Results 1  10
of
50
Design of the Programming Language Forsythe
, 1996
"... This is a description of the programming language Forsythe, which is a descendant of Algol 60 intended to be as uniform and general as possible, while retaining the basic character of its progenitor. This document supercedes Report CMUCS88159, "Preliminary Design of the Programming Language Fo ..."
Abstract

Cited by 111 (0 self)
 Add to MetaCart
This is a description of the programming language Forsythe, which is a descendant of Algol 60 intended to be as uniform and general as possible, while retaining the basic character of its progenitor. This document supercedes Report CMUCS88159, "Preliminary Design of the Programming Language Forsythe" [1]. c fl1996 John C. Reynolds Research suuported by National Science Foundation Grant CCR9409997. Keywords: Forsythe, Algollike languages, Algol 60, intersection types 1. Introduction In retrospect, it is clear that Algol 60 [2, 3] was an heroic and surprisingly successful attempt to design a programming language from first principles. Its creation gave a formidable impetus to the development and use of theory in language design and implementation, which has borne rich fruit in the intervening thirtysix years. Most of this work has led to languages that are quite different than Algol 60, but there has been a continuing thread of concern with languages that retain the essentia...
Proving pointer programs in Hoare Logic
, 2000
"... . It is possible, but difficult, to reason in Hoare logic about programs which address and modify data structures defined by pointers. The challenge is to approach the simplicity of Hoare logic's treatment of variable assignment, where substitution affects only relevant assertion formul. The axio ..."
Abstract

Cited by 102 (7 self)
 Add to MetaCart
. It is possible, but difficult, to reason in Hoare logic about programs which address and modify data structures defined by pointers. The challenge is to approach the simplicity of Hoare logic's treatment of variable assignment, where substitution affects only relevant assertion formul. The axiom of assignment to object components treats each component name as a pointerindexed array. This permits a formal treatment of inductively defined data structures in the heap but tends to produce instances of modified component mappings in arguments to inductively defined assertions. The major weapons against these troublesome mappings are assertions which describe spatial separation of data structures. Three example proofs are sketched. 1 Introduction The power of the Floyd/Hoare treatment of imperative programs [8][11] lies in its use of variable substitution to capture the semantics of assignment: simply, R E x , the result of replacing every free occurrence of variable x in R by...
Bi hyperdoctrines, higherorder separation logic, and abstraction
 IN ESOP’05, LNCS
, 2005
"... We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and in ..."
Abstract

Cited by 57 (22 self)
 Add to MetaCart
We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and intuitionistic first and higherorder predicate BI, and use it to show that we may easily extend separation logic to higherorder. We also demonstrate that this extension is important for program proving, since it provides sound reasoning principles for data abstraction in the presence of
Regional logic for local reasoning about global invariants
 In European Conference on Object Oriented Programming (ECOOP
, 2008
"... Abstract. Shared mutable objects pose grave challenges in reasoning, especially for data abstraction and modularity. This paper presents a novel logic for erroravoiding partial correctness of programs featuring shared mutable objects. Using a first order assertion language, the logic provides heapl ..."
Abstract

Cited by 55 (9 self)
 Add to MetaCart
Abstract. Shared mutable objects pose grave challenges in reasoning, especially for data abstraction and modularity. This paper presents a novel logic for erroravoiding partial correctness of programs featuring shared mutable objects. Using a first order assertion language, the logic provides heaplocal reasoning about mutation and separation, via ghost fields and variables of type ‘region ’ (finite sets of object references). A new form of modifies clause specifies write, read, and allocation effects using region expressions; this supports effect masking and a frame rule that allows a command to read state on which the framed predicate depends. Soundness is proved using a standard program semantics. The logic facilitates heaplocal reasoning about object invariants: disciplines such as ownership are expressible but not hardwired in the logic. 1
An observationally complete program logic for imperative higherorder functions
 In Proc. LICS’05
, 2005
"... Abstract. We propose a simple compositional program logic for an imperative extension of callbyvalue PCF, built on Hoare logic and our preceding work on program logics for pure higherorder functions. A systematic use of names and operations on them allows precise and general description of comple ..."
Abstract

