylandRZ2009,
  author = 	 "Boyland, John and Retert, William and Zhao, Yang",
  title = 	 "Comprehending annotations on object-oriented programs using fractional permissions",
  crossref =     "IWACO2009",
  pages = 	 "1--11",
}

@InProceedings{BoyapatiLR2002,
  author = 	 "Chandrasekhar Boyapati and Robert Lee and Martin Rinard",
  title = 	 "Ownership types for safe programming:  Preventing data races and deadlocks",
  crossref =     "OOPSLA2002",
  pages = 	 "211--230",
}

@InProceedings{AndreaCGNVZ2006,
  author = 	 "Chris Andrea and Yvonne Coady and Celina Gibbs and James Noble and Jan Vitek and Tian Zhao",
  title = 	 "Scoped types and aspects for real-time systems",
  crossref =     "ECOOP2006",
  pages = 	 "124--147",
}


@InProceedings{BoyapatiSBR2003,
  author = 	 "Chandrasekhar Boyapati and Alexandru Salcianu and William {Beebee, Jr.} and Martin Rinard",
  title = 	 "Ownership types for safe region-based memory management in real-time {Java}",
  crossref =     "PLDI2003",
  pages = 	 "324--337",
}


@InProceedings{BanerjeeN2002,
  author = 	 "Anindya Banerjee and David A. Naumann",
  title = 	 "Representation independence, confinement, and access control",
  crossref =     "POPL2002",
  pages = 	 "166--177",
}


@TechReport{AbiAntounA2006:TR,
  author = 	 "Marwan Abi-Antoun and Jonathan Aldrich",
  title = 	 "{JavaD}: Bringing ownership domains to mainstream {Java}",
  institution =  CMUSCS,
  year = 	 2006,
  number = 	 "CMU-ISRI-06-110",
  address = 	 CMUaddr,
  month = 	 may,
  abstract =
   "Unlike many proposed designs for ownership type systems, AliasJava has had
    a publicly available implementation for a few years and has been applied on
    several case studies. However, AliasJava is currently implemented as a
    non-backwards compatible extension of Java. As a result, none of the tool
    support for Java programs is available for AliasJava programs, making it
    harder to justify the case that Java programs are easier to evolve with
    AliasJava annotations than without. Furthermore, using language extensions
    makes it harder to specify the ownership and aliasing annotations for a
    large legacy system since the program cannot be annotated partially and
    incrementally with AliasJava. We present and evaluate JavaD, a
    re-implementation of the AliasJava language and analysis as a set of Java
    1.5 annotations, using the Eclipse Java Development Tooling (JDT)
    infrastructure and the Crystal Data Flow Analysis framework. We conclude
    with limitations, lessons learned and future plans.",
}


@InProceedings{AbiAntounA2006:OOPSLA,
  author = 	 "Marwan Abi-Antoun and Jonathan Aldrich",
  title = 	 "Bringing ownership domains to mainstream {Java}",
  crossref =     "OOPSLACompanion2006",
  pages = 	 "702--703",
  abstract =
   "AliasJava is a type annotation system that extends Java to express how data
    is confined within, passed among, or shared between objects in a software
    system. We present an implementation of the AliasJava system as Java 1.5
    annotations and an analysis using the Eclipse infrastructure.",
}


@InProceedings{AbiAntounA2007,
  author = 	 "Marwan Abi-Antoun and Jonathan Aldrich",
  title = 	 "Ownership domains in the real world",
  crossref =     "IWACO2007",
  NEEDpages = 	 "*",
}


@InProceedings{OstlundWC2008,
  author = 	 "Johan {\"O}stlund and Tobias Wrigstad and Dave Clarke",
  authorASCII =	 "Johan Ostlund and Tobias Wrigstad and Dave Clarke",
  title = 	 "Ownership, uniqueness and immutability",
  crossref =     "TOOLSEurope2008",
  pages = 	 "178--197",
}


@InProceedings{VikekB99,
  author = 	 "Vitek, Jan and Bokowski, Boris",
  title = 	 "Confined types",
  crossref =     "OOPSLA99",
  pages = 	 "82--96",
}


@InProceedings{CameronDE2008,
  author = 	 "Cameron, Nicholas and Drossopoulou, Sophia and Ernst, Erik",
  title = 	 "A model for {Java} with wildcards",
  crossref =     "ECOOP2008",
  pages = 	 "2--26",
}

@InProceedings{ClarkeD2002,
  author = 	 "Clarke, Dave and Drossopoulou, Sophia",
  title = 	 "Ownership, encapsulation and the disjointness of type and effect",
  crossref =     "OOPSLA2002",
  pages = 	 "292--310",
}

@InProceedings{CameronDNS2007,
  author = 	 "Cameron, Nicholas R. and Drossopoulou, Sophia and Noble, James and Smith, Matthew J.",
  title = 	 "Multiple ownership",
  crossref =     "OOPSLA2007",
  pages = 	 "441--460",
}

@InProceedings{CameronD2009,
  author = 	 "Cameron, Nicholas and Drossopoulou, Sophia",
  title = 	 "Existential quantification for variant ownership",
  crossref =     "ESOP2009",
  pages = 	 "128--142",
}


@inproceedings{MuellerPoetzsch-Heffter99a,
 author = {M{\"u}ller, P. and Poetzsch-Heffter, A.},
 title = {Universes: A Type System for Controlling Representation Exposure},
 booktitle = {Programming Languages and Fundamentals of Programming},
 year = {1999},
 pages = {131--140},
 OMITeditor = {Poetzsch-Heffter, A. and Meyer, J.},
 OMITnote = {Technical Report 263},
 OMITorganization = {Fernuniversit\"at Hagen},
}


@InProceedings{MullerR2007,
  author = 	 "M{\"u}ller, Peter and Rudich, Arsenii",
  title = 	 "Ownership transfer in universe types",
  crossref =     "OOPSLA2007",
  pages = 	 "461--478",
}


@InProceedings{LeinoMW2008,
  author = 	 "Leino, K. Rustan M. and M{\"u}ller, Peter and Wallenburg, Angela",
  authorASCII =	 "Leino, K. Rustan M. and Muller, Peter and Wallenburg, Angela",
  title = 	 "Flexible immutability with frozen objects",
  crossref =     "VSTTE2008",
  pages = 	 "192--208",
  abstract =
   "Object immutability is a familiar concept that allows safe sharing of
    objects. Existing language support for immutability is based on immutable
    classes. However, class-based approaches are restrictive because
    programmers can neither make instances of arbitrary classes immutable, nor
    can they control when an instance becomes immutable. These restrictions
    prevent many interesting applications where objects of mutable classes go
    through a number of modifications before they become immutable.
    \par
    This paper presents a flexible technique to enforce the immutability of
    individual objects by transferring their ownership to a special freezer
    object, which prevents further modification. The paper demonstrates how
    immutability facilitates program verification by extending the Boogie
    methodology for object invariants to immutable objects. The technique is
    based on Spec\#'s dynamic ownership, but the concepts also apply to other
    ownership systems that support transfer."
}


@MastersThesis{Nageli2006,
  author = 	 "Stefan N{\"a}geli",
  authorACSII =	 "Stefan Nageli",
  title = 	 "Ownership in design patterns",
  school = 	 ETHZ,
  year = 	 2006,
  address = 	 ETHZaddr,
  month = 	 mar,
}


@InProceedings{Noble2000,
  author = 	 "Noble, James",
  title = 	 "Iterators and Encapsulation",
  crossref =     "TOOLSPacific2000",
  pages = 	 "431--442",
}


@PhdThesis{Wrigstad2006,
  author = 	 "Tobias Wrigstad",
  title = 	 "Ownership-Based Alias Management",
  school = 	 "Royal Institute of Technology",
  year = 	 2006,
  address = 	 "Sweden",
  month = 	 may,
}


@Article{WrigstadC2007,
  author = 	 "Tobias Wrigstad and Dave Clarke.",
  title = 	 "Existential owners for ownership types",
  journal = 	 JOT,
  year = 	 2007,
  volume = 	 6,
  number = 	 4,
  pages = 	 "141--159",
  month = 	 may # "--" # jun,
}


@Article{DietlDM2011,
  author = 	 "Dietl, Werner and Drossopoulou, Sophia and M{\"u}ller, Peter",
  authorASCII = 	 "Dietl, Werner and Drossopoulou, Sophia and Muller, Peter",
  authorASCII = 	 "Dietl, Werner and Drossopoulou, Sophia and Mueller, Peter",
  title = 	 "Separating ownership topology and encapsulation with {Generic Universe Types}",
  journal = 	 TOPLAS,
  year = 	 2011,
  volume = 	 33,
  number = 	 6,
  pages = 	 "20:1-62",
  month = 	 dec,
}


@InProceedings{HuangM2011,
  author = 	 "Wei Huang and Ana Milanova",
  title = 	 "Towards Effective Inference and Checking of Ownership Types",
  crossref =  "IWACO2011",
  NOpages = 	 "unnumbered pages",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Information-flow type systems for security, and tainting
%%%

@InProceedings{MyersL97,
  author = 	 {Andrew C. Myers and Barbara Liskov},
  title = 	 {A Decentralized Model for Information Flow Control},
  crossref =     "SOSP97",
  pages =	 "129--142",
}

@InProceedings{Myers99,
  author = 	 {Andrew C. Myers},
  title = 	 {{JFlow}: Practical Mostly-Static Information Flow Control},
  crossref =     "POPL99",
  pages =        "228--241",
}

@misc{jif-website,
  title={Jif: {Java} + information flow},
  author={Myers, Andrew C and Zheng, Lantian and Zdancewic, Steve and Chong, Stephen and Nystrom, Nathaniel},
  note={\url{http://www.cs.cornell.edu/jif}},
}

@InProceedings{AskarovS2005,
  author = 	 {Aslan Askarov and Andrei Sabelfeld},
  title = 	 {Security-typed languages for implementation of cryptographic protocols: A case study},
  crossref =     "ESORICS2005",
  pages =        "197--221",
}

@InProceedings{ChongVM2007,
  author = 	 "Stephen Chong and K. Vikram and Andrew C. Myers",
  title = 	 "{SIF}: Enforcing Confidentiality and Integrity in Web Applications",
  crossref =     "USENIXSec2007",
  NOpages =      "*"
}

@InProceedings{HicksAM2006,
  author = 	 {Boniface Hicks and Kiyan Ahmadizadeh and Patrick McDaniel},
  title = 	 {From Languages to Systems:  Understanding Practical Application Development in Security-typed Languages},
  crossref =     "ACSAC2006",
  pages =        "153--164",
}

@Article{VolpanoSI96,
  author = 	 {Dennis Volpano and Geoffrey Smith and Cynthia Irvine},
  title = 	 {A Sound Type System for Secure Flow Analysis},
  journal = 	 {Journal of Computer Security},
  year = 	 1996,
  volume =	 4,
  number =	 3,
  pages =	 {167--187},
  month =	 dec
}

@InProceedings{PottierSimonet2002,
  author = 	 {Fran{\c{c}}ois Pottier and Vincent Simonet},
  authorASCII =	 {Francois Pottier},
  title = 	 {Information Flow Inference for {ML}},
  crossref =     "POPL2002",
  pages =	 "319--330",
}

@InProceedings{Simonet2003,
  author = 	 {Vincent Simonet},
  title = 	 {{Flow Caml} in a Nutshell},
  crossref =     "APPSEMII2003",
  pages =	 "152--165",
}

@InProceedings{LiZ2006,
  author = 	 {Peng Li and Steve Zdancewic},
  title = 	 {Encoding Information Flow in {Haskell}},
  crossref =     "CSFW2006",
  pages =        "16--27",
}

@InProceedings{ChongM2008,
  author = 	 {Stephen Chong and Andrew C. Myers},
  title = 	 {End-to-End Enforcement of Erasure and Declassification},
  crossref =     "CSF2008",
  NEEDpages = 	 {},
}

@InProceedings{MyersSZ2004,
  author = 	 {Andrew C. Myers and Andrei Sabelfeld and Steve Zdancewic},
  title = 	 {Enforcing Robust Declassificaiton},
  crossref =     "CSFW2004",
  pages =	 "172--186",
}

@InProceedings{SabelfeldS2005,
  author = 	 {Andrei Sabelfeld and David Sands},
  title = 	 {Dimensions and Principles of Declassification},
  crossref =     "CSFW2005",
  pages =	 "255--269",
}


@InProceedings{ZdancewicZNM2001,
  author = 	 "Steve Zdancewic and Lantian Zheng and Nathaniel Nystrom and Andrew C. Myers",
  title = 	 "Untrusted hosts and confidentiality: Secure program partitioning",
  crossref =     "SOSP2001",
  pages = 	 "1--14",
}


@InProceedings{MilanovaH2013,
  author = 	 "Milanova, Ana and Huang, Wei",
  title = 	 "Composing polymorphic information flow systems with reference immutability",
  crossref =     "FTFJP2013",
  pages = 	 "5:1--5:7",
}


@InProceedings{HuangDMD2015,
  author = 	 "Huang, Wei and Dong, Yao and Milanova, Ana and Dolby, Julian",
  title = 	 "Scalable and Precise Taint Analysis for {Android}",
  crossref =  "ISSTA2015",
  pages = 	 "106-117",
}


@InProceedings{MilanovaH2012,
  author = 	 "Milanova, Ana and Huang, Wei",
  title = 	 "Inference and Checking of Context-Sensitive Pluggable Types",
  crossref =  "FSE2012",
  pages = 	 "1-4",
}


@InProceedings{DongMD2016:JCrypt,
  author = 	 "Dong, Yao and Milanova, Ana and Dolby, Julian",
  title = 	 "{JCrypt}: Towards computation over encrypted data",
  crossref =  "PPPJ2016",
  NEEDpages = 	 "*",
}


@MastersThesis{Brinker2016,
  author = 	 "Laurens Brinker",
  title = 	 "Security analysis of the {IRMA} app using {SPARTA} and fuzzing",
  school = 	 "Radboud University",
  year = 	 2016,
  type = 	 "Bachelor Thesis",
  address = 	 "Nijmegen, Netherlands",
}


@InProceedings{HuangDM2014,
  author = 	 "Huang, Wei and Dong, Yao and Milanova, Ana",
  title = 	 "Type-based taint analysis for {Java} web applications",
  crossref =  "FASE2014",
  pages = 	 "140-154",
}


@InProceedings{SextonCN2017,
  author = 	 "Sexton, Julian and Chudnov, Andrey and Naumann, David A.",
  title = 	 "Spartan {Jester}: end-to-end information flow control for hybrid {Android} applications",
  crossref =  "IEEESnP2017Workshops",
  pages = 	 "157-162",
}


@InProceedings{BastysBRS2021,
  author = 	 "Iulia Bastys and Pauline Bolignano and Franco Raimondi and Daniel Schoepe",
  title = 	 "Automatic Annotation of Confidential Data in {Java} Code",
  crossref =  "FPS2021",
  NEEDpages = 	 "*",
}


@InProceedings{AlmeidaBBCCGPPST2019,
  author = 	 "Almeida, Jos\'{e} Bacelar and Barbosa, Manuel and Barthe, Gilles and Campagna, Matthew and Cohen, Ernie and Gregoire, Benjamin and Pereira, Vitor and Portela, Bernardo and Strub, Pierre-Yves and Tasiran, Serdar",
  title = 	 "A machine-checked proof of security for {AWS} {Key} {Management} {Service}",
  crossref =  "CCS2019",
  pages = 	 "63–78",
}


@MastersThesis{Kaiser2015,
  author = 	 "Benjamin Kaiser",
  title = 	 "A context-sensitive security type system for {Java}",
  school = 	 "Rennselaer Polytechnic Institute",
  year = 	 2015,
  address = 	 "Troy, NY, USA",
  month = 	 apr,
}


@InProceedings{MilanovaHD2014,
  author = 	 "Milanova, Ana and Huang, Wei and Dong, Yao",
  title = 	 "{CFL}-reachability and context-sensitive integrity types",
  crossref =  "PPPJ2014",
  pages = 	 "99–109",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Typed assembly, types for low-level code, etc.
%%%

@Article{MorrisettWCG99,
  author =       "Greg Morrisett and David Walker and Karl Crary and
                 Neal Glew",
  title =        "From {System F} to typed assembly language",
  journal =      TOPLAS,
  year =         1999,
  volume =       21,
  number =       3,
  pages =        "527--568",
  month =        may,
  abstract =     "We motivate the design of typed assembly language
                 (TAL) and present a type-preserving translation from
                 System F to TAL. The typed assembly language we present
                 is based on a conventional RISC assembly language, but
                 its static type system provides support for enforcing
                 high-level language abstractions, such as closures,
                 tuples, and user-defined abstract data types. The type
                 system ensures that well-typed programs cannot violate
                 these abstractions. In addition, the typing constructs
                 admit many low-level compiler optimizations. Our
                 translation to TAL is specified as a sequence of
                 type-preserving transformations, including CPS and
                 closure conversion phases; type-correct source programs
                 are mapped to type-correct assembly language. A key
                 contribution is an approach to polymorphic closure
                 conversion that is considerably simpler than previous
                 work. The compiler and typed assembly language provide
                 a fully automatic way to produce certified code,
                 suitable for use in systems where untrusted and
                 potentially malicious code must be checked for safety
                 before execution.",
}

@InProceedings{MorrisettCGGSSWWZ99,
  author = 	 {Greg Morrisett and Karl Crary and Neal Glew and Dan Grossman and Richard Samuels and Frederick Smith and David Walker and Stephanie Weirich and Steve Zdancewic},
  title = 	 {{TALx86}: A realistic typed assembly language},
  crossref =     "WCSSS99",
  pages =	 "25--35",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Annotations
%%%


@InProceedings{ChenK2005,
  author = 	 "Chen, Guangyu and Kandemir, Mahmut",
  title = 	 "Verifiable Annotations for Embedded {Java} Environments",
  crossref =     "CASES2005",
  pages = 	 "105--114",
}


@Article{CazzolaCC2005:JOT,
  author = 	 "Walter Cazzola and Antonio Cisternino and Diego Colombo",
  title = 	 "Freely Annotating {C}\#",
  journal = 	 JOT,
  year = 	 2005,
  volume = 	 4,
  number = 	 10,
  pages = 	 "31--48",
  month = 	 dec,
  note = 	 "Special Issue: OOPS Track at SAC 2005",
  abstract =
   "Reflective programming is becoming popular due to the increasing set of
    dynamic services provided by execution environments like JVM and CLR. With
    custom attributes Microsoft introduced an extensible model of reflection
    for CLR: they can be used as additional decorations on element
    declarations. The same notion has been introduced in Java 1.5. The
    annotation model, both in Java and in C\#, limits annotations to classes and
    class members. In this paper we describe [a]C\#, an extension of the C\#
    programming language, that allows programmers to annotate statements and
    code blocks and retrieve these annotations at run-time. We show how this
    extension can be reduced to the existing model. A set of operations on
    annotated code blocks to retrieve annotations and manipulate bytecode is
    introduced. We also discuss how to use [a]C\# to annotate programs giving
    hints on how to parallelize a sequential method and how it can be
    implemented by means of the abstractions provided by the run-time of the
    language. Finally, we show how our model for custom attributes has been
    realized.",
}

@InProceedings{CazzolaCC2005:SAC,
  author = 	 "Walter Cazzola and Antonio Cisternino and Diego Colombo",
  title = 	 "[a]C\#: C\# with a customizable code annotation mechanism",
  crossref =     "SAC2005",
  pages = 	 "1264--1268",
  supersededby = "CazzolaCC2005:JOT",
  abstract =
   "Reflective programming is becoming popular due to the increasing
    set of dynamic services provided by execution environments like
    JVM and CLR\@.  With custom attributes Microsoft introduced an extensible
    model of reflection for CLR: they can be used as additional
    decorations on element declarations. The same notion has been
    introduced in Java 1.5. The extensible model proposed in both
    platforms limits annotations to class members. In this paper we
    describe [a]C\#, an extension of the C\# programming language,
    that allows programmers to annotate statements or code blocks and
    retrieve these annotations at run-time. We show how this extension
    can be reduced to the existing model. A set of operations on annotated
    code blocks to retrieve annotations and manipulate bytecode
    is introduced. Finally, we discuss how to use [a]C\# to annotate
    programs giving hints on how to parallel a sequential method and
    how it can be implemented by means of the abstractions provided
    by the run-time of the language.",
}


@InProceedings{HarmonK2007,
  author = 	 "Trevor Harmon and Raymond Klefstad",
  title = 	 "Toward a Unified Standard for Worst-Case Execution Time Annotations in Real-Time {Java}",
  booktitle = "WPDRTS 2007, Fifteenth International Workshop on Parallel and Distributed Real-Time Systems",
  NEEDpages = 	 "*",
  year = 	 2007,
  address = 	 "Long Beach, CA, USA",
  month = 	 mar,
}


@PhdThesis{Pechtchanski2003,
  author = 	 "Igor Pechtchanski",
  title = 	 "A Framework for Optimistic Program Optimization",
  school = 	 "New York University",
  year = 	 2003,
  month = 	 sep,
  abstract =
   "The problem of program optimization is a non-trivial one. Compilers do a
    fair job, but can't always deliver the best performance. The expressibility
    of general-purpose languages is limited, not allowing programmers to
    describe expected run-time behavior, for example, and some programs are
    thus more amenable to optimization than others, depending on what the
    compiler expects to see.
    \par
    We present a generic framework that allows addressing this problem in two
    ways: through specifying verifiable source annotations to guide compiler
    analyses, and through optimistically using some assumptions and analysis
    results for the subset of the program seen so far. Two novel applications
    are presented, one for each of the above approaches: a dynamic optimistic
    interprocedural type analysis algorithm, and a mechanism for specifying
    immutability assertions. Both applications result in measurable speedups,
    demonstrating the feasibility of each approach.",
}


