Reynolds has developed a logic for reasoning about mutable data structures in which the pre- and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn and Pym. We begin by giving a model in which the law of the excluded middle holds, thus showing that the approach is compatible with classical logic. The relationship between the intuitionistic and classical versions of the system is established by a translation, analogous to a translation from intuitionistic logic into the modal logic S4. We also consider the question of completeness of the axioms. BI's spatial implication is used to express weakest preconditions for object-component assignments, and an axiom for allocating a cons cell is shown to be complete under an interpretation of triples that allows a command to be applied to states with dangling pointers. We make this latter a feature, by incorporating an operation, and axiom, for disposing of memory. Finally, we describe a local character enjoyed by specifications in the logic, and show how this enables a class of frame axioms, which say what parts of the heap don't change, to be inferred automatically.

Object-oriented programs [Dahl, Goldberg, Meyer] are notoriously prone to the following kinds of error, which could lead to increasingly severe problems in the presence of tasking 1. Following a null pointer 2. Deletion of an accessible object 3. Failure to delete an inaccessible object 4. Interference due to equality of pointers 5. Inhibition of optimisation due to fear of (4) Type disciplines and object classes are a great help in avoiding these errors. Stronger protection may be obtainable with the help of assertions, particularly invariants, which are intended to be true before and after each call of a method that updates the structure of the heap. This note introduces a mathematical model and language for the formulation of assertions about objects and pointers, and suggests that a graphical calculus [Curtis, Lowe] may help in reasoning about program correctness. It deals with both garbage-collected heaps and the other kind. The theory is based on a trace model of graphs, using ideas from process algebra; and our development seeks to exploit this analogy as a unifying principle. 1

Bornat has recently described an approach to reasoning about pointers, building on work of Morris. Here we describe a semantics that validates the approach, and use it to help devise axioms for operations that allocate and dispose of memory. 1. INTRODUCTION It is widely acknowledged that pointers cause problems for program-proving formalisms (e.g. [8, 17, 13, 16, 9, 1, 14, 7]), but there is less agreement on precisely what the problems are. So, before describing our own work, we rst discuss where we believe the diculties lie. The rst issue that must be faced is aliasing , where distinct expressions can denote the same l-value. The problem here can be seen by reference to Hoare logic, where assignment is treated using substitution on the object-language level: fP [E=x]g x := E fPg: For this treatment of assignment to be sound it is necessary that dierent identiers are not aliases. With pointers the problem is that aliasing is not an exceptional circumstance: for example, it wi...

We describe an approach to the derivation of correct algorithms on treebased pointer structures. The approach is based on enriching trees in a way that allows us to model commonly-used pointer manipulations on tree structures.

What is a good method to specify and derive imperative programs? This paper argues that a new form of functional programming fits the bill, where variable functions can be updated at specified points in their domain. Traditional algebraic specification and functional programming are a powerful pair of tools for specifying and implementing domains of discourse and operations on them. Recent work on evolving algebras has introduced the function update in algebraic specifications, and has applied it with good success in the modelling of reactive systems. We show that similar concepts allow one to derive efficient programs in a systematic way from functional specifications. The final outcome of such a derivation can be made as efficient as a traditional imperative program with pointers, but can still be reasoned about at a high level. Variable functions can also play an important role in the structuring of large systems. They can subsume object-oriented programming languages, without incu...

A fair amount has been written on the subject of reasoning about pointer algorithms. There was a peak about 1980 when everyone seemed to be tackling the formal verification of the Schorr–Waite marking algorithm, including Gries (1979, Morris (1982) and Topor (1979). Bornat (2000) writes: “The Schorr–Waite algorithm is the

The algebra of functions and relations has been used so successfully in program construction that textbooks have appeared. Despite the importance of predicate transformers in imperative programming, the algebra of transformers has been less explored. To show its promise, we prove results on exponents and recursion on inductive data types, sufficient for carrying out a polytypic derivation that has been given as a substantial example for functions and relations. We also give a data refinement from exponents of specifications to the concrete exponents needed for program semantics.

. We use a relational calculus of pointer structures to calculate a number of standard algorithms on singly linked lists, both acyclic and cyclic. This shows that our techniques are not just useful for tree-like structures, but apply to general pointer structures as well. 1 Introduction Although pointer algorithms are very error-prone they lie at the very heart of many implementations. Yet they have received surprisingly little attention in work on formal derivation and verification of programs. If they are treated, mostly formulas from predicate logic are used, which tend, however, to be very complex and unwieldy. A more algebraic approach was presented in the work of Berger et al. (1991) and Moller (1991--1993) and developed into more general form by Moller (1997). However, in the latter paper only examples with tree-like structures were treated. We show that the approach covers cyclic structures as well. In fact, we demonstrate that the derivations for the acyclic case can be carri...

Abstract. This paper shows how to use the transformation of Paterson and Hewitt (P & H) to derive imperative pointer algorithms. To achieve this we take the recursive pointer algorithms derived from functional descriptions using the method of Möller. These are transformed via the P & H transformation scheme into an imperative version. Despite the inefficient general runtime performance of the scheme that results from P & H, we get well performing algorithms. 1

Abstract. In this paper we present an abstract representation of pointer structures in Kleene algebras and the properties of a particular selective update function. These can be used as prerequisites for the definition of in-situ pointer updates and a general framework to derive in-situ pointer algorithms from their specification.