Cited by 39 (11 self)
 Add to MetaCart
Abstract. We propose a simple compositional program logic for an imperative extension of callbyvalue PCF, built on Hoare logic and our preceding work on program logics for pure higherorder functions. A systematic use of names and operations on them allows precise and general description of complex higherorder imperative behaviour. The proof rules of the logic exactly follow the syntax of the language and can cleanly embed, justify and extend the standard proof rules for total correctness of Hoare logic. The logic offers a foundation for general treatment of aliasing and local state on its basis, with minimal extensions. After establishing soundness, we prove that valid assertions for programs completely characterise their behaviour up to observational congruence, which is proved using a variant of finite canonical forms. The use of the logic is illustrated through reasoning examples which are hard to assert and infer using existing program logics.
Variance analyses from invariance analyses
 In POPL’2007: Principles of Programming Languages
, 2007
"... An invariance assertion for a program location ℓ is a statement that always holds at ℓ during execution of the program. Program invariance analyses infer invariance assertions that can be useful when trying to prove safety properties. We use the term variance assertion to mean a statement that holds ..."
Abstract

Cited by 38 (11 self)
 Add to MetaCart
An invariance assertion for a program location ℓ is a statement that always holds at ℓ during execution of the program. Program invariance analyses infer invariance assertions that can be useful when trying to prove safety properties. We use the term variance assertion to mean a statement that holds between any state at ℓ and any previous state that was also at ℓ. This paper is concerned with the development of analyses for variance assertions and their application to proving termination and liveness properties. We describe a method of constructing program variance analyses from invariance analyses. If we change the underlying invariance analysis, we get a different variance analysis. We describe several applications of the method, including variance analyses using linear arithmetic and shape analysis. Using experimental results we demonstrate that these variance analyses give rise to a new breed of termination provers which are competitive with and sometimes better than today’s stateoftheart termination provers.
Semantics of Local Variables
, 1992
"... This expository article discusses recent progress on the problem of giving sufficiently abstract semantics to localvariable declarations in Algollike languages, especially work using categorical methods. ..."
Abstract

Cited by 35 (4 self)
 Add to MetaCart
This expository article discusses recent progress on the problem of giving sufficiently abstract semantics to localvariable declarations in Algollike languages, especially work using categorical methods.
On Bunched Typing
, 2002
"... We study a typing scheme derived from a semantic situation where a single category possesses several closed structures, corresponding to dierent varieties of function type. In this scheme typing contexts are trees built from two (or more) binary combining operations, or in short, bunches. Bunched ..."
Abstract

Cited by 33 (2 self)
 Add to MetaCart
We study a typing scheme derived from a semantic situation where a single category possesses several closed structures, corresponding to dierent varieties of function type. In this scheme typing contexts are trees built from two (or more) binary combining operations, or in short, bunches. Bunched typing and its logical counterpart, bunched implications, have arisen in joint work of the author and David Pym. The present paper gives a basic account of the type system, and then focusses on concrete models that illustrate how it may be understood in terms of resource access and sharing. The most
Procedures and Invariants in the Refinement Calculus
 Science of Computer Programming
, 1994
"... Invariants allow a rigorous treatment of types as sets in the refinement calculus, a method for developing imperative programs. The interaction of procedures and invariants is explored, resulting in a practical formalisation of existing programming practice. 1 Introduction The notion of local invar ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
Invariants allow a rigorous treatment of types as sets in the refinement calculus, a method for developing imperative programs. The interaction of procedures and invariants is explored, resulting in a practical formalisation of existing programming practice. 1 Introduction The notion of local invariants [9] was introduced to give rigorous treatment to types in the refinement calculus [7, 6, 8, 10]. Typing is a special kind of invariant. For example, in the scope of the declaration n : N, which introduces a new local variable n of type N (the natural numbers), the invariant is n 2 N, and all commands preserve it. The exploration [9] of the interaction between invariants and statements of a simple languageDijkstra's language [2] with extensionsconsidered only language constructs including assignment, iteration, selection and recursion. We extend that work by examining a more complex language structure: the procedure. Although this paper deals only with parameterless procedures, th...