@InProceedings{KirnerP2005,
  author = 	 "Raimund Kirner and Peter Puschner",
  title = 	 "Classification of code annotations and discussion of compiler-support for worst-case execution time analysis",
  crossref =     "WCET2005",
  NEEDpages = 	 "*",
}


@InProceedings{EichbergM2004,
  author = 	 "Michael Eichberg and Mira Mezini",
  title = 	 "Alice:  Modularization of middleware using aspect-oriented programming",
  booktitle = "4th International Workshop on Software Engineering and Middleware (SEM04)",
  pages = 	 "47--63",
  year = 	 2004,
  address = 	 "Linz, Austria",
  month = 	 dec,
}

@Article{Eichberg2005,
  author = 	 "Michael Eichberg",
  title = 	 "Component-based software development with aspect-oriented programming",
  journal = 	 JOT,
  year = 	 2005,
  volume = 	 4,
  number = 	 3,
  pages = 	 "21--26",
  month = 	 apr,
}


@InProceedings{BurdyHP2007,
  author = 	 "Lilian Burdy and Marieke Huisman and Mariela Pavlova",
  title = 	 "Preliminary design of {BML}:  A behavioral interface specification language for {Java} bytecode",
  crossref =     "FASE2007",
  pages = 	 "215--229",
  abstract =
   "We present the Bytecode Modeling Language (BML), the Java bytecode cousin
    of JML\@.  BML allows the application developer to specify the behaviour of
    an application in the form of annotations, directly at the level of the
    bytecode. An extension of the class file format is defined to store the
    specification directly with the bytecode. This is a first step towards the
    development of a platform for Proof Carrying Code, where applications come
    together with their specification and a proof of correctness. BML is
    designed to be closely related with JML\@. In particular, JML specifications
    can be compiled into BML specifications. We briefly discuss the tools that
    are currently being developed for BML, and that will result in a tool set
    where an application can be validated throughout its development, both at
    source code and at bytecode level.",
}


@Article{HartmannAvRF2003,
  author = 	 "Andreas Hartmann and Wolfram Amme and Jeffery von Ronne and Michael Franz",
  title = 	 "Code Annotation for Safe and Efficient Dynamic Object Resolution",
  journal = 	 ENTCS,
  year = 	 2003,
  volume = 	 82,
  number = 	 2,
  NOpages = 	 "*",
}


@InProceedings{GrantMPCE97,
  author = 	 "Brian Grant and Markus Mock and Matthai Philipose and Craig Chambers and Susan J. Eggers",
  title = 	 "Annotation-Directed Run-Time Specialization in {C}",
  crossref =     "PEPM97",
  pages = 	 "163--178",
}


@InCollection{Henglein91,
  author =       "Fritz Henglein",
  title =        "Efficient Type Inference for Higher-Order Binding-Time
                 Analysis",
  booktitle =    "Functional Programming Languages and Computer Architecture",
  address =      "Cambridge, MA",
  pages =        "448--472",
  publisher =    "Springer Verlag",
  year =         1991,
  month =        aug,
  note =         LNCS # " 523.",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% JACK (Java Applet Correctness Kit)
%%%


@INPROCEEDINGS{BRL-JACK,
   Author =   {L. Burdy and A. Requet and J.-L. Lanet},
   Title =    {Java Applet Correctness: A Developer-Oriented Approach},
   crossref = "FME2003",
   Pages =    {422--439},
   Publisher = {Springer-Verlag},
   Year =     {2003},
   PSurl =    {ftp://ftp-sop.inria.fr/everest/publis/2003/BRL03fme.ps.gz},
   Volume =   {2805},
   Series =   {Lecture Notes in Computer Science},
}

@INPROCEEDINGS{gpt04:csfw,
  AUTHOR =   {G. Barthe and P. D'Argenio and T. Rezk},
  TITLE =    {{Secure Information Flow by Self-Composition}},
  BOOKTITLE = {CSFW2004},
  year =     2004,
  PAGES =    {100--114},
  TOPICS =   {team}
}


@INPROCEEDINGS{m+04:cardis,
  AUTHOR =   {M. Pavlova and G. Barthe and L. Burdy and M. Huisman and J.-L. Lanet},
  TITLE =    {Enforcing High-Level Security Properties For Applets},
  BOOKTITLE = {CARDIS2004},
  year =     2004,
  PAGES =    {},
  TOPICS =   {team}
}


@unpublished{gmg05:sefm,
  author =   {G. Barthe and M. Pavlova and G. Schneider},
  title =    {Precise analysis of memory consumption using program logics},
  year =     {2005},
  note=      {Manuscript}
}


@unpublished{BP05:acc,
  title=     {Java Bytecode Specification and Verification},
  author=    {L. Burdy and M. Pavlova},
  note=      {Manuscript},
  year=      {2005}
}

@InProceedings{Charles06,
  author =    {Julien Charles},
  title =     {Adding Native Specifications to {JML}},
  booktitle = {ECOOP workshop on Formal Techniques for Java-like Programs (FTfJP2006)},
  year =     2006,
}

@INPROCEEDINGS{BBCGHLPR07:FMCO,
  author = {G. Barthe and L. Burdy and J. Charles and B. Gr{\'e}goire and M. Huisman and J.-L. Lanet and M. Pavlova and A. Requet},
  title = {{JACK}:  a tool for validation of security and behaviour of {Java} applications},
  booktitle = {FMCO: Proceedings of 5th International Symposium on Formal Methods for Components and Objects},
  publisher = {Springer-Verlag},
  series = {Lecture Notes in Computer Science},
  year = {2007},
  pdfurl = {ftp://ftp-sop.inria.fr/everest/Marieke.Huisman/fmco06.pdf},
  topics = {team}
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Typestate
%%%

% See some references in dispatch.bib


@InProceedings{KondohO2008,
  author = 	 "Goh Kondoh and Tamiya Onodera",
  title = 	 "Finding bugs in {Java} {Native} {Interface} programs",
  crossref =     "ISSTA2008",
  pages = 	 "109--118",
  abstract =
   "In this paper, we describe static analysis techniques for finding bugs in
    programs using the Java Native Interface (JNI). The JNI is both tedious and
    error-prone because there are many JNI-specific mistakes that are not
    caught by a native compiler. This paper is focused on four kinds of common
    mistakes. First, explicit statements to handle a possible exception need to
    be inserted after a statement calling a Java method. However, such
    statements tend to be forgotten. We present a typestate analysis to detect
    this exception-handling mistake. Second, while the native code can allocate
    resources in a Java VM, those resources must be manually released, unlike
    Java. Mistakes in resource management cause leaks and other errors. To
    detect Java resource errors, we used the typestate analysis also used for
    detecting general memory errors. Third, if a reference to a Java resource
    lives across multiple native method invocations, it should be converted
    into a global reference. However, programmers sometimes forget this rule
    and, for example, store a local reference in a global variable for later
    uses. We provide a syntax checker that detects this bad coding
    practice. Fourth, no JNI function should be called in a critical region. If
    called there, the current thread might block and cause a
    deadlock. Misinterpreting the end of the critical region, programmers
    occasionally break this rule. We present a simple typestate analysis to
    detect an improper JNI function call in a critical region.
    \par
    We have implemented our analysis techniques in a bug-finding tool called
    BEAM, and executed it on opensource software including JNI code. In the
    experiment, our analysis techniques found 86 JNI-specific bugs without any
    overhead and increased the total number of bug reports by 76\%.",
}


@InProceedings{WolffGTA2011,
  author = 	 "Wolff, Roger and Garcia, Ronald and Tanter, \'{E}ric and Aldrich, Jonathan",
  title = 	 "Gradual Typestate",
  crossref =  "ECOOP2011",
  pages = 	 "459-483",
}


@Article{FinkYDRG2008,
  author = 	 "Fink, Stephen J. and Yahav, Eran and Dor, Nurit and Ramalingam, G. and Geay, Emmanuel",
  title = 	 "Effective typestate verification in the presence of aliasing",
  journal = 	 TOSEM,
  year = 	 2008,
  volume = 	 17,
  number = 	 2,
  numpages = 34,
  articleno = {Article 9},
  OMITmonth = 	 may,
}


@InProceedings{BierhoffA2007,
  author = 	 "Bierhoff, Kevin and Aldrich, Jonathan",
  title = 	 "Modular typestate checking of aliased objects",
  crossref =  "OOPSLA2007",
  pages = 	 "301-320",
}

@InProceedings{KouzapasDPG2016,
  author = 	 "Kouzapas, Dimitrios and Dardha, Ornela and Perera, Roly and Gay, Simon J.",
  title = 	 "Typechecking Protocols with {Mungo} and {StMungo}",
  crossref =  "PPDF2016",
  pages = 	 "146-159",
}

@InProceedings{Bodden2010,
  author = 	 "Bodden, Eric",
  title = 	 "Efficient hybrid typestate analysis by determining continuation-equivalent states",
  crossref =  "ICSE2010",
  pages = 	 "5-14",
}


@InProceedings{AldrichSSS2009,
  author = 	 "Aldrich, Jonathan and Sunshine, Joshua and Saini, Darpan and Sparks, Zachary",
  title = 	 "Typestate-oriented programming",
  crossref =  "OOPSLACompanion2009",
  pages = 	 "1015-1022",
}

@InProceedings{SunshineNSAT2011,
  author = 	 "Sunshine, Joshua and Naden, Karl and Stork, Sven and Aldrich, Jonathan and Tanter, {\'E}ric",
  title = 	 "First-class state change in {Plaid}",
  crossref =  "OOPSLA2011",
  pages = 	 "713-732",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Combining static and dynamic typing; hybrid/gradual typing
%%%


@InProceedings{MeijerD2005,
  author = 	 "Erik Meijer and Peter Drayton",
  title = 	 "Static typing where possible, dynamic typing when needed:  The end of the cold war between programming languages",
  crossref =     "RDL2004",
  NEEDpages = 	 "*",
  abstract =
   "This paper argues that we should seek the golden middle way
    between dynamically and statically typed languages.",
}


@InProceedings{BrachaG1993,
  author = 	 "Gilad Bracha and David Griswold",
  title = 	 "Strongtalk: Typechecking {Smalltalk} in a production environment",
  crossref =     "OOPSLA93",
  pages = 	 "215--230",
}


@Proceedings{STOP2009proceedings,
  key =          "STOP2009",
  title = 	 "STOP: 1st Workshop on Script to Program Evolution",
  booktitle = 	 "STOP: 1st Workshop on Script to Program Evolution",
  year = 	 2009,
  address = 	 "Genova, Italy",
  month = 	 jul,
}


@Article{OrtinZPSG2010,
  author = 	 "F. Ortin and D. Zapico and J.B.G. Perez-Shofield and M. Garcia",
  title = 	 "Including both static and dynamic typing in the same programming language",
  journal = 	 "IET Software",
  year = 	 2010,
  volume = 	 4,
  number = 	 4,
  NEEDpages = 	 "*",
  month = 	 aug,
}


@article{1412798,
 author = {Haldiman, Niklaus and Denker, Marcus and Nierstrasz, Oscar},
 title = {Practical, pluggable types for a dynamic language},
 journal = {Comput. Lang. Syst. Struct.},
 volume = {35},
 number = {1},
 year = {2009},
 issn = {1477-8424},
 pages = {48--62},
 doi = {http://dx.doi.org/10.1016/j.cl.2008.06.003},
 }


@InProceedings{TobinHochstadtF2010,
  author = 	 "Tobin-Hochstadt, Sam and Felleisen, Matthias",
  title = 	 "Logical types for untyped languages",
  crossref =     "ICFP2010",
  pages = 	 "117--128",
}


@Misc{MartinPLB2010,
  author = 	 "Ricardo Martin and Daniel Perelman and Jinna Lei and Brian Burg",
  title = 	 "{DuctileScala}: Combined static and dynamic feedback for {Scala}",
  howpublished = "\url{http://courses.cs.washington.edu/courses/cse501/10au/ductilescala.pdf}",
  month = 	 dec,
  year = 	 2010,
}


@InProceedings{VytiniotisPJM2012,
  author = 	 "Vytiniotis, Dimitrios and Peyton Jones, Simon and Magalh\~{a}es, Jos{\'e} Pedro",
  authorASCII =  "Dimitrios Vytiniotis and Simon Peyton Jones and Jose Pedro Magalhaes, ",
  title = 	 "Equality proofs and deferred type errors:  A compiler pearl",
  crossref =     "ICFP2012",
  pages = 	 "341--352",
}


@MastersThesis{Brotherston2016,
  author = 	 "Daniel Brotherston",
  title = 	 "Gradual pluggable typing in {Java}",
  school = 	 "U. of Waterloo",
  year = 	 2016,
  address = 	 "Waterloo, Ontario, Canada",
}


@InProceedings{PhippsCostinAGG2021,
  author = 	 "Phipps-Costin, Luna and Anderson, Carolyn Jane and Greenberg, Michael and Guha, Arjun",
  title = 	 "Solver-Based Gradual Type Migration",
  crossref =  "OOPSLA2021",
  doi = {10.1145/3485488},
  abstract =
   "Gradually typed languages allow programmers to mix statically and
    dynamically typed code, enabling them to incrementally reap the benefits of
    static typing as they add type annotations to their code. However, this
    type migration process is typically a manual effort with limited tool
    support. This paper examines the problem of automated type migration: given
    a dynamic program, infer additional or improved type annotations. Existing
    type migration algorithms prioritize different goals, such as maximizing
    type precision, maintaining compatibility with unmigrated code, and
    preserving the semantics of the original program. We argue that the type
    migration problem involves fundamental compromises: optimizing for a single
    goal often comes at the expense of others. Ideally, a type migration tool
    would flexibly accommodate a range of user priorities. We present
    TypeWhich, a new approach to automated type migration for the
    gradually-typed lambda calculus with some extensions. Unlike prior work,
    which relies on custom solvers, TypeWhich produces constraints for an
    off-the-shelf MaxSMT solver. This allows us to easily express objectives,
    such as minimizing the number of necessary syntactic coercions, and
    constraining the type of the migration to be compatible with unmigrated
    code. We present the first comprehensive evaluation of GTLC type migration
    algorithms, and compare TypeWhich to four other tools from the
    literature. Our evaluation uses prior benchmarks, and a new set of
    ``challenge problems.'' Moreover, we design a new evaluation methodology that
    highlights the subtleties of gradual type migration. In addition, we apply
    TypeWhich to a suite of benchmarks for Grift, a programming language based
    on the GTLC. TypeWhich is able to reconstruct all human-written annotations
    on all but one program.",
  articleno = 111,
  numpages = 27,
}


@InProceedings{MigeedP2020,
  author = 	 "Migeed, Zeina and Palsberg, Jens",
  title = 	 "What is decidable about gradual types?",
  crossref =  "POPL2020",
  doi = {10.1145/3373104}
}


@InProceedings{CamporaCEW2018,
  author = 	 "Campora, John Peter and Chen, Sheng and Erwig, Martin and Walkingshaw, Eric",
  title = 	 "Migrating gradual types",
  crossref =  "POPL2018",
  doi = {10.1145/3158103}
}


%%%
%%% Soft typing and type inference approach
%%%


@InProceedings{CartwrightF91,
  author =       "Robert Cartwright and Mike Fagan",
  title =        "Soft Typing",
  crossref =     "PLDI91",
  pages =        "278--292",
}


@InProceedings{WrightAndr1994a,
  author =       "Andrew K. Wright and Robert Cartwright",
  booktitle =    "Conference on Lisp and Functional programming",
  title =        "A Practical Soft Type System for {Scheme}",
  year =         "1994",
  url =          "ftp://cs.rice.edu/public/languages/tr93-218.dvi.Z",
}


@Article{Wright:1997:PST,
  author =       "Andrew K. Wright and Robert Cartwright",
  title =        "A Practical Soft Type System for {Scheme}",
  journal =      TOPLAS,
  volume =       19,
  number =       1,
  pages =        "87--152",
  month =        jan,
  year =         1997,
  coden =        "ATPSDT",
  ISSN =         "0164-0925",
  url =          "http://www.acm.org/pubs/citations/journals/toplas/1997-19-1/p87-wright/",
  abstract =     "A {\em soft type system\/} infers types for the
                 procedures and data structures of dynamically typed
                 programs. Like conventional static types, soft types
                 express program invariants and thereby provide valuable
                 information for program optimization and debugging. A
                 soft type {\em checker\/} uses the types inferred by a
                 soft type system to eliminate run-time checks that are
                 provably unnecessary; any remaining run-time checks are
                 flagged as potential program errors. {\em Soft
                 Scheme\/} is a practical soft type checker for R4RS
                 Scheme. Its underlying type system generalizes
                 conventional Hindley-Milner type inference by
                 incorporating recursive types and a limited form of
                 union type. Soft Scheme accommodates all of R4RS Scheme
                 including uncurried procedures of fixed and variable
                 arity, assignment, and continuations.",
  keywords =     "performance; reliability",
  subject =      "{\bf F.3.3}: Theory of Computation, LOGICS AND
                 MEANINGS OF PROGRAMS, Studies of Program Constructs,
                 Type structure. {\bf D.3.2}: Software, PROGRAMMING
                 LANGUAGES, Language Classifications, Applicative
                 languages. {\bf D.3.4}: Software, PROGRAMMING
                 LANGUAGES, Processors, Optimization.",
}


@InProceedings{AnconaLZ2007,
  author = 	 "Davide Ancona and Giovanni Lagorio and Elena Zucca",
  title = 	 "Type inference for polymorphic methods in {Java}-like languages",
  booktitle = "Theoretical Computer Science: Proceedings of the 10th Italian Conference on ICTCS '07",
  pages = 	 "118-129",
  year = 	 2007,
  address = 	 "Rome, Italy",
  month = 	 oct,
  abstract =
   "In languages like C++, Java and C#, typechecking algorithms require methods
    to be annotated with their parameter and result types, which are either fixed
    or constrained by a bound.
    \par
    We show that, surprisingly enough, it is possible to infer the polymorphic
    type of a method where parameter and result types are left unspecified, as
    happens in most functional languages. These types intuitively capture the (less
    restrictive) requirements on arguments needed to safely apply the method.
    We formalize our ideas on a minimal Java subset, for which we define a
    type system with polymorphic types and prove its soundness. We then describe
    an algorithm for type inference and prove its soundness and completeness. A
    prototype implementing inference of polymorphic types is available.",
}


@TechReport{CamphuijsenHH2009,
  author = 	 "Camphuijsen, Patrick and Hage, Jurriaan and Holdermans, Stefan",
  title = 	 "Soft typing {PHP}",
  institution =  "Department of Information and Computing Sciences, Utrecht University",
  year = 	 2009,
  number = 	 "UU-CS-2009-004",
  OMITaddress = 	 "Utrecht",
  urlpdf = {{http://www.cs.uu.nl/research/techreps/repo/CS-2009/2009-004.pdf}},
}


@Article{LagorioZ2007,
  author = 	 "Giovanni Lagorio and Elena Zucca",
  title = 	 "Just: Safe unknown types in {Java}-like languages",
  journal = 	 JOT,
  year = 	 2007,
  volume = 	 6,
  number = 	 2,
  pages = 	 "71--100",
  abstract =
   "Most mainstream object-oriented languages, like C++, Java and C#, are
    statically typed. In recent years, untyped languages, in particular
    scripting languages for the web, have gained a lot of popularity
    notwithstanding the fact that the advantages of static typing, such as
    earlier detection of errors, are widely accepted. We think that one of the
    main reasons for their widespread adoption is that, in many situations, the
    ability of ignoring types can be handy to write simpler and more readable
    code.
    \par
    We propose an extension of Java-like languages which allows developers to
    forget about typing in strategic places of their programs without losing
    type-safety. That is, we allow programmers to write simpler code without
    sacrificing the advantages of static typing. This is achieved by means of
    inferred type constraints. These constraints describe the implicit
    requirements on untyped code to be correctly invoked.
    \par
    This flexibility comes at a cost: field accesses and method invocations on
    objects of unknown types are less efficient than regular field accesses and
    method invocations. Also, our type system is currently more restrictive
    than it should be; its extension is the subject of ongoing work.
    \par
    We have implemented our approach on a small, yet significant, Java subset.",
}


@InProceedings{Nystrom2003,
  author = 	 "Nystr{\"o}m, Sven-Olof",
  authorASCII =	 "Nystrom, Sven-Olof",
  title = 	 "A soft-typing system for {Erlang}",
  crossref =     "Erlang2003",
  pages = 	 "56--71",
  abstract =
   "This paper presents a soft-typing system for the programming language
    Erlang. The system is based on two concepts; a (forward) data flow analysis
    that determines upper approximations of the possible values of expressions
    and other constructs, and a specification language that allows the
    programmer to specify the interface of a module. We examine the programming
    language Erlang and point to various aspects of the language that make it
    hard to type. We present experimental result of applying the soft-typing
    system to some previously written programs.",
}


@InProceedings{Aycock2000,
  author = 	 "John Aycock",
  title = 	 "Aggressive type inference",
  crossref =     "Python2000",
  NEEDpages = 	 "*",
}


@InProceedings{HolknerH2009,
  author = 	 "Alex Holkner and James Harland",
  title = 	 "Evaluating the dynamic behavior of {Python} applications",
  crossref =     "ACSC2009",
  NEEDpages = 	 "*",
}


