Abstract
Reasoning about side effects and aliasing is the heart of verifying imperative programs. Unrestricted side effects through one reference can invalidate assumptions about an alias. We present a new type system approach to reasoning about safe assumptions in the presence of aliasing and side effects, unifying ideas from reference immutability type systems and rely-guarantee program logics. Our approach, rely-guarantee references, treats multiple references to shared objects similarly to multiple threads in rely-guarantee program logics. We propose statically associating rely and guarantee conditions with individual references to shared objects. Multiple aliases to a given object may coexist only if the guarantee condition of each alias implies the rely condition for all other aliases. We demonstrate that existing reference immutability type systems are special cases of rely-guarantee references.
In addition to allowing precise control over state modification, rely-guarantee references allow types to depend on mutable data while still permitting flexible aliasing. Dependent types whose denotation is stable over the actions of the rely and guarantee conditions for a reference and its data will not be invalidated by any action through any alias. We demonstrate this with refinement (subset) types that may depend on mutable data. As a special case, we derive the first reference immutability type system with dependent types over immutable data.
We show soundness for our approach and describe experience using rely-guarantee references in a dependently-typed monadic DSL in Coq.
- L. Augustsson. Cayenne -- A Language with Dependent Types. In ICFP, 1998. Google Scholar
Digital Library
- H. Barendregt. Lambda Calculi with Types. 1991.Google Scholar
- M. Barnett, M. Fähndrich, K. R. M. Leino, P. Müller, W. Schulte, and H. Venter. Specification and Verification: The Spec# Experience. Commun. ACM, 54 (6): 81--91, June 2011. Google Scholar
Digital Library
- Y. Bertot and P. Castéran. Interactive Theorem Proving and Program Development; Coq'Art: The Calculus of Inductive Constructions. Springer Verlag, 2004. Google Scholar
Digital Library
- K. Bierhoff and J. Aldrich. Modular Typestate Checking of Aliased Objects. In OOPSLA, 2007. Google Scholar
Digital Library
- R. L. Bocchino, Jr., V. S. Adve, D. Dig, S. V. Adve, S. Heumann, R. Komuravelli, J. Overbey, P. Simmons, H. Sung, and M. Vakilian. A Type and Effect System for Deterministic Parallel Java. In OOPSLA, 2009. Google Scholar
Digital Library
- R. Bornat, C. Calcagno, P. O'Hearn, and M. Parkinson. Permission Accounting in Separation Logic. In POPL, 2005. Google Scholar
Digital Library
- V. Capretta. A Polymorphic Representation of Induction-Recursion. Retrieved 9/12/12. URL: http://www.cs.ru.nl/venanzio/publications/induction_recursion.pdf, March 2004.Google Scholar
- C. Chen and H. Xi. Combining Programming with Theorem Proving. In ICFP, 2005. Google Scholar
Digital Library
- A. Chlipala. Certified Programming with Dependent Types. http://adam.chlipala.net/cpdt/.Google Scholar
- A. Chlipala, G. Malecha, G. Morrisett, A. Shinnar, and R. Wisnesky. Effective Interactive Proofs for Higher-order Imperative Programs. In ICFP, 2009. Google Scholar
Digital Library
- Coq Development Team. Thecoq Proof Assistant Reference Manual: Version 8.4, 2012.Google Scholar
- T. Coquand and G. Huet. The Calculus of Constructions. Information and Computation, 76, 1988. Google Scholar
Digital Library
- W. Dietl, S. Drossopoulou, and P. Müller. Generic Universe Types. In phECOOP, 2007. Google Scholar
Digital Library
- T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent Abstract Predicates. In ECOOP, 2010. Google Scholar
Digital Library
- M. Dodds, X. Feng, M. Parkinson, and V. Vafeiadis. Deny-Guarantee Reasoning. In ESOP. 2009. Google Scholar
Digital Library
- P. Dybjer. Inductive Families. Formal Aspects of Computing, 6: 440--465, 1994.Google Scholar
Cross Ref
- X. Feng. Local Rely-Guarantee Reasoning. In POPL, 2009. Google Scholar
Digital Library
- C. Flanagan and M. Abadi. Types for Safe Locking. In ESOP, 1999. Google Scholar
Digital Library
- C. Flanagan and S. N. Freund. Type-Based Race Detection for Java. In PLDI, 2000. Google Scholar
Digital Library
- T. Freeman and F. Pfenning. Refinement types for ml. In PLDI, 1991. Google Scholar
Digital Library
- C. S. Gordon, M. J. Parkinson, J. Parsons, A. Bromfield, and J. Duffy. Uniqueness and Reference Immutability for Safe Parallelism. In OOPSLA, 2012. Google Scholar
Digital Library
- C. S. Gordon, M. D. Ernst, and D. Grossman. Rely-Guarantee References for Refinement Types Over Aliased Mutable Data (Extended Version). Technical Report UW-CSE-13-03-02, University of Washington, March 2013.Google Scholar
