## Proving Pointer Programs in Higher-Order Logic (2003)

### Cached

### Download Links

Venue: | Information and Computation |

Citations: | 73 - 1 self |

### BibTeX

@INPROCEEDINGS{Mehta03provingpointer,

author = {Farhad Mehta and Tobias Nipkow},

title = {Proving Pointer Programs in Higher-Order Logic},

booktitle = {Information and Computation},

year = {2003},

pages = {121--135},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

This paper develops sound modelling and reasoning methods for imperative programs with pointers: heaps are modelled as mappings from addresses to values, and pointer structures are mapped to higherlevel data types for verification. The programming language is embedded in higher-order logic, its Hoare logic is derived. The whole development is purely definitional and thus sound. The viability of this approach is demonstrated with a non-trivial case study. We show the correctness of the Schorr-Waite graph marking algorithm and present part of the readable proof in Isabelle/HOL.

### Citations

802 |
Isabelle/HOL – A Proof Assistant for Higher-Order Logic. LNCS 2283
- Nipkow, Paulson, et al.
- 2002
(Show Context)
Citation Context ... and discuss how this extends to other inductive data types (§6). Finally we present our main case study, the structured proof of the Schorr-Waite algorithm (§7). 2 Isabelle/HOL notation Isabelle/HO=-=L [10]-=- is an interactive theorem prover for HOL, higher-order logic. The whole paper is generated directly from the Isabelle input files, which include the text as comments. That is, if you see a lemma or t... |

770 | Separation logic: A logic for shared mutable data structures
- Reynolds
- 2002
(Show Context)
Citation Context ...s → value and reason about the programs in Hoare logic. A number of refinements of this idea have been proposed; see [11] for a partial bibliography. The most radical idea is that of separation logi=-=c [12]. Al-=-though very promising, it is difficult to combine with existing theorem proving infrastructure because of its special logical connectives. Instead we take Bornat’s [2] presentation of Burstall’s i... |

107 | Proving Pointer Programs in Hoare Logic
- BORNAT
(Show Context)
Citation Context ...is that of separation logic [12]. Although very promising, it is difficult to combine with existing theorem proving infrastructure because of its special logical connectives. Instead we take Bornat’=-=s [2] p-=-resentation of Burstall’s ideas as our point of departure. Systematic approaches to automatic or interactive verification of pointer programs come in two flavours. There is a large body of work on p... |

106 | Lectures on reasoning about shared mutable data structure
- Reynolds
- 2000
(Show Context)
Citation Context ...es back to Burstall [4]: model the heap as a collection of variables of type address → value and reason about the programs in Hoare logic. A number of refinements of this idea have been proposed; se=-=e [11]-=- for a partial bibliography. The most radical idea is that of separation logic [12]. Although very promising, it is difficult to combine with existing theorem proving infrastructure because of its spe... |

81 |
Some techniques for proving correctness of programs which alter data structures
- Burstall
- 1972
(Show Context)
Citation Context ...niversally acknowledged, that the verification of pointer programs must be in want of machine support. The basic idea in all approaches to pointer program proofs is the same and goes back to Burstall =-=[4]: -=-model the heap as a collection of variables of type address → value and reason about the programs in Hoare logic. A number of refinements of this idea have been proposed; see [11] for a partial bibl... |

74 | Isabelle/Isar — a versatile environment for human-readable formal proof documents
- Wenzel
(Show Context)
Citation Context ...s it is likely to be controversial. Our aim was to produce a proof that is close to a journal-style informal proof, but written in a stylised proof language that can be machine-checked. Isabelle/Isar =-=[14,9]-=-, like Mizar, provides such a language. Publishing this proof should be viewed as creating a reference point for further work in this area: although an informal proof is currently shorter and more rea... |

59 | Automatic verification of pointer programs using monadic second-order logic
- Jensen, Jorgensen, et al.
- 1997
(Show Context)
Citation Context ...mportant role in the verification of pointer programs. But we ignore them for now because our goal is a general purpose logic. For the same reason we do not discuss other special purpose logics, e.g. =-=[6]-=-. General theorem proving approaches to pointer programs are few. A landmark is the thesis by Suzuki [13] who developed an automatic verifier for pointer programs that could handle the Schorr-Waite al... |

58 | Mechanizing programming logics in Higher Order Logic
- Gordon
- 1989
(Show Context)
Citation Context ...g an element at the front. Two lists are appended with the infix function @. Function set turns a list into a set, function rev reverses a list. 3 A simple programming language In the style of Gordon =-=[5]-=- we defined a little programming language and its operational semantics. The basic constructs of the language are assignment, sequential composition, conditional and while-loop. The rules of Hoare log... |

56 | Winskel is (almost) right: Towards a mechanized semantics textbook
- Nipkow
- 1996
(Show Context)
Citation Context ...iple into an equivalent set of HOL formulae (i.e. its verification conditions). This requires that all loops in the program are annotated with invariants. More semantic details can be found elsewhere =-=[8]. Here is an-=- example: lemma multiply-by-add: VARS m s a b::nat {a=A ∧ b=B} m := 0 ; s := 0 ; WHILE m �= a INV {s=m∗b ∧ a=A ∧ b=B} DO s := s+b; m := m+1 OD {s = A∗B} The program performs multiplication... |

39 | Structured Proofs in Isar/HOL
- Nipkow
(Show Context)
Citation Context ...s it is likely to be controversial. Our aim was to produce a proof that is close to a journal-style informal proof, but written in a stylised proof language that can be machine-checked. Isabelle/Isar =-=[14,9]-=-, like Mizar, provides such a language. Publishing this proof should be viewed as creating a reference point for further work in this area: although an informal proof is currently shorter and more rea... |

36 |
Local Reasoning for Stateful Programs
- Yang
- 2001
(Show Context)
Citation Context ...tly shorter and more readable, our aim should be to bridge this gap further. It also serves as a reference point for future mechanisations of other formal proofs like the separation logic one by Yang =-=[15]-=-. So what about a fully automatic proof of the Schorr-Waite algorithm? This seems feasible: once the relevant inductive lemmas are provided, the preservation of the invariant in the algorithm should b... |

21 | Animating formal proof at the surface: the Jape proof calculator 12 - Bornat, Sufrin - 1999 |

12 |
Automatic Verification of Programs with Complex Data Structure
- Suzuki
- 1976
(Show Context)
Citation Context ...general purpose logic. For the same reason we do not discuss other special purpose logics, e.g. [6]. General theorem proving approaches to pointer programs are few. A landmark is the thesis by Suzuki =-=[13]-=- who developed an automatic verifier for pointer programs that could handle the Schorr-Waite algorithm. However, that verification is based on 5 recursively defined predicates (which are not shown to ... |

1 |
Proofs of pointer programs in Jape. http://www.dcs.qmul.ac.uk/ ∼ richard/pointers
- Bornat
(Show Context)
Citation Context ...s with potentially infinite or undefined lists but explicitly ignores definedness issues. Furthermore, since Jape is only a proof editor with little automation, the Schorr-Waite proof takes 152 pages =-=[1].sTh-=-e contributions of our paper are as follows: – An embedding of a Hoare logic for pointer programs in a general purpose theorem prover (Isabelle/HOL). – A logically fully sound method for the verif... |