@MastersThesis{Salib2004,
  author = 	 "Michael Salib",
  title = 	 "Starkiller: A static type inferencer and compiler for {Python}",
  school = 	 MITEECS,
  year = 	 2004,
  address = 	 MITAddr,
  month = 	 may,
  abstract =
   "Starkiller is a type inferencer and compiler for the dynamic language
    Python designed to generate fast native code. It analyzes Python source
    programs and converts them into equivalent C++ programs. Starkiller's type
    inference algorithm is based on the Cartesian Product Algorithm but has
    been significantly modified to support a radically different language. It
    includes an External Type Description Language that enables extension
    authors to document how their foreign code extensions interact with
    Python. This enables Starkiller to analyze Python code that interacts with
    foreign code written in C, C++, or Fortran. The type inference algorithm
    also handles data polymorphism in addition to parametric polymorphism, thus
    improving precision.  Starkiller supports the entire Python language except
    for dynamic code insertion features such as eval and dynamic module
    loading. While the system is not yet complete, early numeric benchmarks
    show that Starkiller compiled code performs almost as well as hand made C
    code and substantially better than alternative Python compilers.",
}


@InProceedings{RichardsLBV2010,
  author = 	 "Gregor Richards and Sylvain Lebresne and Brian Burg and Jan Vitek",
  title = 	 "An analysis of the dynamic behavior of {JavaScript} programs",
  crossref =     "PLDI2010",
  pages = 	 "1--12",
  abstract =
   "The JavaScript programming language is widely used for web programming and,
    increasingly, for general purpose computing. As such, improving the
    correctness, security and performance of JavaScript applications has been
    the driving force for research in type systems, static analysis and
    compiler techniques for this language. Many of these techniques aim to
    reign in some of the most dynamic features of the language, yet little
    seems to be known about how programmers actually utilize the language or
    these features. In this paper we perform an empirical study of the dynamic
    behavior of a corpus of widely-used JavaScript programs, and analyze how
    and why the dynamic features are used. We report on the degree of dynamism
    that is exhibited by these JavaScript programs and compare that with
    assumptions commonly made in the literature and accepted industry benchmark
    suites.",
}


@InProceedings{AnconaACM2007,
  author = 	 "Davide Ancona and Massimo Ancona and Antonio Cuni and Nicholas D. Matsakis",
  title = 	 "{RPython}: a Step Towards Reconciling Dynamically and Statically Typed {OO} Languages",
  crossref =     "DLS2007",
  pages = 	 "53--64",
  abstract =
   "Although the C-based interpreter of Python is reasonably fast,
    implementations on the CLI or the JVM platforms offers some advantages
    in terms of robustness and interoperability. Unfortunately, because the
    CLI and JVM are primarily designed to execute statically typed,
    object-oriented languages, most dynamic language implementations cannot
    use the native bytecodes for common operations like method calls and
    exception handling; as a result, they are not able to take full
    advantage of the power offered by the CLI and JVM. We describe a
    different approach that attempts to preserve the flexibility of Python,
    while still allowing for efficient execution. This is achieved by
    limiting the use of the more dynamic features of Python to an initial,
    bootstrapping phase. This phase is used to construct a final RPython
    (Restricted Python) program that is actually executed. RPython is a
    proper subset of Python, is statically typed, and does not allow dynamic
    modification of class or method definitions; however, it can still take
    advantage of Python features such as mixins and first-class methods and
    classes. This paper presents an overview of RPython, including its
    design and its translation to both CLI and JVM bytecode. We show how the
    bootstrapping phase can be used to implement advanced features, like
    extensible classes and generative programming. We also discuss what work
    remains before RPython is truly ready for general use, and compare the
    performance of RPython with that of other approaches.",
}


@InProceedings{FurrAFH2009,
  author = 	 "Furr, Michael and An, Jong-hoon (David) and Foster, Jeffrey S. and Hicks, Michael",
  title = 	 "Static type inference for {Ruby}",
  crossref =     "SAC2009",
  pages = 	 "1859--1866",
  abstract =
   "Many general-purpose, object-oriented scripting languages are dynamically
    typed, which provides flexibility but leaves the programmer without the
    benefits of static typing, including early error detection and the
    documentation provided by type annotations. This paper describes
    Diamondback Ruby (DRuby), a tool that blends Ruby's dynamic type system
    with a static typing discipline. DRuby provides a type language that is
    rich enough to precisely type Ruby code we have encountered, without
    unneeded complexity. When possible, DRuby infers static types to discover
    type errors in Ruby programs. When necessary, the programmer can provide
    DRuby with annotations that assign static types to dynamic code. These
    annotations are checked at run time, isolating type errors to unverified
    code. We applied DRuby to a suite of benchmarks and found several bugs that
    would cause run-time type errors. DRuby also reported a number of warnings
    that reveal questionable programming practices in the benchmarks. We
    believe that DRuby takes a major step toward bringing the benefits of
    combined static and dynamic typing to Ruby and other object-oriented
    languages.",
}


@InProceedings{FurrAF2009,
  author = 	 "Furr, Michael and An, Jong-hoon (David) and Foster, Jeffrey S.",
  title = 	 "Profile-guided static typing for dynamic scripting languages",
  crossref =     "OOPSLA2009",
  pages = 	 "283--300",
  abstract =
   "Many popular scripting languages such as Ruby, Python, and Perl
    include highly dynamic language constructs, such as an eval method that
    evaluates a string as program text. While these constructs allow terse
    and expressive code, they have traditionally obstructed static
    analysis. In this paper we present PRuby, an extension to Diamondback
    Ruby (DRuby), a static type inference system for Ruby. PRuby augments
    DRuby with a novel dynamic analysis and transformation that allows us
    to precisely type uses of highly dynamic constructs. PRuby's analysis
    proceeds in three steps. First, we use run-time instrumentation to
    gather per-application profiles of dynamic feature usage. Next, we
    replace dynamic features with statically analyzable alternatives based
    on the profile. We also add instrumentation to safely handle cases when
    subsequent runs do not match the profile. Finally, we run DRuby's
    static type inference on the transformed code to enforce type safety.
    \par
    We used PRuby to gather profiles for a benchmark suite of sample Ruby
    programs. We found that dynamic features are pervasive throughout the
    benchmarks and the libraries they include, but that most uses of these
    features are highly constrained and hence can be effectively
    profiled. Using the profiles to guide type inference, we found that
    DRuby can generally statically type our benchmarks modulo some
    refactoring, and we discovered several previously unknown type
    errors. These results suggest that profiling and transformation is a
    lightweight but highly effective approach to bring static typing to
    highly dynamic languages.",
}


@inproceedings{An:2009,
  author = {Jong-hoon (David) An and Avik Chaudhuri and Jeffrey S. Foster},
  title = {Static Typing for Ruby on Rails},
  crossref = "ASE2009",
  pages = {590--594},
}


@InProceedings{AndersonGD2005,
  author = 	 "Christopher Anderson and Paola Giannini and Sophia Drossopoulou1",
  title = 	 "Towards type inference for {JavaScript}",
  crossref =     "ECOOP2005",
  pages = 	 "428--452",
  abstract =
   "Object-oriented scripting languages like Javascript and Python are
   popular partly because of their dynamic features. These include the
   runtime modification of objects and classes through addition of fields
   or updating of methods. These features make static typing difficult and
   so usually dynamic typing is used. Consequently, errors such as access
   to non-existent members are not detected until runtime.
   \par
   We first develop a formalism for an object based language, JS$_0$ with
   features from Javascript, including dynamic addition of fields and
   updating of methods. We give an operational semantics and static type
   system for JS$_0$ using structural types. Our types allow objects to evolve
   in a controlled manner by classifying members as definite or potential.
   \par
   We define a type inference algorithm for JS$_0$ that is sound with respect
   to the type system. If the type inference algorithm succeeds, then the
   program is typeable. Therefore, programmers can benefit from the safety
   offered by the type system, without the need to write explicitly types
   in their programs.",
}


@InProceedings{OlmosV2003,
  author = 	 "Karina Olmos and Eelco Visser",
  title = 	 "Turning dynamic typing into static typing by program specialization in a compiler front-end for {Octave}",
  crossref =     "SCAM2003",
  NEEDpages = 	 "*",
  abstract =
   "Array processing languages such as APL, Matlab and Octave rely on dynamic
    typechecking by the interpreter rather than static typechecking and are
    designed for user convenience with a syntax close to mathematical
    notation. Functions and operators are highly overloaded. The price to be
    paid for this flexibility is computational performance, since the run-time
    system is responsible for type checking, array shape determination,
    function call dispatching, and handling possible run-time errors. In order
    to produce effecient code, an Octave compiler should address those issues
    at compile-time as much as possible. In particular, static type and shape
    inferencing can improve the quality of the generated code. In this paper we
    discuss how overloading in dynamically typed Octave programs can be
    resolved by program specialization. We discuss the typing issues in
    compilation of Octave programs and give an overview of the implementation
    of the specializer in the transformation language Stratego.",
}


%%%
%%% Adding a "Dynamic" type to a statically typed language
%%%

@InProceedings{AbadiCPP89,
  author = 	 "Mart{\'\i}n Abadi and Luca Cardelli and Benjamin Pierce and Gordon Plotkin",
  authorASCII =	 "Martin Abadi and Luca Cardelli and Benjamin Pierce and Gordon Plotkin",
  title = 	 "Dynamic typing in a statically-typed language",
  crossref =     "POPL89",
  pages = 	 "213--227",
  abstract =
   "Statically-typed programming languages allow earlier error checking,
    better enforcement of disciplined programming styles, and generation of
    more efficient object code than languages where all type-consistency
    checks are performed at runtime. However, even in statically-type
    languages, there is often the need to deal with data whose type cannot be
    known at compile time. To handle such situations safely, we propose to add
    a type Dynamic whose values are pairs of a value v and a type tag T where
    v has the type denoted by T. Instances of Dynamic are built with an
    explicit tagging construct and inspected with a type-safe typecase
    construct.
    \par
    This paper is an exploration of the syntax, operational semantics, and
    denotational semantics of a simple language with the type Dynamic. We give
    examples of how dynamically-typed values might be used in programming. Then
    we discuss an operational semantics for our language and obtain a soundness
    theorem. We present two formulations of the denotational semantics of this
    language and relate them to the operational semantics. Finally, we consider
    the implications of polymorphism and some implementation issues.",
}


@Article{AbadiCPP91,
  author = 	 "Mart{\'\i}n Abadi and Luca Cardelli and Benjamin Pierce and Gordon Plotkin",
  authorASCII =	 "Mart{\'\i}n Abadi and Luca Cardelli and Benjamin Pierce and Gordon Plotkin",
  title = 	 "Dynamic typing in a statically typed language",
  journal = 	 TOPLAS,
  year = 	 1991,
  volume = 	 13,
  number = 	 2,
  pages = 	 "237--268",
  month = 	 apr,
  abstract =
   "Statically typed programming languages allow earlier error checking,
    better enforcement of diciplined programming styles, and the generation of
    more efficient object code than languages where all type consistency
    checks are performed at run time. However, even in statically typed
    languages, there is often the need to deal with data whose type cannot be
    determined at compile time. To handle such situations safely, we propose
    to add a type Dynamic whose values are pairs of a value v and a type tag T
    where v has the type denoted by T. Instances of Dynamic are built with an
    explicit tagging construct and inspected with a type safe typecase
    construct.
    \par
    This paper explores the syntax, operational semantics, and denotational
    semantics of a simple language that includes the type Dynamic. We give
    examples of how dynamically typed values can be used in programming. Then
    we discuss an operational semantics for our language and obtain a soundness
    theorem. We present two formulations of the denotational semantics of this
    language and relate them to the operational semantics. Finally, we consider
    the implications of polymorphism and some implementation issues.",
}


@InProceedings{BloomFNORSVW2009,
  author = 	 "Bloom, Bard and Field, John and Nystrom, Nathaniel and {\"O}stlund, Johan and Richards, Gregor and Strni\v{s}a, Rok and Vitek, Jan and Wrigstad, Tobias",
  authorASCII = 	 "Bloom, Bard and Field, John and Nystrom, Nathaniel and Ostlund, Johan and Richards, Gregor and Strnisa, Rok and Vitek, Jan and Wrigstad, Tobias",
  title = 	 "Thorn: Robust, concurrent, extensible scripting on the {JVM}",
  crossref =     "OOPSLA2009",
  pages = 	 "117--136",
  abstract =
   "Scripting languages enjoy great popularity due to their support for
    rapid and exploratory development. They typically have lightweight
    syntax, weak data privacy, dynamic typing, powerful aggregate data
    types, and allow execution of the completed parts of incomplete
    programs. The price of these features comes later in the software life
    cycle. Scripts are hard to evolve and compose, and often slow. An
    additional weakness of most scripting languages is lack of support for
    concurrency - though concurrency is required for scalability and
    interacting with remote services. This paper reports on the design and
    implementation of Thorn, a novel programming language targeting the
    JVM. Our principal contributions are a careful selection of features
    that support the evolution of scripts into industrial grade programs -
    e.g., an expressive module system, an optional type annotation facility
    for declarations, and support for concurrency based on message passing
    between lightweight, isolated processes. On the implementation side,
    Thorn has been designed to accommodate the evolution of the language
    itself through a compiler plugin mechanism and target the Java virtual
    machine.",
}

@InProceedings{WrigstadZNLOV2010,
  author = 	 "Tobias Wrigstad and Francesco {Zappa Nardelli} and Sylvain Lebresne and Johan {\"O}stlund and Jan Vitek",
  authorASCII =  "Tobias Wrigstad and Francesco Zappa Nardelli and Sylvain Lebresne and Johan Ostlund and Jan Vitek",
  title = 	 "Integrating typed and untyped code in a scripting language",
  crossref =     "POPL2010",
  NEEDpages = 	 "*",
  abstract =
   "Many large software systems originate from untyped scripting language
    code. While good for initial development, the lack of static
    type annotations can impact code-quality and performance in the
    long run. We present an approach for integrating untyped code
    and typed code in the same system to allow an initial prototype to
    smoothly evolve into an efficient and robust program.We introduce
    like types, a novel intermediate point between dynamic and static
    typing. Occurrences of like types variables are checked statically
    within their scope but, as they may be bound to dynamic values,
    their usage is checked dynamically. Thus like types provide some
    of the benefits of static typing without decreasing the expressiveness
    of the language. We provide a formal account of like types in
    a core object calculus and evaluate their applicability in the context
    of a new scripting language.",
}


@InProceedings{AhmedFMW2009,
  author = 	 "Amal Ahmed and Robert Bruce Findler and Jacob Matthews and Philip Wadler",
  title = 	 "Blame for all",
  crossref =     "STOP2009",
  NEEDpages = 	 "*",
  abstract =
   "We present a language that integrates statically and dynamically typed
    components, similar to the gradual types of Siek and Taha (2006), and
    extend it to incorporate parametric polymorphism. Our system permits a
    dynamically typed value to be cast to a polymorphic type, with the type
    enforced by dynamic sealing along the lines proposed by Pierce and Sumii
    (2000), Matthews and Ahmed (2008), and Neis, Dreyer, and Rossberg (2009),
    in a way that ensures all terms satisfy relational parametricity. Our
    system includes a notion of blame, which allows us to show that when
    more-typed and less-typed portions of a program interact, that any type
    failures are due to the less-typed portion.",
}


@InProceedings{Flanagan2006,
  author = 	 "Cormac Flanagan",
  title = 	 "Hybrid type checking",
  crossref =     "POPL2006",
  NEEDpages = 	 "*",
  abstract =
   "Traditional static type systems are very effective for verifying basic
    interface specifications, but are somewhat limited in the kinds
    specifications they support. Dynamically-checked contracts can enforce
    more precise specifications, but these are not checked until run time,
    resulting in incomplete detection of defects.Hybrid type checking is a
    synthesis of these two approaches that enforces precise interface
    specifications, via static analysis where possible, but also via
    dynamic checks where necessary. This paper explores the key ideas and
    implications of hybrid type checking, in the context of the
    simply-typed \lambda-calculus with arbitrary refinements of base types.",
}


@InProceedings{OuTMW2004,
  author = 	 "Xinming Ou and Gang Tan and Yitzhak Mandelbaum and David Walker",
  title = 	 "Dynamic typing with dependent types",
  crossref =     "TCS2004",
  pages = 	 "437--450",
  abstract =
    "Dependent type systems are promising tools programmers can use to
    increase the reliability and security of their programs. Unfortunately,
    dependently-typed programming languages require programmers to annotate
    their programs with many typing specifications to help guide the type
    checker. This paper shows how to make the process of programming with
    dependent types more palatable by defining a language in which programmers
    have fine-grained control over the trade-off between the number of
    dependent typing annotations they must place on programs and the degree of
    compile-time safety. More specifically, certain program fragments are
    marked dependent, in which case the programmer annotates them in detail and
    a dependent type checker verifies them at compile time. Other fragments are
    marked simple, in which case they may be annotation-free and dependent
    constraints are verified at run time.",
}


@InProceedings{KnowlesTGFF2006,
  author = 	 "Kenneth Knowles and Aaron Tomb and Jessica Gronski and Stephen N. Freund and Cormac Flanagan",
  title = 	 "Sage: Unified hybrid checking for first-class types, general refinement types, and \texttt{Dynamic}",
  crossref =     "SFP2006",
  NEEDpages = 	 "*",
  abstract =
   "This paper presents Sage, a functional programming language with a rich
    type system that supports a broad range of typing paradigms, from
    dynamically-typed Scheme-like programming, to decidable ML-like types,
    to precise refinement types. This type system is a synthesis of three
    general concepts --- first-class types, general refinement types, and
    the type Dynamic --- that add expressive power in orthogonal and
    complementary ways.
    \par
    None of these concepts are statically decidable. The Sage compiler
    uniformly circumvents this limitation using hybrid type checking, which
    inserts occasional run-time casts in particularly complicated
    situations that cannot be statically checked. We describe a prototype
    implementation of Sage and preliminary experimental results showing
    that most or all types are enforced via static type checking --- the
    number of compiler-inserted casts is very small or zero on all our
    benchmarks.",
}


@misc{KnowlesTGFF2007:TR,
author = {Kenneth Knowles and Aaron Tomb and Jessica Gronski and Stephen N. Freund and Cormac Flanagan},
title = {SAGE: Unified hybrid checking for first-class types, general refinement types, and {\texttt{Dynamic}} (extended report)},
}


@InProceedings{Thatte90,
  author = 	 "S. Thatte",
  title = 	 "Quasi-static typing",
  crossref =     "POPL90",
  pages = 	 "367--381",
  OPTabstract =  "",
}


@InProceedings{AndersonD2003,
  author = 	 "Christopher Anderson and Sophia Drossopoulou",
  title = 	 "{BabyJ}: From object based to class based programming via types ",
  crossref =     "WOOD2003",
  pages = 	 "53--81",
  abstract =
   "Object oriented programming can be classified into the object based, and
    the class based paradigm. Object based languages typically are weakly typed
    and interpreted, allow member addition and removal, and thus they support
    flexibility and prototyping. Class based languages are usually strongly
    typed and compiled, require a rigid class structure and class membership,
    and thus they support more robust, type safe programs.
    \par
    The two paradigms therefore address the needs of different stages in the
    programming lifecycle: object based programming better fits the earlier,
    exploratory phases, whereas class based better fits the latter,
    consolidation and maintenance phases. Because the transition from one
    paradigm to the other is not straightforward, programs tend to be developed
    in one of the two paradigms, thus foregoing the advantages of the other.
    \par
    We suggest that this need not be so, and that the benefits of the two
    paradigms can be combined: The earlier, exploratory, programming phases
    should take place in an object based setting. Then, the program should be
    incrementally annotated with types. Once fully typed, the program can be
    mapped onto an equivalent class based program.
    \par
    We demonstrate these ideas through the introduction of BabyJ, a
    formalization of Javascript. We define BabyJ$^T$, a typed extension of
    BabyJ. A permissive type in BabyJ allows the typing process to be
    incremental. We then define a meaning preserving transformation of
    BabyJ$^T$ programs to Java programs.",
}


@InProceedings{FindlerF2002,
  author = 	 "Robert Bruce Findler and Matthias Felleisen",
  title = 	 "Contracts for higher-order functions",
  crossref =     "ICFP2002",
  pages = 	 "48--59",
  abstract =
   "Assertions play an important role in the construction of robust software.
    Their use in programming languages dates back to the 1970s.
    Eiffel, an object-oriented programming language, wholeheartedly
    adopted assertions and developed the ``Design by Contract'' philosophy.
    Indeed, the entire object-oriented community recognizes the
    value of assertion-based contracts on methods.
    \par
    In contrast, languages with higher-order functions do not support
    assertion-based contracts. Because predicates on functions are,
    in general, undecidable, specifying such predicates appears to be
    meaningless. Instead, the functional languages community developed
    type systems that statically approximate interesting predicates.
    In this paper, we show how to support higher-order function contracts
    in a theoretically well-founded and practically viable manner.
    Specifically, we introduce lCON, a typed lambda calculus with
    assertions for higher-order functions. The calculus models the assertion
    monitoring system that we employ in DrScheme. We establish
    basic properties of the model (type soundness, etc.) and
    illustrate the usefulness of contract checking with examples from
    DrScheme's code base.
    \par
    We believe that the development of an assertion system for higherorder
    functions serves two purposes. On one hand, the system has
    strong practical potential because existing type systems simply cannot
    express many assertions that programmers would like to state.
    On the other hand, an inspection of a large base of invariants may
    provide inspiration for the direction of practical future type system
    research.",
}


