Skip to main content
SpringerLink
Log in

Borrowable Fractional Ownership Types for Verification

  • Conference paper
  • First Online:
Verification, Model Checking, and Abstract Interpretation (VMCAI 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14500))

  • 153 Accesses

Abstract

Automated verification of functional correctness of imperative programs with references (a.k.a. pointers) is challenging because of reference aliasing. Ownership types have recently been applied to address this issue, but the existing approaches were limited in that they are effective only for a class of programs whose reference usage follows a certain style. To relax the limitation, we combine the approaches of ConSORT (based on fractional ownership) and RustHorn (based on borrowable ownership), two recent approaches to automated program verification based on ownership types, and propose the notion of borrowable fractional ownership types. We formalize a new type system based on the borrowable fractional ownership types and show how we can use it to automatically reduce the program verification problem for imperative programs with references to that for functional programs without references. We also show the soundness of our type system and the translation, and conduct experiments to confirm the effectiveness of our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For formalization, RustHorn inherits the type system of \(\lambda _{\text {Rust}}\), a core calculus for Rust by Jung et al. [16].

  2. 2.

    Unlike ConSORT, we do not have refinement predicates because we follow the translation-based approach of RustHorn for verification.

  3. 3.

    This is not the case for shared (a.k.a. immutable) references in Rust, but our type system also subsumes these references.

  4. 4.

    If a variable x only appears in one of the type environment, say \( x \in {\textrm{dom}}(\varGamma )\) but \( x \notin {\textrm{dom}}(\varGamma ') \), \( (\varGamma + \varGamma ')(x) \) is given as \( \varGamma (x) \).

  5. 5.

    If we want to disallow dereferencing references of ownership 0 we may add a premise \( r > 0 \) to (T-Deref); it is a matter of preference.

  6. 6.

    Strictly speaking, \( \mathcal L' \), \( \varGamma ' \) and \( \tau \) also changes when a function is called.

  7. 7.

    This translation process can be automated if we require programmers to provide type annotations or if the type inference mentioned in Sect. 7 is worked out.

References

  1. Rust. https://www.rust-lang.org/. Accessed 20 Aug 2023

  2. Abadi, M., Lamport, L.: The existence of refinement mappings. Theoret. Comput. Sci. 82(2), 253–284 (1991). https://doi.org/10.1016/0304-3975(91)90224-P

    Article  MathSciNet  Google Scholar 

  3. Astrauskas, V., et al.: The Prusti project: formal verification for Rust. In: Deshmukh, J.V., Havelund, K., Perez, I. (eds.) NASA Formal Methods: 14th International Symposium, NFM 2022, Pasadena, CA, USA, 24–27 May 2022, Proceedings, pp. 88–108. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-06773-0_5

  4. Bao, Y., Wei, G., Bračevac, O., Jiang, Y., He, Q., Rompf, T.: Reachability types: tracking aliasing and separation in higher-order functional programs. Proc. ACM Program. Lang. 5(OOPSLA), 1–32 (2021). https://doi.org/10.1145/3485516

  5. Boyapati, C., Lee, R., Rinard, M.: Ownership types for safe programming: preventing data races and deadlocks. In: Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2002, pp. 211–230. Association for Computing Machinery, New York, NY, USA, November 2002. https://doi.org/10.1145/582419.582440

  6. Boyland, J.: Checking interference with fractional permissions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 55–72. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-44898-5_4

    Chapter  Google Scholar 

  7. Calcagno, C., Parkinson, M., Vafeiadis, V.: Modular safety checking for fine-grained concurrency. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 233–248. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74061-2_15

    Chapter  Google Scholar 

  8. Crichton, W., Patrignani, M., Agrawala, M., Hanrahan, P.: Modular information flow through ownership. In: Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation. ACM, New York, NY, USA, June 2022. https://doi.org/10.1145/3519939.3523445

  9. Denis, X., Jourdan, J.H., Marché, C.: CREUSOT: a foundry for the deductive verification of Rust programs. In: Riesco, A., Zhang, M. (eds.) Formal Methods and Software Engineering: 23rd International Conference on Formal Engineering Methods, ICFEM 2022, Madrid, Spain, 24–27 October 2022, Proceedings, pp. 90–105. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-17244-1_6

  10. Filliâtre, J.-C., Paskevich, A.: Why3—where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_8

    Chapter  Google Scholar 

  11. Fromherz, A., et al.: Steel: proof-oriented programming in a dependently typed concurrent separation logic. Proc. ACM Program. Lang. 5(ICFP), 1–30 (2021). https://doi.org/10.1145/3473590

  12. Gäher, L., et al.: Simuliris: a separation logic framework for verifying concurrent program optimizations. Proc. ACM Program. Lang. 6(POPL), 1–31 (2022). https://doi.org/10.1145/3498689

  13. Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.A.: The SeaHorn verification framework. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 343–361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_20

    Chapter  Google Scholar 

  14. Ho, S., Protzenko, J.: Aeneas: rust verification by functional translation. Proc. ACM Program. Lang. 6(ICFP), 711–741 (2022). https://doi.org/10.1145/3547647

  15. Jim, T., Morrisett, J.G., Grossman, D., Hicks, M.W., Cheney, J., Wang, Y.: Cyclone: a safe dialect of C. In: Proceedings of the General Track of the Annual Conference on USENIX Annual Technical Conference, ATEC 2002, pp. 275–288. USENIX Association, USA (2002). http://dl.acm.org/citation.cfm?id=647057.713871

