Results 1 
9 of
9
BI as an Assertion Language for Mutable Data Structures
, 2000
"... Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hea ..."
Abstract

Cited by 191 (14 self)
 Add to MetaCart
(Show Context)
Reynolds has developed a logic for reasoning about mutable data structures in which the pre and postconditions are written in an intuitionistic logic enriched with a spatial form of conjunction. We investigate the approach from the point of view of the logic BI of bunched implications of O'Hearn and Pym. We begin by giving a model in which the law of the excluded middle holds, thus showing that the approach is compatible with classical logic. The relationship between the intuitionistic and classical versions of the system is established by a translation, analogous to a translation from intuitionistic logic into the modal logic S4. We also consider the question of completeness of the axioms. BI's spatial implication is used to express weakest preconditions for objectcomponent assignments, and an axiom for allocating a cons cell is shown to be complete under an interpretation of triples that allows a command to be applied to states with dangling pointers. We make this latter a feature, by incorporating an operation, and axiom, for disposing of memory. Finally, we describe a local character enjoyed by specifications in the logic, and show how this enables a class of frame axioms, which say what parts of the heap don't change, to be inferred automatically.
Separation and Information Hiding
, 2004
"... We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of d ..."
Abstract

Cited by 184 (19 self)
 Add to MetaCart
(Show Context)
We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of dynamic partitioning, where we track the transfer of ownership of portions of heap storage between program components. It also enables us to enforce separation in the presence of mutable data structures with embedded addresses that may be aliased.
Modular Automatic Assertion Checking with Separation Logic
, 2005
"... Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe a tool, Smallfoot, for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and th ..."
Abstract

Cited by 163 (6 self)
 Add to MetaCart
Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe a tool, Smallfoot, for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and this allows reasoning to be fully automatic. We illustrate what the tool can do via a sequence of examples which are oriented around novel aspects of separation logic, namely: avoidance of frame axioms (which say what a procedure does not change); embracement of “dirty” features such as memory disposal and address arithmetic; information hiding in the presence of pointers; and modular reasoning about concurrent programs.
Compositional Shape Analysis by means of BiAbduction
, 2009
"... This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an overapprox ..."
Abstract

Cited by 142 (16 self)
 Add to MetaCart
This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an overapproximation of data structure usage. Compositionality brings its usual benefits – increased potential to scale, ability to deal with unknown calling contexts, graceful way to deal with imprecision – to shape analysis, for the first time. The analysis rests on a generalized form of abduction (inference of explanatory hypotheses) which we call biabduction. Biabduction displays abduction as a kind of inverse to the frame problem: it jointly infers antiframes (missing portions of state) and frames (portions of state not touched by an operation), and is the basis of a new interprocedural analysis algorithm. We have implemented
Interprocedural shape analysis with separated heap abstractions
 In SAS
, 2006
"... Abstract. We describe an interprocedural shape analysis that makes use of spatial locality (i.e. the fact that most procedures modify only a small subset of the heap) in its representation of abstract states. Instead of tracking reachability information directly and aliasing information indirectly, ..."
Abstract

Cited by 68 (10 self)
 Add to MetaCart
(Show Context)
Abstract. We describe an interprocedural shape analysis that makes use of spatial locality (i.e. the fact that most procedures modify only a small subset of the heap) in its representation of abstract states. Instead of tracking reachability information directly and aliasing information indirectly, our representation tracks reachability indirectly and aliasing state is easy because the representation exhibits spatial locality mirroring the locality that is present in the concrete semantics. The benefits of this approach include improved speed, support for programs that deallocate memory, the handling of bounded numbers of heap cutpoints, and support for cyclic and shared data structures. 1
Semantic Analysis of Pointer Aliasing, Allocation and Disposal in Hoare Logic
, 2000
"... Bornat has recently described an approach to reasoning about pointers, building on work of Morris. Here we describe a semantics that validates the approach, and use it to help devise axioms for operations that allocate and dispose of memory. 1. INTRODUCTION It is widely acknowledged that pointers ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
(Show Context)
Bornat has recently described an approach to reasoning about pointers, building on work of Morris. Here we describe a semantics that validates the approach, and use it to help devise axioms for operations that allocate and dispose of memory. 1. INTRODUCTION It is widely acknowledged that pointers cause problems for programproving formalisms (e.g. [8, 17, 13, 16, 9, 1, 14, 7]), but there is less agreement on precisely what the problems are. So, before describing our own work, we rst discuss where we believe the diculties lie. The rst issue that must be faced is aliasing , where distinct expressions can denote the same lvalue. The problem here can be seen by reference to Hoare logic, where assignment is treated using substitution on the objectlanguage level: fP [E=x]g x := E fPg: For this treatment of assignment to be sound it is necessary that dierent identiers are not aliases. With pointers the problem is that aliasing is not an exceptional circumstance: for example, it wi...
Verification condition generation and variable conditions in Smallfoot. Available from http://www.dcs.qmul.ac.uk/research/logic/theory/projects/smallfoot/index.html
"... Abstract. These notes are a companion to [1] which describe – the variable conditions that Smallfoot checks, – the analysis used to check them, – the algorithm used to compute a set of verification conditions corresponding to an annotated program, and – the treatment of concurrent resource initializ ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. These notes are a companion to [1] which describe – the variable conditions that Smallfoot checks, – the analysis used to check them, – the algorithm used to compute a set of verification conditions corresponding to an annotated program, and – the treatment of concurrent resource initialization code. 2012
On mechanizing proofs within a complete proof system for Unity
 Concordia University of Montr'eal
, 1995
"... The solution proposed by Sanders in [14] consists of eliminating the need of the substitution axiom from Unity in order to eliminate the unsoundness problem caused by this axiom in Unity without loss of completeness. Sander's solution is based on the strongest invariant concept and provides the ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
The solution proposed by Sanders in [14] consists of eliminating the need of the substitution axiom from Unity in order to eliminate the unsoundness problem caused by this axiom in Unity without loss of completeness. Sander's solution is based on the strongest invariant concept and provides theoretical advantages by formally capturing the effects of the initial conditions on the properties of a program. This solution is less convincing from a practical point of view because it assumes proofs of strongest invariant in the metalevel. In this paper we reconsider this solution showing that the general concept of invariant is sufficient to eliminate the substitution axiom and to provide a sound and relatively complete proof system for Unity logic. The advantage of the new solution is that proofs of invariants are mechanized inside the Unity logic itself.
Semantic Analysis of Pointer Aliasing, Allocation andDisposal in Hoare Logic
"... ABSTRACT Bornat has recently described an approach to reasoning about pointers, building on work of Morris. Here we describe a semantics that validates the approach, and use it to help devise axioms for operations that allocate and dispose of memory. ..."
Abstract
 Add to MetaCart
(Show Context)
ABSTRACT Bornat has recently described an approach to reasoning about pointers, building on work of Morris. Here we describe a semantics that validates the approach, and use it to help devise axioms for operations that allocate and dispose of memory.