Nothing Special   »   [go: up one dir, main page]

skip to main content
research-article

Rely-guarantee references for refinement types over aliased mutable data

Published: 16 June 2013 Publication History

Abstract

Reasoning about side effects and aliasing is the heart of verifying imperative programs. Unrestricted side effects through one reference can invalidate assumptions about an alias. We present a new type system approach to reasoning about safe assumptions in the presence of aliasing and side effects, unifying ideas from reference immutability type systems and rely-guarantee program logics. Our approach, rely-guarantee references, treats multiple references to shared objects similarly to multiple threads in rely-guarantee program logics. We propose statically associating rely and guarantee conditions with individual references to shared objects. Multiple aliases to a given object may coexist only if the guarantee condition of each alias implies the rely condition for all other aliases. We demonstrate that existing reference immutability type systems are special cases of rely-guarantee references.
In addition to allowing precise control over state modification, rely-guarantee references allow types to depend on mutable data while still permitting flexible aliasing. Dependent types whose denotation is stable over the actions of the rely and guarantee conditions for a reference and its data will not be invalidated by any action through any alias. We demonstrate this with refinement (subset) types that may depend on mutable data. As a special case, we derive the first reference immutability type system with dependent types over immutable data.
We show soundness for our approach and describe experience using rely-guarantee references in a dependently-typed monadic DSL in Coq.

References

[1]
L. Augustsson. Cayenne -- A Language with Dependent Types. In ICFP, 1998.
[2]
H. Barendregt. Lambda Calculi with Types. 1991.
[3]
M. Barnett, M. Fähndrich, K. R. M. Leino, P. Müller, W. Schulte, and H. Venter. Specification and Verification: The Spec# Experience. Commun. ACM, 54 (6): 81--91, June 2011.
[4]
Y. Bertot and P. Castéran. Interactive Theorem Proving and Program Development; Coq'Art: The Calculus of Inductive Constructions. Springer Verlag, 2004.
[5]
K. Bierhoff and J. Aldrich. Modular Typestate Checking of Aliased Objects. In OOPSLA, 2007.
[6]
R. L. Bocchino, Jr., V. S. Adve, D. Dig, S. V. Adve, S. Heumann, R. Komuravelli, J. Overbey, P. Simmons, H. Sung, and M. Vakilian. A Type and Effect System for Deterministic Parallel Java. In OOPSLA, 2009.
[7]
R. Bornat, C. Calcagno, P. O'Hearn, and M. Parkinson. Permission Accounting in Separation Logic. In POPL, 2005.
[8]
V. Capretta. A Polymorphic Representation of Induction-Recursion. Retrieved 9/12/12. URL: http://www.cs.ru.nl/venanzio/publications/induction_recursion.pdf, March 2004.
[9]
C. Chen and H. Xi. Combining Programming with Theorem Proving. In ICFP, 2005.
[10]
A. Chlipala. Certified Programming with Dependent Types. http://adam.chlipala.net/cpdt/.
[11]
A. Chlipala, G. Malecha, G. Morrisett, A. Shinnar, and R. Wisnesky. Effective Interactive Proofs for Higher-order Imperative Programs. In ICFP, 2009.
[12]
Coq Development Team. Thecoq Proof Assistant Reference Manual: Version 8.4, 2012.
[13]
T. Coquand and G. Huet. The Calculus of Constructions. Information and Computation, 76, 1988.
[14]
W. Dietl, S. Drossopoulou, and P. Müller. Generic Universe Types. In phECOOP, 2007.
[15]
T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent Abstract Predicates. In ECOOP, 2010.
[16]
M. Dodds, X. Feng, M. Parkinson, and V. Vafeiadis. Deny-Guarantee Reasoning. In ESOP. 2009.
[17]
P. Dybjer. Inductive Families. Formal Aspects of Computing, 6: 440--465, 1994.
[18]
X. Feng. Local Rely-Guarantee Reasoning. In POPL, 2009.
[19]
C. Flanagan and M. Abadi. Types for Safe Locking. In ESOP, 1999.
[20]
C. Flanagan and S. N. Freund. Type-Based Race Detection for Java. In PLDI, 2000.
[21]
T. Freeman and F. Pfenning. Refinement types for ml. In PLDI, 1991.
[22]
C. S. Gordon, M. J. Parkinson, J. Parsons, A. Bromfield, and J. Duffy. Uniqueness and Reference Immutability for Safe Parallelism. In OOPSLA, 2012.
[23]
C. S. Gordon, M. D. Ernst, and D. Grossman. Rely-Guarantee References for Refinement Types Over Aliased Mutable Data (Extended Version). Technical Report UW-CSE-13-03-02, University of Washington, March 2013.
[24]
C. A. R. Hoare. An Axiomatic Basis for Computer Programming. Commun. ACM, 12 (10): 576--580, Oct. 1969.
[25]
M. Hofmann. Syntax and Semantics of Dependent Types, in Semantics and Logics of Computation, chapter 3. 1997.
[26]
J. B. Jensen and L. Birkedal. Fictional Separation Logic. In ESOP, 2012.
[27]
C. B. Jones. Tentative Steps Toward a Development Method for Interfering Programs. ACM TOPLAS, 5 (4): 596--619, Oct. 1983.
[28]
K. R. Leino and P. Müller. A Basis for Verifying Multi-threaded Programs. In ESOP, 2009.
[29]
F. Militao, J. Aldrich, and L. Caires. Aliasing Control with View-based Typestate. In FTfJP, 2010.
[30]
F. Militao, J. Aldrich, and L. Caires. Rely-Guarantee View Typestate. Retrieved 8/24/12, July 2012. URL http://www.cs.cmu.edu/ foliveir/papers/rgviews.pdf.
[31]
K. Naden, R. Bocchino, J. Aldrich, and K. Bierhoff. A Type System for Borrowing Permissions. In POPL, 2012.
[32]
A. Nanevski, G. Morrisett, and L. Birkedal. Polymorphism and Separation in Hoare Type Theory. In ICFP, 2006.
[33]
A. Nanevski, A. Ahmed, G. Morrisett, and L. Birkedal. Abstract Predicates and Mutable ADTs in Hoare Type Theory. In ESOP. 2007.
[34]
A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. Ynot: Dependent Types for Imperative Programs. In ICFP, 2008.
[35]
L. Nistor and J. Aldrich. Verifying Object-Oriented Code Using Object Propositions. In IWACO, 2011.
[36]
N. Nystrom, V. Saraswat, J. Palsberg, and C. Grothoff. Constrained Types for Object-Oriented Languages. In OOPSLA, 2008.
[37]
S. Owicki and D. Gries. An Axiomatic Proof Technique for Parallel Programs I. Acta Informatica, pages 319--340, 1976.
[38]
M. Parkinson and G. Bierman. Separation Logic and Abstraction. In POPL, 2005.
[39]
C. Paulin-Mohring. Inductive Definitions in the System Coq: Rules and Properties. In Typed Lambda Calculi and Applications, 1993.
[40]
A. Pilkiewicz and F. Pottier. The Essence of Monotonic State. In TLDI, 2011.
[41]
P. M. Rondon, M. Kawaguchi, and R. Jhala. Low-Level Liquid Types. In POPL, 2010.
[42]
M. Sozeau. Program-ing Finger Trees in Coq. In ICFP, 2007.
[43]
N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. Secure Distributed Programming with Value-dependent Types. In ICFP, 2011.
[44]
M. S. Tschantz and M. D. Ernst. Javari: Adding Reference Immutability to Java. In OOPSLA, 2005.
[45]
V. Vafeiadis and M. Parkinson. A Marriage of Rely/Guarantee and Separation Logic. In CONCUR. 2007.
[46]
J. Wickerson, M. Dodds, and M. Parkinson. Explicit Stabilisation for Modular Rely-Guarantee Reasoning. In ESOP, 2010.
[47]
H. Xi and F. Pfenning. Dependent Types in Practical Programming. In POPL, 1999.
[48]
H. Xi, C. Chen, and G. Chen. Guarded Recursive Datatype Constructors. In POPL, 2003.
[49]
Y. Zibin, A. Potanin, M. Ali, S. Artzi, A. Kiezun, and M. D. Ernst. Object and Reference Immutability Using Java Generics. In ESEC-FSE, 2007.
[50]
Y. Zibin, A. Potanin, P. Li, M. Ali, and M. D. Ernst. Ownership and Immutability in Generic Java. In OOPSLA, 2010.