  16. Jung, R., Jourdan, J.H., Krebbers, R., Dreyer, D.: RustBelt: securing the foundations of the Rust programming language. Proc. ACM Program. Lang. 2(POPL), 1–34 (2017). https://doi.org/10.1145/3158154

  17. Jung, R., et al.: The future is ours: prophecy variables in separation logic. Proc. ACM Program. Lang. 4(POPL), 1–32 (2019). https://doi.org/10.1145/3371113

  18. Kahsai, T., Rümmer, P., Sanchez, H., Schäf, M.: JayHorn: a framework for verifying Java programs. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9779, pp. 352–358. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41528-4_19

    Chapter  Google Scholar 

  19. Kobayashi, N.: HorSat2: a saturation-based higher-order model checker (2015). http://www-kb.is.s.u-tokyo.ac.jp/~koba/horsat2. Accessed 6 Sept 2023

  20. Lehmann, N., Geller, A.T., Vazou, N., Jhala, R.: Flux: liquid types for Rust. Proc. ACM Program. Lang. 7(PLDI), 1533–1557 (2023). https://doi.org/10.1145/3591283

  21. Matsakis, N.D., Klock, F.S.: The Rust language. In: Proceedings of the 2014 ACM SIGAda Annual Conference on High Integrity Language Technology, HILT 2014, pp. 103–104. Association for Computing Machinery, New York, NY, USA, October 2014. https://doi.org/10.1145/2663171.2663188

  22. Matsushita, Y., Tsukada, T., Kobayashi, N.: RustHorn: CHC-based verification for Rust programs. ACM Trans. Program. Lang. Syst. 43(4), 1–54 (2021). https://doi.org/10.1145/3462205

    Article  Google Scholar 

  23. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  24. Müller, P., Schwerhoff, M., Summers, A.J.: Viper: a verification infrastructure for permission-based reasoning. In: Jobstmann, B., Leino, K.R.M. (eds.) VMCAI 2016. LNCS, vol. 9583, pp. 41–62. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49122-5_2

  25. Nakayama, T., Matsushita, Y., Sakayori, K., Sato, R., Kobayashi, N.: Borrowable fractional ownership types for verification (Extended Version) (2023). https://doi.org/10.48550/arXiv.2310.20430

  26. Sammler, M., Lepigre, R., Krebbers, R., Memarian, K., Dreyer, D., Garg, D.: RefinedC: automating the foundational verification of C code with refined ownership types. In: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation. ACM, New York, NY, USA, June 2021. https://doi.org/10.1145/3453483.3454036

  27. Sato, R., Unno, H., Kobayashi, N.: Towards a scalable software model checker for higher-order programs. In: Proceedings of the ACM SIGPLAN 2013 Workshop on Partial Evaluation and Program Manipulation, PEPM 2013, pp. 53–62. Association for Computing Machinery, New York, NY, USA (2013). https://doi.org/10.1145/2426890.2426900

  28. Sergey, I., Clarke, D.: Gradual ownership types. In: Seidl, H. (ed.) ESOP 2012. LNCS, vol. 7211, pp. 579–599. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28869-2_29

    Chapter  Google Scholar 

  29. Suenaga, K., Kobayashi, N.: Fractional ownerships for safe memory deallocation. In: Hu, Z. (ed.) APLAS 2009. LNCS, vol. 5904, pp. 128–143. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10672-9_11

    Chapter  Google Scholar 

  30. Swamy, N., Rastogi, A., Fromherz, A., Merigoux, D., Ahman, D., Martínez, G.: SteelCore: an extensible concurrent separation logic for effectful dependently typed programs. Proc. ACM Program. Lang. 4(ICFP), 1–30 (2020). https://doi.org/10.1145/3409003

  31. Toman, J., Siqi, R., Suenaga, K., Igarashi, A., Kobayashi, N.: ConSORT: context- and flow-sensitive ownership refinement types for imperative programs. In: ESOP 2020. LNCS, vol. 12075, pp. 684–714. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44914-8_25

    Chapter  Google Scholar 

Download references

Acknowledgements

We would like to thank anonymous referees for their useful comments. This work was supported by JSPS KAKENHI Grant Number JP20H05703 and JP22KJ0561.

Author information

Authors and Affiliations

  1. The University of Tokyo, Tokyo, Japan

    Takashi Nakayama, Yusuke Matsushita, Ken Sakayori, Ryosuke Sato & Naoki Kobayashi

Authors
  1. Takashi Nakayama
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yusuke Matsushita
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ken Sakayori
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ryosuke Sato
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Naoki Kobayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takashi Nakayama .

Editor information

Editors and Affiliations

  1. CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

    Rayna Dimitrova

  2. Tel Aviv University, Tel Aviv, Israel

    Ori Lahav

  3. New York University, New York, NY, USA

    Sebastian Wolff

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nakayama, T., Matsushita, Y., Sakayori, K., Sato, R., Kobayashi, N. (2024). Borrowable Fractional Ownership Types for Verification. In: Dimitrova, R., Lahav, O., Wolff, S. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2024. Lecture Notes in Computer Science, vol 14500. Springer, Cham. https://doi.org/10.1007/978-3-031-50521-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-50521-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-50520-1

  • Online ISBN: 978-3-031-50521-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation