Abstract types have existential types
POPL '85 Proceedings of the 12th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
An axiomatic basis for computer programming
Communications of the ACM
Data Refinement: Model-Oriented Proof Methods and Their Comparison
Data Refinement: Model-Oriented Proof Methods and Their Comparison
Local Reasoning about Programs that Alter Data Structures
CSL '01 Proceedings of the 15th International Workshop on Computer Science Logic
Transition predicate abstraction and fair termination
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Local Reasoning about Data Update
Electronic Notes in Theoretical Computer Science (ENTCS)
Local Hoare reasoning about DOM
Proceedings of the twenty-seventh ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Blaming the client: on data refinement in the presence of pointers
Formal Aspects of Computing
Abstraction and refinement for local reasoning
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Refinement and separation contexts
FSTTCS'04 Proceedings of the 24th international conference on Foundations of Software Technology and Theoretical Computer Science
| Hi-index | 0.00 |
Hoare logic is an important tool for formally proving correctness properties of programs. It takes advantage of modularity by treating program fragments in terms of provable specifications. However, heap programs tend to break this type of modular reasoning by permitting pointer aliasing. For instance, the specification that a program reverses one list does not imply that it leaves a second list alone. To achieve this disjointness property, it is necessary to establish disjointness conditions throughout the proof. O'Hearn, Reynolds, and Yang introduced separation logic for reasoning locally about heap programs, in order to address this problem. The fundamental principle of local reasoning is that, if we know how a local computation behaves on some state, then we can infer the behaviour when the state is extended: it simply leaves the additional state unchanged. A program is specified in terms of its footprint -- the resource necessary for it to operate -- and a frame rule is used to infer that any additional resource is indeed unchanged. For example, given a proof that a program reverses a list, the frame rule can directly establish that the program leaves a second disjoint list alone. Consequently, separation logic enables modular reasoning about heap programs.