. We describe an extension of Hoare's logic for reasoning about programs that alter data structures. We consider a low-level storage model based on a heap with associated lookup, update, allocation and deallocation operations, and unrestricted address arithmetic. The assertion language is based on a possible worlds model of the logic of bunched implications, and includes spatial conjunction and implication connectives alongside those of classical logic. Heap operations are axiomatized using what we call the \small axioms", each of which mentions only those cells accessed by a particular command. Through these and a number of examples we show that the formalism supports local reasoning: A speci- cation and proof can concentrate on only those cells in memory that a program accesses. This paper builds on earlier work by Burstall, Reynolds, Ishtiaq and O'Hearn on reasoning about data structures. 1

Today's type-safe low-level languages rely on garbage collection to recycle heap-allocated objects safely. We present LTAL, a safe, low-level, yet simple language that "stands on its own": it guarantees safe execution within a fixed memory space, without relying on external run-time support. We demonstrate the expressiveness of LTAL by giving a type-preserving compiler for the functional core of ML. But this independence comes at a steep price: LTAL's type system imposes a draconian discipline of linearity that ensures that memory can be reused safely, but prohibits any useful kind of sharing. We present the results of experiments with a prototype LTAL system that show just how high the price of linearity can be.

Abstract not found

a higher-order CBV language with recursion and dynamically allocated mutable references that may store both ground data and the addresses of other references, but not functions. This model is adequate, though far from fully abstract. We then develop a relational reasoning principle over the denotational model, and show how it may be used to establish various contextual equivalences involving allocation and encapsulation of store. 1

A parametric logical relation between the phrases of an Algol-like language is presented. Its definition involves the structural operational semantics of the language, but was inspired by recent denotationally-based work of O’Hearn and Reynolds on translating Algol into a predicatively polymorphic linear lambda calculus. The logical relation yields an applicative characterisation of contextual equivalence for the language and provides a useful (and complete) method for proving equivalences. Its utility is illustrated by giving simple and direct proofs of some contextual equivalences, including an interesting equivalence due to O’Hearn which hinges upon the undefinability of ‘snapback ’ operations (and which goes beyond the standard suite of ‘Meyer-Sieber ’ examples). Whilst some of the mathematical intricacies of denotational semantics are avoided, the hard work in this operational approach lies in establishing the ‘fundamental property’ for the logical relation—the proof of which makes use of a compactness property of fixpoint recursion with respect to evaluation of phrases. But once this property has been established, the logical relation provides a verification method with an attractively low mathematical overhead. 1.

This work is dedicated to my parents. Acknowledgments Firstly, and foremost, I would like to thank my principal advisor, Frank Pfenning, for his patience with me, and for teaching me most of what I know about logic and type theory. I would also like to acknowledge some useful discussions with Kevin Watkins which led me to simplify some of this work. Finally, I would like to thank my other advisor, John Reynolds, for all his kindness and support over the last five years. Abstract This thesis introduces a new logical system, ordered linear logic, which combines reasoning with unrestricted, linear, and ordered hypotheses. The logic conservatively extends (intuitionistic) linear logic, which contains both unrestricted and linear hypotheses, with a notion of ordered hypotheses. Ordered hypotheses must be used exactly once, subject to the order in which they were assumed (i.e., their order cannot be changed during the course of a derivation). This ordering constraint allows for logical representations of simple data structures such as stacks and queues. We construct ordered linear logic in the style of Martin-L"of from the basic notion of a hypothetical judgement. We then show normalization for the system by constructing a sequent calculus presentation and proving cut-elimination of the sequent system.

Plotkin has advocated the combination of linear lambda calculus, polymorphism and fixed point recursion as an expressive semantic metalanguage. We study its expressive power from an operational point of view. We show that the naturally call-by-value operators of linear lambda calculus can be given a call-by-name semantics without affecting termination at exponential types and hence without affecting ground contextual equivalence. This result is used to prove properties of a logical relation that provides a new extensional characterisation of ground contextual equivalence and relational parametricity properties of polymorphic types.

We show how to translate the region calculus of Tofte and Talpin, a typed lambda calculus that can statically delimit the lifetimes of objects, into an extension of the polymorphic lambda calculus called F # . We give a denotational semantics of F # , and use it to give a simple and abstract proof of the correctness of memory deallocation. 1 Introduction Implementations of modern programming languages divide dynamically allocated memory into two parts. The stack is used for data that has a simple last-in, first-out lifetime determined by block structure; the other part (often called the heap) is used for data whose lifetime extends beyond the scope of program blocks. The heap is periodically "garbage collected" to reclaim memory that is no longer needed. Tofte and Talpin's region calculus [23] attempts to unify these two styles of memory management. The region calculus divides memory into regions, and provides a local scoping mechanism for those regions. Every value created by the pro...

Abstract not found

We study a typing scheme derived from a semantic situation where a single category possesses several closed structures, corresponding to dierent varieties of function type. In this scheme typing contexts are trees built from two (or more) binary combining operations, or in short, bunches. Bunched typing and its logical counterpart, bunched implications, have arisen in joint work of the author and David Pym. The present paper gives a basic account of the type system, and then focusses on concrete models that illustrate how it may be understood in terms of resource access and sharing. The most