@InProceedings{GrayFF2005,
  author = 	 "Gray, Kathryn E. and Findler, Robert Bruce and Flatt, Matthew",
  title = 	 "Fine-grained interoperability through mirrors and contracts",
  crossref =     "OOPSLA2005",
  pages = 	 "231--245",
  abstract =
   "As a value flows across the boundary between interoperating languages, it
    must be checked and converted to fit the types and representations of the
    target language. For simple forms of data, the checks and coercions can be
    immediate; for higher order data, such as functions and objects, some must
    be delayed until the value is used in a particular way. Typically, these
    coercions and checks are implemented by an ad-hoc mixture of wrappers,
    reflection, and dynamic predicates. We observe that 1) the wrapper and
    reflection operations fit the profile of mirrors, 2) the checks correspond
    to contracts, and 3) the timing and shape of mirror operations coincide
    with the timing and shape of contract operations. Based on these insights,
    we present a new model of interoperability that builds on the ideas of
    mirrors and contracts, and we describe an interoperable implementation of
    Java and Scheme that is guided by the model.",
}


@InProceedings{FindlerLF2001,
  author = 	 "Findler, Robert Bruce and Latendresse, Mario and Felleisen, Matthias",
  title = 	 "Behavioral contracts and behavioral subtyping",
  crossref =     "FSE2001",
  pages = 	 "229--236",
  abstract =
   "Component-based software manufacturing has the potential to bring
    division-of-labor benefits to the world of software engineering. In order
    to make a market of software components viable, however, producers and
    consumers must agree on enforceable software contracts.
    \par
    In this paper, we show how to enforce contracts if components are
    manufactured from class and interface hierarchies. In particular, we focus
    on one style of contract: pre- and post-conditions. Programmers annotate
    class and interface methods with pre- and post-conditions and the run-time
    system checks these conditions during evaluation. These contracts guarantee
    that methods are called properly and provide appropriate results.
    \par
    In procedural languages, the use of pre- and post-condition contracts is
    well-established and studies have demonstrated its value. In
    object-oriented languages, however, assigning blame for pre- and
    post-condition failures poses subtle and complex problems. Specifically,
    assigning blame for malformed class and interface hierarchies is so
    difficult that none of the existing contract monitoring tools correctly
    assign blame for these failures. In this paper, we show how to overcome
    these problems in the context of Java. Our work is based on the notion of
    behavioral subtyping.",
}


@inproceedings{Tobin-Hochstadt:2012:HSE:2384616.2384655,
 author = {Tobin-Hochstadt, Sam and Van Horn, David},
 title = {Higher-order symbolic execution via contracts},
 booktitle = {Proceedings of the ACM international conference on Object oriented programming systems languages and applications},
 series = {OOPSLA '12},
 year = {2012},
 isbn = {978-1-4503-1561-6},
 address  = {Tucson, Arizona, USA},
 pages = {537--554},
 numpages = {18},
 url = {https://doi.acm.org/10.1145/2384616.2384655},
 doi = {10.1145/2384616.2384655},
 acmid = {2384655},
 keywords = {higher-order contracts, reduction semantics, symbolic execution},
}


@InProceedings{WadlerF2009,
  author = 	 "Wadler, Philip and Findler, Robert Bruce",
  title = 	 "Well-typed programs can't be blamed",
  crossref =     "ESOP2009",
  pages = 	 "1--16",
  abstract =
   "We introduce the blame calculus, which adds the notion of blame from
    Findler and Felleisen's contracts to a system similar to Siek and Taha's
    gradual types and Flanagan's hybrid types. We characterise where
    positive and negative blame can arise by decomposing the usual notion of
    subtype into positive and negative subtypes, and show that these
    recombine to yield naive subtypes. Naive subtypes previously appeared in
    type systems that are unsound, but we believe this is the first time
    naive subtypes play a role in establishing type soundness.",
}


@InProceedings{SiekT2006,
  author = 	 "Jeremy G. Siek and Walid Taha",
  title = 	 "Gradual typing for functional languages",
  crossref =     "SFP2006",
  pages = 	 "81--92",
  abstract =
   "Static and dynamic type systems have well-known strengths and
    weaknesses, and each is better suited for different programming
    tasks. There have been many efforts to integrate static and dynamic
    typing and thereby combine the benefits of both typing disciplines
    in the same language. The flexibility of static typing can be improved
    by adding a type Dynamic and a typecase form. The safety
    and performance of dynamic typing can be improved by adding
    optional type annotations or by performing type inference (as in
    soft typing). However, there has been little formal work on type
    systems that allow a programmer-controlled migration between dynamic
    and static typing. Thatte proposed Quasi-Static Typing, but
    it does not statically catch all type errors in completely annotated
    programs. Anderson and Drossopoulou defined a nominal type system
    for an object-oriented language with optional type annotations.
    However, developing a sound, gradual type system for functional
    languages with structural types is an open problem.
    \par
    In this paper we present a solution based on the intuition that the
    structure of a type may be partially known/unknown at compile time
    and the job of the type system is to catch incompatibilities
    between the known parts of types. We define the static and dynamic
    semantics of a $\lambda$-calculus with optional type annotations and we
    prove that its type system is sound with respect to the simply-typed
    $\lambda$-calculus for fully-annotated terms. We prove that this calculus
    is type safe and that the cost of dynamism is ``pay-as-you-go''.",
}


@InProceedings{HermanTF2007,
  author = 	 "David Herman and Aaron Tomb and Cormac Flanagan",
  title = 	 "Space-efficient gradual typing",
  crossref =     "TFP2007",
  NEEDpages = 	 "*",
  abstract =
   "Gradual type systems offer a smooth continuum between static and dynamic
    typing by permitting the free mixture of typed and untyped code. The
    runtime systems for these languages---and other languages with hybrid type
    checking---typically enforce function types by dynamically generating
    function proxies. This approach can result in unbounded growth in the
    number of proxies, however, which drastically impacts space efficiency and
    destroys tail recursion.
    \par
    We present an implementation strategy for gradual typing that is based on
    coercions instead of function proxies, and which combines adjacent
    coercions to limit their space consumption. We prove bounds on the space
    consumed by coercions as well as soundness of the type system,
    demonstrating that programmers can safely mix typing disciplines without
    incurring unreasonable overheads. Our approach also detects certain errors
    earlier than prior work.",
}


@InProceedings{SiekT2007,
  author = 	 "Siek, Jeremy and Taha, Walid",
  title = 	 "Gradual typing for objects",
  crossref =     "ECOOP2007",
  pages = 	 "2--27",
  abstract =
   "Static and dynamic type systems have well-known strengths and
    weaknesses. In previous work we developed a gradual type system for a
    functional calculus named $\lambda^?_\rightarrow$. Gradual typing provides
    the benefits of both static and dynamic checking in a single language by
    allowing the programmer to control whether a portion of the program is type
    checked at compile-time or run-time by adding or removing type annotations
    on variables. Several object-oriented scripting languages are preparing to
    add static checking. To support that work this paper develops Ob$^?_{<:}$,
    a gradual type system for object-based languages, extending the Ob$_{<:}$
    calculus of Abadi and Cardelli. Our primary contribution is to show that
    gradual typing and subtyping are orthogonal and can be combined in a
    principled fashion. We also develop a small-step semantics, provide a
    machine-checked proof of type safety, and improve the space efficiency of
    higher-order casts.",
}


@InProceedings{SiekV2008,
  author = 	 "Jeremy Siek and Manish Vachharajani",
  title = 	 "Gradual typing with unification-based inference",
  crossref =     "DLS2008",
  NEEDpages = 	 "*",
  abstract =
   "Static and dynamic type systems have well-known strengths and
    weaknesses. Gradual typing provides the benefits of both in a
    single language by giving the programmer control over which portions
    of the program are statically checked based on the presence or absence
    of type annotations.  This paper studies the combination of gradual
    typing and unification-based type inference with the goal of
    developing a system that helps programmers increase the amount of
    static checking in their program.  The key question in combining
    gradual typing and type inference is how should the dynamic type of a
    gradual system interact with the type variables of a type inference
    system. This paper explores the design space and shows why three
    straightforward approaches fail to meet our design goals.  This paper
    presents a new type system based on the idea that a solution for a
    type variable should be as informative as any type that constrains the
    variable.  The paper also develops an efficient inference algorithm
    and proves it sound and complete with respect to the type system.",
}


@InProceedings{SiekGT2009,
  author = 	 "Jeremy G. Siek and Ronald Garcia and Walid Taha",
  title = 	 "Exploring the design space of higher-order casts",
  crossref =     "ESOP2009",
  NEEDpages = 	 "*",
  abstract =
   "This paper explores the surprisingly rich design space for the simply typed
    lambda calculus with casts and a dynamic type. Such a calculus is the
    target intermediate language of the gradually typed lambda calculus but it
    is also interesting in its own right. In light of diverse requirements for
    casts, we develop a modular semantic framework, based on Henglein's
    Coercion Calculus, that instantiates a number of space-efficient,
    blame-tracking calculi, varying in what errors they detect and how they
    assign blame. Several of the resulting calculi extend work from the
    literature with either blame tracking or space efficiency, and in doing so
    reveal previously unknown connections. Furthermore, we introduce a new
    strategy for assigning blame under which casts that respect traditional
    subtyping are statically guaranteed to never fail. One particularly
    appealing outcome of this work is a novel cast calculus that is well-suited
    to gradual typing.",
}


@InProceedings{SiekW2009,
  author = 	 "Jeremy G. Siek and Philip Wadler",
  title = 	 "Threesomes, with and without blame",
  crossref =     "STOP2009",
  pages = 	 "34--46",
  supersededby = "SiekW2010"
}


@InProceedings{SiekW2010,
  author = 	 "Jeremy G. Siek and Philip Wadler",
  title = 	 "Threesomes, with and without blame",
  crossref =     "POPL2010",
  NEEDpages = 	 "*",
  abstract =
   "How to integrate static and dynamic types? Recent work focuses
    on casts to mediate between the two. However, adding casts may
    degrade tail calls into a non-tail calls, increasing space consumption
    from constant to linear in the depth of calls.
    \par
    We present a new solution to this old problem, based on the
    notion of a threesome. A cast is specified by a source and a target
    type---a twosome. Any twosome factors into a downcast from the
    source to an intermediate type, followed by an upcast from the
    intermediate to the target---a threesome. Any chain of threesomes
    collapses to a single threesome, calculated by taking the greatest
    lower bound of the intermediate types. We augment this solution
    with blame labels to map any failure of a threesome back to the
    offending twosome in the source program.
    \par
    Herman, Tomb, and Flanagan (2007) solve the space problem
    by representing casts with the coercion calculus of Henglein
    (1994). While they provide a theoretical limit on the space overhead,
    there remains the practical question of how best to implement
    coercion reduction. The threesomes presented in this paper
    provide a streamlined data structure and algorithm for representing
    and normalizing coercions. Furthermore, threesomes provide a
    typed-based explanation of coercion reduction."
}


@InProceedings{TobinHochstadtF2006,
  author = 	 "Sam Tobin-Hochstadt and Matthias Felleisen",
  title = 	 "Interlanguage migration: From scripts to programs",
  crossref =     "DLS2006",
  NEEDpages = 	 "*",
  abstract =
   "As scripts grow into full-fledged applications, programmers should want to
    port portions of their programs from scripting languages to languages with
    sound and rich type systems.  This form of interlanguage migration ensures
    type-safety and provides minimal guarantees for reuse in other
    applications, too.
    \par
    In this paper, we present a framework for expressing this form of
    interlanguage migration. Given a program that consists of modules in the
    untyped lambda calculus, we prove that rewriting one of them in a simply
    typed lambda calculus produces an equivalent program and adds the expected
    amount of type safety, i.e., code in typed modules can't go wrong. To
    ensure these guarantees, the migration process infers constraints from the
    statically typed module and imposes them on the dynamically typed modules
    in the form of behavioral contracts.",
}


@InProceedings{TobinHochstadtF2008,
  author = 	 "Sam Tobin-Hochstadt and Matthias Felleisen",
  title = 	 "The design and implementation of {Typed} {Scheme}",
  crossref =     "POPL2008",
  NEEDpages = 	 "*",
  abstract =
   "When scripts in untyped languages grow into large programs, maintaining
    them becomes difficult. A lack of types in typical scripting
    languages means that programmers must (re)discover critical
    pieces of design information every time they wish to change a program.
    This analysis step both slows down the maintenance process
    and may even introduce mistakes due to the violation of undiscovered
    invariants.
    \par
    This paper presents Typed Scheme, an explicitly typed extension
    of an untyped scripting language. Its type system is based on
    the novel notion of occurrence typing, which we formalize and mechanically
    prove sound. The implementation of Typed Scheme additionally
    borrows elements from a range of approaches, including
    recursive types, true unions and subtyping, plus polymorphism
    combined with a modicum of local inference. Initial experiments
    with the implementation suggest that Typed Scheme naturally accommodates
    the programming style of the underlying scripting language,
    at least for the first few thousand lines of ported code.",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Abstract types
%%%


@InProceedings{OCallahanJ97,
  author =       "Robert O'Callahan and Daniel Jackson",
  title =        "Lackwit: A Program Understanding Tool Based on Type
                 Inference",
  crossref =     "ICSE97",
  pages =        "338--348",
  abstract =
   "By determining, statically, where the structure of a program requires sets
    of variables to share a common representation, we can identify abstract
    data types, detect abstraction violations, find unused variables,
    functions, and fields of data structures, detect simple errors in
    operations on abstract datatypes, and locate sites of possible references
    to a value.  We compute representation sharing with type inference, using
    types to encode representations.  The method is efficient, fully automatic,
    and smoothly integrates pointer aliasing and higher-order functions.  We
    show how we used a prototype tool to answer a user's questions about a
    17,000 line program written in C.",
}


@TechReport{OCallahanJ96,
  author = 	 "Robert O'Callahan and Daniel Jackson",
  title = 	 "Practical program understanding with type inference",
  institution =  "School of Computer Science, Carnegie Mellon University",
  year = 	 1996,
  number =	 "CMU-CS-96-130",
  address =	 "Pittsburgh, PA",
  month =	 may,
  supersededby = "OCallahanJ97"
}


@InProceedings{Baker90,
  author = 	 "Henry Baker",
  title = 	 "Unify and Conquer (Garbage, Updating, Aliasing, ...)",
  crossref =     "LFP90",
  pages = 	 "218--226",
  abstract =
   "\emph{Type inference} is the process by which an expression in an untyped
    computer language such as the lambda-calculus, Lisp, or a functional
    language can be assigned a static data type in order to improve the code
    generated by a compiler. \emph{Storage use} inference is the process by
    which a program in a computer language can be statically analyzed to model
    its run-time behavior, particularly the containment and sharing relations
    among its run-time data structures. The information generated by storage
    use information can also be used to improve the code generated by a
    compiler, because knowledge of the containment and sharing relations of
    run-time data structures allows for methods of storage allocation and
    deallocation which are cheaper than garbage-collected heap storage and
    allows for the in-place updating of functional aggregates.
    \par
    Type inference and storage use inference have traditionally been considered
    orthogonal processes, with separate traditions and literature. However, we
    show in this paper than this separation may be a mistake, because the
    best-known and best-understood of the type inferencing algorithms---Milner's
    unification method for ML---already generates valuable sharing and
    containment information which is then unfortunately discarded. We show that
    this sharing information is already generated by standard unification
    algorithms with no additional overhead during unification; however, there
    is some additional work necessary to extract this information. We have not
    yet precisely characterized the resolving power of this sharing and
    containment information, but we believe that it is similar to that
    generated by researchers using other techniques. However, our scheme seems
    to only work for \emph{functional languages} like pure Lisp.
    \par
    The unification of type and storage inferencing yields new insights into
    the meaning of ``aggregate type'', which should prove valuable in the
    design of future type systems.",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Units of measure
%%%

@InProceedings{AntoniuSKNF,
  author = 	 "Tudor Antoniu and Paul Steckler and Shriram Krishnamurthi
                  and Erich Neuwirth and Matthias Felleisen",
  title = 	 "Validating the unit correctness of spreadsheet programs",
  crossref =     "ICSE2004",
  pages = 	 "439--448",
  abstract =
   "Financial companies, engineering firms and even scientists create
    increasingly larger spreadsheets and spreadsheet programs. The creators of
    large spreadsheets make errors and must track them down. One common class
    of errors concerns unit errors, because spreadsheets often employ formulas
    with physical or monetary units.
    \par
    In this paper, we describe XeLda, our tool for unit checking Excel
    spreadsheets. The tool highlights cells if their formulas process values
    with incorrect units and if derived units clash with unit annotations. In
    addition, it draws arrows to the sources of the formulas for debugging. The
    tool is sensitive to many of the intricacies of Excel spreadsheets
    including tables, matrices, and even circular references. Using XeLda, we
    have detected errors in some published scientific spreadsheets.",
}


@InProceedings{ErwigB2002,
  author = 	 {Martin Erwig and Margaret M. Burnett},
  title = 	 {Adding Apples and Oranges},
  crossref =     "PADL2002",
  pages =        "171--191",
}


@MastersThesis{Xiang2020,
  author = 	 "Tongtong Xiang",
  title = 	 "Type Checking and Whole-program Inference for Value Range Analysis",
  school = 	 UWaterlooECE,
  year = 	 2020,
  address = 	 UWaterlooaddr,
  month = 	 oct,
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Reflection
%%%

@InProceedings{Tatsubori2004,
  author = 	 "Michiaki Tatsubori",
  title = 	 "Living with Reflection: Towards Coexistence of Program Transformation by Middleware and Reflection in {Java} Applications",
  crossref =     "PPL2004",
  NEEDpages = 	 "*",
  abstract =
   "Reflection in Java allows handling classes and members as first-class
    objects to create new instances and access members, while allowing
    application programmers to define their own class loading
    behavior. However, the program analyzing and rewriting middleware faces
    serious restrictions when these reflective mechanisms are used in
    application programs. We have created a framework called EMPL, which 1)
    allows program analysis/rewriting software to detect and replace indirect
    method invocations that are not written in a visible way in application
    programs, and 2) makes analysis and rewriting by middleware mandatory and
    transparent for the modified application programs so that the
    transformation by the middleware is always sure to be performed on the
    application programs. Instead of giving a perfect, precise and static
    analysis of a reflective program, the proposed framework provides a
    comprehensive ``net'' for capturing uses of reflective computation in
    application programs at runtime. This is implemented as a customized class
    loader for the standard Java virtual machine.",
}


@InProceedings{McGacheyHM2009,
  author = 	 "Phil McGachey and Antony L. Hosking and J. Eliot B. Moss",
  title = 	 "Pervasive Load-Time Transformation for Transparently Distributed {Java}",
  crossref =     "ByteCode2009",
  NEEDpages = 	 "*",
  abstract =
   "The transformation of large, off-the-shelf Java applications to support
    complex new functionality essentially requires generation of an entirely
    new application that retains the execution semantics of the original. We
    describe such a whole-program modification in the context of RuggedJ, a
    dynamic transparent Java distribution system. We discuss the proxy-based
    object model that allows remote Java objects to be referenced in the same
    way as those residing on the current virtual machine, the optimizations
    that allow us to bypass proxies in the case of purely local or remote
    object, and the mechanisms needed to guarantee that static data remain
    unique in a distributed system. We then detail some of the more interesting
    features involved when implementing this object model in rewritten
    bytecode, including transformations required within method bodies and
    coordination between bytecode and the run-time system that distributes an
    application across the network.",
}


@InProceedings{ReisDWDE2006,
  author = 	 "Charles Reis and John Dunagan and Helen J. Wang and Opher Dubrovsky and Saher Esmeir",
  title = 	 "{BrowserShield}: Vulnerability-Driven Filtering of Dynamic {HTML}",
  crossref =     "OSDI2006",
  NEEDpages = 	 "*",
}


@InProceedings{LivshitsWL2005,
  author = 	 "Benjamin Livshits and John Whaley and Monica S. Lam",
  title = 	 "Reflection analysis for {Java}",
  crossref =     "APLAS2005",
  pages = 	 "139--160",
}


@TechReport{Smith82,
  author = 	 "Brian Cantwell Smith",
  title = 	 "Procedural Reflection in Programming Languages",
  institution =  MITLCS,
  year = 	 1982,
  number = 	 "MIT-LCS-TR-272",
  address = 	 MITaddr,
  month = 	 jan,
}


@InProceedings{BoddenSSOM2011,
  author = 	 "Bodden, Eric and Sewe, Andreas and Sinschek, Jan and Oueslati, Hela and Mezini, Mira",
  title = 	 "Taming Reflection: Aiding Static Analysis in the Presence of Reflection and Custom Class Loaders",
  crossref =     "ICSE2011",
  pages = 	 "241--250",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Regular expressions and string analysis
%%%

@string{SEFM = "SEFM"}


@inproceedings{Broberg:2004:REP:1016850.1016863,
 author = {Broberg, Niklas and Farre, Andreas and Svenningsson, Josef},
 title = {Regular expression patterns},
  crossref =     "ICFP2004",
 pages = {67--78},
 numpages = {12},
 url = {https://doi.acm.org/10.1145/1016850.1016863},
 doi = {10.1145/1016850.1016863},
 acmid = {1016863},
 keywords = {haskell, pattern matching, regular expressions},
}


