Results 1  10
of
913
Resources, Concurrency and Local Reasoning
 THEORETICAL COMPUTER SCIENCE
, 2004
"... In this paper we show how a resourceoriented logic, separation logic, can be used to reason about the usage of resources in concurrent programs. ..."
Abstract

Cited by 219 (6 self)
 Add to MetaCart
(Show Context)
In this paper we show how a resourceoriented logic, separation logic, can be used to reason about the usage of resources in concurrent programs.
Separation and Information Hiding
, 2004
"... We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of d ..."
Abstract

Cited by 187 (20 self)
 Add to MetaCart
We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of dynamic partitioning, where we track the transfer of ownership of portions of heap storage between program components. It also enables us to enforce separation in the presence of mutable data structures with embedded addresses that may be aliased.
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 176 (47 self)
 Add to MetaCart
(Show Context)
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
A local shape analysis based on separation logic
 IN: 12TH INTERNATIONAL CONFERENCE ON TOOLS AND ALGORITHMS FOR
, 2006
"... We describe a program analysis for linked list programs where the abstract domain uses formulae from separation logic. ..."
Abstract

Cited by 160 (23 self)
 Add to MetaCart
(Show Context)
We describe a program analysis for linked list programs where the abstract domain uses formulae from separation logic.
Separation Logic and Abstraction
, 2005
"... In this paper we address the problem of writing specifications for programs that use various forms of modularity, including procedures and Javalike classes. We build on the formalism of separation logic and introduce the new notion of an abstract predicate and, more generally, abstract predicate fa ..."
Abstract

Cited by 159 (9 self)
 Add to MetaCart
(Show Context)
In this paper we address the problem of writing specifications for programs that use various forms of modularity, including procedures and Javalike classes. We build on the formalism of separation logic and introduce the new notion of an abstract predicate and, more generally, abstract predicate families. This provides a flexible mechanism for reasoning about the different forms of abstraction found in modern programming languages, such as abstract datatypes and objects. As well as demonstrating the soundness of our proof system, we illustrate its utility with a series of examples.
Modular Automatic Assertion Checking with Separation Logic
, 2005
"... Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe a tool, Smallfoot, for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and th ..."
Abstract

Cited by 156 (5 self)
 Add to MetaCart
(Show Context)
Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe a tool, Smallfoot, for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and this allows reasoning to be fully automatic. We illustrate what the tool can do via a sequence of examples which are oriented around novel aspects of separation logic, namely: avoidance of frame axioms (which say what a procedure does not change); embracement of “dirty” features such as memory disposal and address arithmetic; information hiding in the presence of pointers; and modular reasoning about concurrent programs.
A Linearly Typed Assembly Language
 In Workshop on Types in Compilation
"... Today's typesafe lowlevel languages rely on garbage collection to recycle heapallocated objects safely. We present LTAL, a safe, lowlevel, yet simple language that "stands on its own": it guarantees safe execution within a fixed memory space, without relying on external runtime s ..."
Abstract

Cited by 154 (37 self)
 Add to MetaCart
(Show Context)
Today's typesafe lowlevel languages rely on garbage collection to recycle heapallocated objects safely. We present LTAL, a safe, lowlevel, yet simple language that "stands on its own": it guarantees safe execution within a fixed memory space, without relying on external runtime support. We demonstrate the expressiveness of LTAL by giving a typepreserving compiler for the functional core of ML. But this independence comes at a steep price: LTAL's type system imposes a draconian discipline of linearity that ensures that memory can be reused safely, but prohibits any useful kind of sharing. We present the results of experiments with a prototype LTAL system that show just how high the price of linearity can be.
VCC: A practical system for verifying concurrent C
 IN CONF. THEOREM PROVING IN HIGHER ORDER LOGICS (TPHOLS), VOLUME 5674 OF LNCS
"... VCC is an industrialstrength verification environment for lowlevel concurrent system code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. It includes tools for monitoring proof ..."
Abstract

Cited by 149 (21 self)
 Add to MetaCart
(Show Context)
VCC is an industrialstrength verification environment for lowlevel concurrent system code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. It includes tools for monitoring proof attempts and constructing partial counterexample executions for failed proofs. This paper motivates VCC, describes our verification methodology, describes the architecture of VCC, and reports on our experience using VCC to verify the Microsoft HyperV hypervisor.
Compositional Shape Analysis by means of BiAbduction
, 2009
"... This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an overapprox ..."
Abstract

Cited by 142 (17 self)
 Add to MetaCart
(Show Context)
This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an overapproximation of data structure usage. Compositionality brings its usual benefits – increased potential to scale, ability to deal with unknown calling contexts, graceful way to deal with imprecision – to shape analysis, for the first time. The analysis rests on a generalized form of abduction (inference of explanatory hypotheses) which we call biabduction. Biabduction displays abduction as a kind of inverse to the frame problem: it jointly infers antiframes (missing portions of state) and frames (portions of state not touched by an operation), and is the basis of a new interprocedural analysis algorithm. We have implemented
Symbolic execution with separation logic
 In APLAS
, 2005
"... Abstract. We describe a sound method for automatically proving Hoare triples for loopfree code in Separation Logic, for certain preconditions and postconditions (symbolic heaps). The method uses a form of symbolic execution, a decidable proof theory for symbolic heaps, and extraction of frame axiom ..."
Abstract

Cited by 139 (27 self)
 Add to MetaCart
Abstract. We describe a sound method for automatically proving Hoare triples for loopfree code in Separation Logic, for certain preconditions and postconditions (symbolic heaps). The method uses a form of symbolic execution, a decidable proof theory for symbolic heaps, and extraction of frame axioms from incomplete proofs. This is a precursor to the use of the logic in automatic specification checking, program analysis, and model checking. 1