Results 1 
8 of
8
Proving pointer programs in Hoare Logic
, 2000
"... . It is possible, but difficult, to reason in Hoare logic about programs which address and modify data structures defined by pointers. The challenge is to approach the simplicity of Hoare logic's treatment of variable assignment, where substitution affects only relevant assertion formul. The axio ..."
Abstract

Cited by 102 (7 self)
 Add to MetaCart
. It is possible, but difficult, to reason in Hoare logic about programs which address and modify data structures defined by pointers. The challenge is to approach the simplicity of Hoare logic's treatment of variable assignment, where substitution affects only relevant assertion formul. The axiom of assignment to object components treats each component name as a pointerindexed array. This permits a formal treatment of inductively defined data structures in the heap but tends to produce instances of modified component mappings in arguments to inductively defined assertions. The major weapons against these troublesome mappings are assertions which describe spatial separation of data structures. Three example proofs are sketched. 1 Introduction The power of the Floyd/Hoare treatment of imperative programs [8][11] lies in its use of variable substitution to capture the semantics of assignment: simply, R E x , the result of replacing every free occurrence of variable x in R by...
Derivation of Data Intensive Algorithms by Formal Transformation: The SchorrWaite Graph Marking Algorithm
, 1996
"... In this paper we consider a particular class of algorithms which present certain difficulties to formal verification. These are algorithms which use a single data structure for two or more purposes, which combine program control information with other data structures or which are developed as a comb ..."
Abstract

Cited by 36 (25 self)
 Add to MetaCart
In this paper we consider a particular class of algorithms which present certain difficulties to formal verification. These are algorithms which use a single data structure for two or more purposes, which combine program control information with other data structures or which are developed as a combination of a basic idea with an implementation technique. Our approach is based on applying proven semanticspreserving transformation rules in a wide spectrum language. Starting with a set theoretical specification of "reachability" we are able to derive iterative and recursive graph marking algorithms using the "pointer switching" idea of Schorr and Waite. There have been several proofs of correctness of the SchorrWaite algorithm, and a small number of transformational developments of the algorithm. The great advantage of our approach is that we can derive the algorithm from its specification using only generalpurpose transformational rules: without the need for complicated induction arg...
Foundations for a Practical Theory of Program Refinement and Transformation
, 1994
"... A wide spectrum language is presented, which is designed to facilitate the proof of the correctness of refinements and transformations. Two different proof methods are introduced and used to prove some fundamental transformations, including a general induction rule (Lemma 3.9) which enables transfor ..."
Abstract

