Results 1  10
of
84
Local Reasoning about Programs that Alter Data Structures
, 2001
"... . We describe an extension of Hoare's logic for reasoning about programs that alter data structures. We consider a lowlevel storage model based on a heap with associated lookup, update, allocation and deallocation operations, and unrestricted address arithmetic. The assertion language is based ..."
Abstract

Cited by 269 (27 self)
 Add to MetaCart
. We describe an extension of Hoare's logic for reasoning about programs that alter data structures. We consider a lowlevel storage model based on a heap with associated lookup, update, allocation and deallocation operations, and unrestricted address arithmetic. The assertion language is based on a possible worlds model of the logic of bunched implications, and includes spatial conjunction and implication connectives alongside those of classical logic. Heap operations are axiomatized using what we call the \small axioms", each of which mentions only those cells accessed by a particular command. Through these and a number of examples we show that the formalism supports local reasoning: A speci cation and proof can concentrate on only those cells in memory that a program accesses. This paper builds on earlier work by Burstall, Reynolds, Ishtiaq and O'Hearn on reasoning about data structures. 1
Separation and Information Hiding
, 2004
"... We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of dynami ..."
Abstract

Cited by 164 (20 self)
 Add to MetaCart
We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of dynamic partitioning, where we track the transfer of ownership of portions of heap storage between program components. It also enables us to enforce separation in the presence of mutable data structures with embedded addresses that may be aliased.
BI as an Assertion Language for Mutable Data Structures
, 2000
"... Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn an ..."
Abstract

Cited by 151 (14 self)
 Add to MetaCart
Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn and Pym. We begin by giving a model in which the law of the excluded middle holds, thus showing that the approach is compatible with classical logic. The relationship between the intuitionistic and classical versions of the system is established by a translation, analogous to a translation from intuitionistic logic into the modal logic S4. We also consider the question of completeness of the axioms. BI's spatial implication is used to express weakest preconditions for objectcomponent assignments, and an axiom for allocating a cons cell is shown to be complete under an interpretation of triples that allows a command to be applied to states with dangling pointers. We make this latter a feature, by incorporating an operation, and axiom, for disposing of memory. Finally, we describe a local character enjoyed by specifications in the logic, and show how this enables a class of frame axioms, which say what parts of the heap don't change, to be inferred automatically.
Symbolic execution with separation logic
 In APLAS
, 2005
"... Abstract. We describe a sound method for automatically proving Hoare triples for loopfree code in Separation Logic, for certain preconditions and postconditions (symbolic heaps). The method uses a form of symbolic execution, a decidable proof theory for symbolic heaps, and extraction of frame axiom ..."
Abstract

Cited by 102 (26 self)
 Add to MetaCart
Abstract. We describe a sound method for automatically proving Hoare triples for loopfree code in Separation Logic, for certain preconditions and postconditions (symbolic heaps). The method uses a form of symbolic execution, a decidable proof theory for symbolic heaps, and extraction of frame axioms from incomplete proofs. This is a precursor to the use of the logic in automatic specification checking, program analysis, and model checking. 1
Local action and abstract separation logic
 IN PROC. 22ND ANNUAL IEEE SYMPOSIUM ON LOGIC IN COMPUTER SCIENCE (LICS’07
, 2007
"... Separation logic is an extension of Hoare’s logic which supports a local way of reasoning about programs that mutate memory. We present a study of the semantic structures lying behind the logic. The core idea is of a local action, a state transformer that mutates the state in a local way. We formula ..."
Abstract

Cited by 75 (10 self)
 Add to MetaCart
Separation logic is an extension of Hoare’s logic which supports a local way of reasoning about programs that mutate memory. We present a study of the semantic structures lying behind the logic. The core idea is of a local action, a state transformer that mutates the state in a local way. We formulate local actions for a general class of models called separation algebras, abstracting from the RAM and other specific concrete models used in work on separation logic. Local actions provide a semantics for a generalized form of (sequential) separation logic. We also show that our conditions on local actions allow a general soundness proof for a separation logic for concurrency, interpreted over arbitrary separation algebras.
Local Reasoning about a Copying Garbage Collector
 In 31st ACM POPL
, 2004
"... We present a programming language, model, and logic appropriate for implementing and reasoning about a memory management system. We then state what is meant by correctness of a copying garbage collector, and employ a variant of the novel separation logics [18, 23] to formally specify partial correct ..."
Abstract

