Results 1 
7 of
7
Nested Hoare triples and frame rules for higherorder store
 In Proceedings of the 18th EACSL Annual Conference on Computer Science Logic
, 2009
"... Abstract. Separation logic is a Hoarestyle logic for reasoning about programs with heapallocated mutable data structures. As a step toward extending separation logic to highlevel languages with MLstyle general (higherorder) storage, we investigate the compatibility of nested Hoare triples with ..."
Abstract

Cited by 28 (14 self)
 Add to MetaCart
Abstract. Separation logic is a Hoarestyle logic for reasoning about programs with heapallocated mutable data structures. As a step toward extending separation logic to highlevel languages with MLstyle general (higherorder) storage, we investigate the compatibility of nested Hoare triples with several variations of higherorder frame rules. The interaction of nested triples and frame rules can be subtle, and the inclusion of certain frame rules is in fact unsound. A particular combination of rules can be shown consistent by means of a Kripke model where worlds live in a recursively defined ultrametric space. The resulting logic allows us to elegantly prove programs involving stored code. In particular, it leads to natural specifications and proofs of invariants required for dealing with recursion through the store. Keywords. Higherorder store, Hoare logic, separation logic, semantics. 1
A Semantic Foundation for Hidden State
"... We present the first complete soundness proof of the antiframe rule, a recently proposed proof rule for capturing information hiding in the presence of higherorder store. Our proof involves solving a nontrivial recursive domain equation. It helps identify some of the key ingredients for soundness, ..."
Abstract

Cited by 15 (9 self)
 Add to MetaCart
We present the first complete soundness proof of the antiframe rule, a recently proposed proof rule for capturing information hiding in the presence of higherorder store. Our proof involves solving a nontrivial recursive domain equation. It helps identify some of the key ingredients for soundness, and thereby suggests how one might hope to relax some of the restrictions imposed by the rule.
Operational domain theory and topology of a sequential language
 In Proceedings of the 20th Annual IEEE Symposium on Logic In Computer Science
, 2005
"... A number of authors have exported domaintheoretic techniques from denotational semantics to the operational study of contextual equivalence and order. We further develop this, and, moreover, we additionally export topological techniques. In particular, we work with an operational notion of compact ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
A number of authors have exported domaintheoretic techniques from denotational semantics to the operational study of contextual equivalence and order. We further develop this, and, moreover, we additionally export topological techniques. In particular, we work with an operational notion of compact set and show that total programs with values on certain types are uniformly continuous on compact sets of total elements. We apply this and other conclusions to prove the correctness of nontrivial programs that manipulate infinite data. What is interesting is that the development applies to sequential programming languages, in addition to languages with parallel features. 1
A Denotional Semantics for . . .
, 2007
"... We provide a denotational model for a functional programming language for exact real number computation. A well known difficulty in real number computation is that the tests x = y and x ≤ y are undecidable and hence cannot be used to control the execution flow of programs. One solution, proposed by ..."
Abstract
 Add to MetaCart
We provide a denotational model for a functional programming language for exact real number computation. A well known difficulty in real number computation is that the tests x = y and x ≤ y are undecidable and hence cannot be used to control the execution flow of programs. One solution, proposed by Boehm and Cartwright, is to use a nondeterministic test. For any two rational numbers p < q and any real number x, at least one of the relations p < x or x < q can be determined to hold; thus, an operator rtest is used, whose evaluation never diverges when x is a real number: 1. rtestp,q(x) evaluates to true or to false, 2. rtestp,q(x) may evaluate to true iff x < q and 3. rtestp,q(x) may evaluate to false iff p < x. Since a program can in general produce different results in different runs, Escardó and MarcialRomero took the view in previous work that programs of realnumber type denote sets of real numbers, and the question arose as to which power domains would be suitable for modelling the behaviour of rtest. It was shown that, among the known power domains,
Full Abstraction for Nominal Scott Domains
"... We develop a domain theory within nominal sets and present programming language constructs and results that can be gained from this approach. The development is based on the concept of orbitfinite subset, that is, a subset of a nominal sets that is both finitely supported and contained in finitely m ..."
Abstract
 Add to MetaCart
We develop a domain theory within nominal sets and present programming language constructs and results that can be gained from this approach. The development is based on the concept of orbitfinite subset, that is, a subset of a nominal sets that is both finitely supported and contained in finitely many orbits. This concept appears prominently in the recent research programme of Bojańczyk et al. on automata over infinite languages, and our results establish a connection between their work and a characterisation of topological compactness discovered, in a quite different setting, by Winskel and Turner as part of a nominal domain theory for concurrency. We use this connection to derive a notion of Scott domain within nominal sets. The functionals for existential quantification over names and ‘definite description ’ over names turn out to be compact in the sense appropriate for nominal Scott domains. Adding them, together with parallelor, to a programming language for recursively defined higherorder functions with name abstraction and locally scoped names, we prove a full abstraction result for nominal Scott domains analogous to Plotkin’s classic result about PCF and conventional Scott domains: two program phrases have the same observable operational behaviour in all contexts if and only if they denote equal elements of the nominal Scott domain model. This is the first full abstraction result we know of for higherorder functions with local names that uses a domain theory based on ordinary extensional functions, rather than using the more intensional approach of game semantics.
Nested Hoare Triples and Frame Rules for Higherorder Store ✩
"... Separation logic is a Hoarestyle logic for reasoning about programs with heapallocated mutable data structures. As a step toward extending separation logic to highlevel languages with MLstyle general (higherorder) storage, we investigate the compatibility of nested Hoare triples with several va ..."
Abstract
 Add to MetaCart
Separation logic is a Hoarestyle logic for reasoning about programs with heapallocated mutable data structures. As a step toward extending separation logic to highlevel languages with MLstyle general (higherorder) storage, we investigate the compatibility of nested Hoare triples with several variations of higherorder frame rules. The interaction of nested triples and frame rules can be subtle, and the inclusion of certain frame rules is in fact unsound. A particular combination of rules can be shown consistent by means of a Kripke model where worlds live in a recursively defined ultrametric space. The resulting logic allows us to elegantly prove programs involving stored code. In particular, using recursively defined assertions, it leads to natural specifications and proofs of invariants required for dealing with recursion through the store. 1.