Results 1  10
of
15
Local Reasoning about Programs that Alter Data Structures
, 2001
"... . We describe an extension of Hoare's logic for reasoning about programs that alter data structures. We consider a lowlevel storage model based on a heap with associated lookup, update, allocation and deallocation operations, and unrestricted address arithmetic. The assertion language is based ..."
Abstract

Cited by 272 (30 self)
 Add to MetaCart
. We describe an extension of Hoare's logic for reasoning about programs that alter data structures. We consider a lowlevel storage model based on a heap with associated lookup, update, allocation and deallocation operations, and unrestricted address arithmetic. The assertion language is based on a possible worlds model of the logic of bunched implications, and includes spatial conjunction and implication connectives alongside those of classical logic. Heap operations are axiomatized using what we call the \small axioms", each of which mentions only those cells accessed by a particular command. Through these and a number of examples we show that the formalism supports local reasoning: A speci cation and proof can concentrate on only those cells in memory that a program accesses. This paper builds on earlier work by Burstall, Reynolds, Ishtiaq and O'Hearn on reasoning about data structures. 1
BI as an Assertion Language for Mutable Data Structures
, 2000
"... Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn an ..."
Abstract

Cited by 149 (14 self)
 Add to MetaCart
Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn and Pym. We begin by giving a model in which the law of the excluded middle holds, thus showing that the approach is compatible with classical logic. The relationship between the intuitionistic and classical versions of the system is established by a translation, analogous to a translation from intuitionistic logic into the modal logic S4. We also consider the question of completeness of the axioms. BI's spatial implication is used to express weakest preconditions for objectcomponent assignments, and an axiom for allocating a cons cell is shown to be complete under an interpretation of triples that allows a command to be applied to states with dangling pointers. We make this latter a feature, by incorporating an operation, and axiom, for disposing of memory. Finally, we describe a local character enjoyed by specifications in the logic, and show how this enables a class of frame axioms, which say what parts of the heap don't change, to be inferred automatically.
Representation Independence, Confinement and Access Control (Extended Abstract)
 In ACM Symposium on Principles of Programming Languages (POPL
, 2002
"... Denotational semantics is given for a Javalike language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and privilegebased access control. Representation independence (relational parametricity) is proved, using a semantic notion of co ..."
Abstract

Cited by 90 (29 self)
 Add to MetaCart
Denotational semantics is given for a Javalike language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and privilegebased access control. Representation independence (relational parametricity) is proved, using a semantic notion of confinement similar to ones for which static disciplines have been recently proposed.
On Bunched Typing
, 2002
"... We study a typing scheme derived from a semantic situation where a single category possesses several closed structures, corresponding to dierent varieties of function type. In this scheme typing contexts are trees built from two (or more) binary combining operations, or in short, bunches. Bunched ..."
Abstract

Cited by 33 (2 self)
 Add to MetaCart
We study a typing scheme derived from a semantic situation where a single category possesses several closed structures, corresponding to dierent varieties of function type. In this scheme typing contexts are trees built from two (or more) binary combining operations, or in short, bunches. Bunched typing and its logical counterpart, bunched implications, have arisen in joint work of the author and David Pym. The present paper gives a basic account of the type system, and then focusses on concrete models that illustrate how it may be understood in terms of resource access and sharing. The most
Correctness of Data Representations involving Heap Data Structures
 Science of Computer Programming
, 2003
"... While the semantics of local variables in programming languages is by now wellunderstood, the semantics of pointeraddressed heap variables is still an outstanding issue. In particular, the commonly assumed relational reasoning principles for data representations have not been validated in a se ..."
Abstract

