Results 1 
8 of
8
Ultrametric Semantics of Reactive Programs
"... Abstract—We describe a denotational model of higherorder functional reactive programming using ultrametric spaces and nonexpansive maps, which provide a natural Cartesian closed generalization of causal stream functions and guarded recursive definitions. We define a type theory corresponding to thi ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
Abstract—We describe a denotational model of higherorder functional reactive programming using ultrametric spaces and nonexpansive maps, which provide a natural Cartesian closed generalization of causal stream functions and guarded recursive definitions. We define a type theory corresponding to this semantics and show that it satisfies normalization. Finally, we show how reactive programs written in this language may be implemented efficiently using an imperatively updated dataflow graph, and give a separation logic proof that this lowlevel implementation is correct with respect to the highlevel semantics. I.
Fictional Separation Logic
"... Separation logic formalizes the idea of local reasoning for heapmanipulating programs via the frame rule and the separating conjunction P ∗ Q, which describes states that can be split into separate parts, with one satisfying P and the other satisfying Q. In standard separation logic, separation m ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
Separation logic formalizes the idea of local reasoning for heapmanipulating programs via the frame rule and the separating conjunction P ∗ Q, which describes states that can be split into separate parts, with one satisfying P and the other satisfying Q. In standard separation logic, separation means physical separation. In this paper, we introduce fictional separation logic, which includes more general forms of fictional separating conjunctions P ∗ Q, where ∗ does not require physical separation, but may also be used in situations where the memory resources described by P and Q overlap. We demonstrate, via a range of examples, how fictional separation logic can be used to reason locally and modularly about mutable abstract data types, possibly implemented using sophisticated sharing. Fictional separation logic is defined on top of standard separation logic, and both the metatheory and the application of the logic is much simpler than earlier related approaches.
Formalized Verification of Snapshotable Trees: Separation and Sharing
"... Abstract. We use separation logic to specify and verify a Java program that implements snapshotable search trees, fully formalizing the specification and verification in the Coq proof assistant. We achieve local and modular reasoning about a tree and its snapshots and their iterators, although the i ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We use separation logic to specify and verify a Java program that implements snapshotable search trees, fully formalizing the specification and verification in the Coq proof assistant. We achieve local and modular reasoning about a tree and its snapshots and their iterators, although the implementation involves shared mutable heap data structures with no separation or ownership relation between the various data. The paper also introduces a series of four increasingly sophisticated implementations and verifies the first one. The others are included as future work and as a set of challenge problems for full functional specification and verification, whether by separation logic or by other formalisms. 1
Capsules and Separation
"... Abstract—We study a formulation of separation logic using capsules, a representation of the state of a computation in higherorder programming languages with mutable variables. We prove soundness of the frame rule in this context and investigate alternative formulations with weaker side conditions. ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract—We study a formulation of separation logic using capsules, a representation of the state of a computation in higherorder programming languages with mutable variables. We prove soundness of the frame rule in this context and investigate alternative formulations with weaker side conditions. I.
Adding Equations to System F Types
"... Abstract. System F, the polymorphic lambda calculus, is wellknown for its rich equational theory. In this paper, we study internalizing the equational theory of System F by extending it with a type of termlevel equations. This results in a core calculus suitable for formalizing features such as Ha ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. System F, the polymorphic lambda calculus, is wellknown for its rich equational theory. In this paper, we study internalizing the equational theory of System F by extending it with a type of termlevel equations. This results in a core calculus suitable for formalizing features such as Haskell’s rewriting rules mechanism or Extended ML signatures. 1
HighLevel separation logic . . .
, 2013
"... Separation logic is a powerful tool for reasoning about structured, imperative programs that manipulate pointers. However, its application to unstructured, lowerlevel languages such as assembly language or machine code remains challenging. In this paper we describe a separation logic tailored for t ..."
Abstract
 Add to MetaCart
Separation logic is a powerful tool for reasoning about structured, imperative programs that manipulate pointers. However, its application to unstructured, lowerlevel languages such as assembly language or machine code remains challenging. In this paper we describe a separation logic tailored for this purpose that we have applied to x86 machinecode programs. The logic is built from an assertion logic on machine states over which we construct a specification logic that encapsulates uses of frames and step indexing. The traditional notion of Hoare triple is not applicable directly to unstructured machine code, where code and data are mixed together and programs do not in general run to completion, so instead we adopt a continuationpassing style of specification with preconditions alone. Nevertheless, the range of primitives provided by the specification logic, which include a higherorder frame connective, a novel readonly frame connective, and a ‘later’ modality, support the definition of derived forms to support structuredprogrammingstyle reasoning for common cases, in which standard rules for Hoare triples are derived as lemmas. Furthermore, our encoding of scoped assemblylanguage labels lets us give definitions and proof rules for powerful assemblylanguage ‘macros’ such as while loops, conditionals and procedures. We have applied the framework to a model of sequential x86 machine code built entirely within the Coq proof assistant, including tactic support based on computational reflection.
HoareStyle Reasoning with (Algebraic) Continuations
"... Continuations are programming abstractions that allow for manipulating the “future ” of a computation. Amongst their many applications, they enable implementing unstructured program flow through higherorder control operators such as callcc. In this paper we develop a Hoarestyle logic for the verif ..."
Abstract
 Add to MetaCart
(Show Context)
Continuations are programming abstractions that allow for manipulating the “future ” of a computation. Amongst their many applications, they enable implementing unstructured program flow through higherorder control operators such as callcc. In this paper we develop a Hoarestyle logic for the verification of programs with higherorder control, in the presence of dynamic state. This is done by designing a dependent type theory with first class callcc and abort operators, where pre and postconditions of programs are tracked through types. Our operators are algebraic in the sense of Plotkin and Power, and Jaskelioff, to reduce the annotation burden and enable verification by symbolic evaluation. We illustrate working with the logic by verifying a number of characteristic examples. 1.
Fictional Separation Logic
"... Abstract. Separation logic formalizes the idea of local reasoning for heapmanipulating programs via the frame rule and the separating conjunction P ∗ Q, which describes states that can be split into separate parts, with one satisfying P and the other satisfying Q. In standard separation logic, se ..."
Abstract
 Add to MetaCart
Abstract. Separation logic formalizes the idea of local reasoning for heapmanipulating programs via the frame rule and the separating conjunction P ∗ Q, which describes states that can be split into separate parts, with one satisfying P and the other satisfying Q. In standard separation logic, separation means physical separation. In this paper, we introduce fictional separation logic, which includes more general forms of fictional separating conjunctions P ∗ Q, where ∗ does not require physical separation, but may also be used in situations where the memory resources described by P and Q overlap. We demonstrate, via a range of examples, how fictional separation logic can be used to reason locally and modularly about mutable abstract data types, possibly implemented using sophisticated sharing. Fictional separation logic is defined on top of standard separation logic, and both the metatheory and the application of the logic is much simpler than earlier related approaches.