skip to main content
research-article

Rely-guarantee references for refinement types over aliased mutable data

Published:16 June 2013Publication History
Skip Abstract Section

Abstract

Reasoning about side effects and aliasing is the heart of verifying imperative programs. Unrestricted side effects through one reference can invalidate assumptions about an alias. We present a new type system approach to reasoning about safe assumptions in the presence of aliasing and side effects, unifying ideas from reference immutability type systems and rely-guarantee program logics. Our approach, rely-guarantee references, treats multiple references to shared objects similarly to multiple threads in rely-guarantee program logics. We propose statically associating rely and guarantee conditions with individual references to shared objects. Multiple aliases to a given object may coexist only if the guarantee condition of each alias implies the rely condition for all other aliases. We demonstrate that existing reference immutability type systems are special cases of rely-guarantee references.

In addition to allowing precise control over state modification, rely-guarantee references allow types to depend on mutable data while still permitting flexible aliasing. Dependent types whose denotation is stable over the actions of the rely and guarantee conditions for a reference and its data will not be invalidated by any action through any alias. We demonstrate this with refinement (subset) types that may depend on mutable data. As a special case, we derive the first reference immutability type system with dependent types over immutable data.

We show soundness for our approach and describe experience using rely-guarantee references in a dependently-typed monadic DSL in Coq.

