## Bi hyperdoctrines, higher-order separation logic, and abstraction (2005)

### Cached

### Download Links

Venue: | IN ESOP’05, LNCS |

Citations: | 60 - 21 self |

### BibTeX

@INPROCEEDINGS{Biering05bihyperdoctrines,,

author = {Bodil Biering and Lars Birkedal and Noah Torp-Smith},

title = {Bi hyperdoctrines, higher-order separation logic, and abstraction},

booktitle = {IN ESOP’05, LNCS},

year = {2005},

pages = {233--247},

publisher = {}

}

### Years of Citing Articles

### OpenURL

### Abstract

We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and intuitionistic first- and higher-order predicate BI, and use it to show that we may easily extend separation logic to higher-order. We also demonstrate that this extension is important for program proving, since it provides sound reasoning principles for data abstraction in the presence of

### Citations

850 | Operating System Concepts - Silberschatz, Galvin, et al. - 2002 |

794 | Separation logic: A logic for shared mutable data structures
- Reynolds
- 2002
(Show Context)
Citation Context ... it to show that we may easily extend separation logic to higher-order. We argue that the given correspondence may be of import for formalizations of separation logic. 1 Introduction Separation logic =-=[20, 19, 5, 6, 22, 9, 2]-=- is a Hoare-style program logic, and variants of it have been applied to prove correct interesting pointer algorithms such as copying a dag, disposing a graph, the Schorr-Waite graph algorithm, and Ch... |

441 | Proofs of correctness of data representation - Hoare - 1972 |

310 |
Abstract types have existential types
- Mitchell, Plotkin
- 1988
(Show Context)
Citation Context ...o exploit details of the particular implementation used. Data abstraction is modeled via existential quantication over predicates, corresponding to the slogan \abstract types have existential type" [=-=Mitchell and Plotkin 1985-=-]. Wesrst dene an abstract priority queue, and use abstract operations in several client programs to demonstrate uses of abstract operations and their specications. We then show two implementations ... |

292 | Local reasoning about programs that alter data structures
- O’Hearn, Reynolds, et al.
- 2001
(Show Context)
Citation Context ... it to show that we may easily extend separation logic to higher-order. We argue that the given correspondence may be of import for formalizations of separation logic. 1 Introduction Separation logic =-=[20, 19, 5, 6, 22, 9, 2]-=- is a Hoare-style program logic, and variants of it have been applied to prove correct interesting pointer algorithms such as copying a dag, disposing a graph, the Schorr-Waite graph algorithm, and Ch... |

209 | Verification of object-oriented programs with invariants - Barnett, DeLine, et al. - 2004 |

200 | Abstraction and Specification in Program Development - Liskov, Guttag - 1986 |

198 | The logic of bunched implications
- O’Hearn, Pym
- 1999
(Show Context)
Citation Context ...ion. Part of the pointer model of separation logic, namely that given by heaps (but not stacks), has been related to propositional BI, the logic of bunched implications introduced by O'Hearn and Pym [=-=O'Hearn and Pym 1999-=-]. In this paper we show how the correspondence may be extended to a precise correspondence between all of the pointer model (including stacks) and a simple notion of predicate BI. We introduce the no... |

179 | Resources, concurrency, and local reasoning - O’Hearn |

176 | J.C.: Separation and information hiding
- O’Hearn, Yang, et al.
- 2004
(Show Context)
Citation Context ...ioms for these classes of assertions are valid. Such special axioms were further exploited in [2], where pure assertions were moved in and out of the scope of iterated separating conjunctions, and in =-=[11]-=-, where precise assertions were crucially used to verify soundness of the hypothetical frame rule. The different classes of assertions were defined semantically and the special axioms were also valida... |

175 |
as an assertion language for mutable data structures
- BI
- 2001
(Show Context)
Citation Context ... it to show that we may easily extend separation logic to higher-order. We argue that the given correspondence may be of import for formalizations of separation logic. 1 Introduction Separation logic =-=[20, 19, 5, 6, 22, 9, 2]-=- is a Hoare-style program logic, and variants of it have been applied to prove correct interesting pointer algorithms such as copying a dag, disposing a graph, the Schorr-Waite graph algorithm, and Ch... |

172 | Bi as an assertion language for mutable data structures - Ishtiaq, O’Hearn - 2001 |