@article{Spinellis20071156,
title = "A framework for the static verification of {API} calls",
journal = "Journal of Systems and Software",
volume = "80",
number = "7",
pages = "1156 - 1168",
year = "2007",
OMITnote = "<ce:title>Dynamic Resource Management in Distributed Real-Time Systems</ce:title>",
issn = "0164-1212",
doi = "10.1016/j.jss.2006.09.040",
url = "http://www.sciencedirect.com/science/article/pii/S0164121206002755",
author = "Diomidis Spinellis and Panagiotis Louridas",
keywords = "Static analysis",
keywords = "<span style='FONT-VARIANT: small-caps'>api</span>",
keywords = "Library",
keywords = "Programming by contract",
keywords = "FindBugs"
}


@inproceedings{Fisher:2006:SAS:1159803.1159817,
 author = {Fisher, David and Shivers, Olin},
 title = {Static analysis for syntax objects},
  crossref =     "ICFP2006",
 pages = {111--121},
 numpages = {11},
 url = {https://doi.acm.org/10.1145/1159803.1159817},
 doi = {10.1145/1159803.1159817},
 acmid = {1159817},
 keywords = {domain-specific languages, extensible programming languages, flow analysis, language towers, lazy delegation, macros, static analysis, type inference},
}


@inproceedings{Mainland:2007:WNQ:1291201.1291211,
 author = {Mainland, Geoffrey},
 title = {Why it's nice to be quoted: quasiquoting for {Haskell}},
 booktitle = {ACM SIGPLAN workshop on Haskell},
 year = {2007},
 isbn = {978-1-59593-674-5},
 address  = {Freiburg, Germany},
 pages = {73--82},
 numpages = {10},
 url = {https://doi.acm.org/10.1145/1291201.1291211},
 doi = {10.1145/1291201.1291211},
 acmid = {1291211},
 keywords = {meta programming, quasiquoting},
}


@inproceedings{Tateishi:2011:PIS:2001420.2001441,
 author = {Tateishi, Takaaki and Pistoia, Marco and Tripp, Omer},
 title = {Path- and index-sensitive string analysis based on monadic second-order logic},
  crossref =     "ISSTA2011",
 pages = {166--176},
 numpages = {11},
 url = {https://doi.acm.org/10.1145/2001420.2001441},
 doi = {10.1145/2001420.2001441},
 acmid = {2001441},
 keywords = {static program analysis, string analysis, web security},
}


@inproceedings{Bubel:2011:FJS:2075679.2075689,
 author = {Bubel, Richard and H\"{a}hnle, Reiner and Geilmann, Ulrich},
 title = {A formalisation of {Java} strings for program specification and verification},
 booktitle = SEFM,
 year = {2011},
 isbn = {978-3-642-24689-0},
 address  = {Montevideo, Uruguay},
 pages = {90--105},
 numpages = {16},
 url = {http://dl.acm.org/citation.cfm?id=2075679.2075689},
 acmid = {2075689},
}


@incollection {springerlink:10.1007/978-3-540-85114-1.21,
   author = {Yu, Fang and Bultan, Tevfik and Cova, Marco and Ibarra, Oscar},
   affiliation = {University of California Department of Computer Science Santa Barbara},
   title = {Symbolic String Verification: An Automata-Based Approach},
   booktitle = {Model Checking Software},
   series = LNCS,
   OMITeditor = {Havelund, Klaus and Majumdar, Rupak and Palsberg, Jens},
   publisher = {Springer},
   OMITpublisher = {Springer Berlin / Heidelberg},
   isbn = {978-3-540-85113-4},
   keyword = {Computer Science},
   pages = {306--324},
   volume = {5156},
   url = {http://dx.doi.org/10.1007/978-3-540-85114-1_21},
   OMITnote = {10.1007/978-3-540-85114-1_21},
   year = {2008}
}


@article{Wassermann:2007:SCD:1276933.1276935,
 author = {Wassermann, Gary and Gould, Carl and Su, Zhendong and Devanbu, Premkumar},
 title = {Static checking of dynamically generated queries in database applications},
 journal = {ACM Trans. Softw. Eng. Methodol.},
 issue_date = {September 2007},
 volume = {16},
 number = {4},
 OMITmonth = sep,
 year = {2007},
 issn = {1049-331X},
 articleno = {14},
 url = {https://doi.acm.org/10.1145/1276933.1276935},
 doi = {10.1145/1276933.1276935},
 acmid = {1276935},
 keywords = {JDBC, Static checking, context-free language reachability, database queries},
}

@inproceedings{Minamide:2005:SAD:1060745.1060809,
 author = {Minamide, Yasuhiko},
 title = {Static approximation of dynamically generated Web pages},
 booktitle = {World Wide Web},
 year = {2005},
 isbn = {1-59593-046-9},
 address  = {Chiba, Japan},
 pages = {432--441},
 numpages = {10},
 url = {https://doi.acm.org/10.1145/1060745.1060809},
 doi = {10.1145/1060745.1060809},
 acmid = {1060809},
 keywords = {HTML validation, context-free grammars, cross-site scripting, server-side scripting, static analysis},
}


@inproceedings{Benzaken:2003:CXG:944705.944711,
 author = {Benzaken, V{\'e}ronique and Castagna, Giuseppe and Frisch, Alain},
 title = {{CDuce}: an {XML}-centric general-purpose language},
  crossref =     "ICFP2003",
 pages = {51--63},
 numpages = {13},
 url = {https://doi.acm.org/10.1145/944705.944711},
 doi = {10.1145/944705.944711},
 acmid = {944711},
 keywords = {CDuce, XML, XML-processing, type systems},
}

@inproceedings{Hosoya:2000:XTX:646544.696356,
 author = {Hosoya, Haruo and Pierce, Benjamin C.},
 title = {{XDuce}: A Typed {XML} Processing Language (Preliminary Report)},
 booktitle = {Selected papers from the Third International Workshop WebDB 2000 on The World Wide Web and Databases},
 year = {2001},
 isbn = {3-540-41826-1},
 pages = {226--244},
 numpages = {19},
 url = {http://dl.acm.org/citation.cfm?id=646544.696356},
 acmid = {696356},
}


@incollection {springerlink:10.1007/11853107.21,
   author = {Wilk, Artur and Drabent, Włodzimierz},
   affiliation = {Dept. of Computer and Information Science, Linköping University, S-58183 Linköping, Sweden},
   title = {{A Prototype of a Descriptive Type System for Xcerpt}},
   booktitle = {Principles and Practice of Semantic Web Reasoning},
   series = LNCS,
   OMITeditor = {Alferes, Jóse and Bailey, James and May, Wolfgang and Schwertel, Uta},
   publisher = {Springer},
   OMITpublisher = {Springer Berlin / Heidelberg},
   isbn = {978-3-540-39586-7},
   keyword = {Computer Science},
   pages = {262--275},
   volume = {4187},
   url = {http://dx.doi.org/10.1007/11853107_21},
   OMITnote = {10.1007/11853107_21},
   year = {2006}
}


@incollection {springerlink:10.1007/11560586.13,
   author = {Castagna, Giuseppe and Colazzo, Dario and Frisch, Alain},
   affiliation = {CNRS, Ecole Normale Supérieure de Paris, France},
   title = {Error Mining for Regular Expression Patterns},
   booktitle = {Theoretical Computer Science},
   series = LNCS,
   OMITeditor = {Coppo, Mario and Lodi, Elena and Pinna, G.},
   publisher = {Springer},
   OMITpublisher = {Springer Berlin / Heidelberg},
   isbn = {978-3-540-29106-0},
   keyword = {Computer Science},
   pages = {160--172},
   volume = {3701},
   url = {http://dx.doi.org/10.1007/11560586_13},
   OMITnote = {10.1007/11560586_13},
   year = {2005}
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Concurrency, locking, etc
%%%

@InProceedings{Grossman2003,
  author = 	 "Dan Grossman",
  title = 	 "Type-safe multithreading in {Cyclone}",
  crossref =     "TLDI2003",
  pages = 	 "13--25",
  abstract =
   "We extend Cyclone, a type-safe polymorphic language at the C level of
    abstraction, with threads and locks. Data races can violate type safety in
    Cyclone. An extended type system statically guarantees their absence by
    enforcing that thread-shared data is protected via locking and that
    thread-local data does not escape the thread that creates it. The
    extensions interact smoothly with parametric polymorphism and region-based
    memory management. We present a formal abstract machine that models the
    need to prevent races, a polymorphic type system for the machine that
    supports thread-local data, and a corresponding type-safety result.",
}


@inproceedings{10.1145/512529.512563,
author = {Grossman, Dan and Morrisett, Greg and Jim, Trevor and Hicks, Michael and Wang, Yanling and Cheney, James},
title = {Region-based memory management in cyclone},
year = {2002},
isbn = {1581134630},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/512529.512563},
doi = {10.1145/512529.512563},
abstract = {Cyclone is a type-safe programming language derived from C. The primary design goal of Cyclone is to let programmers control data representation and memory management without sacrificing type-safety. In this paper, we focus on the region-based memory management of Cyclone and its static typing discipline. The design incorporates several advancements, including support for region subtyping and a coherent integration with stack allocation and a garbage collector. To support separate compilation, Cyclone requires programmers to write some explicit region annotations, but a combination of default annotations, local type inference, and a novel treatment of region effects reduces this burden. As a result, we integrate C idioms in a region-based framework. In our experience, porting legacy C to Cyclone has required altering about 8\% of the code; of the changes, only 6\% (of the 8\%) were region annotations.},
booktitle = {Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation},
pages = {282–293},
numpages = {12},
location = {Berlin, Germany},
series = {PLDI '02}
}

@InProceedings{GrossmanMJHWC2002,
  author = 	 "Grossman, Dan and Morrisett, Greg and Jim, Trevor and Hicks, Michael and Wang, Yanling and Cheney, James",
  title = 	 "Region-Based Memory Management in {Cyclone}",
  crossref =  "PLDI2002",
  pages = 	 "282-293",
}

@InProceedings{RoseSH2004,
  author = 	 "James Rose and Nikhil Swamy and Michael Hicks",
  title = 	 "Dynamic inference of polymorphic lock types",
  crossref =     "CSJP2004",
  pages = 	 "18--25",
}


@InProceedings{FlanaganA1999,
  author = 	 "Cormac Flanagan and Mart\'{\i}n Abadi",
  authorASCII =  "Cormac Flanagan and Martin Abadi",
  title = 	 "Types for safe locking",
  crossref =     "ESOP1999",
  pages = 	 "91--108",
}


@InProceedings{FlanaganF2000,
  author = 	 "Cormac Flanagan and Stephen N. Freund",
  title = 	 "Type-based race detection for {Java}",
  crossref =     "PLDI2000",
  pages = 	 "219--232",
}


@Article{AbadiFF2006,
  author = 	 "Martin Abadi and Cormac Flanagan and Stephen N. Freund",
  title = 	 "Types for safe locking: Static race detection for {Java}",
  journal = 	 TOPLAS,
  year = 	 2006,
  volume = 	 28,
  number = 	 2,
  pages = 	 "207--255",
  month = 	 mar,
  abstract =
   "This article presents a static race-detection analysis for multithreaded
    shared-memory programs, focusing on the Java programming language. The
    analysis is based on a type system that captures many common
    synchronization patterns. It supports classes with internal
    synchronization, classes that require client-side synchronization, and
    thread-local classes. In order to demonstrate the effectiveness of the type
    system, we have implemented it in a checker and applied it to over 40,000
    lines of hand-annotated Java code. We found a number of race conditions in
    the standard Java libraries and other test programs. The checker required
    fewer than 20 additional type annotations per 1,000 lines of code. This
    article also describes two improvements that facilitate checking much
    larger programs: an algorithm for annotation inference and a user interface
    that clarifies warnings generated by the checker. These extensions have
    enabled us to use the checker for identifying race conditions in
    large-scale software systems with up to 500,000 lines of code."
}


@InProceedings{BoyapatiR2001,
  author = 	 "Boyapati, Chandrasekhar and Rinard, Martin",
  title = 	 "A Parameterized Type System for Race-free {Java} Programs",
  crossref =     "OOPSLA2001",
  pages = 	 "56--69",
}


@InProceedings{FlanaganFQ2002,
  author = 	 "Cormac Flanagan and Stephen N. Freund and Shaz Qadeer",
  title = 	 "Thread-modular verification for shared-memory programs",
  crossref =     "ESOP2002",
  pages = 	 "262--277",
}


@InProceedings{CunninghamDE2007,
  author = 	 "David Cunningham and Sophia Drossopoulou and Susan Eisenbach",
  title = 	 "Universes for race safety",
  crossref =     "VAMP2007",
  pages = 	 "20--51",
}


@InProceedings{Sterling1993,
  author = 	 "Nicholas Sterling",
  title = 	 "Warlock: A static data race analysis tool",
  crossref =     "USENIX93Winter",
  pages = 	 "97--106",
}


@InProceedings{LuPX2013,
  author = 	 "Yi Lu and John Potter and Jingling Xue",
  title = 	 "Structural lock correlation with ownership types",
  crossref =     "ESOP2013",
  pages = 	 "391--410",
}


@InProceedings{FlanaganF2004,
  author = 	 "Cormac Flanagan and Stephen N. Freund",
  title = 	 "Type inference against races",
  crossref =     "SAS2004",
  pages = 	 "116--132",
  abstract =
   "The race condition checker rccjava uses a formal type system to
   statically identify potential race conditions in concurrent Java
   programs, but it requires programmer-supplied type annotations. This
   paper describes a type inference algorithm for rccjava. Due to the
   interaction of parameterized classes and dependent types, this type
   inference problem is NP-complete. This complexity result motivates our
   new approach to type inference, which is via reduction to propositional
   satisfiability. This paper describes our type inference algorithm and
   its performance on programs of up to 30,000 lines of code."
}


@InProceedings{BaconST2000,
  author = 	 "Bacon, David F. and Strom, Robert E. and Tarafdar, Ashis",
  title = 	 "Guava: A dialect of {Java} without data races",
  crossref =     "OOPSLA2000",
  pages = 	 "382--400",
  abstract =
   "We introduce Guava, a dialect of Java whose rules statically guarantee
    that parallel threads access shared data only through synchronized
    methods. Our dialect distinguishes three categories of classes: (1)
    monitors, which may be referenced from multiple threads, but whose
    methods are accessed serially; (2) values, which cannot be referenced and
    therefore are never shared; and (3) objects, which can have multiple
    references but only from within one thread, and therefore do not need to
    be synchronized. Guava circumvents the problems associated with today's
    Java memory model, which must define behavior when concurrent threads
    access shared memory without synchronization.We present an overview of
    the syntax and the semantic rules of Guava. We discuss how
    implementations of Guava can exploit these rules to re-enable compiler
    optimizations inhibited by standard Java. We discuss how compilers for
    certain multiprocessor architectures can automatically generate certain
    programming idioms, such as double-check reads, as optimizations of
    serialized monitors."
}


@InProceedings{LiuBSD2016,
  author = 	 "Shuang Liu and Guangdong Bai and Jun Sun and J. Dong",
  title = 	 "Towards Using Concurrent {Java} {API} Correctly",
  crossref =  "ICECCS2016",
  pages = 	 "219-222",
}


@MastersThesis{Zaza2013,
  author = 	 "Zaza, Nosheen",
  title = 	 "Evaluating the Accuracy of Annotations in the {Loci 3.0} Pluggable Type Checker",
  school = 	 "Uppsala University",
  year = 	 2013,
  address = 	 "Uppsala, Sweden",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Comparing static and dynamic typing
%%%


@InProceedings{Hanenburg2009:PLATEAU,
  author = 	 "Stefan Hanenberg",
  title = 	 "What is the impact of static type systems on programming time?  Preliminary empirical results",
  crossref =     "PLATEAU2009",
  NOpages = 	 "*",
}


@InProceedings{Hanenburg2010:ECOOP,
  author = 	 "Stefan Hanenberg",
  title = 	 "Doubts about the Positive Impact of Static Type Systems on Programming Tasks in Single Developer Projects - An Empirical Study",
  crossref =     "ECOOP2010",
  NEEDpages = 	 "*",
  supersededby = "Hanenberg2010:OOPSLA"
}

@InProceedings{Hanenberg2010:OOPSLA,
  author = 	 "Stefon Hanenberg",
  title = 	 "An experiment about static and dynamic type systems:
   Doubts about the positive impact of static type systems on development time",
  crossref =     "OOPSLA2010",
  NEEDpages = 	 "*",
}


@InProceedings{Hanenberg2010:onward,
  author = 	 "Stefan Hanenberg",
  title = 	 "Faith, Hope, and Love:  A criticism of software science's carelessness with regard to the human factor",
  crossref =     "Onward2010",
  NEEDpages = 	 "*",
}


@InProceedings{RayPFD2014,
  author = 	 "Ray, Baishakhi and Posnett, Daryl and Filkov, Vladimir and Devanbu, Premkumar",
  title = 	 "A large scale study of programming languages and code quality in {Github}",
  titleNOTE = 	 "The title misspells GitHub as Github; the capitalization here is not a typo",
  crossref =     "FSE2014",
  pages = 	 "155--165",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Dependent types
%%%


@InProceedings{ConditHAGN2007,
  author =       "Condit, Jeremy and Harren, Matthew and Anderson, Zachary and Gay, David and Necula, George C.",
  title =        "Dependent types for low-level programming",
  crossref =  "ESOP2007",
  pages =     "520--535",
}

@InProceedings{RondonKJ2008,
  author =       "Patrick M. Rondon and Ming Kawaguchi and Ranjit Jhala",
  title =        "Liquid types",
  crossref =  "PLDI2008",
  pages =   "159-169",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Types are useful documentation, even when not required by the language
%%%

@Book{MinskyMH2013,
  author = 	 "Yaron Minsky and Anil Madhavapeddy and Jason Hickey",
  title = 	 "Real World OCaml: Functional programming for the masses",
  publisher = 	 "O'Reilly",
  year = 	 "2013",
}

@Article{PeytonJones1985,
  author = 	 "Peyton Jones, Simon L.",
  title = 	 "{YACC} in {SASL} --- an exercise in functional programming",
  journal = 	 SPE,
  year = 	 1985,
  volume = 	 15,
  number = 	 8,
  pages = 	 "807-820",
}


@Book{Hudak2000,
  author = 	 "Paul Hudak",
  title = 	 "The Haskell School of Expression: Learning Functional Programming through Multimedia",
  publisher = 	 "Cambridge University Press",
  year = 	 2000,
}


@Book{Harrison1997,
  author = 	 "John Harrison",
  title = 	 "Introduction to Functional Programming",
  publisher = 	 "https://dp.iit.bme.hu/mfp/mfp03s/intro2fp.pdf",
  year = 	 1997,
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Type error localization
%%%

@InProceedings{PavlinovicKW2014,
  author = 	 "Pavlinovic, Zvonimir and King, Tim and Wies, Thomas",
  title = 	 "Finding minimum type error sources",
  crossref =  "OOPSLA2014",
  pages = 	 "525–542",
  abstract =
   "Automatic type inference is a popular feature of functional programming
    languages. If a program cannot be typed, the compiler typically reports a
    single program location in its error message. This location is the point
    where the type inference failed, but not necessarily the actual source of
    the error. Other potential error sources are not even considered. Hence,
    the compiler often misses the true error source, which increases debugging
    time for the programmer. In this paper, we present a general framework for
    automatic localization of type errors. Our algorithm finds all minimum
    error sources, where the exact definition of minimum is given in terms of a
    compiler-specific ranking criterion. Compilers can use minimum error
    sources to produce more meaningful error reports, and for automatic error
    correction. Our approach works by reducing the search for minimum error
    sources to an optimization problem that we formulate in terms of weighted
    maximum satisfiability modulo theories (MaxSMT). The reduction to weighted
    MaxSMT allows us to build on SMT solvers to support rich type systems and
    at the same time abstract from the concrete criterion that is used for
    ranking the error sources. We have implemented an instance of our framework
    targeted at Hindley-Milner type systems and evaluated it on existing OCaml
    benchmarks for type error localization. Our evaluation shows that our
    approach has the potential to significantly improve the quality of type
    error reports produced by state of the art compilers.",
}

@InProceedings{LoncaricCSS2016,
  author = 	 "Calvin Loncaric and Satish Chandra and Cole Schlesinger and Manu Sridharan",
  title = 	 "A practical framework for type inference error explanation",
  crossref =  "OOPSLA2016",
  pages = 	 "781--799",
}

@Article{ZhangMVPJ2017,
  author = 	 "Zhang, Danfeng and Myers, Andrew C. and Vytiniotis, Dimitrios and Peyton-Jones, Simon",
  title = 	 "{SHErrLoc}: A Static Holistic Error Locator",
  journal = 	 toplas,
  year = 	 2017,
  volume = 	 39,
  number = 	 4,
  abstract =
   "We introduce a general way to locate programmer mistakes that are detected
    by static analyses. The program analysis is expressed in a general
    constraint language that is powerful enough to model type checking,
    information flow analysis, dataflow analysis, and points-to
    analysis. Mistakes in program analysis result in unsatisfiable
    constraints. Given an unsatisfiable system of constraints, both satisfiable
    and unsatisfiable constraints are analyzed to identify the program
    expressions most likely to be the cause of unsatisfiability. The likelihood
    of different error explanations is evaluated under the assumption that the
    programmer’s code is mostly correct, so the simplest explanations are
    chosen, following Bayesian principles. For analyses that rely on
    programmer-stated assumptions, the diagnosis also identifies assumptions
    likely to have been omitted. The new error diagnosis approach has been
    implemented as a tool called SHErrLoc, which is applied to three very
    different program analyses, such as type inference for a highly expressive
    type system implemented by the Glasgow Haskell Compiler—including type
    classes, Generalized Algebraic Data Types (GADTs), and type families. The
    effectiveness of the approach is evaluated using previously collected
    programs containing errors. The results show that when compared to existing
    compilers and other tools, SHErrLoc consistently identifies the location of
    programmer errors significantly more accurately, without any
    language-specific heuristics.",
}