- C. A. R. Hoare. An Axiomatic Basis for Computer Programming. Commun. ACM, 12 (10): 576--580, Oct. 1969. Google Scholar
Digital Library
- M. Hofmann. Syntax and Semantics of Dependent Types, in Semantics and Logics of Computation, chapter 3. 1997.Google Scholar
- J. B. Jensen and L. Birkedal. Fictional Separation Logic. In ESOP, 2012. Google Scholar
Digital Library
- C. B. Jones. Tentative Steps Toward a Development Method for Interfering Programs. ACM TOPLAS, 5 (4): 596--619, Oct. 1983. Google Scholar
Digital Library
- K. R. Leino and P. Müller. A Basis for Verifying Multi-threaded Programs. In ESOP, 2009. Google Scholar
Digital Library
- F. Militao, J. Aldrich, and L. Caires. Aliasing Control with View-based Typestate. In FTfJP, 2010. Google Scholar
Digital Library
- F. Militao, J. Aldrich, and L. Caires. Rely-Guarantee View Typestate. Retrieved 8/24/12, July 2012. URL http://www.cs.cmu.edu/ foliveir/papers/rgviews.pdf.Google Scholar
- K. Naden, R. Bocchino, J. Aldrich, and K. Bierhoff. A Type System for Borrowing Permissions. In POPL, 2012. Google Scholar
Digital Library
- A. Nanevski, G. Morrisett, and L. Birkedal. Polymorphism and Separation in Hoare Type Theory. In ICFP, 2006. Google Scholar
Digital Library
- A. Nanevski, A. Ahmed, G. Morrisett, and L. Birkedal. Abstract Predicates and Mutable ADTs in Hoare Type Theory. In ESOP. 2007. Google Scholar
Digital Library
- A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. Ynot: Dependent Types for Imperative Programs. In ICFP, 2008. Google Scholar
Digital Library
- L. Nistor and J. Aldrich. Verifying Object-Oriented Code Using Object Propositions. In IWACO, 2011.Google Scholar
- N. Nystrom, V. Saraswat, J. Palsberg, and C. Grothoff. Constrained Types for Object-Oriented Languages. In OOPSLA, 2008. Google Scholar
Digital Library
- S. Owicki and D. Gries. An Axiomatic Proof Technique for Parallel Programs I. Acta Informatica, pages 319--340, 1976.Google Scholar
Digital Library
- M. Parkinson and G. Bierman. Separation Logic and Abstraction. In POPL, 2005. Google Scholar
Digital Library
- C. Paulin-Mohring. Inductive Definitions in the System Coq: Rules and Properties. In Typed Lambda Calculi and Applications, 1993. Google Scholar
Digital Library
- A. Pilkiewicz and F. Pottier. The Essence of Monotonic State. In TLDI, 2011. Google Scholar
Digital Library
- P. M. Rondon, M. Kawaguchi, and R. Jhala. Low-Level Liquid Types. In POPL, 2010. Google Scholar
Digital Library
- M. Sozeau. Program-ing Finger Trees in Coq. In ICFP, 2007. Google Scholar
Digital Library
- N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. Secure Distributed Programming with Value-dependent Types. In ICFP, 2011. Google Scholar
Digital Library
- M. S. Tschantz and M. D. Ernst. Javari: Adding Reference Immutability to Java. In OOPSLA, 2005. Google Scholar
Digital Library
- V. Vafeiadis and M. Parkinson. A Marriage of Rely/Guarantee and Separation Logic. In CONCUR. 2007. Google Scholar
Digital Library
- J. Wickerson, M. Dodds, and M. Parkinson. Explicit Stabilisation for Modular Rely-Guarantee Reasoning. In ESOP, 2010. Google Scholar
Digital Library
- H. Xi and F. Pfenning. Dependent Types in Practical Programming. In POPL, 1999. Google Scholar
Digital Library
- H. Xi, C. Chen, and G. Chen. Guarded Recursive Datatype Constructors. In POPL, 2003. Google Scholar
Digital Library
- Y. Zibin, A. Potanin, M. Ali, S. Artzi, A. Kiezun, and M. D. Ernst. Object and Reference Immutability Using Java Generics. In ESEC-FSE, 2007. Google Scholar
Digital Library
- Y. Zibin, A. Potanin, P. Li, M. Ali, and M. D. Ernst. Ownership and Immutability in Generic Java. In OOPSLA, 2010. Google Scholar
Digital Library
Index Terms
Rely-guarantee references for refinement types over aliased mutable data
Recommendations
Verifying Invariants of Lock-Free Data Structures with Rely-Guarantee and Refinement Types
Verifying invariants of fine-grained concurrent data structures is challenging, because interference from other threads may occur at any time. We propose a new way of proving invariants of fine-grained concurrent data structures: applying rely-guarantee ...
Rely-guarantee references for refinement types over aliased mutable data
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationReasoning about side effects and aliasing is the heart of verifying imperative programs. Unrestricted side effects through one reference can invalidate assumptions about an alias. We present a new type system approach to reasoning about safe assumptions ...
Gradual refinement types
POPL '17Refinement types are an effective language-based verification technique. However, as any expressive typing discipline, its strength is its weakness, imposing sometimes undesired rigidity. Guided by abstract interpretation, we extend the gradual typing ...







Comments