10 research outputs found
A semantic foundation for hidden state
We present the first complete soundness proof of the antiframe
rule, a recently proposed proof rule for capturing information hiding
in the presence of higher-order store. Our proof involves solving a
non-trivial recursive domain equation, and it helps identify some of the
key ingredients for soundness
Composing Interfering Abstract Protocols
The undisciplined use of shared mutable state can be a source of program errors when aliases unsafely interfere with each other.
While protocol-based techniques to reason about interference abound, they do not address two practical concerns: the decidability of protocol composition and its integration with protocol abstraction.
We show that our composition procedure is decidable and that it ensures safe interference even when composing abstract protocols.
To evaluate the expressiveness of our protocol framework for safe shared memory interference, we show how this same protocol framework can be used to model safe, typeful message-passing concurrency idioms
A Fistful of Dollars: Formalizing Asymptotic Complexity Claims via Deductive Program Verification
Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018International audienceWe present a framework for simultaneously verifying the functional correctness and the worst-case asymptotic time complexity of higher-order imperative programs. We build on top of Separation Logic with Time Credits, embedded in an interactive proof assistant. We formalize the O notation, which is key to enabling modular specifications and proofs. We cover the subtleties of the multivariate case, where the complexity of a program fragment depends on multiple parameters. We propose a way of integrating complexity bounds into specifications, present lemmas and tactics that support a natural reasoning style, and illustrate their use with a collection of examples
Rely-guarantee protocols for safe interference over shared memory
Mutable state can be useful in certain algorithms, to structure programs, or for
efficiency purposes. However, when shared mutable state is used in non-local or nonobvious
ways, the interactions that can occur via aliases to that shared memory can be
a source of program errors. Undisciplined uses of shared state may unsafely interfere
with local reasoning as other aliases may interleave their changes to the shared state
in unexpected ways. We propose a novel technique, rely-guarantee protocols, that
structures the interactions between aliases and ensures that only safe interference is
possible.
We present a linear type system outfitted with our novel sharing mechanism that
enables controlled interference over shared mutable resources. Each alias is assigned
separate, local roles encoded in a protocol abstraction that constrains how an alias can
legally use that shared state. By following the spirit of rely-guarantee reasoning, our
rely-guarantee protocols ensure that only safe interference can occur but still allow
many interesting uses of shared state, such as going beyond invariant and monotonic
usages.
This thesis describes the three core mechanisms that enable our type-based technique
to work: 1) we show how a protocol models an aliasâs perspective on how the
shared state evolves and constrains that aliasâs interactions with the shared state; 2) we
show how protocols can be used while enforcing the agreed interference contract; and
finally, 3) we show how to check that all local protocols to some shared state can be
safely composed to ensure globally safe interference over that shared memory. The
interference caused by shared state is rooted at how the uses of diâ”erent aliases to that
state may be interleaved (perhaps even in non-deterministic ways) at run-time. Therefore,
our technique is mostly agnostic as to whether this interference was the result
of alias interleaving caused by sequential or concurrent semantics. We show implementations
of our technique in both settings, and highlight their diâ”erences. Because
sharing is âfirst-classâ (and not tied to a module), we show a polymorphic procedure
that enables abstract compositions of protocols. Thus, protocols can be specialized or
extended without requiring specific knowledge of the interference produce by other
protocols to that state. We show that protocol composition can ensure safety even
when considering abstracted protocols. We show that this core composition mechanism
is sound, decidable (without the need for manual intervention), and provide an
algorithm implementation
Programming Languages and Systems
This open access book constitutes the proceedings of the 28th European Symposium on Programming, ESOP 2019, which took place in Prague, Czech Republic, in April 2019, held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019