Rely-Guarantee Protocols

Militão, Filipe; Aldrich, Jonathan; Caires, Luís

doi:10.1007/978-3-662-44202-9_14

Cited by 9 publications

(8 citation statements)

References 35 publications

(31 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These systems maintain a global invariant that for any two aliases, the permissions granted via one reference are a subset of the interference assumed by the other, in both directions. The early papers on rely-guarantee references [27], rely-guarantee protocols [43], and Pony [12] give particularly thorough accounts of this. This notion of compatibility between aliases is imposed any time references are duplicated, and in the case of systems like Kappa [5], joined as well.…”

Section: Global Invariants Via Local Capabilitiesmentioning

confidence: 99%

“…2 They have also been used to infer method purity [33,32]: if a method accepts only (transitively) read-only inputs (including the receiver), it has no externally-visible side effects. 3 In other contexts, program behavior can be constrained by building more fine-grained capabilities that grant not only all-or-none permission to mutate, but can grant permission for only certain kinds of mutation, and can therefore enforce nuanced invariants by restricting which capabilities can coexist for the same resource [27,25,28,43,44,5,6].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Designing with Static Capabilities and Effects: Use, Mention, and Invariants

Gordon

2020

Preprint

View full text Add to dashboard Cite

Capabilities (whether object or reference capabilities) are fundamentally tools to restrict effects. Thus static capabilities (object or reference) and effect systems take different technical machinery to the same core problem of statically restricting or reasoning about effects in programs. Any time two approaches can in principle address the same sets of problems, it becomes important to understand the trade-offs between the approaches, how these trade-offs might interact with the problem at hand.Experts who have worked in these areas tend to find the trade-offs somewhat obvious, having considered them in context before. However, this kind of design discussion is often written down only implicitly as comparison between two approaches for a specific program reasoning problem, rather than as a discussion of general trade-offs between general classes of techniques. As a result, it is not uncommon to set out to solve a problem with one technique, only to find the other better-suited.We discuss the trade-offs between static capabilities (specifically reference capabilities) and effect systems, articulating the challenges each approach tends to have in isolation, and how these are sometimes mitigated. We also put our discussion in context, by appealing to examples of how these trade-offs were considered in the course of developing prior systems in the area. Along the way, we highlight how seemingly-minor aspects of type systems -weakening/framing and the mere existence of type contexts -play a subtle role in the efficacy of these systems.

show abstract

Section: Global Invariants Via Local Capabilitiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Designing with Static Capabilities and Effects: Use, Mention, and Invariants

Gordon

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…From the point of view of protocol expression, our work is related to the line of research that uses typestate [Strom and Yemini 1986] for protocol checking [Bierhoff and Aldrich 2007;DeLine and Fähndrich 2004;Fähndrich and DeLine 2002;Militão et al 2014] or program verification [Nistor et al 2014], in a sequential, object-oriented context. Whereas first approaches [DeLine and Fähndrich 2004] support a rather restricted set of aliasing patterns to facilitate modular protocol checking, subsequent approaches lift some of the imposed restrictions, notably by combining aliasing information with typestate [Bierhoff and Aldrich 2007;Naden et al 2012] or rely-guaranteebased reasoning [Militão et al 2014]. Most closely related to our work is Fähndrich's and DeLine's work [2002] on adoption and focus for protocol checking in an object-oriented language.…”

Section: Related Workmentioning

confidence: 99%

Manifest sharing with session types

Balzer

Pfenning

2017

Proc. ACM Program. Lang.

111

View full text Add to dashboard Cite

Session-typed languages building on the Curry-Howard isomorphism between linear logic and session-typed communication guarantee session fidelity and deadlock freedom. Unfortunately, these strong guarantees exclude many naturally occurring programming patterns pertaining to shared resources. In this paper, we introduce sharing into a session-typed language where types are stratified into linear and shared layers with modal operators connecting the layers. The resulting language retains session fidelity but not the absence of deadlocks, which can arise from contention for shared processes. We illustrate our language on various examples, such as the dining philosophers problem, and provide a translation of the untyped asynchronous π-calculus into our language.

show abstract

“…Their approach allows refinement types over mutable data, but resolving their proof obligations depends on theorem-proving, which hinders automation. Militão et al [23] present Rely-Guarantee Protocols that can model complex aliasing interactions, and, compared to Gordon's work, allow temporary inconsistencies, can recover from shared state via ownership tracking, and resort to more lightweight proving mechanisms.…”

Section: Analyzing Typescript Feldthaus Et Al Present a Hybrid Analymentioning

confidence: 99%

Refinement types for TypeScript

VekrisPanagiotis¹,

CosmanBenjamin²,

JhalaRanjit³

2016

SIGPLAN Not.

View full text Add to dashboard Cite

We present Refined TypeScript (RSC), a lightweight refinement type system for TypeScript, that enables static verification of higher-order, imperative programs. We develop a formal core of RSC that delineates the interaction between refinement types and mutability. Next, we extend the core to account for the imperative and dynamic features of TypeScript. Finally, we evaluate RSC on a set of real world benchmarks, including parts of the Octane benchmarks, D3, Transducers, and the TypeScript compiler.

show abstract

Rely-Guarantee Protocols

Cited by 9 publications

References 35 publications

Designing with Static Capabilities and Effects: Use, Mention, and Invariants

Designing with Static Capabilities and Effects: Use, Mention, and Invariants

Manifest sharing with session types

Refinement types for TypeScript

Contact Info

Product

Resources

About