Results 1  10
of
163
Local Reasoning about Programs that Alter Data Structures
, 2001
"... . We describe an extension of Hoare's logic for reasoning about programs that alter data structures. We consider a lowlevel storage model based on a heap with associated lookup, update, allocation and deallocation operations, and unrestricted address arithmetic. The assertion language is based ..."
Abstract

Cited by 272 (30 self)
 Add to MetaCart
. We describe an extension of Hoare's logic for reasoning about programs that alter data structures. We consider a lowlevel storage model based on a heap with associated lookup, update, allocation and deallocation operations, and unrestricted address arithmetic. The assertion language is based on a possible worlds model of the logic of bunched implications, and includes spatial conjunction and implication connectives alongside those of classical logic. Heap operations are axiomatized using what we call the \small axioms", each of which mentions only those cells accessed by a particular command. Through these and a number of examples we show that the formalism supports local reasoning: A speci cation and proof can concentrate on only those cells in memory that a program accesses. This paper builds on earlier work by Burstall, Reynolds, Ishtiaq and O'Hearn on reasoning about data structures. 1
Fresh Logic
 Journal of Applied Logic
, 2007
"... Abstract. The practice of firstorder logic is replete with metalevel concepts. Most notably there are metavariables ranging over formulae, variables, and terms, and properties of syntax such as alphaequivalence, captureavoiding substitution and assumptions about freshness of variables with resp ..."
Abstract

Cited by 183 (21 self)
 Add to MetaCart
Abstract. The practice of firstorder logic is replete with metalevel concepts. Most notably there are metavariables ranging over formulae, variables, and terms, and properties of syntax such as alphaequivalence, captureavoiding substitution and assumptions about freshness of variables with respect to metavariables. We present oneandahalfthorder logic, in which these concepts are made explicit. We exhibit both sequent and algebraic specifications of oneandahalfthorder logic derivability, show them equivalent, show that the derivations satisfy cutelimination, and prove correctness of an interpretation of firstorder logic within it. We discuss the technicalities in a wider context as a casestudy for nominal algebra, as a logic in its own right, as an algebraisation of logic, as an example of how other systems might be treated, and also as a theoretical foundation
Resources, Concurrency and Local Reasoning
 THEORETICAL COMPUTER SCIENCE
, 2004
"... In this paper we show how a resourceoriented logic, separation logic, can be used to reason about the usage of resources in concurrent programs. ..."
Abstract

Cited by 158 (5 self)
 Add to MetaCart
In this paper we show how a resourceoriented logic, separation logic, can be used to reason about the usage of resources in concurrent programs.
BI as an Assertion Language for Mutable Data Structures
, 2000
"... Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn an ..."
Abstract

Cited by 149 (14 self)
 Add to MetaCart
Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn and Pym. We begin by giving a model in which the law of the excluded middle holds, thus showing that the approach is compatible with classical logic. The relationship between the intuitionistic and classical versions of the system is established by a translation, analogous to a translation from intuitionistic logic into the modal logic S4. We also consider the question of completeness of the axioms. BI's spatial implication is used to express weakest preconditions for objectcomponent assignments, and an axiom for allocating a cons cell is shown to be complete under an interpretation of triples that allows a command to be applied to states with dangling pointers. We make this latter a feature, by incorporating an operation, and axiom, for disposing of memory. Finally, we describe a local character enjoyed by specifications in the logic, and show how this enables a class of frame axioms, which say what parts of the heap don't change, to be inferred automatically.
Intuitionistic Reasoning about Shared Mutable Data Structure
 Millennial Perspectives in Computer Science
, 2000
"... Drawing upon early work by Burstall, we extend Hoare's approach to proving the correctness of imperative programs, to deal with programs that perform destructive updates to data structures containing more than one pointer to the same location. The key concept is an "independent conjunction" P & ..."
Abstract

