A survey on the use of access permission-based specifications for program verification

•A first survey on the use of access permission-based specifications for program verification.•Categorization on purpose of research done and the use of types of access permissions.•Compare and contrast existing work based on defined criteria to highlight their similarities and differences.•Insight into research challenges in the existing work and suggest future directions. Verifying the correctness and reliability of imperative and object-oriented programs is one of the grand challenges in computer science. In imperative programming models, programmers introduce concurrency manually by using explicit concurrency constructs such as multi-threading. Multi-threaded programs are prone to synchronization problems such as data races and dead-locks, and verifying API protocols in object-oriented programs is a non-trivial task due to improper and unexpected state transition at run time. This is in part due to the unexpected sharing of program states in such programs. With these considerations in mind, access permissions have been investigated as a means to reasoning about the correctness of such programs. Access permissions are abstract capabilities that characterize the way a shared resource can be accessed by multiple references. This paper provides a comprehensive survey of existing access permission-based verification approaches. We describe different categories of permissions and permission-based contracts. We elaborate how permission-based specifications have been used to ensure compliance of API protocols and to avoid synchronization problems in concurrent programs. We compare existing approaches based on permission usage, analysis performed, language and/or tool supported, and properties being verified. Finally, we provide insight into the research challenges posed by existing approaches and suggest future directions.