Semantics. Figure 3 defines the semantic domains and the inference rules for a big-step evaluation judgment of the form ▇, R, W € H; u; e ‹→ Hj; uj; v ∈ R W R W This judgment declares that given a variable environment ρ and indexed collections and of read and write permissions, the expression e transforms the initial heap H to the final ▇▇▇▇ ▇▇ and returns value v. Furthermore, it threads a time stamp u, uj Stamp that is incremented at each property write operation and at each permit expression. The permission collections and are indexed by the time stamps of the heaps for which the permissions were granted. The time stamp of a permission uniquely identifies different executions of permit expressions and determines their relative order with respect to heap modifications. ∈ M M A value v Val is either a reference or a closure consisting of an environment and a lambda expression. The representation of a reference is a pair of a heap address A and a collection of access paths, indexed by time stamps. The collection records all permitted access paths that have been traversed during evaluation so far to obtain this reference value. The indexing is again used for marking modifications with time stamps. This representation is dictated by the design choice of path dependency (see Sec. 2.1). A heap maps a location to an object and an object maps a property name to a pair of a time stamp and a value. The time stamp indicates the time of the write operation that last assigned the property. It is required to implement the “sticky update” from Sec. 2.4. ▇, R, W € H; u; e0 ‹→ H ; u ; (ρ , λx.e) ρ, R, W € Hj; uj; e1 ‹→ Hjj; ujj; v1 ρj[x ›→ v1], R, W € Hjj; ujj; e ‹→ Hjjj; ujjj; v ▇, R, W € H; u; e0(e1) ‹→ Hjjj; ujjj; v NEW A ∈/ dom(H) ρ, R, W € H; u; new ‹→ H[A ›→ ∅]; u; (A, ∅) PUT ▇, R, W € H; u; e1 ‹→ Hj; uj; (A, M) ▇, R, W € Hj; uj; e2 ‹→ Hjj; ujj; v W €chk M.p Hjjj = Hjj[A ›→ Hjj(A)[p ›→ (ujj, v)]] ▇, R, W € H; u; e1.p := e2 ‹→ Hjjj; ujj + 1; v GET ▇, R, W € H; u; e ‹→ Hj; uj; (A, M) R €chk M.p < ▇, R, W € H; u; e.p ‹→ Hj; uj; M.p Hj(A)(p) PERMIT ρj, R[u ›→ Lr ], W[u ›→ Lw ] € H; u + 1; e ‹→ Hj; uj; v ρj = ρ[x ›→ ρ(x) a [u ›→ ε]] ▇, R, W € H; u; permit x : Lr, Lw in e ‹→ Hj; uj; v
Appears in 2 contracts
Sources: Access Permission Contracts, Access Permission Contracts