Fractional Permissions are a popular approach to reasoning about programs that use shared-memory concurrency. Abstractly, they provide a way of managing that either multiple readers or one writer thread can access a resource concurrently. Concretely, specification using fractional permissions typically requires the user to pick concrete mathematical values for partial permissions, making specifications overly verbose, tedious to write, and harder to adapt and re-use. This paper contributes a flexible and expressive specification methodology for supporting fractional permissions while allowing the user to work at the abstract level of read and write permissions. The methodology is flexible and modular, and has been implemented in the verification tool Chalice.

Abstract Objects often define usage protocols that clients must follow in order for these objects to work properly. In the presence of aliasing, however, it is difficult to check whether all the aliases of an object properly coordinate to enforce the protocol. Plural is a type-based system that can soundly enforce challenging protocols even in concurrent programs. In this paper, we discuss how Plural supports natural idioms for reasoning about programs, leveraging access permissions that express the programmer’s design intent within the code. We trace the predecessors of the design intent idioms used in Plural, discuss how we have found different forms of design intent to be complimentary, and outline remaining challenges and directions for future work in the area. 1

We present a type-based approach to statically control aliasing and mutable state in a single-threaded procedural language with support for structures and references. By introducing views, re-combinable abstractions that encode both type structure and permission, we are able to handle shared and unique references in a way that statically ensures that no destructive interference may occur during execution. Our typestate-centric aliasing control is capable of handling common programming styles such as borrowing and capture of permissions. It furthermore provides novel information hiding mechanisms, view declarations and view equations, that define abstract views in terms of concrete state and describe how these views may be split and merged for a more fine-grained management of permission flow. We adapt the concept of rely-guarantee to create a flexible scheme for handling shared structures where each reference guarantees it will produce a certain state and relies on the other references limiting their changes to a certain state space. Similarly, by means of a focus operation, we are able to have intermediate (but not externally visible) states that temporarily break away from the previous condition, allowing additional flexibility without violating safety. Finally, we show how we control access to the internals of a structure through pack/unpack operations in a way that ensures no state inconsistencies may occur, even when structures are accessed through multiple aliases. By unifying state and aliasing control into a single abstraction- view typestate- we believe we can provide a simple and intuitive programming model that captures the main effects of stateful computations in a single-threaded environment. [Copyright notice will appear here once ’preprint ’ option is removed.]

We present a type-based approach to statically control aliasing and mutable state in a single-threaded procedural language with support for structures and references. By introducing views, re-combinable abstractions that encode both type structure and permission, we are able to handle shared and unique references in a way that statically ensures that no destructive interference may occur during execution. Our typestate-centric aliasing control is capable of handling common programming styles such as borrowing and capture of permissions. It furthermore provides novel information hiding mechanisms, view declarations and view equations, that define abstract views in terms of concrete state and describe how these views may be split and merged for a more fine-grained management of permission flow. We adapt the concept of rely-guarantee to create a flexible scheme for handling shared structures where each reference guarantees it will produce a certain state and relies on the other references limiting their changes to a certain state space. Similarly, by means of a focus operation, we are able to have intermediate (but not externally visible) states that temporarily break away from the previous condition, allowing additional flexibility without violating safety. Finally, we show how we control access to the internals of a structure through pack/unpack operations in a way that ensures no state inconsistencies may occur, even when structures are accessed through multiple aliases. By unifying state and aliasing control into a single abstraction- view typestate- we believe we can provide a simple and intuitive programming model that captures the main effects of stateful computations in a single-threaded environment. [Copyright notice will appear here once ’preprint ’ option is removed.]

Abstract. Fractional Permissions are a popular approach to reasoning about programs that use shared-memory concurrency, because they provide a way of proving data race freedom while permitting concurrent read access. However, specification using fractional permissions typically requires the user to pick concrete mathematical values for partial permissions, making specifications overly low-level, tedious to write, and harder to adapt and re-use. This paper introduces abstract read permissions: a flexible and expressive specification methodology that supports fractional permissions while allowing the user to work at the abstract level of read and write permissions. The methodology is flexible, modular, and sound. It has been implemented in the verification tool Chalice. 1

We introduce the concept of behavioral separation as a general principle for disciplining interference in higher-order imperative concurrent programs, and present a type-based approach that systematically develops the concept in the context of an ML-like language extended with concurrency and synchronization primitives. Behavioral separation builds on notions originally introduced for behavioral type systems and separation logics, but shifts the focus from the separation of static program state properties towards the separation of dynamic usage behaviors of runtime values. Behavioral separation types specify how values may be safely used by client code, and can enforce fine-grained interference control disciplines while preserving compositionality, information hiding, and flexibility. We illustrate how our type system, even if based on a small set of general primitives, is already able to tackle fairly challenging program idioms, involving aliasing at various types, concurrency with first-class threads, manipulation of linked data structures, behavioral borrowing, and invariant-based separation. 1.