Abstract
In object-oriented programming, unique permissions to object references are useful for checking correctness properties such as consistency of typestate and noninterference of concurrency. To be usable, unique permissions must be borrowed --- for example, one must be able to read a unique reference out of a field, use it for something, and put it back. While one can null out the field and later reassign it, this paradigm is ungainly and requires unnecessary writes, potentially hurting cache performance. Therefore, in practice borrowing must occur in the type system, without requiring memory updates. Previous systems support borrowing with external alias analysis and/or explicit programmer management of fractional permissions. While these approaches are powerful, they are also awkward and difficult for programmers to understand. We present an integrated language and type system with unique, immutable, and shared permissions, together with new local permissions that say that a reference may not be stored to the heap. Our system also includes change permissions such as unique>>unique and unique>>none that describe how permissions flow in and out of method formal parameters. Together, these features support common patterns of borrowing, including borrowing multiple local permissions from a unique reference and recovering the unique reference when the local permissions go out of scope, without any explicit management of fractions in the source language. All accounting of fractional permissions is done by the type system "under the hood." We present the syntax and static and dynamic semantics of a formal core language and state soundness results. We also illustrate the utility and practicality of our design by using it to express several realistic examples.
Supplemental Material
- J. Aldrich, V. Kostadinov, and C. Chambers. Alias Annotations for Program Understanding. In OOPSLA, 2002. Google Scholar
Digital Library
- K. Bierhoff. Automated program verification made SYMPLAR: SYMbolic Permissions for Lightweight Automated Reasoning. In Onward!, 2011. Google Scholar
Digital Library
- K. Bierhoff and J. Aldrich. Modular typestate checking of aliased objects. In OOPSLA, 2007. Google Scholar
Digital Library
- K. Bierhoff, N. E. Beckman, and J. Aldrich. Practical API protocol checking with access permissions. In OOPSLA, 2009. Google Scholar
Digital Library
- B. Bokowski and J. Vitek. Confined types. In OOPSLA, 1999. Google Scholar
Digital Library
- C. Boyapati, R. Lee, and M. Rinard. Ownership types for safe programming: preventing data races and deadlocks. In OOPSLA, 2002. Google Scholar
Digital Library
- J. Boyland. Alias Burying: Unique Variables without Destructive Reads. Software Practice and Experience, 6 (31): 533--553, 2001. Google Scholar
Digital Library
- J. Boyland. Checking interference with fractional permissions. In Static Analysis Symposium, 2003. Google Scholar
Digital Library
- J. Boyland, J. Noble, and W. Retert. Capabilities for sharing: A generalisation of uniqueness and read-only. In ECOOP, 2001. Google Scholar
Digital Library
- J. T. Boyland and W. Retert. Connecting Effects and Uniqueness With Adoption. In POPL, 2005. Google Scholar
Digital Library
- R. DeLine and M. Fahndrich. Enforcing high-level protocols in low-level software. In PLDI, 2001. Google Scholar
Digital Library
- R. DeLine and M. Fahndrich. Typestates for objects. In ECOOP, 2004.Google Scholar
Cross Ref
- M. Fahndrich and R. DeLine. Adoption and focus: Practical linear types for imperative programming. In PLDI, 2002. Google Scholar
Digital Library
- J.-Y. Girard. Linear logic. Theoretical Comp. Sci., 50 (1): 1--102, 1987. Google Scholar
Digital Library
- D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y. Wang, and J. Cheney. Region-based memory management in cyclone. In PLDI, 2002. Google Scholar
Digital Library
- D. Harms and B. Weide. Copying and Swapping: Influences on the design of reusable software components. Trans. Software Engineering, 17 (5): 424--435, May 1991. Google Scholar
Digital Library
- S. Heule, R. Leino, P. Müller, and A. Summers. Fractional permissions without the fractions. In FTfFP, 2011. Google Scholar
Digital Library
- M. Hicks, G. Morrisett, D. Grossman, and T. Jim. Experience with safe manual memory-management in cyclone. In ISMM, 2004. Google Scholar
Digital Library
- J. Hogg. Islands: Aliasing Protection in Object-Oriented Languages. In OOPSLA, 1991. Google Scholar
Digital Library
- R. C. Holt, P. A. Matthews, J. A. Rosselet, and J. R. Cordy. The Turing Language: Design and Definition. Prentice-Hall, 1988. Google Scholar
Digital Library
- B. Jacobs, J. Smans, P. Philippaerts, F. Vogels, W. Penninckx, and F. Piessens. VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java. In NASA Formal Methods, 2011. Google Scholar
Digital Library
- N. H. Minsky. Towards alias-free pointers. In ECOOP, 1996. Google Scholar
Digital Library
- K. Naden, R. Bocchino, J. Aldrich, and K. Bierhoff. A type system for borrowing permissions. Technical Report Carnegie Mellon University-CS-11--142, Computer Science Department, Carnegie Mellon University, December 2011.Google Scholar
- J. Noble, J. Vitek, and J. Potter. Flexible alias protection. In ECOOP. Springer, 1998. Google Scholar
Digital Library
- S. Smetsers, E. Barendsen, M. van Eekelen, and R. Plasmeijer. Guaranteeing safe destructive updates through a type system with uniqueness information for graphs. In Dagstuhl Seminar on Graph Transformations in Comp. Sci., volume 776 of LNCS. Springer, 1994. Google Scholar
Digital Library
- J. A. Tov and R. Pucella. Practical affine types. In POPL, 2011. Google Scholar
Digital Library
- P. Wadler. Linear types can change the world! In Working Conf. on Programming Concepts and Methods, 1990.Google Scholar
- R. Wolff, R. Garcia, Éric Tanter, and J. Aldrich. Gradual typestate. In ECOOP, 2011. Google Scholar
Digital Library
Index Terms
A type system for borrowing permissions
Recommendations
A type system for borrowing permissions
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesIn object-oriented programming, unique permissions to object references are useful for checking correctness properties such as consistency of typestate and noninterference of concurrency. To be usable, unique permissions must be borrowed --- for example,...
On permissions, inheritance and role hierarchies
CCS '03: Proceedings of the 10th ACM conference on Computer and communications securityRole-based access control and role hierarchies have generated considerable research activity in recent years.In many role-based models the role hierarchy partially determines which roles and permissions are available to users via various inheritance ...
Permission based granular access control pattern
PLoP '14: Proceedings of the 21st Conference on Pattern Languages of ProgramsEnterprise applications are designed to address specific business needs and are generally run within the internal corporate networks. Access to enterprise applications is controlled by various corporate policies, based on numerous widely accepted ...







Comments