We present a new type system and associated type checker, analysis, and model extraction algorithms for automatically extracting models that capture aspects of a program's design. Our type system enables the developer to place a token on each object; this token serves as the object's representative during the analysis and model extraction. The polymorphism in our type system enables the use of general-purpose classes whose instances may serve different purposes in the computation; programmers may also hide the details of internal data structures by placing the same token on all of the objects in these data structures.

Our combined type system and analysis provide the model extraction algorithms with sound heap aliasing information. Our algorithms can therefore extract both structural models that characterize object referencing relationships and behavioral models that capture indirect interactions mediated by objects in the heap. Previous approaches, in contrast, limited by an absence of aliasing information, have focused on control-flow interactions that take place at procedure call boundaries. We have implemented our type checker, analysis, and model extraction algorithms and used them to automatically extract design models. Our experience indicates that it is straightforward to produce the token annotations and that the extracted models provide useful insight into the structure and behavior of the program.