GhostCell: separating permissions from data in Rust-Reference-Cited by-同舟云学术

GhostCell: separating permissions from data in Rust

Published:2021-08-22 Issue:ICFP Volume:5 Page:1-30
ISSN:2475-1421
Container-title:Proceedings of the ACM on Programming Languages
language:en
Short-container-title:Proc. ACM Program. Lang.

Author:

Yanovski Joshua¹,Dang Hoang-Hai¹,Jung Ralf¹,Dreyer Derek¹

Affiliation:

1. MPI-SWS, Germany

Abstract

The Rust language offers a promising approach to safe systems programming based on the principle of aliasing XOR mutability : a value may be either aliased or mutable, but not both at the same time. However, to implement pointer-based data structures with internal sharing, such as graphs or doubly-linked lists, we need to be able to mutate aliased state. To support such data structures, Rust provides a number of APIs that offer so-called interior mutability : the ability to mutate data via method calls on a shared reference. Unfortunately, the existing APIs sacrifice flexibility, concurrent access, and/or performance, in exchange for safety. In this paper, we propose a new Rust API called GhostCell which avoids such sacrifices by separating permissions from data : it enables the user to safely synchronize access to a collection of data via a single permission. GhostCell repurposes an old trick from typed functional programming: branded types (as exemplified by Haskell’s ST monad), which combine phantom types and rank-2 polymorphism to simulate a lightweight form of state-dependent types. We have formally proven the soundness of GhostCell by adapting and extending RustBelt, a semantic soundness proof for a representative subset of Rust, mechanized in Coq.

Funder

European Research Council

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3473597

Reference34 articles.

1. The Design and Formalization of Mezzo, a Permission-Based Programming Language

2. Semantics of fractional permissions with nesting

3. crossbeam. 2021. crossbeam. https://crates.io/crates/crossbeam crossbeam. 2021. crossbeam. https://crates.io/crates/crossbeam

4. Manuel Fähndrich and Robert DeLine. 2002. Adoption and Focus: Practical Linear Types for Imperative Programming. In PLDI. https://doi.org/10.1145/512529.512532 10.1145/512529.512532 Manuel Fähndrich and Robert DeLine. 2002. Adoption and Focus: Practical Linear Types for Imperative Programming. In PLDI. https://doi.org/10.1145/512529.512532 10.1145/512529.512532

Cited by 14 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Taming shared mutable states of operating systems in Rust;Science of Computer Programming;2024-12

2. When Is Parallelism Fearless and Zero-Cost with Rust?;Proceedings of the 36th ACM Symposium on Parallelism in Algorithms and Architectures;2024-06-17

3. OxiDD;Lecture Notes in Computer Science;2024

4. Towards Safe HPC: Productivity and Performance via Rust Interfaces for a Distributed C++ Actors Library (Work in Progress);Proceedings of the 20th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes;2023-10-19

5. Reference Capabilities for Flexible Memory Management;Proceedings of the ACM on Programming Languages;2023-10-16