Cited by 107 (5 self)
 Add to MetaCart
Drawing upon early work by Burstall, we extend Hoare's approach to proving the correctness of imperative programs, to deal with programs that perform destructive updates to data structures containing more than one pointer to the same location. The key concept is an "independent conjunction" P & Q that holds only when P and Q are both true and depend upon distinct areas of storage. To make this concept precise we use an intuitionistic logic of assertions, with a Kripke semantics whose possible worlds are heaps (mapping locations into tuples of values).
A semantics for concurrent separation logic
 Theoretical Computer Science
, 2004
"... Abstract. We present a denotational semantics based on action traces, for parallel programs which share mutable data and synchronize using resources and conditional critical regions. We introduce a resourcesensitive logic for partial correctness, adapting separation logic to the concurrent setting, ..."
Abstract

Cited by 80 (1 self)
 Add to MetaCart
Abstract. We present a denotational semantics based on action traces, for parallel programs which share mutable data and synchronize using resources and conditional critical regions. We introduce a resourcesensitive logic for partial correctness, adapting separation logic to the concurrent setting, as proposed by O’Hearn. The logic allows program proofs in which “ownership ” of a piece of state is deemed to transfer dynamically between processes and resources. We prove soundness of this logic, using a novel “local ” interpretation of traces, and we show that every provable program is racefree. 1
Local action and abstract separation logic
 IN PROC. 22ND ANNUAL IEEE SYMPOSIUM ON LOGIC IN COMPUTER SCIENCE (LICS’07
, 2007
"... Separation logic is an extension of Hoare’s logic which supports a local way of reasoning about programs that mutate memory. We present a study of the semantic structures lying behind the logic. The core idea is of a local action, a state transformer that mutates the state in a local way. We formula ..."
Abstract

Cited by 76 (10 self)
 Add to MetaCart
Separation logic is an extension of Hoare’s logic which supports a local way of reasoning about programs that mutate memory. We present a study of the semantic structures lying behind the logic. The core idea is of a local action, a state transformer that mutates the state in a local way. We formulate local actions for a general class of models called separation algebras, abstracting from the RAM and other specific concrete models used in work on separation logic. Local actions provide a semantics for a generalized form of (sequential) separation logic. We also show that our conditions on local actions allow a general soundness proof for a separation logic for concurrency, interpreted over arbitrary separation algebras.
A Spatial Logic for Querying Graphs
 In Proc. of ICALP, volume 2380 of LNCS
, 2001
"... We study a spatial logic for reasoning about labelled directed graphs, and the application of this logic to provide a query language for analysing and manipulating such graphs. We give a graph description using constructs from process algebra. We introduce a spatial logic in order to reason loca ..."
Abstract

Cited by 62 (5 self)
 Add to MetaCart
We study a spatial logic for reasoning about labelled directed graphs, and the application of this logic to provide a query language for analysing and manipulating such graphs. We give a graph description using constructs from process algebra. We introduce a spatial logic in order to reason locally about disjoint subgraphs. We extend our logic to provide a query language which preserves the multiset semantics of our graph model. Our approach contrasts with the more traditional setbased semantics found in query languages such as TQL, Strudel and GraphLog.
An Effective Theory of Type Refinements
, 2002
"... We develop an explicit two level system that allows programmers to reason about the behavior of effectful programs. The first level is an ordinary MLstyle type system, which confers standard properties on program behavior. The second level is a conservative extension of the first that uses a logic ..."
Abstract

Cited by 62 (5 self)
 Add to MetaCart
We develop an explicit two level system that allows programmers to reason about the behavior of effectful programs. The first level is an ordinary MLstyle type system, which confers standard properties on program behavior. The second level is a conservative extension of the first that uses a logic of type refinements to check more precise properties of program behavior. Our logic is a fragment of intuitionistic linear logic, which gives programmers the ability to reason locally about changes of program state. We provide a generic resource semantics for our logic as well as a sound, decidable, syntactic refinementchecking system. We also prove that refinements give rise to an optimization principle for programs. Finally, we illustrate the power of our system through a number of examples.
Bi hyperdoctrines, higherorder separation logic, and abstraction
 IN ESOP’05, LNCS
, 2005
"... We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and in ..."
Abstract

Cited by 57 (22 self)
 Add to MetaCart
We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and intuitionistic first and higherorder predicate BI, and use it to show that we may easily extend separation logic to higherorder. We also demonstrate that this extension is important for program proving, since it provides sound reasoning principles for data abstraction in the presence of