Cited by 63 (8 self)
 Add to MetaCart
We present a programming language, model, and logic appropriate for implementing and reasoning about a memory management system. We then state what is meant by correctness of a copying garbage collector, and employ a variant of the novel separation logics [18, 23] to formally specify partial correctness of Cheney's copying garbage collector [8]. Finally, we prove that our implementation of Cheney's algorithm meets its specification, using the logic we have given, and auxiliary variables [19].
Bi hyperdoctrines, higherorder separation logic, and abstraction
 IN ESOP’05, LNCS
, 2005
"... We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and in ..."
Abstract

Cited by 56 (21 self)
 Add to MetaCart
We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and intuitionistic first and higherorder predicate BI, and use it to show that we may easily extend separation logic to higherorder. We also demonstrate that this extension is important for program proving, since it provides sound reasoning principles for data abstraction in the presence of
A Semantic Basis for Local Reasoning
, 2002
"... We present a semantic analysis of a recently proposed formalism for local reasoning, where a specification (and hence proof) can concentrate on only those cells that a program accesses. Our main results are the soundness and, in a sense, completeness of a rule that allows frame axioms, which des ..."
Abstract

Cited by 51 (13 self)
 Add to MetaCart
We present a semantic analysis of a recently proposed formalism for local reasoning, where a specification (and hence proof) can concentrate on only those cells that a program accesses. Our main results are the soundness and, in a sense, completeness of a rule that allows frame axioms, which describe invariant properties of portions of heap memory, to be inferred automatically; thus, these axioms can be avoided when writing specifications.
A Context Logic for Tree Update
 In Proceedings of Workshop on Logics for Resources, Processes and Programs (LRPP’04
, 2004
"... Spatial logics have been used to describe properties of treelike structures (Ambient Logic) and in a Hoare style to reason about dynamic updates of heaplike structures (Separation Logic). We integrate this work by analyzing dynamic updates to tree structures with pointers (such as XML with identif ..."
Abstract

Cited by 43 (11 self)
 Add to MetaCart
Spatial logics have been used to describe properties of treelike structures (Ambient Logic) and in a Hoare style to reason about dynamic updates of heaplike structures (Separation Logic). We integrate this work by analyzing dynamic updates to tree structures with pointers (such as XML with identifiers and idrefs). Na ve adaptations of the previous logics are not expressive enough to capture such local updates. Instead we must explicitly reason about arbitrary tree contexts  not just horizontal composition and vertical branching  in order to capture updates throughout the tree. To illustrate the point, we introduce a small imperative programming language for updating our trees, small Hoarestyle axioms for the commands in the style of O'Hearn, Reynolds and Yang, and show how weakest preconditions are derivable from the small axioms with a generalized frame rule. We demonstrate the generality of our approach by showing that it collapses to Separation Logic for a heap model. 1.
On Bunched Typing
, 2002
"... We study a typing scheme derived from a semantic situation where a single category possesses several closed structures, corresponding to dierent varieties of function type. In this scheme typing contexts are trees built from two (or more) binary combining operations, or in short, bunches. Bunched ..."
Abstract

Cited by 33 (2 self)
 Add to MetaCart
We study a typing scheme derived from a semantic situation where a single category possesses several closed structures, corresponding to dierent varieties of function type. In this scheme typing contexts are trees built from two (or more) binary combining operations, or in short, bunches. Bunched typing and its logical counterpart, bunched implications, have arisen in joint work of the author and David Pym. The present paper gives a basic account of the type system, and then focusses on concrete models that illustrate how it may be understood in terms of resource access and sharing. The most