Results 1  10
of
26
Polymorphism and separation in Hoare type theory
 In icfp
, 2006
"... In previous work we have proposed a Dependent Hoare Type Theory (HTT) as a framework for development and reasoning about higherorder functional programs with effects of state, aliasing and nontermination. The main feature of HTT is the type of Hoare triples {P}x:A{Q} specifying computations with pr ..."
Abstract

Cited by 67 (14 self)
 Add to MetaCart
In previous work we have proposed a Dependent Hoare Type Theory (HTT) as a framework for development and reasoning about higherorder functional programs with effects of state, aliasing and nontermination. The main feature of HTT is the type of Hoare triples {P}x:A{Q} specifying computations with precondition P and postcondition Q, that return a result of type A. Here we extend HTT with predicative type polymorphism. Type quantification is possible in both types and assertions, and we can also quantify over Hoare triples. We show that as a consequence it becomes possible to reason about disjointness of heaps in the assertion logic of HTT. We use this expressiveness to interpret the Hoare triples in the “small footprint ” manner advocated by Separation Logic, whereby a precondition tightly describes the heap fragment required by the computation. We support stateful commands of allocation, lookup, strong update, deallocation, and pointer arithmetic. 1
Bi hyperdoctrines, higherorder separation logic, and abstraction
 IN ESOP’05, LNCS
, 2005
"... We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and in ..."
Abstract

Cited by 57 (22 self)
 Add to MetaCart
We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and intuitionistic first and higherorder predicate BI, and use it to show that we may easily extend separation logic to higherorder. We also demonstrate that this extension is important for program proving, since it provides sound reasoning principles for data abstraction in the presence of
Abstract predicates and mutable ADTs in Hoare type theory
 In Proc. ESOP’07, volume 4421 of LNCS
, 2007
"... Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and e ..."
Abstract

Cited by 42 (19 self)
 Add to MetaCart
Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and effects of computations within types. This paper extends HTT with quantification over abstract predicates (i.e., higherorder logic), thus embedding into HTT the Extended Calculus of Constructions. When combined with the Hoarelike specifications, abstract predicates provide a powerful way to define and encapsulate the invariants of private state; that is, state which may be shared by several functions, but is not accessible to their clients. We demonstrate this power by sketching a number of abstract data types and functions that demand ownership of mutable memory, including an idealized custom memory manager. 1
Ynot: Dependent types for imperative programs
 In Proceedings of ICFP 2008
, 2008
"... We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, t ..."
Abstract

Cited by 36 (10 self)
 Add to MetaCart
We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as nontermination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higherlevel reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.
A Logical Analysis of Aliasing in Imperative HigherOrder Functions
 INTERNATIONAL CONFERENCE ON FUNCTIONAL PROGRAMMING, ICFP’05
, 2005
"... We present a compositional program logic for callbyvalue imperative higherorder functions with general forms of aliasing, which can arise from the use of reference names as function parameters, return values, content of references and part of data structures. The program logic ..."
Abstract

Cited by 28 (3 self)
 Add to MetaCart
We present a compositional program logic for callbyvalue imperative higherorder functions with general forms of aliasing, which can arise from the use of reference names as function parameters, return values, content of references and part of data structures. The program logic
Nested Hoare triples and frame rules for higherorder store
 In Proceedings of the 18th EACSL Annual Conference on Computer Science Logic
, 2009
"... Abstract. Separation logic is a Hoarestyle logic for reasoning about programs with heapallocated mutable data structures. As a step toward extending separation logic to highlevel languages with MLstyle general (higherorder) storage, we investigate the compatibility of nested Hoare triples with ..."
Abstract

Cited by 28 (14 self)
 Add to MetaCart
Abstract. Separation logic is a Hoarestyle logic for reasoning about programs with heapallocated mutable data structures. As a step toward extending separation logic to highlevel languages with MLstyle general (higherorder) storage, we investigate the compatibility of nested Hoare triples with several variations of higherorder frame rules. The interaction of nested triples and frame rules can be subtle, and the inclusion of certain frame rules is in fact unsound. A particular combination of rules can be shown consistent by means of a Kripke model where worlds live in a recursively defined ultrametric space. The resulting logic allows us to elegantly prove programs involving stored code. In particular, it leads to natural specifications and proofs of invariants required for dealing with recursion through the store. Keywords. Higherorder store, Hoare logic, separation logic, semantics. 1
A typed, compositional logic for a stackbased abstract machine
 In Proc. 3rd Asian Symposium on Programming Languages and Systems (APLAS), volume 3780 of Lecture Notes in Computer Science
, 2005
"... Abstract. We define a compositional program logic in the style of Floyd and Hoare for a simple, typed, stackbased abstract machine with unstructured control flow, global variables and mutually recursive procedure calls. Notable features of the logic include a careful treatment of auxiliary variable ..."
Abstract

Cited by 22 (7 self)
 Add to MetaCart
Abstract. We define a compositional program logic in the style of Floyd and Hoare for a simple, typed, stackbased abstract machine with unstructured control flow, global variables and mutually recursive procedure calls. Notable features of the logic include a careful treatment of auxiliary variables and quantification and the use of substructural typing to permit local, modular reasoning about program fragments. Semantic soundness is established using an interpretation of types and assertions defined by orthogonality with respect to sets of contexts. 1
Descriptive and relative completeness for logics for higherorder functions
 In ICALP’06, volume 4052 of LNCS
, 2006
"... Abstract. This paper establishes a strong completeness property of compositional program logics for pure and imperative higherorder functions introduced in [2, 15–18]. This property, called descriptive completeness, says that for each program there is an assertion fully describing the former’s beha ..."
Abstract

Cited by 17 (9 self)
 Add to MetaCart
Abstract. This paper establishes a strong completeness property of compositional program logics for pure and imperative higherorder functions introduced in [2, 15–18]. This property, called descriptive completeness, says that for each program there is an assertion fully describing the former’s behaviour up to the standard observational semantics. This formula is inductively calculable from the program text alone. As a consequence we obtain the first relative completeness result for compositional logics of pure and imperative callbyvalue higherorder functions in the full type hierarchy. 1
Ynot: Reasoning with the awkward squad
 In ACM SIGPLAN International Conference on Functional Programming
, 2008
"... We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, t ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as nontermination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higherlevel reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.
Separation logic for higherorder store
 Pages 575–590 of: Computer Science Logic. Lecture Notes in Computer Science
, 2006
"... Abstract. Separation Logic is a substructural logic that supports local reasoning for imperative programs. It is designed to elegantly describe sharing and aliasing properties of heap structures, thus facilitating the verification of programs with pointers. In past work, separation logic has been d ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
Abstract. Separation Logic is a substructural logic that supports local reasoning for imperative programs. It is designed to elegantly describe sharing and aliasing properties of heap structures, thus facilitating the verification of programs with pointers. In past work, separation logic has been developed for heaps containing records of basic data types. Languages like C or ML, however, also permit the use of code pointers. The corresponding heap model is commonly referred to as “higherorder store ” since heaps may contain commands which in turn are interpreted as partial functions between heaps. In this paper we make Separation Logic and the benefits of local reasoning available to languages with higherorder store. In particular, we introduce an extension of the logic and prove it sound, including the Frame Rule that enables specifications of code to be extended by invariants on parts of the heap that are not accessed. 1