Results 1  10
of
10
Polymorphism and Separation in Hoare Type Theory
, 2006
"... In previous work, we proposed a Hoare Type Theory (HTT) which combines effectful higherorder functions, dependent types and Hoare Logic specifications into a unified framework. However, the framework did not support polymorphism, and failed to provide a modular treatment of state in specifications. ..."
Abstract

Cited by 69 (14 self)
 Add to MetaCart
(Show Context)
In previous work, we proposed a Hoare Type Theory (HTT) which combines effectful higherorder functions, dependent types and Hoare Logic specifications into a unified framework. However, the framework did not support polymorphism, and failed to provide a modular treatment of state in specifications. In this paper, we address these shortcomings by showing that the addition of polymorphism alone is sufficient for capturing modular state specifications in the style of Separation Logic. Furthermore, we argue that polymorphism is an essential ingredient of the extension, as the treatment of higherorder functions requires operations not encodable via the spatial connectives of Separation Logic.
Abstract predicates and mutable ADTs in Hoare type theory
 In Proc. ESOP’07, volume 4421 of LNCS
, 2007
"... Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and e ..."
Abstract

Cited by 43 (19 self)
 Add to MetaCart
(Show Context)
Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and effects of computations within types. This paper extends HTT with quantification over abstract predicates (i.e., higherorder logic), thus embedding into HTT the Extended Calculus of Constructions. When combined with the Hoarelike specifications, abstract predicates provide a powerful way to define and encapsulate the invariants of private state; that is, state which may be shared by several functions, but is not accessible to their clients. We demonstrate this power by sketching a number of abstract data types and functions that demand ownership of mutable memory, including an idealized custom memory manager. 1
A Logic of Secure Systems and its Application to Trusted Computing
"... We present a logic for reasoning about properties of secure systems. The logic is built around a concurrent programming language with constructs for modeling machines with shared memory, a simple form of access control on memory, machine resets, cryptographic operations, network communication and dy ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
(Show Context)
We present a logic for reasoning about properties of secure systems. The logic is built around a concurrent programming language with constructs for modeling machines with shared memory, a simple form of access control on memory, machine resets, cryptographic operations, network communication and dynamically loading and executing unknown (and potentially untrusted) code. The adversary’s capabilities are constrained by the system interface as defined in the programming model (leading to the name CSIADVERSARY). We develop a sound proof system for reasoning about programs, without explicitly reasoning about adversary actions. This form of reasoning was particularly difficult to codify for dynamically loaded unknown pieces of code. We use the logic to characterize trusted computing primitives and prove code integrity and execution integrity properties of two remote attestation protocols. The proofs make precise assumptions needed for the security of these protocols and reveal a surprising insecure interaction between the two protocols. 1
A realizability model of impredicative hoare type theory
 In European Symposium on Programming (ESOP
, 2007
"... Abstract. We present a denotational model of impredicative Hoare Type Theory, a very expressive dependent type theory in which one can specify and reason about mutable abstract data types. The model ensures soundness of the extension of Hoare Type Theory with impredicative polymorphism; makes the co ..."
Abstract

Cited by 15 (9 self)
 Add to MetaCart
(Show Context)
Abstract. We present a denotational model of impredicative Hoare Type Theory, a very expressive dependent type theory in which one can specify and reason about mutable abstract data types. The model ensures soundness of the extension of Hoare Type Theory with impredicative polymorphism; makes the connections to separation logic clear, and provides a basis for investigation of further sound extensions of the theory, in particular equations between computations and types. 1
Logical reasoning for higherorder functions with local state
 In Foundations of Software Science and Computation Structure
"... ABSTRACT. We introduce an extension of Hoare logic for callbyvalue higherorder functions with MLlike local reference generation. Local references may be generated dynamically and exported outside their scope, may store higherorder functions and may be used to construct complex mutable data stru ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
(Show Context)
ABSTRACT. We introduce an extension of Hoare logic for callbyvalue higherorder functions with MLlike local reference generation. Local references may be generated dynamically and exported outside their scope, may store higherorder functions and may be used to construct complex mutable data structures. This primitive is captured logically using a predicate asserting reachability of a reference name from a possibly higherorder datum and quantifiers over hidden references. We explore the logic’s descriptive and reasoning power with nontrivial programming examples combining higherorder procedures and dynamically generated local state. Axioms for reachability and local invariant play a central role for reasoning about the examples.
Typetheoretic semantics for transactional concurrency
, 2007
"... We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specif ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specifications for transactions. The types track shared and local state of the process separately, and enforce that shared state always satisfies a given invariant, except at specific critical sections which appear to execute atomically. Atomic sections may violate the invariant, but must restore it upon exit. HTT follows Separation Logic in providing tight specifications of space requirements. As a logic, we argue that HTT is sound and compositional. As a programming language, we define its operational semantics and show adequacy with respect to specifications.
Towards typetheoretic semantics for transactional concurrency
, 2009
"... We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specif ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specifications for transactions. The types track shared and local state of the process separately, and enforce that shared state always satisfies a given invariant, except at specific critical sections which appear to execute atomically. Atomic sections may violate the invariant, but must restore it upon exit. HTT follows Separation Logic in providing tight specifications of space requirements. As a logic, we argue that HTT is sound and compositional. As a programming language, we define its operational semantics and show adequacy with respect to specifications.
Abstract Polymorphism and Separation in Hoare Type Theory
"... In previous work, we proposed a Hoare Type Theory (HTT) which combines effectful higherorder functions, dependent types and Hoare Logic specifications into a unified framework. However, the framework did not support polymorphism, and failed to provide a modular treatment of state in specifications. ..."
Abstract
 Add to MetaCart
(Show Context)
In previous work, we proposed a Hoare Type Theory (HTT) which combines effectful higherorder functions, dependent types and Hoare Logic specifications into a unified framework. However, the framework did not support polymorphism, and failed to provide a modular treatment of state in specifications. In this paper, we address these shortcomings by showing that the addition of polymorphism alone is sufficient for capturing modular state specifications in the style of Separation Logic. Furthermore, we argue that polymorphism is an essential ingredient of the extension, as the treatment of higherorder functions requires operations not encodable via the spatial connectives of Separation Logic.
Web www.itu.dk A Realizability Model for Impredicative Hoare Type Theory
"... is permitted for educational or research use on condition that this copyright notice is included in any copy. ..."
Abstract
 Add to MetaCart
(Show Context)
is permitted for educational or research use on condition that this copyright notice is included in any copy.
unknown title
"... Separation logic is an extension of Hoare logic which permits reasoning about lowlevel imperative programs that use shared mutable heap structure. In this work, we present a version of separation logic that permits effective, modular reasoning about typed, higherorder functional programs that use a ..."
Abstract
 Add to MetaCart
(Show Context)
Separation logic is an extension of Hoare logic which permits reasoning about lowlevel imperative programs that use shared mutable heap structure. In this work, we present a version of separation logic that permits effective, modular reasoning about typed, higherorder functional programs that use aliased mutable heap data, including pointers to code. Furthermore, we show how to use predicates in higherorder separation logic to modularly and abstractly specify the sharing behavior of programs.