Accessibility permissions can be checked/acquired at runtime by inserting an additional field into the struct for each original field. For example, if we have a struct with int value;, we add an additional field bool value_perm; that will be true if the permission is currently acquired and false if it is not currently acquired.
If a function includes an optimistically assumed precondition of acc(a->value):
assert(!a->value_perm);- Assert thata->valueis not currently accessible to any other method.a->value_perm = true;- Acquire accessibility ofa->value.
If a function includes an optimistically assumed postcondition of ensures acc(a->value):
assert(a->value_perm);- Assert thata->valueis currently accessible to this method.a->value_perm = false;- Release accessibility ofa->value.
- We cannot rewrite library structs to include permission fields, but library structs are required to be undefined. Therefore the individual fields of library structs cannot be accessed which removed the need for accessibility checks of these fields.
- If an accessibility permission is optimistically assumed for an
ensuresorrequires, is the corresponding accessibility permission also assumed? For example, ifrequires acc(a->b);is assumed, isensures acc(a->b);also assumed so that the permission is not lost?