, we link ProtoError to MsgError using contracts. Second, we link the run-time semantics to the proof-dependent operational semantics. Third, we link the absence of memory leaks in the proof to the same property for the run-time semantics. The first point proceeds directly from the subject reduction lemma
, For all programs p, for all states ? , if the following holds ? ? is well-formed ? p, ? * ProtoError ? p, ? * OwnError then p, ? * MsgError, Lemma, vol.60
Since the contract is valid, the latter configuration cannot be faulty and hence is distinct from (q, q , w, w ). It suffices to show that CONFS(? , ?, ? ) contains exactly one configuration to derive a contradiction: ? if the error is an orphan message, then ?, ? are fully owned at closure, so their states are uniquely determined ,
, ? if the error is an unspecified reception, then ? must be owned, but note that cstate(? )(? ) may be undefined. This means that q 1 = q, but not necessarily that q 1 = q. However, due to the definition of unspecified receptions, vol.2
, The connection between the run-time semantics and the proof-based semantics uses flattening of open states (Definition 32)
, For all p, ? , ? , 1. if p, ? ? error, then p
for some ? such that C(p ) = p and C(flat(? )) = ?. By straightforward induction, this lemma states that any error in the run-time semantics can be lifted to an error in the instrumented semantics: if p, ? ? * error ,
, We prove each point separately. For the first point, assume that p, ? ? error; one of the following cases holds: ? an OwnError is triggered because C(p), C(flat(? )) ? OwnError: then we also have p, ? OwnError thanks to safety monotonicity, Proof. Assume C(flat(? ))
, C(flat(? )) ? MsgError: the error depends only on the first message identifier in the queue causing the error, which is the same in ? and C(flat(? )), hence p, ? an MsgError is triggered because C(p)
, C(flat(? )) ? p , ? under emp(?), and if p, ? error, p, ? p , ? under ?. Then the footprint lost from (resp. added to) h 1 during that step will go inside, ? A channel instruction is executed that transfers ownership: C(p)
, ? Any other operational rule is triggered: the semantics match
, Finally, the following lemma will be the cornerstone of the proof that proved programs do not leak memory that is not
, Android Open Source Project, 2013.
Global progress in dynamically interleaved multiparty sessions, CONCUR, pp.418-433, 2008. ,
Typing copyless message passing, ESOP, pp.57-76, 2011. ,
Typing copyless message passing, Log. Methods Comput. Sci, vol.8, 2012. ,
Permission accounting in separation logic, pp.259-270, 2005. ,
Checking interference with fractional permissions, pp.55-72, 2003. ,
On communicating finite-state machines, J. ACM, vol.30, pp.323-342, 1983. ,
A semantics for concurrent separation logic, CONCUR 2004-Concurrency Theory, pp.16-34, 2004. ,
Local action and abstract separation logic, LICS, pp.366-378, 2007. ,
Dynamic multirole session types, POPL, ACM, pp.435-446, 2011. ,
Multiparty session types meet communicating automata, ESOP, pp.194-213, 2012. ,
A fresh look at separation algebras and share accounting, APLAS, pp.161-177, 2009. ,
Language support for fast and reliable message-based communication in Singularity OS, pp.177-190, 2006. ,
Permission-based separation logic for message-passing concurrency, 2011. ,
A type checking algorithm for qualified session types, pp.96-114, 2011. ,
URL : https://hal.archives-ouvertes.fr/hal-00644061
A linear account of session types in the pi calculus, CONCUR, pp.432-446, 2010. ,
, Local reasoning for storable locks and threads, pp.19-37, 2007.
On the progress of communication between two finite state machines, Inf. Control, vol.63, pp.200-216, 1984. ,
Barriers in concurrent separation logic, ESOP, pp.276-296, 2011. ,
Language primitives and type discipline for structured communication-based programming, pp.122-138, 1998. ,
Session-based distributed programming in Java, ECOOP, pp.516-541, 2008. ,
, Singularity: rethinking the software stack, vol.41, pp.37-49, 2007.
A partially deadlock-free typed process calculus, ACM Trans. Program. Lang. Syst, vol.20, pp.436-482, 1998. ,
Deadlock-free channels and locks, Proceedings of ESOP 2010, pp.407-426, 2010. ,
Reliable contracts for unreliable half-duplex communications, WS-FM, pp.2-16, 2011. ,
Shared contract-obedient endpoints, pp.17-31, 2012. ,
Locality in the pi-calculus and applications to distributed objects, 2000. ,
, CONCUR 2004-Concurrency Theory, pp.49-67, 2004.
Footprints in local reasoning, Log. Methods Comput. Sci, vol.5, 2009. ,
An interaction-based language and its typing system, PARLE, pp.398-413, 1994. ,
, A resource analysis of the pi-calculus, CoRR, 2011.
Heaps and hops, 2011. ,
Proving copyless message passing, pp.194-209, 2009. ,