Abstract
Automated verification of functional correctness of imperative programs with references (a.k.a. pointers) is challenging because of reference aliasing. Ownership types have recently been applied to address this issue, but the existing approaches were limited in that they are effective only for a class of programs whose reference usage follows a certain style. To relax the limitation, we combine the approaches of ConSORT (based on fractional ownership) and RustHorn (based on borrowable ownership), two recent approaches to automated program verification based on ownership types, and propose the notion of borrowable fractional ownership types. We formalize a new type system based on the borrowable fractional ownership types and show how we can use it to automatically reduce the program verification problem for imperative programs with references to that for functional programs without references. We also show the soundness of our type system and the translation, and conduct experiments to confirm the effectiveness of our approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For formalization, RustHorn inherits the type system of \(\lambda _{\text {Rust}}\), a core calculus for Rust by Jung et al. [16].
- 2.
Unlike ConSORT, we do not have refinement predicates because we follow the translation-based approach of RustHorn for verification.
- 3.
This is not the case for shared (a.k.a. immutable) references in Rust, but our type system also subsumes these references.
- 4.
If a variable x only appears in one of the type environment, say \( x \in {\textrm{dom}}(\varGamma )\) but \( x \notin {\textrm{dom}}(\varGamma ') \), \( (\varGamma + \varGamma ')(x) \) is given as \( \varGamma (x) \).
- 5.
If we want to disallow dereferencing references of ownership 0 we may add a premise \( r > 0 \) to (T-Deref); it is a matter of preference.
- 6.
Strictly speaking, \( \mathcal L' \), \( \varGamma ' \) and \( \tau \) also changes when a function is called.
- 7.
This translation process can be automated if we require programmers to provide type annotations or if the type inference mentioned in Sect. 7 is worked out.
References
Rust. https://www.rust-lang.org/. Accessed 20 Aug 2023
Abadi, M., Lamport, L.: The existence of refinement mappings. Theoret. Comput. Sci. 82(2), 253–284 (1991). https://doi.org/10.1016/0304-3975(91)90224-P
Astrauskas, V., et al.: The Prusti project: formal verification for Rust. In: Deshmukh, J.V., Havelund, K., Perez, I. (eds.) NASA Formal Methods: 14th International Symposium, NFM 2022, Pasadena, CA, USA, 24–27 May 2022, Proceedings, pp. 88–108. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-06773-0_5
Bao, Y., Wei, G., Bračevac, O., Jiang, Y., He, Q., Rompf, T.: Reachability types: tracking aliasing and separation in higher-order functional programs. Proc. ACM Program. Lang. 5(OOPSLA), 1–32 (2021). https://doi.org/10.1145/3485516
Boyapati, C., Lee, R., Rinard, M.: Ownership types for safe programming: preventing data races and deadlocks. In: Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2002, pp. 211–230. Association for Computing Machinery, New York, NY, USA, November 2002. https://doi.org/10.1145/582419.582440
Boyland, J.: Checking interference with fractional permissions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 55–72. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-44898-5_4
Calcagno, C., Parkinson, M., Vafeiadis, V.: Modular safety checking for fine-grained concurrency. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 233–248. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74061-2_15
Crichton, W., Patrignani, M., Agrawala, M., Hanrahan, P.: Modular information flow through ownership. In: Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation. ACM, New York, NY, USA, June 2022. https://doi.org/10.1145/3519939.3523445
Denis, X., Jourdan, J.H., Marché, C.: CREUSOT: a foundry for the deductive verification of Rust programs. In: Riesco, A., Zhang, M. (eds.) Formal Methods and Software Engineering: 23rd International Conference on Formal Engineering Methods, ICFEM 2022, Madrid, Spain, 24–27 October 2022, Proceedings, pp. 90–105. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-17244-1_6
Filliâtre, J.-C., Paskevich, A.: Why3—where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_8
Fromherz, A., et al.: Steel: proof-oriented programming in a dependently typed concurrent separation logic. Proc. ACM Program. Lang. 5(ICFP), 1–30 (2021). https://doi.org/10.1145/3473590
Gäher, L., et al.: Simuliris: a separation logic framework for verifying concurrent program optimizations. Proc. ACM Program. Lang. 6(POPL), 1–31 (2022). https://doi.org/10.1145/3498689
Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.A.: The SeaHorn verification framework. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 343–361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_20
Ho, S., Protzenko, J.: Aeneas: rust verification by functional translation. Proc. ACM Program. Lang. 6(ICFP), 711–741 (2022). https://doi.org/10.1145/3547647
Jim, T., Morrisett, J.G., Grossman, D., Hicks, M.W., Cheney, J., Wang, Y.: Cyclone: a safe dialect of C. In: Proceedings of the General Track of the Annual Conference on USENIX Annual Technical Conference, ATEC 2002, pp. 275–288. USENIX Association, USA (2002). http://dl.acm.org/citation.cfm?id=647057.713871
Jung, R., Jourdan, J.H., Krebbers, R., Dreyer, D.: RustBelt: securing the foundations of the Rust programming language. Proc. ACM Program. Lang. 2(POPL), 1–34 (2017). https://doi.org/10.1145/3158154
Jung, R., et al.: The future is ours: prophecy variables in separation logic. Proc. ACM Program. Lang. 4(POPL), 1–32 (2019). https://doi.org/10.1145/3371113
Kahsai, T., Rümmer, P., Sanchez, H., Schäf, M.: JayHorn: a framework for verifying Java programs. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9779, pp. 352–358. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41528-4_19
Kobayashi, N.: HorSat2: a saturation-based higher-order model checker (2015). http://www-kb.is.s.u-tokyo.ac.jp/~koba/horsat2. Accessed 6 Sept 2023
Lehmann, N., Geller, A.T., Vazou, N., Jhala, R.: Flux: liquid types for Rust. Proc. ACM Program. Lang. 7(PLDI), 1533–1557 (2023). https://doi.org/10.1145/3591283
Matsakis, N.D., Klock, F.S.: The Rust language. In: Proceedings of the 2014 ACM SIGAda Annual Conference on High Integrity Language Technology, HILT 2014, pp. 103–104. Association for Computing Machinery, New York, NY, USA, October 2014. https://doi.org/10.1145/2663171.2663188
Matsushita, Y., Tsukada, T., Kobayashi, N.: RustHorn: CHC-based verification for Rust programs. ACM Trans. Program. Lang. Syst. 43(4), 1–54 (2021). https://doi.org/10.1145/3462205
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
Müller, P., Schwerhoff, M., Summers, A.J.: Viper: a verification infrastructure for permission-based reasoning. In: Jobstmann, B., Leino, K.R.M. (eds.) VMCAI 2016. LNCS, vol. 9583, pp. 41–62. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49122-5_2
Nakayama, T., Matsushita, Y., Sakayori, K., Sato, R., Kobayashi, N.: Borrowable fractional ownership types for verification (Extended Version) (2023). https://doi.org/10.48550/arXiv.2310.20430
Sammler, M., Lepigre, R., Krebbers, R., Memarian, K., Dreyer, D., Garg, D.: RefinedC: automating the foundational verification of C code with refined ownership types. In: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation. ACM, New York, NY, USA, June 2021. https://doi.org/10.1145/3453483.3454036
Sato, R., Unno, H., Kobayashi, N.: Towards a scalable software model checker for higher-order programs. In: Proceedings of the ACM SIGPLAN 2013 Workshop on Partial Evaluation and Program Manipulation, PEPM 2013, pp. 53–62. Association for Computing Machinery, New York, NY, USA (2013). https://doi.org/10.1145/2426890.2426900
Sergey, I., Clarke, D.: Gradual ownership types. In: Seidl, H. (ed.) ESOP 2012. LNCS, vol. 7211, pp. 579–599. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28869-2_29
Suenaga, K., Kobayashi, N.: Fractional ownerships for safe memory deallocation. In: Hu, Z. (ed.) APLAS 2009. LNCS, vol. 5904, pp. 128–143. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10672-9_11
Swamy, N., Rastogi, A., Fromherz, A., Merigoux, D., Ahman, D., Martínez, G.: SteelCore: an extensible concurrent separation logic for effectful dependently typed programs. Proc. ACM Program. Lang. 4(ICFP), 1–30 (2020). https://doi.org/10.1145/3409003
Toman, J., Siqi, R., Suenaga, K., Igarashi, A., Kobayashi, N.: ConSORT: context- and flow-sensitive ownership refinement types for imperative programs. In: ESOP 2020. LNCS, vol. 12075, pp. 684–714. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44914-8_25
Acknowledgements
We would like to thank anonymous referees for their useful comments. This work was supported by JSPS KAKENHI Grant Number JP20H05703 and JP22KJ0561.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Nakayama, T., Matsushita, Y., Sakayori, K., Sato, R., Kobayashi, N. (2024). Borrowable Fractional Ownership Types for Verification. In: Dimitrova, R., Lahav, O., Wolff, S. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2024. Lecture Notes in Computer Science, vol 14500. Springer, Cham. https://doi.org/10.1007/978-3-031-50521-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-50521-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-50520-1
Online ISBN: 978-3-031-50521-8
eBook Packages: Computer ScienceComputer Science (R0)