Rely-Guarantee View Typestate

The combination of mutable state and pointer aliasing is often troublesome due to non-obvious (and usually unspecified) interferences that may occur between non-local parts of the program. We present a type-based approach to statically control aliasing and mutable state in a minimalistic single-threaded procedural language with support for structures and references. By introducing views, re-combinable typestate-centric abstractions that encode both type structure and permission, we are able to handle shared and unique references in a way that statically ensures that no destructive interferences may occur during execution. We furthermore provide novel information hiding mechanisms, view declarations and view equations, that modularly define abstract constraints describing how these views can be split/merged to manage a program’s permission flow. We adapt the concept of rely-guarantee to create a flexible scheme for handling shared structures where each reference guarantees it will produce a certain state and relies on the other references limiting their changes to a certain state space. Similarly, by means of a focus operation, we are able to have intermediate (but not externally visible) states that temporarily break away from the guaranteed condition, allowing additional flexibility without violating safety. By unifying state and aliasing control into a single abstraction, view typestate, we believe we can provide a simpler and more intuitive programming model that captures the main effects of stateful computations in a single-threaded environment.