Results 1  10
of
67
Separation and Information Hiding
, 2004
"... We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of d ..."
Abstract

Cited by 187 (20 self)
 Add to MetaCart
(Show Context)
We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of dynamic partitioning, where we track the transfer of ownership of portions of heap storage between program components. It also enables us to enforce separation in the presence of mutable data structures with embedded addresses that may be aliased.
Polymorphism and Separation in Hoare Type Theory
, 2006
"... In previous work, we proposed a Hoare Type Theory (HTT) which combines effectful higherorder functions, dependent types and Hoare Logic specifications into a unified framework. However, the framework did not support polymorphism, and failed to provide a modular treatment of state in specifications. ..."
Abstract

Cited by 84 (15 self)
 Add to MetaCart
(Show Context)
In previous work, we proposed a Hoare Type Theory (HTT) which combines effectful higherorder functions, dependent types and Hoare Logic specifications into a unified framework. However, the framework did not support polymorphism, and failed to provide a modular treatment of state in specifications. In this paper, we address these shortcomings by showing that the addition of polymorphism alone is sufficient for capturing modular state specifications in the style of Separation Logic. Furthermore, we argue that polymorphism is an essential ingredient of the extension, as the treatment of higherorder functions requires operations not encodable via the spatial connectives of Separation Logic.
Bi hyperdoctrines, higherorder separation logic, and abstraction
 IN ESOP’05, LNCS
, 2005
"... We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and in ..."
Abstract

Cited by 69 (26 self)
 Add to MetaCart
We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and intuitionistic first and higherorder predicate BI, and use it to show that we may easily extend separation logic to higherorder. We also demonstrate that this extension is important for program proving, since it provides sound reasoning principles for data abstraction in the presence of
Regional logic for local reasoning about global invariants
 In European Conference on Object Oriented Programming (ECOOP
, 2008
"... Abstract. Shared mutable objects pose grave challenges in reasoning, especially for data abstraction and modularity. This paper presents a novel logic for erroravoiding partial correctness of programs featuring shared mutable objects. Using a first order assertion language, the logic provides heapl ..."
Abstract

Cited by 67 (9 self)
 Add to MetaCart
(Show Context)
Abstract. Shared mutable objects pose grave challenges in reasoning, especially for data abstraction and modularity. This paper presents a novel logic for erroravoiding partial correctness of programs featuring shared mutable objects. Using a first order assertion language, the logic provides heaplocal reasoning about mutation and separation, via ghost fields and variables of type ‘region ’ (finite sets of object references). A new form of modifies clause specifies write, read, and allocation effects using region expressions; this supports effect masking and a frame rule that allows a command to read state on which the framed predicate depends. Soundness is proved using a standard program semantics. The logic facilitates heaplocal reasoning about object invariants: disciplines such as ownership are expressible but not hardwired in the logic. 1
Parameterised notions of computation
 In MSFP 2006: Workshop on mathematically structured functional programming, ed. Conor McBride and Tarmo Uustalu. Electronic Workshops in Computing, British Computer Society
, 2006
"... Moggi’s Computational Monads and Power et al’s equivalent notion of Freyd category have captured a large range of computational effects present in programming languages such as exceptions, sideeffects, input/output and continuations. We present generalisations of both constructs, which we call para ..."
Abstract

Cited by 52 (3 self)
 Add to MetaCart
Moggi’s Computational Monads and Power et al’s equivalent notion of Freyd category have captured a large range of computational effects present in programming languages such as exceptions, sideeffects, input/output and continuations. We present generalisations of both constructs, which we call parameterised monads and parameterised Freyd categories, that also capture computational effects with parameters. Examples of such are composable continuations, sideeffects where the type of the state varies and input/output where the range of inputs and outputs varies. By also considering monoidal parameterisation, we extend the range of effects to cover separated sideeffects and multiple independent streams of I/O. We also present two typed λcalculi that soundly and completely model our categorical definitions — with and without monoidal parameterisation — and act as prototypical languages with parameterised effects.
Nested Hoare triples and frame rules for higherorder store
 In Proceedings of the 18th EACSL Annual Conference on Computer Science Logic
, 2009
"... Abstract. Separation logic is a Hoarestyle logic for reasoning about programs with heapallocated mutable data structures. As a step toward extending separation logic to highlevel languages with MLstyle general (higherorder) storage, we investigate the compatibility of nested Hoare triples with ..."
Abstract