@InProceedings{LernerFGC2007,
  author = 	 "Benjamin S. Lerner and Matthew Flower and Dan Grossman and Craig Chambers",
  title = 	 "Searching for type-error messages",
  crossref =     "PLDI2007",
  pages = 	 "425--434",
  abstract =
   "Advanced type systems often need some form of type inference to reduce the
    burden of explicit typing, but type inference often leads to poor error
    messages for ill-typed programs. This work pursues a new approach to
    constructing compilers and presenting type-error messages in which the
    type-checker itself does not produce the messages. Instead, it is an oracle
    for a search procedure that finds similar programs that do type-check. Our
    two-fold goal is to improve error messages while simplifying compiler
    construction.
    \par
    Our primary implementation and evaluation is for Caml, a language with full
    type inference. We also present a prototype for C++ template functions,
    where type instantiation is implicit. A key extension is making our
    approach robust even when the program has multiple independent type errors.",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Etc (perhaps will later be broken into more sections)
%%%

@Book{pierce:2002:types-and-pls,
  author =  {Benjamin C. Pierce},
  title =  {Types and Programming Languages},
  publisher =  {MIT Press},
  address = {Cambridge, MA, USA},
  year =  2002,
  doi = {10.7551/mitpress/1104.003.0005},
}


@Article{Milner78,
   Author={Robin Milner},
   Journal=JCSS,
   Title={A Theory of Type Polymorphism in Programming},
   Year=1978,
   Pages={348--375},
   Volume=17,
   Number=3,
   }


@InProceedings{FlanaganQ2003,
  author = 	 "Cormac Flanagan and Shaz Qadeer",
  title = 	 "A type and effect system for atomicity",
  crossref =     "POPL2003",
  pages =	 "338--349",
  abstract =
   "Ensuring the correctness of multithreaded programs is difficult, due to the
    potential for unexpected and nondeterministic interactions between
    threads. Previous work addressed this problem by devising tools for
    detecting race conditions, a situation where two threads simultaneously
    access the same data variable, and at least one of the accesses is a
    write. However, verifying the absence of such simultaneous-access race
    conditions is neither necessary nor sufficient to ensure the absence of
    errors due to unexpected thread interactions.
    \par
    We propose that a stronger non-interference property is required, namely
    atomicity. Atomic methods can be assumed to execute serially, without
    interleaved steps of other threads. Thus, atomic methods are amenable to
    sequential reasoning techniques, which significantly simplifies both formal
    and informal reasoning about program correctness.
    \par
    This paper presents a type system for specifying and verifying the
    atomicity of methods in multithreaded Java programs. The atomic type system
    is a synthesis of Lipton's theory of reduction and type systems for race
    detection.
    \par
    We have implemented this atomic type system for Java and used it to check a
    variety of standard Java library classes. The type checker uncovered subtle
    atomicity violations in classes such as java.lang.String and
    java.lang.StringBuffer that cause crashes under certain thread
    interleavings."
}


@InProceedings{GerakiosPS2011,
  author = 	 "Prodromos Gerakios and Nikolaos Papaspyrou and Kostis Sagonas",
  title = 	 "A type and effect system for deadlock avoidance in low-level languages",
  crossref =     "TLDI2011",
  pages = 	 "15--28",
}

@InProceedings{DeanGC95,
  author = 	 "Jeffrey Dean and David Grove and Craig Chambers",
  title = 	 "Optimization of Object-Oriented Programs Using Static
                  Class Hierarchy Analysis",
  crossref =     "ECOOP95",
  pages =	 "77--101",
  abstract =
   "Optimizing compilers for object-oriented languages apply static class
    analysis and other techniques to try to deduce precise information about
    the possible classes of the receivers of messages; if successful,
    dynamically-dispatched messages can be replaced with direct procedure calls
    and potentially further optimized through inline-expansion. By examining
    the complete inheritance graph of a program, which we call class hierarchy
    analysis, the compiler can improve the quality of static class information
    and thereby improve run-time performance. In this paper we present class
    hierarchy analysis and describe techniques for implementing this analysis
    effectively in both statically- and dynamically-typed languages and also in
    the presence of multi-methods. We also discuss how class hierarchy analysis
    can be supported in an interactive programming environment and, to some
    extent, in the presence of separate compilation. Finally, we assess the
    bottom-line performance improvement due to class hierarchy analysis alone
    and in combination with two other ``competing'' optimizations, profile-guided
    receiver class prediction and method specialization.",
}


@InProceedings{BaconS96,
  author = 	 "David F. Bacon and Peter F. Sweeney",
  title = 	 "Fast static analysis of {C++} virtual function calls",
  crossref =     "OOPSLA96",
  pages =	 "324--341",
  doi = {https://doi.acm.org/10.1145/236337.236371},
}


@InProceedings{TipP2000,
  author = 	 "Frank Tip and Jens Palsberg",
  title = 	 "Scalable propagation-based call graph construction algorithms",
  crossref =     "OOPSLA2000",
  pages =	 "281--293",
}


@InProceedings{Palsberg01,
  author = 	 "Jens Palsberg",
  title = 	 "Type-based analysis and applications",
  crossref =     "PASTE2001",
  pages = 	 "20--27",
}


@InProceedings{ValleeRaiHSLGC99,
  author = 	 "Raja Vall{\'e}e-Rai and Laurie Hendren and Vijay
                  Sundaresan and Patrick Lam and Etienne Gagnon and Phong
                  Co",
  title = 	 "Soot --- a {Java} bytecode optimization framework",
  crossref =     "CASCON1999",
  pages =	 "125--135",
  OMITpublisher = "IBM Press"
}

@InProceedings{NeculaMRW2002,
  author =       {George C. Necula and Scott McPeak and S.P. Rahul and Westley Weimer},
  title =        {{CIL}: Intermediate Language and Tools for Analysis and Transformation of {C} Programs},
  crossref =     "CC2002",
  pages =        "213--228"
}

@InProceedings{AikenW93,
  author = 	 "Alexander Aiken and Edward L. Wimmers",
  title = 	 "Type inclusion constraints and type inference",
  crossref =     "FPCA93",
  pages =	 "31--41",
}


@book{PalsbergS94,
 author = {Jens Palsberg and Michael I. Schwartzbach},
 title = {Object-Oriented Type Systems},
 year = {1994},
 isbn = {0-471-94128-X},
 publisher = {John Wiley and Sons},
 }


@InProceedings{McAdamKB2001,
  author = 	 "Bruce McAdam and Andrew Kennedy and Nick Benton",
  title = 	 "Type Inference for {MLj}",
  booktitle =	 "Scottish Functional Programming Workshop",
  pages =	 "159--172",
  year =	 2001,
  note =	 "Trends in Functional Programming, volume 2, Chapter 13",
  URL =          "http://www.dcs.ed.ac.uk/home/stg/sfpw/book/McAdam/cameraready.ps",
}


@InProceedings{DeSutterTD2004,
  author = 	 "Bjorn {De Sutter} and Frank Tip and Julian Dolby",
  title = 	 "Customization of {Java} library classes using type
                  constraints and profile information",
  crossref =     "ECOOP2004",
  pages = 	 "585--610",
  abstract =
   "The use of class libraries increases programmer productivity by allowing
    programmers to focus on the functionality unique to their
    application. However, library classes are generally designed with some
    typical usage pattern in mind, and performance may be suboptimal if the
    actual usage differs. We present an approach for rewriting applications to
    use customized versions of library classes that are generated using a
    combination of static analysis and profile information. Type constraints
    are used to determine where customized classes may be used, and profile
    information is used to determine where customization is likely to be
    profitable. We applied this approach to a number of Java applications by
    customizing various standard container classes and the omnipresent
    StringBuffer class, and measured speedups up to 78\% and memory footprint
    reductions up to 46\%. The increase in application size due to the added
    custom classes is limited to 12\% for all but the smallest programs.",
}


@InProceedings{SiffCBKR99,
  author = 	 "Michael Siff and Satish Chandra and Thomas Ball and Krishna Kunchithapadam and Thomas Reps",
  title = 	 "Coping with type casts in {C}",
  crossref =     "FSE99",
  pages =	 "180--198",
  abstract =
   "The use of type casts is pervasive in C. Although casts provide great
    flexibility in writing programs, their use obscures the meaning of
    programs, and can present obstacles during maintenance. Casts involving
    pointers to structures (C structs) are particularly problematic, because by
    using them, a programmer can interpret any memory region to be of any
    desired type, thereby compromising C's already weak type system.This paper
    presents an approach for making sense of such casts, in terms of
    understanding their purpose and identifying fragile code. We base our
    approach on the observation that casts are often used to simulate
    object-oriented language features not supported directly in C. We first
    describe a variety of ways --- idioms --- in which this is done in C
    programs. We then develop a notion of physical subtyping, which provides a
    model that explains these idioms.We have created tools that automatically
    analyze casts appearing in C programs. Experimental evidence collected by
    using these tools on a large amount of C code (over a million lines) shows
    that, of the casts involving struct types, most (over 90\%) can be
    associated meaningfully --- and automatically --- with physical
    subtyping. Our results indicate that the idea of physical subtyping is
    useful in coping with casts and can lead to valuable software productivity
    tools.",
}


@Misc{Morris1978,
  author =	 "James H. Morris",
  title =	 "Sniggering Type Checker experiment",
  howpublished = "Experiment at Xerox PARC",
  year =	 1978,
  note =	 "Personal communication, May 2004"
}


@InProceedings{Tichy79,
  author = 	 "Walter F. Tichy",
  title = 	 "Software development control based on module interconnection",
  crossref =     "ICSE79",
  pages =	 "29--41",
  abstract =
   "Constructing large software systems is not merely a matter of programming,
    but also a matter of communication and coordination. Problems arise because
    many people work on a joint project and use each other's programs. This
    paper presents an integrated development and maintenance system that
    provides a controlling environment to insure the consistency of a software
    system at the module interconnection level. It assists the programmers with
    two facilities: Interface control and version control. Interface control
    establishes consistent interfaces between software modules and maintains
    this consistency when changes are made. Version control coordinates the
    generation and integration of the various versions and configurations. Both
    facilities derive their information from an overall system description
    formulated in the module interconnection language INTERCOL. A demonstration
    system is sketched that runs under the UNIX time-sharing system."
}


@Article{PrecheltT98,
  author = 	 "Lutz Prechelt and Walter F. Tichy",
  title = 	 "A Controlled Experiment to Assess the Benefits of
                  Procedure Argument Type Checking",
  journal = 	 TSE,
  year = 	 1998,
  volume =	 24,
  number =	 4,
  pages =	 "302--312",
  month =	 apr,
  abstract =
   "Type checking is considered an important mechanism for detecting
    programming errors, especially interface errors. This report describes an
    experiment to assess the defect-detection capabilities of static,
    intermodule type checking. The experiment uses ANSI C and Kernighan&Ritchie
    (K&R) C. The relevant difference is that the ANSI C compiler checks module
    interfaces (i.e., the parameter lists calls to external functions), whereas
    K&R C does not. The experiment employs a counterbalanced design in which
    each of the 40 subjects, most of them CS PhD students, writes two
    nontrivial programs that interface with a complex library (Motif). Each
    subject writes one program in ANSI C and one in K&R C. The input to each
    compiler run is saved and manually analyzed for defects. Results indicate
    that delivered ANSI C programs contain significantly fewer interface
    defects than delivered K&R C programs. Furthermore, after subjects have
    gained some familiarity with the interface they are using, ANSI C
    programmers remove defects faster and are more productive (measured in both
    delivery time and functionality implemented).",
}


@InProceedings{PrecheltT96,
  author = 	 "Lutz Prechelt and Walter F. Tichy",
  title = 	 "An experiment to assess the benefits of inter-module type checking",
  booktitle =	 "METRICS Symposium",
  pages = 	 "112--119",
  year =	 1996,
  address =	 "Berlin",
  month =	 mar # "~25--26,",
  supersededby = "PrecheltT98",
}


@Article{Gannon77,
  author = 	 "John D. Gannon",
  title = 	 "An experimental evaluation of data type conventions",
  journal = 	 CACM,
  year = 	 1977,
  volume =	 20,
  number =	 8,
  pages =	 "584--595",
  month =	 aug
}


@InProceedings{GannonH75,
  author = 	 "John D. Gannon and James J. Horning",
  title = 	 "The impact of language design on the production of
                  reliable software",
  booktitle =	 "Proceedings of the international conference on Reliable software",
  pages =	 "10--22",
  year =	 1975,
  address =	 "Los Angeles, CA",
  NEEDmonth = 	 ""
}


% ACM cite key is 968162
@InProceedings{TorgersenPHEvdABG2004,
  author = 	 "Mads Torgersen and Christian Plesner Hansen and Erik
                  Ernst and Peter von der Ah{\'e} and Gilad Bracha and
                  Neal Gafter",
  title = 	 "Adding wildcards to the {Java} programming language",
  crossref =     "SAC2004",
  pages =	 "1289--1296",
  doi = {https://doi.acm.org/10.1145/967900.968162},
}


@InProceedings{EdwardsJT2004,
  author = 	 "Jonathan Edwards and Daniel Jackson and Emina Torlak",
  title = 	 "A type system for object models",
  crossref =     "FSE2004",
  pages =	 "189--199",
}


@InProceedings{AnconaDDZ2005,
  author = 	 "Davide Ancona and Ferruccio Damiani and Sophia Drossopoulou and Elena Zucca",
  title = 	 "Polymorphic bytecode: compositional compilation for {Java}-like languages",
  crossref =     "POPL2005",
  pages =	 "26--37",
}


@InProceedings{Reynolds90,
  author = 	 "John C. Reynolds",
  title = 	 "Introduction to Part {II}, Polymorphic Lambda Calculus",
  booktitle =	 "Logical Foundations of Functional Programming",
  pages =	 "77--86",
  year =	 1990,
  editor =	 "G{\'e}rard Huet",
  address =	 "Reading, Massachusetts",
  publisher =	 "Addison-Wesley"
}


@InProceedings{ChinM2006,
  author = 	 "Brian Chin and Todd Millstein",
  title = 	 "Responders: Language Support for Interactive Applications",
  crossref =     "ECOOP2006",
  pages = 	 "255--278",
}


@InProceedings{TorgersenEPH2005,
  author = 	 "Torgersen, Mads and Ernst, Erik and Plesner Hansen, Christian",
  title = 	 "Wild {FJ}",
  crossref =     "FOOL2005",
  NOpages = 	 "*",
  abstract = 	 "This paper presents a formalization of
                  wildcards, which is one of the new features of
                  the Java programming language in version
                  JDK5.0. Wildcards help alleviating the
                  impedance mismatch between generics, or
                  parametric polymorphism, and traditional
                  object-oriented subtype polymorphism. They do
                  this by quantifying over parameterized types
                  with different type arguments. Wildcards take
                  inspiration from several sources including
                  use-site variance, and they could be considered
                  as a way to introduce a syntactically
                  light-weight kind of existential types into a
                  main-stream language. This formalization
                  describes the mechanism, in particular the
                  wildcard capture process where the existential
                  nature of wildcards becomes evident.",
}


@Article{Igarashi:2001:FJM,
  author =       "Atsushi Igarashi and Benjamin C. Pierce and Philip
                 Wadler",
  title =        "Featherweight {Java}: a minimal core calculus for
                 {Java} and {GJ}",
  journal =      TOPLAS,
  volume =       "23",
  number =       "3",
  pages =        "396--450",
  month =        may,
  year =         "2001",
  CODEN =        "ATPSDT",
  ISSN =         "0164-0925",
  bibdate =      "Tue Feb 19 15:41:56 MST 2002",
  bibsource =    "http://www.acm.org/pubs/contents/journals/toplas/",
}


@InProceedings{BalabanTF2005,
  author = 	 "Ittai Balaban and Frank Tip and Robert Fuhrer",
  title = 	 "Refactoring support for class library migration",
  crossref =     "OOPSLA2005",
  pages = 	 "265--279",
}


@InProceedings{SteimannMM2006,
  author = 	 "Friedrich Steimann and Philip Mayer and Andreas Mei{\ss}ner",
  authorASCII = 	 "Friedrich Steimann and Philip Mayer and Andreas Meissner",
  authorASCII = 	 "Friedrich Steimann and Philip Mayer and Andreas Meißner",
  title = 	 "Decoupling classes with inferred interfaces",
  crossref =     "SAC2006",
  pages = 	 "1404--1408",
}


@PhdThesis{Xi1998,
  author = 	 "Hongwei Xi",
  title = 	 "Dependent Types in Practical Programming",
  school = 	 "Carnegie Mellon University",
  year = 	 1998,
  address = 	 "Pittsburgh, PA, USA",
  month = 	 dec,
}


@InProceedings{McKinna2006,
  author = 	 "James McKinna",
  title = 	 "Why dependent types matter",
  crossref =     "POPL2006",
  pages = 	 "1-1",
}


@Booklet{ECMA334-4th,
  key =          "ECMA 334",
  title = 	 "{ECMA} 334: C\# Language Specification, 4th edition",
  titleASCII = 	 "ECMA 334: C# Language Specification, 4th edition",
  howpublished = "ECMA International",
  month = 	 jun,
  year = 	 2006,
}


@Book{HejlsbergWG2003,
  author = 	 "Anders Hejlsberg and Scott Wiltamuth and Peter Golde",
  title = 	 "C\# Language Specification",
  publisher = 	 "Addison-Wesley Longman Publishing Co., Inc.",
  year = 	 2003,
  address = 	 "Boston, MA, USA",
}


@InProceedings{HuangZS2007:cJ,
  author = 	 "Shan Shan Huang and David Zook and Yannis Smaragdakis",
  title = 	 "{cJ}:  Enhancing {Java} with safe type conditions",
  crossref =     "AOSD2007",
  pages = 	 "185--198",
  abstract =
   "cJ is an extension of Java that allows supertypes, fields, and methods of a
    class or interface to be provided only under some static subtyping
    condition. For instance, a cJ generic class, C<P>, may provide a member
    method m only when the type provided for parameter P is a subtype of a
    specific type Q.
    \par
    From a practical standpoint, cJ adds to generic Java classes and interfaces
    the ability to express case-specific code. Unlike conditional compilation
    techniques (e.g., the C/C++ ``#ifdef'' construct) cJ is statically type safe
    and maintains the modular type-checking properties of Java generic classes:
    a cJ generic class can be checked independently of the code that uses
    it. Just like regular Java, checking a cJ class implies that all uses are
    safe, under the contract for type parameters specified in the class's
    signature.
    \par
    As a specific application, cJ addresses the well-known shortcomings of the
    Java Collections Framework (JCF). JCF data structures often throw run-time
    errors when an ``optional'' method is called upon an object that does not
    support it. Within the constraints of standard Java, the authors of the JCF
    had to either sacrifice static type safety or suffer a combinatorial
    explosion of the number of types involved. cJ avoids both problems,
    maintaining both static safety and conciseness.",
}


@InProceedings{HuangZS2007:Morphing,
  author = 	 "Shan Shan Huang and David Zook and Yannis Smaragdakis",
  title = 	 "Morphing:  Safely shaping a class in the image of others",
  crossref =     "ECOOP2007",
  pages = 	 "399--424",
  abstract =
   "We present MJ: a language for specifying general classes whose members are
    produced by iterating over members of other classes.  We call this
    technique ``class morphing'' or just ``morphing''. Morphing extends the
    notion of genericity so that not only types of methods and fields, but also
    the structure of a class can vary according to type variables. This offers
    the ability to express common programming patterns in a highly generic way
    that is otherwise not supported by conventional techniques. For instance,
    morphing lets us write generic proxies (i.e., classes that can be
    parameterized with another class and export the same public methods as that
    class); default implementations (e.g., a generic do-nothing type,
    configurable for any interface); semantic extensions (e.g., specialized
    behavior for methods that declare a certain annotation); and more. MJ's
    hallmark feature is that, despite its emphasis on generality, it allows
    modular type checking: an MJ class can be checked independently of its
    uses. Thus, the possibility of supplying a type parameter that will lead to
    invalid code is detected early---an invaluable feature for highly general
    components that will be statically instantiated by other programmers.",
}


@InProceedings{Wadler92,
  author = 	 "Philip Wadler",
  title = 	 "Comprehending monads",
  crossref =     "LFP92",
  pages = 	 "461--493",
}


@Misc{JSR133,
  author =       "William Pugh",
  title =        "{JSR} 133: \textsc{Java} Memory Model and Thread Specification Revision",
  howpublished = "\url{https://jcp.org/en/jsr/detail?id=133}",
  month =        sep # "~30,",
  year =         2004,
}


@Misc{Goetz2006:typedef,
  author = 	 "Brian Goetz",
  title = 	 "The pseudo-typedef antipattern: Extension is not type definition",
  howpublished = "\url{https://web.archive.org/web/20171025205847/https://www.ibm.com/developerworks/java/library/j-jtp02216/}",
  month = 	 feb # "~21,",
  year = 	 2006,
}


@Misc{Eiffel-ECMA367,
  key = 	 "Eiffel",
  OPTauthor = 	 "",
  title = 	 "Eiffel: Analysis, Design and Programming Language",
  howpublished = "Standard ECMA-367",
  month = 	 jun,
  year = 	 2006,
  note = 	 "2nd edition",
}


