Substructural typestates

Finding simple, yet expressive, verification techniques to reason about both aliasing and mutable state has been a major challenge for static program verification. One such approach, of practical relevance, is centered around a lightweight typing discipline where types denote abstract object states, known as typestates. In this paper, we show how key typestate concepts can be precisely captured by a substructural type-and-effect system, exploiting ideas from linear and separation logic. Building on this foundation, we show how a small set of primitive concepts can be composed to express high-level idioms such as objects with multiple independent state dimensions, dynamic state tests, and behavior-oriented usage protocols that enforce strong information hiding. By exploring the relationship between two mainstream modularity concepts, state abstraction and hiding, we also provide new insights on how they naturally fit together and complement one another. Technically, our results are based on a typed lambda calculus with mutable references, location-dependent types, and second-order polymorphism. The soundness of our type system is shown through progress and preservation theorems. We also describe a prototype implementation of a type checker for our system, which is available on the web and can be used to experiment with the examples in the paper.

[1]  Frank Pfenning,et al.  Type Assignment for Intersections and Unions in Call-by-Value Languages , 2003, FoSSaCS.

[2]  Lars Birkedal,et al.  Abstract Predicates and Mutable ADTs in Hoare Type Theory , 2007, ESOP.

[3]  Patrick Lincoln,et al.  Linear logic , 1992, SIGA.

[4]  Jonathan Aldrich,et al.  A type system for borrowing permissions , 2012, POPL '12.

[5]  Xin Qi,et al.  Masked types for sound object initialization , 2009, POPL '09.

[6]  Arthur Charguéraud,et al.  Functional translation of a calculus of capabilities , 2008, ICFP 2008.

[7]  Hongseok Yang,et al.  Views: compositional reasoning for concurrent programs , 2013, POPL.

[8]  Martin Odersky,et al.  Capabilities for Uniqueness and Borrowing , 2010, ECOOP.

[9]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[10]  Éric Tanter,et al.  First-class state change in plaid , 2011, OOPSLA '11.

[11]  Frank Pfenning,et al.  Intersection types and computational effects , 2000, ICFP '00.

[12]  David Walker,et al.  Alias Types , 2000, ESOP.

[13]  Jonathan Aldrich,et al.  Reducing STM overhead with access permissions , 2009 .

[14]  Kohei Honda,et al.  An Interaction-based Language and its Typing System , 1994, PARLE.

[15]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[16]  Jonathan Aldrich,et al.  Verifying correct usage of atomic blocks and typestate , 2008, OOPSLA.

[17]  David Walker,et al.  Alias Types for Recursive Data Structures , 2000, Types in Compilation.

[18]  Amr Sabry,et al.  Reasoning about programs in continuation-passing style , 1992, LFP '92.

[19]  Mariangiola Dezani-Ciancaglini,et al.  Intersection Types and Computational Rules , 2003, WoLLIC.

[20]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[21]  David Walker,et al.  Typed memory management in a calculus of capabilities , 1999, POPL '99.

[22]  John Tang Boyland,et al.  Connecting effects and uniqueness with adoption , 2005, POPL '05.

[23]  Jonathan Aldrich,et al.  An Empirical Study of Object Protocols in the Wild , 2011, ECOOP.

[24]  Jonathan Aldrich,et al.  Substructural Typestates ( Technical Appendix ) , 2013 .

[25]  John Tang Boyland,et al.  Alias burying: Unique variables without destructive reads , 2001, Softw. Pract. Exp..

[26]  Derek Dreyer,et al.  Superficially substructural types , 2012, ICFP '12.

[27]  Stephan van Staden,et al.  Reasoning about multiple related abstractions with MultiStar , 2010, OOPSLA.

[28]  Robert DeLine,et al.  Typestates for Objects , 2004, ECOOP.

[29]  Peter W. O'Hearn,et al.  Local Action and Abstract Separation Logic , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[30]  David K. Gifford,et al.  Integrating functional and imperative programming , 1986, LFP '86.

[31]  Steve Zdancewic,et al.  Lightweight linear types in system f° , 2010, TLDI '10.

[32]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[33]  Lars Birkedal,et al.  Polymorphism and separation in hoare type theory , 2006, ICFP '06.

[34]  Riccardo Pucella,et al.  Practical affine types , 2011, POPL '11.

[35]  Robert E. Strom Mechanisms for compile-time enforcement of security , 1983, POPL '83.

[36]  António Ravara,et al.  Modular session types for distributed object-oriented programming , 2010, POPL '10.

[37]  Ranjit Jhala,et al.  Low-level liquid types , 2010, POPL '10.

[38]  Jan van den Bos,et al.  PROCOL - A Parallel Object Language with Protocols , 1989, OOPSLA.

[39]  João Costa Seco,et al.  The type discipline of behavioral separation , 2013, POPL.

[40]  J. Gregory Morrisett,et al.  L3: A Linear Language with Locations , 2007, Fundam. Informaticae.

[41]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[42]  John C. Reynolds,et al.  Syntactic Control of Inference, Part 2 , 1989, ICALP.

[43]  Philip Wadler,et al.  Linear Types can Change the World! , 1990, Programming Concepts and Methods.

[44]  John C. Mitchell,et al.  Abstract types have existential types , 1985, POPL.

[45]  Jonathan Aldrich,et al.  Aliasing control with view-based typestate , 2010, FTfJP@ECOOP.

[46]  Jonathan Aldrich,et al.  Modular typestate checking of aliased objects , 2007, OOPSLA.

[47]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[48]  Jeannette M. Wing,et al.  A behavioral notion of subtyping , 1994, TOPL.