Cited by 21 (14 self)
 Add to MetaCart
A wide spectrum language is presented, which is designed to facilitate the proof of the correctness of refinements and transformations. Two different proof methods are introduced and used to prove some fundamental transformations, including a general induction rule (Lemma 3.9) which enables transformations of recursive and iterative programs to be proved by induction on their finite truncations. A theorem for proving the correctness of recursive implementations is presented (Theorem 3.21), which provides a method for introducing a loop, without requiring the user to provide a loop invariant. A powerful, general purpose, transformation for removing or introducing recursion is described and used in a case study (Section 5) in which we take a small, but highly complex, program and apply formal transformations in order to uncover an abstract specification of the behaviour of the program. The transformation theory supports a transformation system, called FermaT, in which the applicability conditions of each transformation (and hence the correctness of the result) are mechanically verified. These results together considerably simplify the construction of viable program transformation tools; practical consequences are briefly discussed.
Formal Methods to Aid the Evolution of Software
 International Journal of Software Engineering and Knowledge Engineering
, 1995
"... There is a vast collection of operational software systems which are vitally important to their users, yet are becoming increasingly difficult to maintain, enhance and keep up to date with rapidly changing requirements. For many of these so called legacy systems the option of throwing the system awa ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
There is a vast collection of operational software systems which are vitally important to their users, yet are becoming increasingly difficult to maintain, enhance and keep up to date with rapidly changing requirements. For many of these so called legacy systems the option of throwing the system away an rewriting it from scratch is not economically viable. Methods are therefore urgently required which enable these systems to evolve in a controlled manner. The approach described in this paper uses formal proven program transformations, which preserve or refine the semantics of a program while changing its form. These transformations are applied to restructure ans simplify the legacy systems and to extract higherlevel representations. By using an appropriate sequence of transformations, the extracted representation is guaranteed to be equivalent to the code. The method is based on a formal wide spectrum language, called WSL, with accompanying formal method. Over the last ten years we h...
Functional pearl: Unfolding pointer algorithms
 Journal of Functional Programming
, 2001
"... A fair amount has been written on the subject of reasoning about pointer algorithms. There was a peak about 1980 when everyone seemed to be tackling the formal verification of the Schorr–Waite marking algorithm, including Gries (1979, Morris (1982) and Topor (1979). Bornat (2000) writes: “The Schorr ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
A fair amount has been written on the subject of reasoning about pointer algorithms. There was a peak about 1980 when everyone seemed to be tackling the formal verification of the Schorr–Waite marking algorithm, including Gries (1979, Morris (1982) and Topor (1979). Bornat (2000) writes: “The Schorr–Waite algorithm is the
Matching logic: An alternative to Hoare/Floyd logic
 In AMAST’10, volume 6486 of LNCS
, 2010
"... Abstract. This paper introduces matching logic, a novel framework for defining axiomatic semantics for programming languages, inspired from operational semantics. Matching logic specifications are particular firstorder formulae with constrained algebraic structure, called patterns. Program configur ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. This paper introduces matching logic, a novel framework for defining axiomatic semantics for programming languages, inspired from operational semantics. Matching logic specifications are particular firstorder formulae with constrained algebraic structure, called patterns. Program configurations satisfy patterns iff they match their algebraic structure and satisfy their constraints. Using a simple imperative language (IMP), it is shown that a restricted use of the matching logic proof system is equivalent to IMP’s Hoare logic proof system, in that any proof derived using either can be turned into a proof using the other. Extensions to IMP including a heap with dynamic memory allocation and pointer arithmetic are given, requiring no extension of the underlying firstorder logic; moreover, heap patterns such as lists, trees, queues, graphs, etc., are given algebraically using fistorder constraints over patterns. 1
Examples of Informal but Rigorous Correctness Proofs for Tree Traversing Algorithms
, 1992
"... Correctness of several tree traversing algorithms is proved in an informal but quite rigorous way by using induction and a convenient graphical representation for the state of computation. These proofs are much simpler than their formal counterparts and provide an intuitive insight for the ideas beh ..."
Abstract
 Add to MetaCart
Correctness of several tree traversing algorithms is proved in an informal but quite rigorous way by using induction and a convenient graphical representation for the state of computation. These proofs are much simpler than their formal counterparts and provide an intuitive insight for the ideas behind the algorithms. A preliminary version of this paper was written in 1986 while the author was on leave visiting the School of Information and Computer Science of the Georgia Institute of Technology. Partial support was provided by the grant 85/1557 from the Funda¸c~ao de Amparo de Pesquisa do Estado de S~ao Paulo (FAPESP). Author's Address: Tomasz Kowaltowski, Department of Computer Science, University of Campinas, Caixa Postal 6065, 13081970 Campinas, SP, Brazil. Email: tomasz@dcc.unicamp.br. 1 Introduction Formal proofs of correctness of algorithms manipulating data structures can become quite lengthy and unreadable, even though the basic ideas behind those proofs may be simple ...
THE SEMANTICS OF DESTRUCTIVE LISPCSLI Lecture Notes Number 5 THE SEMANTICS OF DESTRUCTIVE LISP
"... AND INFORMATIONCSLI was founded early in 1983 by researchers from Stanford University, SRI International, and Xerox PARC to further research and development of integrated theories of language, information, and computation. CSLI headquarters and the publication offices are located at the Stanford sit ..."
Abstract
 Add to MetaCart
AND INFORMATIONCSLI was founded early in 1983 by researchers from Stanford University, SRI International, and Xerox PARC to further research and development of integrated theories of language, information, and computation. CSLI headquarters and the publication offices are located at the Stanford site.