Abstract Read Permissions: Fractional Permissions without the Fractions

Heule, Stefan; Leino, K. Rustan M.; Müller, Péter; Summers, Alexander J.

doi:10.1007/978-3-642-35873-9_20

Cited by 23 publications

(26 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since its model is based on rational numbers, it is well suited for SMT solvers and offers a simple notation for permission assertions. However, as in our previous work on abstract read permissions (ARPs) [5], most permission assertions do not even have to indicate concrete fractions. It is typically sufficient to specify whether read or write permission is required.…”

Section: Introductionmentioning

confidence: 93%

“…The key idea of abstract read permissions (as presented in [5]) is to introduce symbolic names to represent read permission amounts (that is, strictly positive amounts of permission which are otherwise unspecified). When introducing a fresh symbolic amount, no information is known about its value, other than these bounds.…”

Section: Motivationmentioning

confidence: 99%

“…Our and others' earlier work [5] employs this idea in a limited sense; extra constraints can be added only for method calls, for which a fresh symbolic amount is introduced and constrained only locally, that is, in the encoding of the call. The reasons for this restriction are elaborated in Sec.…”

Section: Motivationmentioning

confidence: 99%

“…5, but are essentially due to the difficulty of designing an encoding that yields constraints which are guaranteed to be satisfiable. Lifting these restrictions was difficult, since the essential property for soundness was not explained independently of the restrictions in [5]. We improve on this work by cleanly pulling out a property characterising sound constraint systems (Sec.…”

Section: Motivationmentioning

confidence: 99%

“…Recall that explicit values for these read permissions are not chosen in our approach [5], but rather constrained via assumptions at various points in the encoding. The constraint system introduced in this section is designed to reflect the accumulation of these constraints as upper bounds on symbolic permission amounts (we model these as permission-typed variables), such that the satisfiability of the constraints can be reduced to requiring an ordering on these symbolic amounts; we explain the role of this ordering in Sec.…”

Section: Constraint Systemmentioning

confidence: 99%

See 4 more Smart Citations

Constraint Semantics for Abstract Read Permissions

Boyland

Müller

Schwerhoff

et al. 2014

Proceedings of 16th Workshop on Formal Techniques for Java-Like Programs

Self Cite

View full text Add to dashboard Cite

The concept of controlling access to mutable shared data via permissions is at the heart of permission logics such as separation logic and implicit dynamic frames, and is also used in type systems, for instance, to give a semantics to "readonly" annotations. Existing permission models have different strengths in terms of expressiveness. Fractional permissions, for example, enable unbounded (recursive) splitting, whereas counting permissions enable unbounded subtraction of the same permission amount. Combining these strengths in a single permission model appeared to increase the complexity for the user and tools. In this paper we extend our previous work on abstract read permissions by providing them with a novel constraint semantics, which retains the use of the domain of rational numbers but enables unbounded subtraction of identical amounts. Thus we can keep an intuitive model conducive to SMT solvers while enabling "counting."

show abstract

Section: Introductionmentioning

confidence: 93%

Section: Motivationmentioning

confidence: 99%

Section: Motivationmentioning

confidence: 99%

Section: Motivationmentioning

confidence: 99%

Section: Constraint Systemmentioning

confidence: 99%

See 3 more Smart Citations

Constraint Semantics for Abstract Read Permissions

Boyland

Müller

Schwerhoff

et al. 2014

Proceedings of 16th Workshop on Formal Techniques for Java-Like Programs

Self Cite

View full text Add to dashboard Cite

show abstract

ConSORT: Context- and Flow-Sensitive Ownership Refinement Types for Imperative Programs

Toman

Siqi

Suenaga

et al. 2020

Programming Languages and Systems

View full text Add to dashboard Cite

We present ConSORT, a type system for safety verification in the presence of mutability and aliasing. Mutability requires strong updates to model changing invariants during program execution, but aliasing between pointers makes it difficult to determine which invariants must be updated in response to mutation. Our type system addresses this difficulty with a novel combination of refinement types and fractional ownership types. Fractional ownership types provide flow-sensitive and precise aliasing information for reference variables. ConSORT interprets this ownership information to soundly handle strong updates of potentially aliased references. We have proved ConSORT sound and implemented a prototype, fully automated inference tool. We evaluated our tool and found it verifies non-trivial programs including data structure implementations.

show abstract

Concise Read-Only Specifications for Better Synthesis of Programs with Pointers

Costea

Zhu

Polikarpova

et al. 2020

Programming Languages and Systems

View full text Add to dashboard Cite

In program synthesis there is a well-known trade-off between concise and strong specifications: if a specification is too verbose, it might be harder to write than the program; if it is too weak, the synthesised program might not match the user's intent. In this work we explore the use of annotations for restricting memory access permissions in program synthesis, and show that they can make specifications much stronger while remaining surprisingly concise. Specifically, we enhance Synthetic Separation Logic (SSL), a framework for synthesis of heap-manipulating programs, with the logical mechanism of read-only borrows. We observe that this minimalistic and conservative SSL extension benefits the synthesis in several ways, making it more (a) expressive (stronger correctness guarantees are achieved with a modest annotation overhead), (b) effective (it produces more concise and easier-to-read programs), (c) efficient (faster synthesis), and (d) robust (synthesis efficiency is less affected by the choice of the search heuristic). We explain the intuition and provide formal treatment for read-only borrows. We substantiate the claims (a)-(d) by describing our quantitative evaluation of the borrowing-aware synthesis implementation on a series of standard benchmark specifications for various heap-manipulating programs.

show abstract

Abstract Read Permissions: Fractional Permissions without the Fractions

Cited by 23 publications

References 17 publications

Constraint Semantics for Abstract Read Permissions

Constraint Semantics for Abstract Read Permissions

ConSORT: Context- and Flow-Sensitive Ownership Refinement Types for Imperative Programs

Concise Read-Only Specifications for Better Synthesis of Programs with Pointers

Contact Info

Product

Resources

About