@Manual{Nice-users-manual,
  title = 	 "The {Nice} user's manual",
  OPTkey = 	 "",
  author = 	 "Daniel Bonniot and Bryn Keller and Francis Barber",
  OPTorganization = "",
  OPTaddress = 	 "",
  OPTedition = 	 "",
  OPTmonth = 	 "",
  year = 	 2003,
  note = 	 "\url{http://nice.sourceforge.net/}",
  OPTannote = 	 "",
}


@Book{OderskySV2008,
  author = 	 "Martin Odersky and Lex Spoon and Bill Venners",
  title = 	 "Programming in Scala:  A comprehensive step-by-step guide",
  publisher = 	 "Artima",
  year = 	 2008,
}


@InProceedings{CohenGM2005,
  author = 	 "Tal Cohen and Joseph (Yossi) Gil and Itay Maman",
  title = 	 "JTL: The {Java} tools language",
  crossref =     "OOPSLA2006",
  pages = 	 "89--108",
  abstract =
   "We present an overview of JTL (the Java Tools Language, pronounced
    ``Gee-tel''), a novel language for querying Java [8] programs. JTL was
    designed to serve the development of source code software tools for Java,
    and as a small language which to aid programming language extensions to
    Java. Applications include definition of pointcuts for aspect-oriented
    programming, fixing type constraints for generic programming, specification
    of encapsulation policies, definition of micro-patterns, etc. We argue that
    the JTL expression of each of these is systematic, concise, intuitive and
    general.
    \par
    JTL relies on a simply-typed relational database for program
    representation, rather than an abstract syntax tree. The underlying
    semantics of the language is restricted to queries formulated in First
    Order Predicate Logic augmented with transitive closure (FOPL*).
    \par
    Special effort was taken to ensure terse, yet readable expression of
    logical conditions. The JTL pattern \texttt{public abstract class}, for
    example, matches all abstract classes which are publicly accessible, while
    \texttt{class (public clone();)} matches all classes in which method clone
    is public. To this end, JTL relies on a Datalog-like syntax and semantics,
    enriched with quantifiers and pattern matching which all but entirely
    eliminate the need for recursive calls.
    \par
    JTL's query analyzer gives special attention to the fragility of the
    ``closed world assumption'' in examining Java software, and determines
    whether a query relies on such an assumption.
    \par
    The performance of the JTL interpreter is comparable to that of JQuery
    after it generated its database cache, and at least an order of magnitude
    faster when the cache has to be rebuilt.",
}


@Book{Copeland2005,
  author = 	 "Tom Copeland",
  title = 	 "PMD Applied",
  publisher = 	 "Centennial Books",
  year = 	 2005,
  month = 	 nov,
}


@TechReport{MitchellMS79,
  author = 	 "James G. Mitchell and William Maybury and Richard Sweet",
  title = 	 "The {Mesa} language manual",
  institution =  PARC,
  year = 	 1979,
  number = 	 "CSL-79-3",
  NEEDaddress = 	 "*",
  month = 	 apr,
}


@TechReport{Lampson83,
  author = 	 "Butler Lampson",
  title = 	 "A description of the {Cedar} language",
  institution =  PARC,
  year = 	 1983,
  number = 	 "CSL-83-15",
  NEEDaddress = 	 "*",
  month = 	 dec,
  abstract =
   "The Cedar language is a programming language derived from Mesa, which
   in turn is derived from Pascal. It is meant to be used for a wide
   variety of programming tasks, ranging from low level systems software to
   large applications. In addition to the sequential control constructs,
   static type checking and structured types of Pascal, and the modules,
   exception handling, and concurrency control constructs of Mesa, Cedar
   also has garbage collection, dynamic types, and a limited form of type
   parameterization.
   \par
   This report describes the Cedar language. Except for chapter 2, it is
   written strictly in the style of a reference manual, not a
   tutorial. Furthermore, it describes the entire language, including a
   number of obsolete constructs and historical accidents. Hence it tells
   much more than you probably want to know. A summary of the safe language
   and comments throughout the manual suggest which constructs should be
   preferred for new programs.",
}


@Manual{Haskell98,
  title = 	 "Haskell 98 Language and Libraries:  The revised report",
  author = 	 "Simon {Peyton Jones}",
  year = 	 2002,
  note = 	 "\url{http://haskell.org/onlinereport/}",
}

@InProceedings{Meijer2007,
  author = 	 "Meijer, Erik",
  title = 	 "Confessions of a used programming language salesman:  Getting the masses hooked on {Haskell}",
  crossref =     "OOPSLACompanion2007",
  pages = 	 "677--694",
  abstract =
   "For many years I had been fruitlessly trying to sell functional
   programming and Haskell to solve real world problems such as scripting
   and data-intensive three-tier distributed web applications. The lack of
   widespread adoption of Haskell is a real pity. Functional programming
   concepts are key to curing many of the headaches that plague the
   majority of programmers, who today are forced to use imperative
   languages. If the mountain won't come to Mohammed, Mohammed must go to
   the mountain, and so I left academia to join industry. Instead of trying
   to convince imperative programmers to forget everything they already
   know and learn something completely new, I decided to infuse existing
   imperative object-oriented programming languages with functional
   programming features. As a result, functional programming has finally
   reached the masses, except that it is called Visual Basic 9 instead of
   Haskell 98.",
}


@InProceedings{NystromSPG2008,
  author = 	 "Nystrom, Nathaniel and Saraswat, Vijay and Palsberg, Jens and Grothoff, Christian",
  title = 	 "Constrained types for object-oriented languages",
  crossref =     "OOPSLA2008",
  pages = 	 "457--474",
}


@InProceedings{OssherBSAATCDdVFK2010,
  author = {Harold {Ossher et al.}},
  REALauthor = {Ossher, Harold and Bellamy, Rachel and Simmonds, Ian and Amid, David and Anaby-Tavor, Ateret and Callery, Matthew and Desmond, Michael and de Vries, Jacqueline and Fisher, Amit and Krasikov, Sophia},
  title = {Flexible modeling tools for pre-requirements analysis: conceptual architecture and research challenges},
  crossref =     "Onward2010",
  pages = 	 "848--864",
  abstract =
   "A serious tool gap exists at the start of the software lifecycle, before
    requirements formulation. Pre-requirements analysts gather information,
    organize it to gain insight, envision possible futures, and present
    insights and recommendations to stakeholders. They typically use office
    tools, which give great freedom, but no help with consistency management,
    change propagation, or information migration to downstream tools. Despite
    these downsides, office tools are still favored over modeling tools, which
    are constraining and difficult to use. We introduce the notion of flexible
    modeling tools, which blend the advantages of office and modeling tools. We
    propose a conceptual architecture for such tools, and outline research
    challenges to be met in realizing them. We briefly describe the Business
    Insight Toolkit, a prototype tool embodying this architecture."
}


@InProceedings{SampsonDFGCG2011,
  author = 	 "Adrian Sampson and Werner Dietl and Emily Fortuna and Danushen Gnanapragasam and Luis Ceze and Dan Grossman",
  title = 	 "{EnerJ}: Approximate data types for safe and general low-power computation",
  crossref =     "PLDI2011",
  pages = 	 "164--174",
}


@misc{checker-framework-3.4.0,
    key = {Checker Framework},
    year = {2019},
    note = "version 3.4.0",
    howpublished = "\url{https://checkerframework.org/}"
}


@misc{checker-framework-3.42.0,
    key = {Checker Framework},
    year = {2019},
    note = "version 3.42.0",
    howpublished = "\url{https://checkerframework.org/}"
}


@misc{CheckerFrameworkManual2022,
  title={The {Checker Framework} Manual: {C}ustom pluggable types for {Java}.},
  author={{Checker Framework} developers},
  howpublished={\url{https://checkerframework.org/manual/}},
  year={2022},
  note={Accessed 21 November 2022},
}


@Manual{CheckerFrameworkManual2015,
  title = 	 "The Checker Framework Manual: Custom pluggable types for Java",
  key = 	 "Checker Framework",
  edition = 	 "Version 1.9.4",
  month = 	 aug,
  year = 	 2015,
}

@Manual{CheckerFrameworkManual-3.4.0,
  title = 	 "The Checker Framework Manual: Custom pluggable types for Java",
  key = 	 "Checker Framework",
  note = "version 3.4.0",
  howpublished =	 "\url{http://CheckerFramework.org/}"
}

@Manual{CheckerFrameworkManualNoYear,
  title = 	 "The Checker Framework Manual: Custom pluggable types for Java",
  key = 	 "Checker Framework",
  howpublished =	 "\url{http://CheckerFramework.org/}"
}


@Manual{CheckerFrameworkDataflowFrameworkManualNoYear,
  title = 	 "A Dataflow Framework for {Java}",
  key = 	 "Checker Framework",
  howpublished =	 "\url{https://checkerframework.org/manual/checker-framework-dataflow-manual.pdf}",
}


@Misc{JDK8UnsignedIntegerArithmetic2012,
  author =    "Joseph D. Darcy",
  title =     "Unsigned Integer Arithmetic {API} now in {JDK} 8",
  howpublished = "\url{https://blogs.oracle.com/darcy/entry/unsigned_api}",
  month =     jan,
  year =      2012,
}


@InProceedings{MolnarLW2009,
  author =       "Molnar, David and Li, Xue Cong and Wagner, David A.",
  title =        "Dynamic test generation to find integer bugs in x86 binary {Linux} programs",
  crossref =     "USENIXSec2009",
  pages =     "67-82"
}


@TechReport{MolnarW2007,
  author =       "David Alexander Molnar and David Wagner",
  title =        "Catchconv: Symbolic execution and run-time type inference for integer conversion errors",
  institution =  "EECS, UC Berkeley",
  year =         2007,
  number =    "UCB/EECS-2007-23",
  address =   "Berkeley, CA, USA",
  month =     feb,
}


@InProceedings{JimMHCW2002,
  author =       "Jim, Trevor and Morrisett, J. Greg and Grossman, Dan and Hicks, Michael W. and Cheney, James and Wang, Yanling",
  title =        "Cyclone: A safe dialect of {C}",
  crossref =  "USENIX2002",
  pages =     "275--288",
}


@InProceedings{Cousot1997,
  author =       "Cousot, Patrick",
  title =        "Types as abstract interpretations",
  crossref =  "POPL97",
  pages =     "316-331",
}


@InProceedings{SteinCSC2018,
  author    = "Benno Stein and Lazaro Clapp and Manu Sridharan and Bor{-}Yuh Evan Chang",
  title     = "Safe Stream-based Programming with Refinement Types",
  pages     = "565--576",
  crossref  = "ASE2018",
}


@article{Breitner:2018:RSV:3243631.3236784,
 author = {Breitner, Joachim and Spector-Zabusky, Antal and Li, Yao and Rizkallah, Christine and Wiegley, John and Weirich, Stephanie},
 title = {Ready, Set, Verify! Applying Hs-to-coq to Real-world Haskell Code (Experience Report)},
 journal = {Proc. ACM Program. Lang.},
 issue_date = {September 2018},
 volume = {2},
 number = {ICFP},
 month = jul,
 year = {2018},
 issn = {2475-1421},
 pages = {89:1--89:16},
 articleno = {89},
 numpages = {16},
 url = {https://doi.acm.org/10.1145/3236784},
 doi = {10.1145/3236784},
 acmid = {3236784},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {Coq, Haskell, verification},
}


@InProceedings{FluetP2005,
  author = 	 "Fluet, Matthew and Pucella, Riccardo",
  title = 	 "Practical datatype specializations with phantom types and recursion schemes",
  crossref =  "ML2005",
  pages = 	 "211-237",
}


@InProceedings{LuCCT2019,
  author = 	 "Lu, Tianhan and {\v{C}}ern{\'y}, Pavol and Chang, Bor-Yuh Evan and Trivedi, Ashutosh",
  title = 	 "Type-Directed Bounding of Collections in Reactive Programs",
  crossref =  "VMCAI2019",
  pages = 	 "275--296",
}


@InProceedings{dietrich_et_al:LIPIcs:2017:7259,
  author =	{Jens Dietrich and David J. Pearce and Kamil Jezek and Premek Brada},
  title =	{{Contracts in the Wild: A Study of Java Programs}},
  booktitle =	{31st European Conference on Object-Oriented Programming (ECOOP 2017)},
  pages =	{9:1--9:29},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-035-4},
  ISSN =	{1868-8969},
  year =	{2017},
  volume =	{74},
  editor =	{Peter M{\"u}ller},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2017/7259},
  URN =		{urn:nbn:de:0030-drops-72590},
  doi =		{10.4230/LIPIcs.ECOOP.2017.9},
  annote =	{Keywords: verification, design-by-contract, assertions, preconditions, postconditions, runtime checking, java, input validation}
}


% Unconfuse LaTeX mode: $

@InProceedings{TsushimaCS2021,
  author = 	 "Tsushima, Kanae and Chitil, Olaf and Sharrad, Joanna",
  title = 	 "Type Debugging with Counter-Factual Type Error Messages Using an Existing Type Checker",
  booktitle = "IFL '19: Proceedings of the 31st Symposium on Implementation and Application of Functional Languages",
  year = 	 2021,
  abstract = {The cause of a type error can be very difficult to find for the Hindley-Milner type system. Consequently many solutions have been proposed, but they are hardly used in practice. Here we propose a new solution that provides counter-factual type error messages; these messages state what types specific subexpressions in a program should have (in contrast to the types they actually have) to remove a type error. Such messages are easy-to-understand, because programers are already familiar with them. Furthermore, our solution is easy-to-implement, because it reuses an existing type checker as a subroutine. We transform an ill-typed program into a well-typed program with additional λ-bound variables. The types of these λ-bound variables yield actual and counter-factual type information. That type information plus intended types added as type annotations direct the search of the type debugger.},
}


@article{10.1145/3450952,
author = {Dunfield, Jana and Krishnaswami, Neel},
title = {Bidirectional Typing},
year = {2021},
issue_date = {June 2022},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {54},
number = {5},
issn = {0360-0300},
url = {https://doi.org/10.1145/3450952},
doi = {10.1145/3450952},
abstract = {Bidirectional typing combines two modes of typing: type checking, which checks that a program satisfies a known type, and type synthesis, which determines a type from the program. Using checking enables bidirectional typing to support features for which inference is undecidable; using synthesis enables bidirectional typing to avoid the large annotation burden of explicitly typed languages. In addition, bidirectional typing improves error locality. We highlight the design principles that underlie bidirectional type systems, survey the development of bidirectional typing from the prehistoric period before Pierce and Turner’s local type inference to the present day, and provide guidance for future investigations.},
journal = {ACM Comput. Surv.},
month = {may},
articleno = {98},
numpages = {38},
keywords = {type inference, Type checking}
}


@InProceedings{Wadler1989,
  author = 	 "Wadler, Philip",
  title = 	 "Theorems for Free!",
  crossref =  "FPCA89",
  pages = 	 "347-359",
}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% End
%%%