Cited by 34 (18 self)
 Add to MetaCart
Abstract. Separation logic is a Hoarestyle logic for reasoning about programs with heapallocated mutable data structures. As a step toward extending separation logic to highlevel languages with MLstyle general (higherorder) storage, we investigate the compatibility of nested Hoare triples with several variations of higherorder frame rules. The interaction of nested triples and frame rules can be subtle, and the inclusion of certain frame rules is in fact unsound. A particular combination of rules can be shown consistent by means of a Kripke model where worlds live in a recursively defined ultrametric space. The resulting logic allows us to elegantly prove programs involving stored code. In particular, it leads to natural specifications and proofs of invariants required for dealing with recursion through the store. Keywords. Higherorder store, Hoare logic, separation logic, semantics. 1
Relational parametricity and separation logic
 In 10th FOSSACS, LNCS 4423
, 2007
"... Abstract. Separation logic is a recent extension of Hoare logic for reasoning about programs with references to shared mutable data structures. In this paper, we provide a new interpretation of the logic for a programming language with higher types. Our interpretation is based on Reynolds’s relation ..."
Abstract

Cited by 34 (15 self)
 Add to MetaCart
(Show Context)
Abstract. Separation logic is a recent extension of Hoare logic for reasoning about programs with references to shared mutable data structures. In this paper, we provide a new interpretation of the logic for a programming language with higher types. Our interpretation is based on Reynolds’s relational parametricity, and it provides a formal connection between separation logic and data abstraction.
Views: Compositional Reasoning for Concurrent Programs
"... Compositional abstractions underly many reasoning principles for concurrent programs: the concurrent environment is abstracted in order to reason about a thread in isolation; and these abstractions are composed to reason about a program consisting of many threads. For instance, separation logic uses ..."
Abstract

Cited by 31 (6 self)
 Add to MetaCart
(Show Context)
Compositional abstractions underly many reasoning principles for concurrent programs: the concurrent environment is abstracted in order to reason about a thread in isolation; and these abstractions are composed to reason about a program consisting of many threads. For instance, separation logic uses formulae that describe part of the state, abstracting the rest; when two threads use disjoint state, their specifications can be composed with the separating conjunction. Type systems abstract the state to the types of variables; threads may be composed when they agree on the types of shared variables. In this paper, we present the “Concurrent Views Framework”, a metatheory of concurrent reasoning principles. The theory is parameterised by an abstraction of state with a notion of composition, which we call views. The metatheory is remarkably simple, but highly applicable: the relyguarantee method, concurrent separation logic, concurrent abstract predicates, type systems for recursive references and for unique pointers, and even an adaptation of the OwickiGries method can all be seen as instances of the Concurrent Views Framework. Moreover, our metatheory proves each of these systems is sound without requiring induction on the operational semantics.
Stepindexed Kripke models over recursive worlds
 In Proc. of POPL
, 2011
"... Over the last decade, there has been extensive research on modelling challenging features in programming languages and program logics, such as higherorder store and storable resource invariants. A recent line of work has identified a common solution to some of these challenges: Kripke models over w ..."
Abstract

Cited by 29 (14 self)
 Add to MetaCart
(Show Context)
Over the last decade, there has been extensive research on modelling challenging features in programming languages and program logics, such as higherorder store and storable resource invariants. A recent line of work has identified a common solution to some of these challenges: Kripke models over worlds that are recursively defined in a category of metric spaces. In this paper, we broaden the scope of this technique from the original domaintheoretic setting to an elementary, operational one based on step indexing. The resulting method is widely applicable and leads to simple, succinct models of complicated language features, as we demonstrate in our semantics of Charguéraud and Pottier’s typeandcapability system for an MLlike higherorder language. Moreover, the method provides a highlevel understanding of the essence of recent approaches based on step indexing. 1.
A Relational Modal Logic for HigherOrder Stateful ADTs
"... The method of logical relations is a classic technique for proving the equivalence of higherorder programs that implement the same observable behavior but employ different internal data representations. Although it was originally studied for pure, strongly normalizing languages like System F, it ha ..."
Abstract

Cited by 22 (12 self)
 Add to MetaCart
(Show Context)
The method of logical relations is a classic technique for proving the equivalence of higherorder programs that implement the same observable behavior but employ different internal data representations. Although it was originally studied for pure, strongly normalizing languages like System F, it has been extended over the past two decades to reason about increasingly realistic languages. In particular, Appel and McAllester’s idea of stepindexing has been used recently to develop syntactic Kripke logical relations for MLlike languages that mix functional and imperative forms of data abstraction. However, while stepindexed models are powerful tools, reasoning with them directly is quite painful, as one is forced to engage in tedious stepindex arithmetic to derive even simple results. In this paper, we propose a logic LADR for equational reasoning about higherorder programs in the presence of existential type abstraction, general recursive types, and higherorder mutable state. LADR exhibits a novel synthesis of features from PlotkinAbadi logic, GödelLöb logic, S4 modal logic, and relational separation logic. Our model of LADR is based on Ahmed, Dreyer, and Rossberg’s stateoftheart stepindexed Kripke logical relation, which was designed to facilitate proofs of representation independence for “statedependent ” ADTs. LADR enables one to express such proofs at a much higher level, without counting steps or reasoning about the subtle, stepstratified construction of possible worlds.