157 | Permission accounting in separation logic
- Bornat, Calcagno, et al.
- 2005
(Show Context)
Citation Context ...itionistic pointer model of separation logic, which is presented using a forcing style semantics in [6]. The permissions model. It is also possible tost the permissions model of separation logic from =-=[4]-=- into the framework presented here. The main point is that the set of heaps, which in that model map locations to values and permissions, has a binary operation , which makes (H?; ) a partially orde... |

141 | Separation logic and abstraction - Parkinson, Bierman - 2005 |

132 | Object invariants in dynamic contexts - Leino, Müller - 2004 |

130 | Categorical Logic and Type Theory - Jacobs - 1999 |

108 | Intuitionistic reasoning about shared mutable data structure
- Reynolds
(Show Context)
Citation Context |

105 | The Semantics and Proof Theory of the Logic of Bunched Implications, volume 26 of Applied Logic Series - Pym - 2002 |

105 | Toward reliable modular programs - Leino - 1995 |

96 | Evaluation Logic
- Pitts
- 1991
(Show Context)
Citation Context ...his section we introduce Lawvere’s notion of a hyperdoctrine [8] and briefly recall how it can be used to model intuitionistic and classical first- and higherorder predicate logic (see, for example, =-=[13]-=- and [7] for more explanations than can be included here). We then define the notion of a BI hyperdoctrine, which is a straightforward extension of the standard notion of hyperdoctrine, and explain ho... |

86 |
Procedures and parameters: An axiomatic approach
- Hoare
- 1971
(Show Context)
Citation Context ...fPng cn fQng ; ; fP1g k1 fQ1g; ; fPng kn fQng ` fPg c fQg ; ` fPg let k1(~x1) = c1; : : : ; kn(~xn) = cn in c fQg for function denitions is the usual one from Hoare logic with procedures [=-=Hoare 1971-=-]. The rules for while and if -then-else are also standard. The next two rules are structural and allow certain straightforward manipulations of contexts. The rule of consequence is standard, and the ... |

83 | Friends need a bit more: Maintaining invariants over shared state - Barnett, Naumann - 2004 |

74 |
The Craft of Programming
- Reynolds
- 1981
(Show Context)
Citation Context ... has been usefully applied in program proving with separation logic, as mentioned in the previous section (it has also been usefully applied in Hoare logic, as pointed out to us by John Reynolds, see =-=[18]-=-). It remains to be seen to what extent quantification over general propositions and predicates is useful in actual program proving. But let us consider a simple example, which indicates that it may b... |

70 | J.C.: Local reasoning about a copying garbage collector
- Birkedal, Torp-Smith, et al.
- 2004
(Show Context)
Citation Context |

66 | Ownership confinement ensures representation independence for object-oriented programs - Banerjee, Naumann - 2005 |

61 | H.: Semantics of separation-logic typing and higher-order frame rules - Birkedal, Torp-Smith, et al. - 2005 |

47 | Possible worlds and resources: The semantics of BI - Pym, O’Hearn, et al. |

46 |
Categorical logic and type theory, volume 141
- Jacobs
- 1999
(Show Context)
Citation Context ...d brie y recall how it can be used to model intuitionistic and classicalsrst- and higher-order predicate logic. More details about this can be found in the handbook chapter [Pitts 2001] and the book [=-=Jacobs 1999-=-]. We then introduce the concept of a BI-hyperdoctrine and show that it models BI. In Section 3, we show that the standard pointer model of BI is an instance of our class of models. The new class of m... |

42 | An observationally complete program logic for imperative higher-order functions - Honda, Yoshida, et al. |

41 |
Local Reasoning for Stateful Programs
- Yang
- 2001
(Show Context)
Citation Context ...ag, disposing a graph, the Schorr-Waite graph algorithm, and Cheney’s copying garbage collector. Different extensions of core separation logic were employed to conduct these proofs. For example, Yang =-=[21]-=- extended the core logic with lists and trees, and in [2] the logic included finite sets and relations. Thus it is natural to ask whether one has to make a new extension of separation logic for every ... |

41 | A verification methodology for model fields - Leino, Müller - 2006 |

31 | A logical analysis of aliasing in imperative higher-order functions - Berger, Honda, et al. - 2005 |