References

  1. L. Augustsson. Cayenne -- A Language with Dependent Types. In ICFP, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. H. Barendregt. Lambda Calculi with Types. 1991.Google ScholarGoogle Scholar
  3. M. Barnett, M. Fähndrich, K. R. M. Leino, P. Müller, W. Schulte, and H. Venter. Specification and Verification: The Spec# Experience. Commun. ACM, 54 (6): 81--91, June 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Y. Bertot and P. Castéran. Interactive Theorem Proving and Program Development; Coq'Art: The Calculus of Inductive Constructions. Springer Verlag, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. K. Bierhoff and J. Aldrich. Modular Typestate Checking of Aliased Objects. In OOPSLA, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. R. L. Bocchino, Jr., V. S. Adve, D. Dig, S. V. Adve, S. Heumann, R. Komuravelli, J. Overbey, P. Simmons, H. Sung, and M. Vakilian. A Type and Effect System for Deterministic Parallel Java. In OOPSLA, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. R. Bornat, C. Calcagno, P. O'Hearn, and M. Parkinson. Permission Accounting in Separation Logic. In POPL, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. V. Capretta. A Polymorphic Representation of Induction-Recursion. Retrieved 9/12/12. URL: http://www.cs.ru.nl/venanzio/publications/induction_recursion.pdf, March 2004.Google ScholarGoogle Scholar
  9. C. Chen and H. Xi. Combining Programming with Theorem Proving. In ICFP, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. A. Chlipala. Certified Programming with Dependent Types. http://adam.chlipala.net/cpdt/.Google ScholarGoogle Scholar
  11. A. Chlipala, G. Malecha, G. Morrisett, A. Shinnar, and R. Wisnesky. Effective Interactive Proofs for Higher-order Imperative Programs. In ICFP, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Coq Development Team. Thecoq Proof Assistant Reference Manual: Version 8.4, 2012.Google ScholarGoogle Scholar
  13. T. Coquand and G. Huet. The Calculus of Constructions. Information and Computation, 76, 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. W. Dietl, S. Drossopoulou, and P. Müller. Generic Universe Types. In phECOOP, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent Abstract Predicates. In ECOOP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. M. Dodds, X. Feng, M. Parkinson, and V. Vafeiadis. Deny-Guarantee Reasoning. In ESOP. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. P. Dybjer. Inductive Families. Formal Aspects of Computing, 6: 440--465, 1994.Google ScholarGoogle ScholarCross RefCross Ref
  18. X. Feng. Local Rely-Guarantee Reasoning. In POPL, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. C. Flanagan and M. Abadi. Types for Safe Locking. In ESOP, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. C. Flanagan and S. N. Freund. Type-Based Race Detection for Java. In PLDI, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. T. Freeman and F. Pfenning. Refinement types for ml. In PLDI, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. C. S. Gordon, M. J. Parkinson, J. Parsons, A. Bromfield, and J. Duffy. Uniqueness and Reference Immutability for Safe Parallelism. In OOPSLA, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. C. S. Gordon, M. D. Ernst, and D. Grossman. Rely-Guarantee References for Refinement Types Over Aliased Mutable Data (Extended Version). Technical Report UW-CSE-13-03-02, University of Washington, March 2013.Google ScholarGoogle Scholar
  24. C. A. R. Hoare. An Axiomatic Basis for Computer Programming. Commun. ACM, 12 (10): 576--580, Oct. 1969. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. M. Hofmann. Syntax and Semantics of Dependent Types, in Semantics and Logics of Computation, chapter 3. 1997.Google ScholarGoogle Scholar
  26. J. B. Jensen and L. Birkedal. Fictional Separation Logic. In ESOP, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. C. B. Jones. Tentative Steps Toward a Development Method for Interfering Programs. ACM TOPLAS, 5 (4): 596--619, Oct. 1983. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. K. R. Leino and P. Müller. A Basis for Verifying Multi-threaded Programs. In ESOP, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. F. Militao, J. Aldrich, and L. Caires. Aliasing Control with View-based Typestate. In FTfJP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. F. Militao, J. Aldrich, and L. Caires. Rely-Guarantee View Typestate. Retrieved 8/24/12, July 2012. URL http://www.cs.cmu.edu/ foliveir/papers/rgviews.pdf.Google ScholarGoogle Scholar
  31. K. Naden, R. Bocchino, J. Aldrich, and K. Bierhoff. A Type System for Borrowing Permissions. In POPL, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. A. Nanevski, G. Morrisett, and L. Birkedal. Polymorphism and Separation in Hoare Type Theory. In ICFP, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. A. Nanevski, A. Ahmed, G. Morrisett, and L. Birkedal. Abstract Predicates and Mutable ADTs in Hoare Type Theory. In ESOP. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. Ynot: Dependent Types for Imperative Programs. In ICFP, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. L. Nistor and J. Aldrich. Verifying Object-Oriented Code Using Object Propositions. In IWACO, 2011.Google ScholarGoogle Scholar
  36. N. Nystrom, V. Saraswat, J. Palsberg, and C. Grothoff. Constrained Types for Object-Oriented Languages. In OOPSLA, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. S. Owicki and D. Gries. An Axiomatic Proof Technique for Parallel Programs I. Acta Informatica, pages 319--340, 1976.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. M. Parkinson and G. Bierman. Separation Logic and Abstraction. In POPL, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. C. Paulin-Mohring. Inductive Definitions in the System Coq: Rules and Properties. In Typed Lambda Calculi and Applications, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. A. Pilkiewicz and F. Pottier. The Essence of Monotonic State. In TLDI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. P. M. Rondon, M. Kawaguchi, and R. Jhala. Low-Level Liquid Types. In POPL, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. M. Sozeau. Program-ing Finger Trees in Coq. In ICFP, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. Secure Distributed Programming with Value-dependent Types. In ICFP, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. M. S. Tschantz and M. D. Ernst. Javari: Adding Reference Immutability to Java. In OOPSLA, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. V. Vafeiadis and M. Parkinson. A Marriage of Rely/Guarantee and Separation Logic. In CONCUR. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. J. Wickerson, M. Dodds, and M. Parkinson. Explicit Stabilisation for Modular Rely-Guarantee Reasoning. In ESOP, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. H. Xi and F. Pfenning. Dependent Types in Practical Programming. In POPL, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. H. Xi, C. Chen, and G. Chen. Guarded Recursive Datatype Constructors. In POPL, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Y. Zibin, A. Potanin, M. Ali, S. Artzi, A. Kiezun, and M. D. Ernst. Object and Reference Immutability Using Java Generics. In ESEC-FSE, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Y. Zibin, A. Potanin, P. Li, M. Ali, and M. D. Ernst. Ownership and Immutability in Generic Java. In OOPSLA, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Rely-guarantee references for refinement types over aliased mutable data

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM SIGPLAN Notices
            ACM SIGPLAN Notices  Volume 48, Issue 6
            PLDI '13
            June 2013
            515 pages
            ISSN:0362-1340
            EISSN:1558-1160
            DOI:10.1145/2499370
            Issue’s Table of Contents
            • cover image ACM Conferences
              PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation
              June 2013
              546 pages
              ISBN:9781450320146
              DOI:10.1145/2491956

            Copyright © 2013 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 16 June 2013

            Check for updates

            Qualifiers

            • research-article

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!