Low-level liquid types

Rondon, Patrick M.; Kawaguchi, Ming; Jhala, Ranjit

doi:10.1145/1707801.1706316

“…Examples include DML [47], ATS [9], and X10's constrained types [36]. The refinement language is often also restricted to some theory that can be effectively decided by an SMT solver, as in Liquid Types [41]. RGREF allows refinements to depend on mutable heap data, and does not artificially restrict the properties that can be verified (at the cost of requiring manual guidance for proofs).…”

Section: Related Workmentioning

confidence: 99%

Rely-guarantee references for refinement types over aliased mutable data

Gordon

¹

,

Ernst

²

,

Grossman

³

2013

View full text Add to dashboard Cite

Reasoning about side effects and aliasing is the heart of verifying imperative programs. Unrestricted side effects through one reference can invalidate assumptions about an alias. We present a new type system approach to reasoning about safe assumptions in the presence of aliasing and side effects, unifying ideas from reference immutability type systems and rely-guarantee program logics. Our approach, rely-guarantee references, treats multiple references to shared objects similarly to multiple threads in rely-guarantee program logics. We propose statically associating rely and guarantee conditions with individual references to shared objects. Multiple aliases to a given object may coexist only if the guarantee condition of each alias implies the rely condition for all other aliases. We demonstrate that existing reference immutability type systems are special cases of rely-guarantee references.In addition to allowing precise control over state modification, rely-guarantee references allow types to depend on mutable data while still permitting flexible aliasing. Dependent types whose denotation is stable over the actions of the rely and guarantee conditions for a reference and its data will not be invalidated by any action through any alias. We demonstrate this with refinement (subset) types that may depend on mutable data. As a special case, we derive the first reference immutability type system with dependent types over immutable data.We show soundness for our approach and describe experience using rely-guarantee references in a dependently-typed monadic DSL in COQ.

show abstract

“…This means that a series of writes that individually violate a guarantee but in aggregate satisfy it are disallowed. This is a common challenge for verification techniques [3,5,41], and we expect related work to inspire sufficient solutions.…”

Section: Future Work: Extensions and Adaptationsmentioning

confidence: 99%

Rely-guarantee references for refinement types over aliased mutable data

Gordon

¹

,

Ernst

²

,

Grossman

³

2013

Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Reasoning about side effects and aliasing is the heart of verifying imperative programs. Unrestricted side effects through one reference can invalidate assumptions about an alias. We present a new type system approach to reasoning about safe assumptions in the presence of aliasing and side effects, unifying ideas from reference immutability type systems and rely-guarantee program logics. Our approach, rely-guarantee references, treats multiple references to shared objects similarly to multiple threads in rely-guarantee program logics. We propose statically associating rely and guarantee conditions with individual references to shared objects. Multiple aliases to a given object may coexist only if the guarantee condition of each alias implies the rely condition for all other aliases. We demonstrate that existing reference immutability type systems are special cases of rely-guarantee references.In addition to allowing precise control over state modification, rely-guarantee references allow types to depend on mutable data while still permitting flexible aliasing. Dependent types whose denotation is stable over the actions of the rely and guarantee conditions for a reference and its data will not be invalidated by any action through any alias. We demonstrate this with refinement (subset) types that may depend on mutable data. As a special case, we derive the first reference immutability type system with dependent types over immutable data.We show soundness for our approach and describe experience using rely-guarantee references in a dependently-typed monadic DSL in COQ.

show abstract

“…In the preceding, we gave explicit loop invariants and heap effects where necessary. Later in this paper, we explain how we use Liquid Type inference [28] to reduce the annotation burden on the programmer by automatically inferring the loop invariants and heap effects given above.…”

Section: User-defined Effectsmentioning

confidence: 99%

“…Most of the expression forms for expressing sequential computation are standard or covered extensively in previous work [28]; the expression forms for parallel computation are new to this work.…”

Section: Programsmentioning

confidence: 99%

See 1 more Smart Citation

Deterministic parallelism via liquid effects

KawaguchiMing¹,

RondonPatrick²,

et al. 2012

Self Cite

View full text Add to dashboard Cite

Shared memory multithreading is a popular approach to parallel programming, but also fiendishly hard to get right. We present Liquid Effects, a type-and-effect system based on refinement types which allows for fine-grained, low-level, shared memory multithreading while statically guaranteeing that a program is deterministic. Liquid Effects records the effect of an expression as a formula in first-order logic, making our type-and-effect system highly expressive. Further, effects like Read and Write are recorded in Liquid Effects as ordinary uninterpreted predicates, leaving the effect system open to extension by the user. By building our system as an extension to an existing dependent refinement type system, our system gains precise value-and branch-sensitive reasoning about effects. Finally, our system exploits the Liquid Types refinement type inference technique to automatically infer refinement types and effects. We have implemented our type-and-effect checking techniques in CSOLVE, a refinement type inference system for C programs. We demonstrate how CSOLVE uses Liquid Effects to prove the determinism of a variety of benchmarks.

show abstract

Low-level liquid types

Cited by 25 publications

References 42 publications

Rely-guarantee references for refinement types over aliased mutable data

Rely-guarantee references for refinement types over aliased mutable data

Rely-guarantee references for refinement types over aliased mutable data

Deterministic parallelism via liquid effects

Contact Info

Product

Resources

About