31 | Relational Parametricity and Separation Logic - Birkedal, Yang - 2007 |

28 | State based ownership, reentrance, and encapsulation - Banerjee, Naumann - 2005 |

28 | Local reasoning, separation and aliasing
- Bornat, Calcagno, et al.
- 2004
(Show Context)
Citation Context ...raph marking algorithm. Later, a proof of correctness of Cheney’s garbage collection algorithm was published in [2], and other examples of correctness proofs of non-trivial algorithms may be found in =-=[3]-=-. In all of these papers, different simple extensions of core separation logic were used. For example, Yang used lists and binary trees as parts of his term language, and Birkedal et. al. introduced e... |

27 | Adjointness in foundations
- Lawvere
- 1969
(Show Context)
Citation Context ...ondence between all of the pointer model (including stacks) and a simple notion of predicate BI. We introduce the notion of a BI hyperdoctrine, a simple extension of Lawvere's notion of hyperdoctrine =-=[8]-=-, and show that it soundly models predicate BI. We consider a dierent notion of predicate BI than that of [15, 16], which has a BI structure on contexts. However, we believe that our notion of predic... |

23 | Objects and classes in Algol-like languages
- Reddy
(Show Context)
Citation Context ...nce abstraction is here modeled using existential quantication over higher-types (no special syntax for abstract predicates is needed). Prior to that, Reddy gave a semantics for objects and classes [=-=Reddy 1998-=-], in which he also models data abstraction via existential quantication. The main dierence between Reddy's work and the present work is that Reddy considers a programming language without heap mani... |

23 | Correctness of data representations involving heap data structures
- Reddy, Yang
(Show Context)
Citation Context |

20 | R.: Program logic and equivalence in the presence of garbage collection. Theoretical Computer Science 298
- Calcagno, O’Hearn, et al.
- 2003
(Show Context)
Citation Context |

10 |
Possible worlds and resources: the semantics
- Pym, O’Hearn, et al.
(Show Context)
Citation Context ... We present a precise correspondence between separation logic and a new simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI =-=[14]-=-. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and intuitionistic first- and higher-order predicate BI, and use it to show that we may easily exten... |

9 | N.: Bi-hyperdoctrines and higher order separation logic - Biering, Birkedal, et al. - 2005 |

8 |
Errata and remarks for the semantics and proof theory of the logic of bunched implications
- Pym
- 2004
(Show Context)
Citation Context ...the notion of a BI hyperdoctrine, a simple extension of Lawvere's notion of hyperdoctrine [8], and show that it soundly models predicate BI. We consider a dierent notion of predicate BI than that of =-=[15, 16]-=-, which has a BI structure on contexts. However, we believe that our notion of predicate BI with its class of BI hyperdoctrine models is the right one for separation logic (Pym aimed to model mulitipl... |

6 | Idealized ml and its separation logic - Krishnaswami, Birkedal, et al. |

5 |
Operating System Concepts, fifth ed
- SILBERSCHATZ, GALVIN
- 1997
(Show Context)
Citation Context ...denition rule (14) possible. 6.1 Reasoning about Abstract Priority Queues Priority queues are used frequently in programming, for example in scheduling algorithms for processes in operating systems [=-=Silberschatz and Galvin 1998-=-]. They consist of pairs (p; v), where v is a stored value, and p is the priority associated with v. In such a structure, one can then enqueue such pairs and extract an element with the highest priori... |

4 | Sheaves in Geometry and Logic. Universitext - MACLANE, MOERDIJK - 1994 |

3 | Notes on the dialectica topos - Birkedal - 2001 |

2 | On the logic of bunched implications and its relation to separation logic
- Biering
- 2004
(Show Context)
Citation Context ...losed structure, SubE(1) is a complete BI algebra, and for any monoidal category C such that the monoid is cover preserving w.r.t. the Grothendieck topology J , SubSh(C;J)(1) is a complete BI algebra =-=[1, 14]-=-. The following theorem shows that to get interesting models of higher-order predicate BI, it does not suce to consider BI hyperdoctrines arising as the canoncial hyperdoctrine over a topos (as in Ex... |

2 | Verification of object-orietned programs with invariants - Barnett, DeLine, et al. - 2003 |

2 | Verifying object-oriented programs that use subtypes - LEAVANS - 1988 |

1 | Higher-order Separation Logic 41 - Berger, Honda, et al. - 2005 |