Results 1  10
of
18
BI as an Assertion Language for Mutable Data Structures
, 2000
"... Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hea ..."
Abstract

Cited by 183 (14 self)
 Add to MetaCart
(Show Context)
Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn and Pym. We begin by giving a model in which the law of the excluded middle holds, thus showing that the approach is compatible with classical logic. The relationship between the intuitionistic and classical versions of the system is established by a translation, analogous to a translation from intuitionistic logic into the modal logic S4. We also consider the question of completeness of the axioms. BI's spatial implication is used to express weakest preconditions for objectcomponent assignments, and an axiom for allocating a cons cell is shown to be complete under an interpretation of triples that allows a command to be applied to states with dangling pointers. We make this latter a feature, by incorporating an operation, and axiom, for disposing of memory. Finally, we describe a local character enjoyed by specifications in the logic, and show how this enables a class of frame axioms, which say what parts of the heap don't change, to be inferred automatically.
NetKAT: Semantic foundations for networks
 In POPL
, 2014
"... Recent years have seen growing interest in highlevel languages for programming networks. But the design of these languages has been largely ad hoc, driven more by the needs of applications and the capabilities of network hardware than by foundational principles. The lack of a semantic foundation ha ..."
Abstract

Cited by 29 (13 self)
 Add to MetaCart
(Show Context)
Recent years have seen growing interest in highlevel languages for programming networks. But the design of these languages has been largely ad hoc, driven more by the needs of applications and the capabilities of network hardware than by foundational principles. The lack of a semantic foundation has left language designers with little guidance in determining how to incorporate new features, and programmers without a means to reason precisely about their code. This paper presents NetKAT, a new network programming language that is based on a solid mathematical foundation and comes equipped with a sound and complete equational theory. We describe the design of NetKAT, including primitives for filtering, modifying, and transmitting packets; union and sequential composition operators; and a Kleene star operator that iterates programs. We show that NetKAT is an instance of a canonical and wellstudied mathematical structure called a Kleene algebra with tests (KAT) and prove that its equational theory is sound and complete with respect to its denotational semantics. Finally, we present practical applications of the equational theory including syntactic techniques for checking reachability, proving noninterference properties that ensure isolation between programs, and establishing the correctness of compilation algorithms.
A Trace Model for Pointers and Objects
 In Proc. 13th ECOOP, volume 1628 of LNCS
, 1999
"... Objectoriented programs [Dahl, Goldberg, Meyer] are notoriously prone to the following kinds of error, which could lead to increasingly severe problems in the presence of tasking 1. Following a null pointer 2. Deletion of an accessible object 3. Failure to delete an inaccessible object 4. Interfere ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
Objectoriented programs [Dahl, Goldberg, Meyer] are notoriously prone to the following kinds of error, which could lead to increasingly severe problems in the presence of tasking 1. Following a null pointer 2. Deletion of an accessible object 3. Failure to delete an inaccessible object 4. Interference due to equality of pointers 5. Inhibition of optimisation due to fear of (4) Type disciplines and object classes are a great help in avoiding these errors. Stronger protection may be obtainable with the help of assertions, particularly invariants, which are intended to be true before and after each call of a method that updates the structure of the heap. This note introduces a mathematical model and language for the formulation of assertions about objects and pointers, and suggests that a graphical calculus [Curtis, Lowe] may help in reasoning about program correctness. It deals with both garbagecollected heaps and the other kind. The theory is based on a trace model of graphs, using ideas from process algebra; and our development seeks to exploit this analogy as a unifying principle. 1
Semantic Analysis of Pointer Aliasing, Allocation and Disposal in Hoare Logic
, 2000
"... Bornat has recently described an approach to reasoning about pointers, building on work of Morris. Here we describe a semantics that validates the approach, and use it to help devise axioms for operations that allocate and dispose of memory. 1. INTRODUCTION It is widely acknowledged that pointers ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
(Show Context)
Bornat has recently described an approach to reasoning about pointers, building on work of Morris. Here we describe a semantics that validates the approach, and use it to help devise axioms for operations that allocate and dispose of memory. 1. INTRODUCTION It is widely acknowledged that pointers cause problems for programproving formalisms (e.g. [8, 17, 13, 16, 9, 1, 14, 7]), but there is less agreement on precisely what the problems are. So, before describing our own work, we rst discuss where we believe the diculties lie. The rst issue that must be faced is aliasing , where distinct expressions can denote the same lvalue. The problem here can be seen by reference to Hoare logic, where assignment is treated using substitution on the objectlanguage level: fP [E=x]g x := E fPg: For this treatment of assignment to be sound it is necessary that dierent identiers are not aliases. With pointers the problem is that aliasing is not an exceptional circumstance: for example, it wi...
