Rely-Guarantee View Typestate
نویسندگان
چکیده
The combination of mutable state and pointer aliasing is often troublesome due to non-obvious (and usually unspecified) interferences that may occur between non-local parts of the program. We present a type-based approach to statically control aliasing and mutable state in a minimalistic single-threaded procedural language with support for structures and references. By introducing views, re-combinable typestate-centric abstractions that encode both type structure and permission, we are able to handle shared and unique references in a way that statically ensures that no destructive interferences may occur during execution. We furthermore provide novel information hiding mechanisms, view declarations and view equations, that modularly define abstract constraints describing how these views can be split/merged to manage a program’s permission flow. We adapt the concept of rely-guarantee to create a flexible scheme for handling shared structures where each reference guarantees it will produce a certain state and relies on the other references limiting their changes to a certain state space. Similarly, by means of a focus operation, we are able to have intermediate (but not externally visible) states that temporarily break away from the guaranteed condition, allowing additional flexibility without violating safety. By unifying state and aliasing control into a single abstraction, view typestate, we believe we can provide a simpler and more intuitive programming model that captures the main effects of stateful computations in a single-threaded environment.
منابع مشابه
Gradual Typestate
Typestate reflects how the legal operations on imperative objects can change at runtime as their internal state changes. A typestate checker can statically ensure, for instance, that an object method is only called when the object is in a state for which the operation is welldefined. Prior work has shown how modular typestate checking can be achieved thanks to access permissions and state guara...
متن کاملSet Interfaces for Generalized Typestate and Data Structure Consistency Verification
Typestate systems allow the type of an object to change during its lifetime in the computation. Unlike standard type systems, they can enforce safety properties that depend on changing object states. We present a new, generalized formulation of typestate that models the typestate of an object through membership in abstract sets. This abstract set formulation enables developers to reason about c...
متن کاملDetecting Data Race and Atomicity Violation via Typestate-Guided Static Analysis
The correctness of typestate properties in a multithreaded program often depends on the assumption of certain concurrency invariants. However, standard typestate analysis and concurrency analysis are disjoint in that the former is unable to understand threading effects and the latter does not take typestate properties into consideration. We combine these two previously separate approaches and d...
متن کاملConsidering Typestate Verification for Quantified Event Automata
This paper discusses how the existing static analyses developed for typestate properties may be extended to a more expressive class of properties expressible by a specification formalism originally developed for runtime verification. The notion of typestate was introduced as a refinement of the notion of type and captures the allowed operations in certain contexts (states) as a subset of those ...
متن کاملEfficient Typestate Verification for Java
In this thesis, we investigate the feasability of supporting software development by static program analysis. We present an algorithm for partly interprocedural context-sensitive typestate analysis on Java programs which builds on jFirm, a Java implementation of the SSA-based intermediate language Firm [LBBG05], and uses finite state machines as typestate specification. We implemented the algor...
متن کامل