Rely-guarantee references for refinement types over aliased mutable data

Gordon, Colin S.; Ernst, M.; Grossman, Dan

doi:10.1145/2499370.2462160

Cited by 8 publications

(9 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gordon et al [14] treat references to shared objects like threads in relyguarantee logics, and so multiple aliases to an object are allowed only if the guarantee condition of each alias implies the rely condition for all other aliases. Their approach allows refinement types over mutable data, but resolving their proof obligations depends on theorem-proving, which hinders automation.…”

Section: Analyzing Typescript Feldthaus Et Al Present a Hybrid Analymentioning

confidence: 99%

Refinement types for TypeScript

VekrisPanagiotis¹,

CosmanBenjamin²,

JhalaRanjit³

2016

SIGPLAN Not.

View full text Add to dashboard Cite

We present Refined TypeScript (RSC), a lightweight refinement type system for TypeScript, that enables static verification of higher-order, imperative programs. We develop a formal core of RSC that delineates the interaction between refinement types and mutability. Next, we extend the core to account for the imperative and dynamic features of TypeScript. Finally, we evaluate RSC on a set of real world benchmarks, including parts of the Octane benchmarks, D3, Transducers, and the TypeScript compiler.

show abstract

Section: Analyzing Typescript Feldthaus Et Al Present a Hybrid Analymentioning

confidence: 99%

Refinement types for TypeScript

VekrisPanagiotis¹,

CosmanBenjamin²,

JhalaRanjit³

2016

SIGPLAN Not.

View full text Add to dashboard Cite

show abstract

“…Interference due to aliasing is analogous to the interference caused by thread interleaving [15,32]. This occurs because mutable state may be shared by aliases in unknown or non-local program contexts.…”

Section: Approach In a Nutshellmentioning

confidence: 99%

“…Our protocol paradigm is able to scale by modeling sharing interactions both at the reference level and also at the abstract state level. Therefore, sharing does not need to be embedded in an ADT [18], but can also work at the ADT level without requiring a wrapper reference [15];…”

Section: Approach In a Nutshellmentioning

confidence: 99%

“…Gordon et al [15] propose a type system where references carry three additional type components: a predicate (for local knowledge), a guarantee relation, and a rely relation. They handle an unknown number of aliases by constraining the writes to a cell to fit within the alias' declared guarantee, similarly to how rely-guarantee is used in program logics to handle thread-based interference.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Rely-Guarantee Protocols

Militão¹,

Aldrich²,

Caires³

2014

View full text Add to dashboard Cite

Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. The use of shared mutable state, commonly seen in object-oriented systems, is often problematic due to the potential conflicting interactions between aliases to the same state. We present a substructural type system outfitted with a novel lightweight interference control mechanism, relyguarantee protocols, that enables controlled aliasing of shared resources. By assigning each alias separate roles, encoded in a novel protocol abstraction in the spirit of rely-guarantee reasoning our type system ensures that challenging uses of shared state will never interfere in an unsafe fashion. In particular, rely-guarantee protocols ensure that each alias will never observe an unexpected value, or type, when inspecting shared memory regardless of how the changes to that shared state (originating from potentially unknown program contexts) are interleaved at run-time. Keywords: aliasing, interference control, rely-guarantee, typestates AbstractThe use of shared mutable state, commonly seen in object-oriented systems, is often problematic due to the potential conflicting interactions between aliases to the same state. We present a substructural type system outfitted with a novel lightweight interference control mechanism, relyguarantee protocols, that enables controlled aliasing of shared resources. By assigning each alias separate roles, encoded in a novel protocol abstraction in the spirit of rely-guarantee reasoning, our type system ensures that challenging uses of shared state will never interfere in an unsafe fashion. In particular, rely-guarantee protocols ensure that each alias will never observe an unexpected value, or type, when inspecting shared memory regardless of how the changes to that shared state (originating from potentially unknown program contexts) are interleaved at run-time.

show abstract

“…Not shown: standard recursors for naturals, booleans, pairs, identity types [25]. Also not shown: standard well-formed contexts, most of (pure) expression/type conversion (Γ τ τ) (see our technical report [23]). action within the used reference's guarantee.…”

Section: Soundness Sketchmentioning

confidence: 99%

Rely-guarantee references for refinement types over aliased mutable data

Gordon

Ernst

Grossman

2013

Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

Reasoning about side effects and aliasing is the heart of verifying imperative programs. Unrestricted side effects through one reference can invalidate assumptions about an alias. We present a new type system approach to reasoning about safe assumptions in the presence of aliasing and side effects, unifying ideas from reference immutability type systems and rely-guarantee program logics. Our approach, rely-guarantee references, treats multiple references to shared objects similarly to multiple threads in rely-guarantee program logics. We propose statically associating rely and guarantee conditions with individual references to shared objects. Multiple aliases to a given object may coexist only if the guarantee condition of each alias implies the rely condition for all other aliases. We demonstrate that existing reference immutability type systems are special cases of rely-guarantee references.In addition to allowing precise control over state modification, rely-guarantee references allow types to depend on mutable data while still permitting flexible aliasing. Dependent types whose denotation is stable over the actions of the rely and guarantee conditions for a reference and its data will not be invalidated by any action through any alias. We demonstrate this with refinement (subset) types that may depend on mutable data. As a special case, we derive the first reference immutability type system with dependent types over immutable data.We show soundness for our approach and describe experience using rely-guarantee references in a dependently-typed monadic DSL in COQ.

show abstract

Rely-guarantee references for refinement types over aliased mutable data

Cited by 8 publications

References 48 publications

Refinement types for TypeScript

Refinement types for TypeScript

Rely-Guarantee Protocols

Rely-guarantee references for refinement types over aliased mutable data

Contact Info

Product

Resources

About