Calculational Derivation of Pointer Algorithms from Tree Operations
 Science of Computer Programming
, 1998
"... We describe an approach to the derivation of correct algorithms on treebased pointer structures. The approach is based on enriching trees in a way that allows us to model commonlyused pointer manipulations on tree structures. ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
We describe an approach to the derivation of correct algorithms on treebased pointer structures. The approach is based on enriching trees in a way that allows us to model commonlyused pointer manipulations on tree structures.
Programming with Variable Functions
 In Proceedings of the 1998 ACM SIGPLAN International Conference on Functional Programming
, 1998
"... What is a good method to specify and derive imperative programs? This paper argues that a new form of functional programming fits the bill, where variable functions can be updated at specified points in their domain. Traditional algebraic specification and functional programming are a powerful pair ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
What is a good method to specify and derive imperative programs? This paper argues that a new form of functional programming fits the bill, where variable functions can be updated at specified points in their domain. Traditional algebraic specification and functional programming are a powerful pair of tools for specifying and implementing domains of discourse and operations on them. Recent work on evolving algebras has introduced the function update in algebraic specifications, and has applied it with good success in the modelling of reactive systems. We show that similar concepts allow one to derive efficient programs in a systematic way from functional specifications. The final outcome of such a derivation can be made as efficient as a traditional imperative program with pointers, but can still be reasoned about at a high level. Variable functions can also play an important role in the structuring of large systems. They can subsume objectoriented programming languages, without incu...
Functional pearl: Unfolding pointer algorithms
 Journal of Functional Programming
, 2001
"... A fair amount has been written on the subject of reasoning about pointer algorithms. There was a peak about 1980 when everyone seemed to be tackling the formal verification of the Schorr–Waite marking algorithm, including Gries (1979, Morris (1982) and Topor (1979). Bornat (2000) writes: “The Schorr ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
A fair amount has been written on the subject of reasoning about pointer algorithms. There was a peak about 1980 when everyone seemed to be tackling the formal verification of the Schorr–Waite marking algorithm, including Gries (1979, Morris (1982) and Topor (1979). Bornat (2000) writes: “The Schorr–Waite algorithm is the
Linked Lists Calculated
, 1997
"... We use a relational calculus of pointer structures to calculate a number of standard algorithms on singly linked lists, both acyclic and cyclic. This shows that our techniques are not just useful for treelike structures, but apply to general pointer structures as well. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We use a relational calculus of pointer structures to calculate a number of standard algorithms on singly linked lists, both acyclic and cyclic. This shows that our techniques are not just useful for treelike structures, but apply to general pointer structures as well.
Towards Squiggly Refinement Algebra
 IFIP Working Conference on Programming Concepts and Methods
, 1998
"... The algebra of functions and relations has been used so successfully in program construction that textbooks have appeared. Despite the importance of predicate transformers in imperative programming, the algebra of transformers has been less explored. To show its promise, we prove results on exponent ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
The algebra of functions and relations has been used so successfully in program construction that textbooks have appeared. Despite the importance of predicate transformers in imperative programming, the algebra of transformers has been less explored. To show its promise, we prove results on exponents and recursion on inductive data types, sufficient for carrying out a polytypic derivation that has been given as a substantial example for functions and relations. We also give a data refinement from exponents of specifications to the concrete exponents needed for program semantics.
Kleene Algebras and Pointer Structures
, 2003
"... Kleene algebras (KA) have turned out to be an appropriate tool to formally describe algebraic systems in various areas. Despite this universal applicability there often proofs are easy and half as long as in concrete KAs. In this paper we describe how to use KAs to model edgelabeled directed graphs ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Kleene algebras (KA) have turned out to be an appropriate tool to formally describe algebraic systems in various areas. Despite this universal applicability there often proofs are easy and half as long as in concrete KAs. In this paper we describe how to use KAs to model edgelabeled directed graphs. As an application we show how the relational pointer algebra developed by B. Möller can be treated with this technique.