Cited By

View all
  • (2022)Compositional noninterference on hardware weak memory modelsScience of Computer Programming10.1016/j.scico.2022.102779(102779)Online publication date: Feb-2022
  • (2021)A type system for extracting functional specifications from memory-safe imperative programsProceedings of the ACM on Programming Languages10.1145/34855125:OOPSLA(1-29)Online publication date: 20-Oct-2021
  • (2021)Reasoning about monotonicity in separation logicProceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3437992.3439931(91-104)Online publication date: 17-Jan-2021
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices
ACM SIGPLAN Notices  Volume 48, Issue 6
PLDI '13
June 2013
515 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2499370
Issue’s Table of Contents
  • cover image ACM Conferences
    PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation
    June 2013
    546 pages
    ISBN:9781450320146
    DOI:10.1145/2491956
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 June 2013
Published in SIGPLAN Volume 48, Issue 6

Check for updates

Author Tags

  1. reference immutability
  2. refinement types
  3. rely-guarantee

Qualifiers

  • Research-article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)9
  • Downloads (Last 6 weeks)2
Reflects downloads up to 09 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2022)Compositional noninterference on hardware weak memory modelsScience of Computer Programming10.1016/j.scico.2022.102779(102779)Online publication date: Feb-2022
  • (2021)A type system for extracting functional specifications from memory-safe imperative programsProceedings of the ACM on Programming Languages10.1145/34855125:OOPSLA(1-29)Online publication date: 20-Oct-2021
  • (2021)Reasoning about monotonicity in separation logicProceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3437992.3439931(91-104)Online publication date: 17-Jan-2021
  • (2022)Specification and verification of a transient stackProceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3497775.3503677(82-99)Online publication date: 17-Jan-2022
  • (2022)Compositional noninterference on hardware weak memory modelsScience of Computer Programming10.1016/j.scico.2022.102779217:COnline publication date: 1-May-2022
  • (2021)A type system for extracting functional specifications from memory-safe imperative programsProceedings of the ACM on Programming Languages10.1145/34855125:OOPSLA(1-29)Online publication date: 15-Oct-2021
  • (2021)Reasoning about monotonicity in separation logicProceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3437992.3439931(91-104)Online publication date: 17-Jan-2021
  • (2020)SteelCore: an extensible concurrent separation logic for effectful dependently typed programsProceedings of the ACM on Programming Languages10.1145/34090034:ICFP(1-30)Online publication date: 3-Aug-2020
  • (2020)Predictable accelerator design with time-sensitive affine typesProceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3385412.3385974(393-407)Online publication date: 11-Jun-2020
  • (2020)Rely/Guarantee Reasoning for Noninterference in Non-Blocking Algorithms2020 IEEE 33rd Computer Security Foundations Symposium (CSF)10.1109/CSF49147.2020.00034(380-394)Online publication date: Jun-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media