Cited by 23 (8 self)
 Add to MetaCart
While the semantics of local variables in programming languages is by now wellunderstood, the semantics of pointeraddressed heap variables is still an outstanding issue. In particular, the commonly assumed relational reasoning principles for data representations have not been validated in a semantic model of heap variables. In this paper, we de ne a parametricity semantics for a Pascallike language with pointers and heap variables which gives such reasoning principles. It is found that the correspondences between data representations are not simply relations between states, but more intricate correspondences that also need to keep track of visible locations whose pointers can be stored and leaked.
Objects and classes in Algollike languages
 Information and Computation
, 2002
"... Many objectoriented languages used in practice descend from Algol. With this motivation, we study the theoretical issues underlying such languages via the theory of Algollike languages. It is shown that the basic framework of this theory extends cleanly and elegantly to the concepts of objects and ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
Many objectoriented languages used in practice descend from Algol. With this motivation, we study the theoretical issues underlying such languages via the theory of Algollike languages. It is shown that the basic framework of this theory extends cleanly and elegantly to the concepts of objects and classes. An important idea that comes to light is that classes are abstract data types, whose theory corresponds to that of existential types. Equational and Hoarelike reasoning methods, and relational parametricity provide powerful formal tools for reasoning about Algollike objectoriented programs. 1
Predicate Transformer Semantics of a Higher Order Imperative Language With . . .
 SCIENCE OF COMPUTER PROGRAMMING
, 1998
"... Using a settheoretic model of predicate transformers and ordered data types, we give a totalcorrectness semantics for a typed higherorder imperative programming language that includes record extension, local variables, and proceduretype variables and parameters. The language includes infeasibl ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
Using a settheoretic model of predicate transformers and ordered data types, we give a totalcorrectness semantics for a typed higherorder imperative programming language that includes record extension, local variables, and proceduretype variables and parameters. The language includes infeasible speci cation constructs, for a calculus of re nement. Procedures may have global variables, subject to mild syntactic restrictions to avoid the semantic complications of Algollike languages. The semantics is used to validate simple proof rules for noninterference, type extension, and calls of procedure variables and constants.
Parametricity as a Notion of Uniformity in Reflexive Graphs
, 2002
"... data types embody uniformity in the form of information hiding. Information hiding enforces the uniform treatment of those entities that dier only on hidden information. ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
data types embody uniformity in the form of information hiding. Information hiding enforces the uniform treatment of those entities that dier only on hidden information.
State based encapsulation and generics
, 2004
"... A properly encapsulated data representation can be revised without affecting the correctness of client programs and extensions but encapsulation is difficult to achieve for heap based structures and objectoriented (OO) programs with reentrant callbacks. Building on a discipline that uses assertion ..."
Abstract

Cited by 7 (7 self)
 Add to MetaCart
A properly encapsulated data representation can be revised without affecting the correctness of client programs and extensions but encapsulation is difficult to achieve for heap based structures and objectoriented (OO) programs with reentrant callbacks. Building on a discipline that uses assertions and auxiliary fields to manage invariants and transferrable ownership, we give a rule for modular reasoning based on simulations. This representation independence result is proved for a sequential OO language with recursive, generic classes.
Syntactic Control of Interference for Separation Logic
"... Separation Logic has witnessed tremendous success in recent years in reasoning about programs that deal with heap storage. Its success owes to the fundamental principle that one should keep separate areas of the heap storage separate in program reasoning. However, the way Separation Logic deals with ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Separation Logic has witnessed tremendous success in recent years in reasoning about programs that deal with heap storage. Its success owes to the fundamental principle that one should keep separate areas of the heap storage separate in program reasoning. However, the way Separation Logic deals with program variables continues to be based on traditional Hoare Logic without taking any benefit of the separation principle. This has led to unwieldy proof rules suffering from lack of clarity as well as questions surrounding their soundness. In this paper, we extend the separation idea to the treatment of variables in Separation Logic, especially Concurrent Separation Logic, using the system of Syntactic Control of Interference proposed by Reynolds in 1978. We extend the original system with permission algebras, making it more powerful and able to deal with the issues of concurrent programs. The result is a streamined presentation of Concurrent Separation Logic, whose rules are memorable and soundness obvious. We also include a discussion of how the new rules impact the semantics and devise static analysis techniques to infer the required permissions automatically. Categories and Subject Descriptors D.3.1 [Programming Languages]: