TypeDis: A Type System for Disentanglement

TL;DR

TypeDis is a novel type system that automatically verifies disentanglement in parallel programs, reducing manual proof effort and ensuring safe memory management through static type checking.

Contribution

It introduces TypeDis, a type system with timestamp annotations supporting polymorphism and subtyping, enabling automatic disentanglement verification in parallel programs.

Findings

TypeDis guarantees disentanglement for well-typed programs.

The system is mechanized and verified in the Rocq proof assistant.

TypeDis supports polymorphism and timestamp subtyping, enhancing flexibility.

Abstract

Disentanglement is a runtime property of parallel programs guaranteeing that parallel tasks remain oblivious to each other's allocations. As demonstrated in the MaPLe compiler and run-time system, disentanglement can be exploited for fast automatic memory management, especially task-local garbage collection with no synchronization between parallel tasks. However, as a low-level property, disentanglement can be difficult to reason about for programmers. The only means of statically verifying disentanglement so far has been DisLog, an Iris-fueled variant of separation logic, mechanized in the Rocq proof assistant. DisLog is a fully-featured program logic, allowing for proof of functional correctness as well as verification of disentanglement. Yet its employment requires significant expertise and per-program proof effort. This paper explores the route of automatic verification via a type system, ensuring that any well-typed program is disentangled and lifting the burden of carrying out manual proofs from the programmer. It contributes TypeDis, a type system inspired by region types, where each type is annotated with a timestamp, identifying the task that allocated it. TypeDis supports iso-recursive types as well as polymorphism over both types and timestamps. Crucially, timestamps are allowed to change during type-checking, at join points as well as via a form of subtyping, dubbed subtiming. The paper illustrates TypeDis and its features on a range of examples. The soundness of TypeDis and the examples are mechanized in the Rocq proof assistant, using an improved version of DisLog, dubbed DisLog2.