Uniqueness Types for Efficient and Verifiable Aliasing-Free Embedded Systems Programming

  • Tuur BenoitEmail author
  • Bart Jacobs
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11918)


An important consequence of only having value types in an aliasing-free programming language is the significant reduction in annotation burden to verify programs using semi-automatic proof systems. However, values in such language are often copied implicitly which is detrimental to the execution speed and memory usage of practical systems. Moreover, embedded systems programmers need fine-grained control over the circumstances at which data is copied to be able to predict memory use and execution times.

This paper introduces a new approach to using uniqueness types to enable building efficient and verifiable embedded systems using an aliasing-free programming language. The idea is to use uniqueness types for enforcing at-most-once consumption of unique values. The proposed model of uniqueness of values enables compiler optimizations such as elimination of physical copies and in-place mutation. In addition, the proposed approach provides a lightweight notation for the programmer to control copying behavior.

We have implemented our method in Sim, a new language for the development of safety-critical software. Our validation cases suggest that our aliasing-free language allows one to verify the functional correctness of realistic embedded programs with only a small annotation overhead while keeping the run-time performance of the program up to par with hand-optimized code.


Formal verification Uniqueness types Aliasing-free 


  1. 1.
    Baker, H.G.: “Use-once” variables and linear objects: storage management, reflection and multi-threading. ACM SIGPLAN Not. 30(1), 45–52 (1995)CrossRefGoogle Scholar
  2. 2.
    Baudin, P., et al.: ACSL: ANSI/ISO C Specification Language Version 1.13, pp. 1–114 (2011)Google Scholar
  3. 3.
    Benoit, T.: Sim: a contract-based programming language for safety-critical software. In: Proceedings of the 38th Digital Avionics Systems Conference (DASC) (2019)Google Scholar
  4. 4.
    Benoit, T., Jacobs, B.: Uniqueness Types for Efficient and Verifiable Aliasing-Free Embedded Systems Programming - Extended Report. Technical report, Siemens Industry Software, Leuven, Belgium (2019).
  5. 5.
    Brady, E.: Idris, a general-purpose dependently typed programming language: design and implementation. J. Funct. Program. 23(05), 552–593 (2013)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Brus, T.H., van Eekelen, M.C.J.D., van Leer, M.O., Plasmeijer, M.J.: Clean — a language for functional graph rewriting. In: Kahn, G. (ed.) FPCA 1987. LNCS, vol. 274, pp. 364–384. Springer, Heidelberg (1987). Scholar
  7. 7.
    Girard, J.Y.: Linear logic. Theoret. Comput. Sci. 50(1), 1–101 (1987)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: VeriFast: a powerful, sound, predictable, fast verifier for C and Java. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 41–55. Springer, Heidelberg (2011). Scholar
  9. 9.
    Jacobs, B., Smans, J., Piessens, F.: The VeriFast Program Verifier: A Tutorial. Technical report, imec-DistriNet, Department of Computer Science, KU Leuven (2017)Google Scholar
  10. 10.
    Jaloyan, G.A., Moy, Y., Paskevich, A.: Borrowing safe pointers from rust in SPARK. In: International Conference on Computer-Aided Verification - 29th International Conference, Heidelberg, Germany (2018)Google Scholar
  11. 11.
    Jim, T., Morrisett, J.G., Grossman, D., Hicks, M.W., Cheney, J., Wang, Y.: Cyclone: a safe dialect of C. In: Proceedings of the USENIX Annual Technical Conference, pp. 275–288. USENIX Association, Berkeley, CA, USA (2002)Google Scholar
  12. 12.
    McCormick, J.W., Chapin, P.C.: Building High Integrity Applications with SPARK. Cambridge University Press, Cambridge (2015)Google Scholar
  13. 13.
    Munch-maccagnoni, G.: Resource Polymorphism (OCaml language with destructors, move semantics). Technical report (2018)Google Scholar
  14. 14.
    Rastello, F.: SSA-based Compiler Design. Springer Publishing Company, Incorporated, New York (2016)Google Scholar
  15. 15.
    Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science LICS 2002, pp. 55–74. IEEE Computer Society, Washington, DC, USA (2002)Google Scholar
  16. 16.
    Tov, J.A., Pucella, R.: Practical affine types. In: Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages POPL 2011, New York, USA, pp. 447–458 (2011)Google Scholar
  17. 17.
    Wadler, P.: Linear types can change the world! In: IFIP Working Conference on Programming Concepts and Methods. Sea of Gallilee, Israel (1990)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Siemens Industry SoftwareLeuvenBelgium
  2. 2.Depatment of Computer Science, imec-DistriNet Research GroupKU LeuvenLeuvenBelgium

Personalised recommendations