% LocalWords: mernst InProceedings PoratBKM Porat Biberstein Koved foo lcianu
% LocalWords: Bilba Mendelson NEEDpages booktitle CASCON addr fixpoint const int
% LocalWords: SkoglundW Skoglund Tobias Wrigstad jun writeable Heffter consts
% LocalWords: caseModeOf TechReport MuellerPoetzsch ller Poetzsch nter INTERCOL
% LocalWords: Fernuniversit KnieselT Kniesel Theisen JAC spe followon Kernighan
% LocalWords: readonly BoylandNR readimmutable readnothing JAC's Gomes NEEDmonth
% LocalWords: subtyping Stoutamire Vaysman Klawitter Sather Sather's authorASCII
% LocalWords: Zendra Colnet PechtchanskiS Pechtchanski Vivek Sarkar GJ bytecode
% LocalWords: JavaGrande immutableField deepImmutableField Boyland App Bytecodes
% LocalWords: immutableParam deepImmutableParam deepImmutableLocal SAS bytecodes
% LocalWords: Retert generalisation formalised Duggan PolyJava pexp al atomicity
% LocalWords: Classname ptype iclass MiniJava Hashtable addElement SSI DietlM
% LocalWords: setElementAt TVars WangS Tiejun Agesen's downcasts SSA scrollable
% LocalWords: GagnonHM Etienne Gagnon Hendren Guillaume stackless Ole genericity
% LocalWords: Jimple Tiuryn Agesen IgarashiPW Atsushi Igarashi Wadler Dietl pdf
% LocalWords: Bracha Odersky FGJ MitchellP Plotkin typeable TOPLAS doi bibname
% LocalWords: issn CartwrightS NextGen IgarashiV Mirko Viroli MyersBL FTFJP ADT
% LocalWords: Liskov PolyJ vonDincklageD von Dincklage Amer Diwan SCCs ChinMM
% LocalWords: Ilwith generified SCC TR addAll HashMap cardelli Luca gj pos neg
% LocalWords: Wegner dec Misc java treemap buildFromSorted misc url Yu nonnull
% LocalWords: howpublished jsr OLDhowpublished JavaSoft Microsystems NEEDvolume
% LocalWords: bracha gjspec Gilad YuKS Dachuan Syme GiffordJLS FX sep Markstrum
% LocalWords: Jouvelot Lucassen MITLCS MITaddr LucassenG JouvelotG tes Cqual YY
% LocalWords: TalpinJ Talpin LICS InCollection NiNi Olderog Steffen De ints oct
% LocalWords: behaviour OxhojPS Oxh Jens Palsberg Schwartzbach Oxhoj NEEDnumber
% LocalWords: PlevyakC Plevyak Chien PalsbergS OhoriB Ohori Buneman NN FlattKF
% LocalWords: EifrigST Eifrig Valery Trifonov Milner SalcianuR Rinard untainted
% LocalWords: Alexandru Salcianu multithreaded PPOPP ParkG PLDI Jong peerObject
% LocalWords: ChoiGSSM Deok Choi Manish Vugranam Sreedhar Midkiff pldi mixins
% LocalWords: Naftaly FosterFFA hndrich Tachio Terauchi aiken Kodumal LNCS ESOP
% LocalWords: FlanaganQ Cormac Shaz Qadeer cmpd unsafeties aug TreeMap Bornat
% LocalWords: http foobar barfoo barfoobar foobarfoo DeanGC inline CHA Calcagno
% LocalWords: BaconS RTA TipP XTA FahndrichL Fahndrich nullness vtable O'Hearn
% LocalWords: structs AssertInit KLOC AntoniuSKNF Antoniu Steckler Rai Boyapati
% LocalWords: Shriram Neuwirth Felleisen XeLda ValleeRaiHSLGC Vall MLj Beebee
% LocalWords: Vijay Sundaresan Phong OMITpublisher AikenW Wimmers FPCA Lindskov
% LocalWords: isbn McAdamKB DeSutterTD Bjorn Sutter SiffCBKR Siff FSE Cristiano
% LocalWords: Satish Kunchithapadam upcast upcasts bitfields PARC cmu SIGACT rb
% LocalWords: Tichy PrecheltT james edu Lutz Prechelt TSE apr Gannon OMITeditor
% LocalWords: typeless supersededby NNSSSS SSSS datatypes datatype ie ClarkD OO
% LocalWords: GannonH Horning Los TorgersenPHEvdABG Mads Torgersen der ClarkeW
% LocalWords: Plesner Gafter wildcards EdwardsJT Emina Torlak monomorphically
% LocalWords: typechecking decompilation DietlMueller ArrayStoreException Zucca
% LocalWords: typechecker SIGACTSIGPLAN Drossopoulou PhdThesis Davide DietlDM
% LocalWords: ClarkeNP ClarkePN AnconaDDZ Ancona Ferruccio Damiani jul eneric
% LocalWords: updateable ChinMMP Expr CQual browsable Mordani ElsmanFA niverse
% LocalWords: Elsman YYYY MandelbaumWH Yitzhak Mandelbaum ICFP DeLineF ypes RC
% LocalWords: effectful typestate DeLine ShankarTFW Umesh Shankar Kunal Mandana
% LocalWords: Talwar USENIXSec VolpanoS Volpano TAPSOFT PalsbergO Jqual Vaziri
% LocalWords: Orbaek GreenfieldboyceF BirkaE templated qual qthis nov consing
% LocalWords: qreturn Gizmoball PratikakisSH Polyvios Pratikakis Spacco deline
% LocalWords: nonproxy JohnsonW YelickSPMLKHGGCA Yelick Semenzato SPMD ChalinJ
% LocalWords: Miyamoto Liblit Krishnamurthy Hilfinger Colella Palo Blay Rioux
% LocalWords: bydefault Chalin nullability BrachaOSW CardelliW Potanin ENCS CSE
% LocalWords: PotaninNCB SpoonS FlanaganFKWF Weirich Reengineering Dery ESC JDT
% LocalWords: RapicaultBDD Rapicault Mireille Fornarino BibersteinGP GC NPEs Yi
% LocalWords: Metadata Rajiv cartesian phane Ducasse Stephane Chlo gdb JDT's io
% LocalWords: PolishchukLS Polishchuk Schulze untypable exif malloc Jif Nully
% LocalWords: placeholders MyersL SOSP JFlow AskarovS Aslan Askarov ois JastAdd
% LocalWords: Sabelfeld ESORICS Riemannian rgen HicksAM Kiyan ACSAC LiZ Engelen
% LocalWords: Ahmadizadeh JPmail DBLP VolpanoSI PottierSimonet Simonet nullable
% LocalWords: Caml APPSEMII Peng Zdancewic CSFW Flowarrows MorrisettWCG CANAPA
% LocalWords: Crary Glew TAL CPS MorrisettCGGSSWWZ TALx WCSSS JCSS rard Fulara
% LocalWords: FieldNotFoundException Huet ErwigB Erwig PADL SMcC Fong FindBugs
% LocalWords: classloader ChinM CLU Ittai Balaban Fuhrer SteimannMM Mei PPPJ rc
% LocalWords: Friedrich Steimann ner Meissner Hongwei McKinna ECMA CLR IntelliJ
% LocalWords: titleASCII HejlsbergWG Hejlsberg Wiltamuth Golde Cazzola Inferrer
% LocalWords: CazzolaCC Cisternino Markus Matthai Philipose Eggers PEPM Ekman
% LocalWords: EP TEPH WFJ FJ jan CODEN ATPSDT bibdate bibsource ack SEM Hedin
% LocalWords: nhfb BalabanTF citeable Longman Hartmann Amme Ronne WCET Cielecki
% LocalWords: Raimund Kirner Puschner Euromicro Palma Pini Massimo Linz Lund rn
% LocalWords: Eichberg Mezini Middleware Gschwind Mascolo HarmonK Shan Nijmegen
% LocalWords: Klefstad WPDRTS HuangZS Zook Yannis Smaragdakis cJ AOSD Jakubczyk
% LocalWords: ifdef JCF Resizeable ifdefs co DeleteOnly Morphing MJ typestates
% LocalWords: UnsupportedOperationException morphing ArgClass Jancewicz YuP Abi
% LocalWords: DietlDrossopoulouMueller Hovemeyer BoyapatiLR AndreaCGNVZ Andreae
% LocalWords: Coady Vitek Tian Zhao BoyapatiSBR BanerjeeN Anindya JavaD JavaCOP
% LocalWords: Banerjee Naumann AbiAntounA Marwan Antoun Aldrich CMUSCS NOpages
% LocalWords: VaziriTFD EnglerCHCC ISRI CMUaddr AliasJava IWACO annot MJ's LFP
% LocalWords: param arrayParam JavaCC HillClimber AndreaeNMM TorgersenEPH Goetz
% LocalWords: antipattern feb LernerFGC STL atsign ChalinJK Karabotsos Maciej
% LocalWords: CieleckiFJJ drzej Krzysztof ukasz Jedrzej Lukasz NonNull ArtziKGE
% LocalWords: HovemeyerSP nully MultiJava CZT JQual enum JNI greek CFL enums un
% LocalWords:  lang GuoPME applet Jacek Chrzaszcz Aleksy Kami Kaminski Torbj JN
% LocalWords:  Torbjorn rel Rewritable EkmanH Gorel LOC vol util NotNull Arnout
% LocalWords:  myField MastersThesis usesDaikon Engelen's arnouten bzzt INAPA
% LocalWords:  PossiblyNull JastAdd's init nowarn pragma annotatable fixups NPE
% LocalWords:  microbenchmarks deprioritize deprioritized CheckForNull MaleP NY
% LocalWords:  formalise mySet subpackages vars jbidwatcher ReadOnly Ahe aka CC
% LocalWords:  Ershov BESM Monocopy MarinovO Marinov O'Callahan OEP SpecJVM tre
% LocalWords:  ZendraC IWAOOS OMITvolume OMITseries Fateman Macsyma FilliatreC
% LocalWords:  Christophe Filli Sylvain Conchon Filliatre Ocaml Spitzen KaplanT
% LocalWords:  Acar Blelloch Deques Haim Tarjan Montoreano Nanokernel Artho Liu
% LocalWords:  Subsetting Cyrille BurdyP Burdy Mariela BCSL MillsteinJavaCOP Gr
% LocalWords:  NystromCM Nystrom Clarkson LiuM Milanova Guangyu Mahmut Kandemir
% LocalWords:  KirnerP BurdyHP BML aiT Marieke Huisman OOPSLA PFD Cronembold BP
% LocalWords:  HaackPSS Haack Sch codebases Darko hashtable SIGSAM memoization
% LocalWords:  Kaplan JAVACAM Greenfieldboyce JQual's Millstein subsumption gcc
% LocalWords:  Arvind JML's Rustan Leino SAVCBS chalin Echalin HovemeyerP Jlint
% LocalWords:  JLint filestamp ChecKer README MalePPD Dymnikov nonnullness ISP
% LocalWords:  javacc instanceof Spoto Fausto CousotC HubertJP Spoto's Cousot
% LocalWords:  Radhia Pichardie FMOODS Pichardie's BartheBCGHLPR Barthe goire
% LocalWords:  Lanet Requet FMCO javac MarkstrumMEM Esquivel CSD JavaChecker VM
% LocalWords:  TermWare monomorphic Krishnamurthi Birka ChongM Chong CSF AOP Tk
% LocalWords:  MyersSZ Declassificaiton SabelfeldS EichbergM pointcut FASE HOL
% LocalWords:  middleware HartmannAvRF ENTCS SafeTSA GrantMPCE coden Hindley UU
% LocalWords:  Fagan WrightAndr Henglein Tobin Hochstadt typecase discriminator
% LocalWords:  PLT Redex BRL FME Araki Gnesi Mandrioli PSurl gpt csfw D'Argenio
% LocalWords:  Rezk cardis Applets gmg sefm acc Julien FTfJP BBCGHLPR pdfurl Qi
% LocalWords:  KondohO Goh Kondoh Tamiya Onodera NeculaMRW Necula McPeak Rahul
% LocalWords:  Westley Weimer CIL OCaml multi CACM Fortran McGraw Goto hashCode
% LocalWords:  Genaim Proc Paphos intuitionistic instantiable FahndrichX Xia
% LocalWords:  Songtao globals Torbjörn Görel inferencing inferencer whitespace
% LocalWords:  inferrer inferrers Catenation implementors substrings schemas
% LocalWords:  hubert ByteCode CNRS NandaS Mangala Gowri Nanda Saurabh Sinha
% LocalWords:  FreundM Freund IGNOREnote RDL typecheck nondeterministically UML
% LocalWords:  abelian uncapitalized Nielson Verlag Subgoal Jørgen BoylandRZ
% LocalWords:  OstlundWC stlund Ostlund TOOLSEurope VikekB Bokowski CameronDE
% LocalWords:  ClarkeD CameronDNS CameronD inproceedings OMITnote MullerA VSTTE
% LocalWords:  OMITorganization MullerR Rudich Arsenii LeinoMW Wallenburg geli
% LocalWords:  Nageli authorACSII ETHZ ETHZaddr TOOLSPacific WrigstadC tuples
% LocalWords:  Morrisett JIT liveness parallelize subcomputation expressibility
% LocalWords:  abstract's logics Bierhoff Boyland's hasNext BufferedInputStream
% LocalWords:  Beckman BierhoffA MeijerD Meijer Drayton boolean BrachaG Ortín
% LocalWords:  Strongtalk Bracha's Soler Baltasar García Schofield Gijón Ortin
% LocalWords:  OrtinZPSG Zapico Shofield IET StaDyn invokedynamic CodeDom DLR
% LocalWords:  namespace José Redondo ICSOFT Ousterhout Tcl Haldiman Niklaus
% LocalWords:  Denker Nierstrasz HaackP OLDdownloads opensource TypePlug CCured
% LocalWords:  CartwrightF uncurried AnconaLZ Lagorio ICTCS NEEDaddress Hage
% LocalWords:  KiezunETF CamphuijsenHH Camphuijsen Jurriaan Holdermans urlpdf
% LocalWords:  OMITaddress LagorioZ Nystr Olof Erlang Aycock Xin FosterJKA LPAR
% LocalWords:  ChalinJR overclaim MeyerKS Kogtenkov Stapf LazyNonNull julia
% LocalWords:  EiffelBase EiffelVision Analyser SpotoMP Mesnard Payet tienne
% LocalWords:  PayetS CADE lookups classcast onCreate OpenSudoku AlbertAGPZ
% LocalWords:  Zanardini authorNOTE KleinN Gerwin Nipkow IEEETC GilS Yossi
% LocalWords:  Shragai GreenfieldboyceF2007 PoratBKM2000 CASCON2000 JSR163
%  LocalWords:  CASCON2000addr CASCON2000date followup BibersteinGP01 PFD2
%  LocalWords:  ECOOP2001 ECOOP2001addr ECOOP2001date SkoglundW2001 JSR175
%  LocalWords:  FTFJP2001 FTFJP2001addr FTFJP2001date Heffter01a ECOOP2007
%  LocalWords:  DietlM2005 DietlDM2007 ECOOP2007addr ECOOP2007date JSR198
%  LocalWords:  DietlDrossopoulouMueller07a KnieselT2001 BoylandNR2001 id1
%  LocalWords:  PechtchanskiS2002 JavaGrande2002 JavaGrande2002addr JSR199
%  LocalWords:  JavaGrande2002date Boyland2005 FTFJP2005 FTFJP2005addr id2
%  LocalWords:  FTFJP2005date JSR250 JSR269 JSR305 HaackPSS2007 ESOP2007
%  LocalWords:  ESOP2007addr ESOP2007date HaackP2009 ECOOP2009 gmail Ocaml
%  LocalWords:  ECOOP2009addr ECOOP2009date Grundlefleck assertImmutable
%  LocalWords:  MyClass Ershov58 Allen78 Goto74 VaziriTFD2007 RC24196 E1
%  LocalWords:  MarinovO2003 OOPSLA2003 OOPSLA2003addr OOPSLA2003date rc1
%  LocalWords:  ZendraC99 IWAOOS99 IWAOOS99addr IWAOOS99date ML2006 PLDI99
%  LocalWords:  FilliatreC2006 ML2006addr ML2006date KaplanT99 FTfJP'08 nd
%  LocalWords:  FosterFFA99 PLDI99addr PLDI99date FosterJKA2006 PLDI02 FBC
%  LocalWords:  PLDI2002 PLDI2002addr PLDI2002date ElsmanFA99 OOPSLA2007
%  LocalWords:  OOPSLA2007addr OOPSLA2007date GuoPME2006 BirkaE2004 SAS95
%  LocalWords:  GreenfieldboyceF2005 ChinMM2005 PLDI2005 PLDI2005addr ric
%  LocalWords:  PLDI2005date ChinMMP2006 ESOP2006 ESOP2006addr ICFP2003 B1
%  LocalWords:  ESOP2006date MandelbaumWH2003 ICFP2003addr ICFP2003date B2
%  LocalWords:  deline04typestates ECOOP2004 ECOOP2004addr ECOOP2004date
%  LocalWords:  DeLineF2001 PLDI2001 PLDI2001addr PLDI2001date VolpanoS97
%  LocalWords:  ShankarTFW2001 USENIXSec2001 USENIXSec2001addr TAPSOFT97
%  LocalWords:  USENIXSec2001date TAPSOFT97addr TAPSOFT97date PalsbergO95
%  LocalWords:  SAS95addr SAS95date PratikakisSH2004 OOPSLA2004 Java2 JML4
%  LocalWords:  OOPSLA2004addr OOPSLA2004date JohnsonW2004 USENIXSec2004
%  LocalWords:  USENIXSec2004addr USENIXSec2004date YelickSPMLKHGGCA1998
%  LocalWords:  EnglerCHCC01 FahndrichL2003 FähndrichLeino03 Fähndrich ISR
%  LocalWords:  IWACO'03 ConnectionOpen ConnectionClosed FahndrichX2007 C1
%  LocalWords:  SummersM2011 OOPSLA2011 OOPSLA2011date OOPSLA2011addr JML3
%  LocalWords:  ChalinJ2006 ChalinR2005 SAVCBS2005 NoPageNumbers JML5 C2
%  LocalWords:  SAVCBS2005date SAVCBS2005addr ChalinJ2007 ChalinJR2008 B3
%  LocalWords:  ChalinJK2007 CieleckiFJJ2006 PPPJ2006 PPPJ2006addr CC2008
%  LocalWords:  PPPJ2006date Engelen2006 Ekman2006 EkmanH2007 FindBugs's
%  LocalWords:  HovemeyerP2004 OOPSLA2004companion HovemeyerP2007 SEFM2008
%  LocalWords:  OOPSLA2007companion HovemeyerSP206 HovemeyerSP2005 Ocaml
%  LocalWords:  PASTE2005 PASTE2005addr PASTE2005date PASTE2007 Artho2001
%  LocalWords:  PASTE2007addr PASTE2007date MaleP2007 MalePPD2008 hubert09
%  LocalWords:  CC2008addr CC2008date Spoto2008 SEFM2008addr SEFM2008date
%  LocalWords:  CousotC1976 HubertJP2007's CousotC76 HubertJP2008 ICSE2009
%  LocalWords:  FMOODS2008 FMOODS2008addr FMOODS2008date HubertJP2007 C3
%  LocalWords:  ByteCode'09 Difficult' NandaS2009 ICSE2009addr FreundM1999
%  LocalWords:  ICSE2009date MeyerKS2010 Hoare Meyer2005 ECOOP2005 Spoto10
%  LocalWords:  ECOOP2005date ECOOP2005addr LPAR2010 LPAR2010addr PayetS07
%  LocalWords:  LPAR2010date SpotoMP09 SAS2007 SAS2007addr SAS2007date A2
%  LocalWords:  PayetS2011 CADE2011 CADE2011addr CADE2011date Dalvik Bra03
%  LocalWords:  AlbertAGPZ07 KleinN06 Bryant86 GilS2009 destructors Bra04
%  LocalWords:  getClass Bracha2004 RDL2004 RDL2004date Fong2004 SAC2006
%  LocalWords:  BurdyP2006 SAC2006addr SAC2006date BartheBCGHLPR2006 A3 de
%  LocalWords:  FMCO2006 FMCO2006addr FMCO2006date AndreaeNMM2006 javac's
%  LocalWords:  OOPSLA2006 OOPSLA2006addr OOPSLA2006date MarkstrumMEM2008
%  LocalWords:  MarkstrumMEMAN2010 NystromCM2003 CC2003 CC2003addr WangS01
%  LocalWords:  CC2003date Halloran BrachaOSW98 OOPSLA98 OOPSLA98addr Oege
%  LocalWords:  OOPSLA98date Duggan99 OOPSLA99 OOPSLA99addr OOPSLA99date
%  LocalWords:  GagnonHM2000 SAS2000addr SAS2000date Agesen95 ECOOP95 Fadi
%  LocalWords:  ECOOP95addr ECOOP95date IgarashiPW01 FOOL2001 FOOL2001addr
%  LocalWords:  FOOL2001date FlattKF98 POPL98 POPL98addr POPL98date POPL97
%  LocalWords:  MitchellP88 CartwrightS98 IgarashiV2002 ECOOP2002 jsr14
%  LocalWords:  ECOOP2002addr ECOOP2002date MyersBL97 POPL97addr JSR014
%  LocalWords:  POPL97date vonDincklageD2004 CardelliW85 bracha98gjspec
%  LocalWords:  cardelli85understanding YuKS2004 POPL2004 POPL2004addr jif
%  LocalWords:  POPL2004date PotaninNCB2006 GiffordJLS87 LucassenG88 Pizlo
%  LocalWords:  POPL88 POPL88addr POPL88date JouvelotG91 POPL91 POPL91addr
%  LocalWords:  POPL91date TalpinJ92 LICS92 LICS92addr LICS92date ECOOP92
%  LocalWords:  NiNi99tes OxhojPS92 ECOOP92addr ECOOP92date PlevyakC94 SIF
%  LocalWords:  OOPSLA94 OOPSLA94addr OOPSLA94date PalsbergS91 OOPSLA91
%  LocalWords:  OOPSLA91addr OOPSLA91date OhoriB89 OOPSLA89 OOPSLA89addr
%  LocalWords:  OOPSLA89date EifrigST95 OOPSLA95 OOPSLA95addr OOPSLA95date
%  LocalWords:  SpoonS2004 FlanaganFKWF96 PLDI96 PLDI96addr PLDI96date loc
%  LocalWords:  RapicaultBDD98 ECOOP98addr ECOOP98date PolishchukLS2007
%  LocalWords:  POPL2007 POPL2007addr POPL2007date schedule2 LiuM2007 CRFs
%  LocalWords:  ICSE2007 ICSE2007addr ICSE2007date Avgustinov Sereni Plsek
%  LocalWords:  WrigstadPMZV2009 Meawad TangPJ2010 JTRES2010 JTRES2010date
%  LocalWords:  JTRES2010addr RaychevVK2015 Raychev Veselin Vechev JSNice
%  LocalWords:  POPL2015 POPL2015date POPL2015addr gzip Ocaml OOPSLA'04
%  LocalWords:  OOPSLA'01 ECOOP'01 ClarkD2002 OOPSLA2002 OOPSLA2002addr
%  LocalWords:  OOPSLA2002date Clark2001 ClarkeW2003 FOOL2003 FOOL2003date
%  LocalWords:  FOOL2003addr ECOOP2003 ECOOP2003addr ECOOP2003date YuP2006
%  LocalWords:  ClarkeNP2001 ClarkePN98 POPL2006 POPL2006addr POPL2006date
%  LocalWords:  Boyland2003 SAS2003 SAS2003addr SAS2003date ZhaoB2009 Yoav
%  LocalWords:  ASWEC2009 ASWEC2009date ASWEC2009addr BoylandRZ2009 param1
%  LocalWords:  IWACO2009 IWACO2009addr IWACO2009date BoyapatiLR2002 Zibin
%  LocalWords:  AndreaCGNVZ2006 ECOOP2006 ECOOP2006addr ECOOP2006date OIGJ
%  LocalWords:  BoyapatiSBR2003 PLDI2003 PLDI2003addr PLDI2003date param2
%  LocalWords:  BanerjeeN2002 POPL2002 POPL2002addr POPL2002date IWACO2007
%  LocalWords:  AbiAntounA2006 AbiAntounA2007 OOPSLA2006companion VikekB99
%  LocalWords:  arrayParam1 arrayParam2 IWACO2007addr IWACO2007date SOSP97
%  LocalWords:  OstlundWC2008 TOOLSEurope2008 TOOLSEurope2008addr ESOP2009
%  LocalWords:  TOOLSEurope2008date CameronDE2008 ECOOP2008 ECOOP2008addr
%  LocalWords:  ECOOP2008date ClarkeD2002 CameronDNS2007 CameronD2009 BP05
%  LocalWords:  ESOP2009addr ESOP2009date Heffter99a MullerA2007 VSTTE2008
%  LocalWords:  MullerR2007 LeinoMW2008 VSTTE2008addr VSTTE2008date POPL99
%  LocalWords:  Nageli2006 Noble2000 TOOLSPacific2000 TOOLSPacific2000addr
%  LocalWords:  TOOLSPacific2000date Wrigstad2006 WrigstadC2007 MyersL97
%  LocalWords:  SOSP97addr SOSP97date Myers99 POPL99addr POPL99date Zheng
%  LocalWords:  Lantian AskarovS2005 ESORICS2005 ESORICS2005addr ACSAC2006
%  LocalWords:  ESORICS2005date ChongVM2007 USENIXSec2007 HicksAM2006 Nori
%  LocalWords:  USENIXSec2007date USENIXSec2007addr ACSAC2006addr LiZ2006
%  LocalWords:  ACSAC2006date VolpanoSI96 PottierSimonet2002 Simonet2003
%  LocalWords:  APPSEMII2003 APPSEMII2003addr APPSEMII2003date CSFW2006
%  LocalWords:  CSFW2006addr CSFW2006date ChongM2008 CSF2008 CSF2008addr
%  LocalWords:  CSF2008date MyersSZ2004 CSFW2004 CSFW2004addr CSFW2004date
%  LocalWords:  SabelfeldS2005 CSFW2005 CSFW2005addr CSFW2005date SOSP2001
%  LocalWords:  ZdancewicZNM2001 SOSP2001date SOSP2001addr Myers's TALx86
%  LocalWords:  MilanovaH2013 FTfJP2013 FTfJP2013date FTfJP2013addr Kbytes
%  LocalWords:  MorrisettWCG99 MorrisettCGGSSWWZ99 WCSSS99 WCSSS99addr cdr
%  LocalWords:  WCSSS99date ChenK2005 CASES2005 CASES2005date SAC2005 Anek
%  LocalWords:  CASES2005addr CazzolaCC2005 SAC2005addr SAC2005date SAC'05
%  LocalWords:  HarmonK2007 Pechtchanski2003 KirnerP2005 WCET2005 SEM04
%  LocalWords:  WCET2005addr WCET2005date EichbergM2004 Eichberg2005 gpt04
%  LocalWords:  BurdyHP2007 FASE2007 FASE2007addr FASE2007date GrantMPCE97
%  LocalWords:  HartmannAvRF2003 PEPM97 PEPM97addr PEPM97date Henglein91
%  LocalWords:  CARDIS2004 gmg05 Charles06 FTfJP2006 BBCGHLPR07 ISSTA2008
%  LocalWords:  KondohO2008 ISSTA2008addr ISSTA2008date Aditya worklist
%  LocalWords:  Bierhoff's Anek's MeijerD2005 BrachaG1993 OOPSLA93 PROLE
%  LocalWords:  OOPSLA93addr OOPSLA93date STOP2009proceedings STOP2009 Jos
%  LocalWords:  STOP2009addr STOP2009date OrtinZPSG2010 reconstructive
%  LocalWords:  Porto Comput Syst Struct TobinHochstadtF2010 ICFP2010 arg1
%  LocalWords:  ICFP2010addr ICFP2010date MartinPLB2010 Jinna DuctileScala
%  LocalWords:  VytiniotisPJM2012 Vytiniotis Dimitrios Magalh Magalhaes
%  LocalWords:  ICFP2012 ICFP2012date ICFP2012addr arg2 PLDI91 PLDI91addr
%  LocalWords:  CartwrightF91 PLDI91date WrightAndr1994a R4RS intra
% LocalWords:  crossref Hagen