Superficially substructural types

Abstract: Many substructural type systems have been proposed for controlling access to shared state in higher-order languages. Central to these systems is the notion of a resource, which may be split into disjoint pieces that different parts of a program can manipulate independently without worrying about interfering with one another. Some systems support a logical notion of resource (such as permissions), under which two resources may be considered disjoint even if they govern the same piece of state. However, in nearl… Show more

“…As for monoids: Partial commutative monoids (PCMs) are widely known to provide a generic model of resources-both physical resources (like the heap) and logical resources (like ghost state)-suitable for use in a separation logic. A number of modern logics involve PCMs either in the model of the logic [33,34] or as a feature in the logic itself [22,24,9]. What does not seem to be widely known, however, is that monoids and invariants form a kind of orthogonal basis for concurrent reasoning.…”

“…Ghost state was originally proposed as a way to abstractly characterize some Syntax P ::= · · · | P P | {P } e {ϕ} | ς | 2P Σ ::= · · · | State Physical state axioms knowledge about the history of a computation that is essential to verifying it [29]. More generally, ghost state is useful for modularly describing a thread's knowledge about some shared state, as well as the rights it has to modify it [7,22].…”

Iris

“…As for monoids: Partial commutative monoids (PCMs) are widely known to provide a generic model of resources-both physical resources (like the heap) and logical resources (like ghost state)-suitable for use in a separation logic. A number of modern logics involve PCMs either in the model of the logic [33,34] or as a feature in the logic itself [22,24,9]. What does not seem to be widely known, however, is that monoids and invariants form a kind of orthogonal basis for concurrent reasoning.…”

“…Ghost state was originally proposed as a way to abstractly characterize some Syntax P ::= · · · | P P | {P } e {ϕ} | ς | 2P Σ ::= · · · | State Physical state axioms knowledge about the history of a computation that is essential to verifying it [29]. More generally, ghost state is useful for modularly describing a thread's knowledge about some shared state, as well as the rights it has to modify it [7,22].…”

Iris

“…However, our system threads capabilities in a more implicit way, as proof-time objects: the type discipline is flexible enough to support stacking of capabilities either on top of a value or to thread them instead. This contrasts with the explicit capability-passing approach explored in other substructural systems [2,24,44], which require capabilities to be explicitly manipulated as first class values.…”

“…Krishnaswami et al [24] develop a type system that is superficially substructural, since it employs a "fiction of disjointness" to allow sharing of mutable cells to occur underneath that layer. They also adapt L 3 , but in an affine variant.…”

Substructural typestates

“…Another was to make it possible to modularly extend soundness proofs when building up the features of a language incrementally (although it is worth noting that Balabonski et al achieved similarly modular proofs for Mezzo using only syntactic methods). In contrast, following Krishnaswami et al [2012], we are focused on building a soundness proof that is łextensiblež along a different axis, namely the ability to verify soundness of libraries that extend Rust's core type system through their use of unsafe features. Lastly, all of the prior semantic soundness proofs were done directly using set-theoretic step-indexed models, whereas in the present work, in order to model the complexities of Rust's lifetimes and borrowing, we found it essential to work at the higher level of abstraction afforded by Iris and our lifetime logic.…”

RustBelt: securing the foundations of the Rust programming language