Results 1  10
of
191
Resources, Concurrency and Local Reasoning
 THEORETICAL COMPUTER SCIENCE
, 2004
"... In this paper we show how a resourceoriented logic, separation logic, can be used to reason about the usage of resources in concurrent programs. ..."
Abstract

Cited by 223 (6 self)
 Add to MetaCart
(Show Context)
In this paper we show how a resourceoriented logic, separation logic, can be used to reason about the usage of resources in concurrent programs.
Separation and Information Hiding
, 2004
"... We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of d ..."
Abstract

Cited by 184 (19 self)
 Add to MetaCart
We investigate proof rules for information hiding, using the recent formalism of separation logic. In essence, we use the separating conjunction to partition the internal resources of a module from those accessed by the module's clients. The use of a logical connective gives rise to a form of dynamic partitioning, where we track the transfer of ownership of portions of heap storage between program components. It also enables us to enforce separation in the presence of mutable data structures with embedded addresses that may be aliased.
Separation Logic and Abstraction
, 2005
"... In this paper we address the problem of writing specifications for programs that use various forms of modularity, including procedures and Javalike classes. We build on the formalism of separation logic and introduce the new notion of an abstract predicate and, more generally, abstract predicate fa ..."
Abstract

Cited by 165 (9 self)
 Add to MetaCart
(Show Context)
In this paper we address the problem of writing specifications for programs that use various forms of modularity, including procedures and Javalike classes. We build on the formalism of separation logic and introduce the new notion of an abstract predicate and, more generally, abstract predicate families. This provides a flexible mechanism for reasoning about the different forms of abstraction found in modern programming languages, such as abstract datatypes and objects. As well as demonstrating the soundness of our proof system, we illustrate its utility with a series of examples.
Modular Automatic Assertion Checking with Separation Logic
, 2005
"... Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe a tool, Smallfoot, for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and th ..."
Abstract

Cited by 163 (6 self)
 Add to MetaCart
(Show Context)
Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe a tool, Smallfoot, for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and this allows reasoning to be fully automatic. We illustrate what the tool can do via a sequence of examples which are oriented around novel aspects of separation logic, namely: avoidance of frame axioms (which say what a procedure does not change); embracement of “dirty” features such as memory disposal and address arithmetic; information hiding in the presence of pointers; and modular reasoning about concurrent programs.
VCC: A practical system for verifying concurrent C
 IN CONF. THEOREM PROVING IN HIGHER ORDER LOGICS (TPHOLS), VOLUME 5674 OF LNCS
"... VCC is an industrialstrength verification environment for lowlevel concurrent system code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. It includes tools for monitoring proof ..."
Abstract

Cited by 153 (21 self)
 Add to MetaCart
(Show Context)
VCC is an industrialstrength verification environment for lowlevel concurrent system code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. It includes tools for monitoring proof attempts and constructing partial counterexample executions for failed proofs. This paper motivates VCC, describes our verification methodology, describes the architecture of VCC, and reports on our experience using VCC to verify the Microsoft HyperV hypervisor.
Local action and abstract separation logic
 IN PROC. 22ND ANNUAL IEEE SYMPOSIUM ON LOGIC IN COMPUTER SCIENCE (LICS’07
, 2007
"... Separation logic is an extension of Hoare’s logic which supports a local way of reasoning about programs that mutate memory. We present a study of the semantic structures lying behind the logic. The core idea is of a local action, a state transformer that mutates the state in a local way. We formula ..."
Abstract

Cited by 109 (11 self)
 Add to MetaCart
(Show Context)
Separation logic is an extension of Hoare’s logic which supports a local way of reasoning about programs that mutate memory. We present a study of the semantic structures lying behind the logic. The core idea is of a local action, a state transformer that mutates the state in a local way. We formulate local actions for a general class of models called separation algebras, abstracting from the RAM and other specific concrete models used in work on separation logic. Local actions provide a semantics for a generalized form of (sequential) separation logic. We also show that our conditions on local actions allow a general soundness proof for a separation logic for concurrency, interpreted over arbitrary separation algebras.
A semantics for concurrent separation logic
 Theoretical Computer Science
, 2004
"... Abstract. We present a denotational semantics based on action traces, for parallel programs which share mutable data and synchronize using resources and conditional critical regions. We introduce a resourcesensitive logic for partial correctness, adapting separation logic to the concurrent setting, ..."
Abstract

Cited by 108 (1 self)
 Add to MetaCart
Abstract. We present a denotational semantics based on action traces, for parallel programs which share mutable data and synchronize using resources and conditional critical regions. We introduce a resourcesensitive logic for partial correctness, adapting separation logic to the concurrent setting, as proposed by O’Hearn. The logic allows program proofs in which “ownership ” of a piece of state is deemed to transfer dynamically between processes and resources. We prove soundness of this logic, using a novel “local ” interpretation of traces, and we show that every provable program is racefree. 1
Oracle semantics for concurrent separation logic
 In Proc. European Symp. on Programming (ESOP 2008
, 2008
"... Abstract. We define (with machinechecked proofs in Coq) a modular operational semantics for Concurrent C minor—a language with shared memory, spawnable threads, and firstclass locks. By modular we mean that one can reason about sequential control and dataflow knowing almost nothing about concurre ..."
Abstract

Cited by 72 (12 self)
 Add to MetaCart
(Show Context)
Abstract. We define (with machinechecked proofs in Coq) a modular operational semantics for Concurrent C minor—a language with shared memory, spawnable threads, and firstclass locks. By modular we mean that one can reason about sequential control and dataflow knowing almost nothing about concurrency, and one can reason about concurrency knowing almost nothing about sequential control and dataflow constructs. We present a Concurrent Separation Logic with firstclass locks and threads, and prove its soundness with respect to the operational semantics. Using our modularity principle, we proved the sequential C.S.L. rules (those inherited from sequential Separation Logic) simply by adapting Appel & Blazy’s machinechecked soundness proofs. Our Concurrent C minor operational semantics is designed to connect to Leroy’s optimizing (sequential) C minor compiler; we propose our modular semantics as a way to adapt Leroy’s compilercorrectness proofs to the concurrent setting. Thus we will obtain endtoend proofs: the properties you prove in Concurrent Separation Logic will be true of the program that actually executes on the machine. 1
Bi hyperdoctrines, higherorder separation logic, and abstraction
 IN ESOP’05, LNCS
, 2005
"... We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and in ..."
Abstract

Cited by 67 (25 self)
 Add to MetaCart
(Show Context)
We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and intuitionistic first and higherorder predicate BI, and use it to show that we may easily extend separation logic to higherorder. We also demonstrate that this extension is important for program proving, since it provides sound reasoning principles for data abstraction in the presence of
Modular finegrained concurrency verification
"... Traditionally, concurrent data structures are protected by a single mutual exclusion lock so that only one thread may access the data structure at any time. This coarsegrained approach makes it relatively easy to reason about correctness, but it severely limits parallelism. More advanced algorithms ..."
Abstract

Cited by 61 (7 self)
 Add to MetaCart
(Show Context)
Traditionally, concurrent data structures are protected by a single mutual exclusion lock so that only one thread may access the data structure at any time. This coarsegrained approach makes it relatively easy to reason about correctness, but it severely limits parallelism. More advanced algorithms instead perform synchronisation at a finer grain. They employ sophisticated synchronisation schemes (both blocking and nonblocking) and are usually written in lowlevel languages such as C. This dissertation addresses the formal verification of such algorithms. It proposes techniques that are modular (and hence scalable), easy for programmers to use, and yet powerful enough to verify complex algorithms. In doing so, it makes two theoretical and two practical contributions to reasoning about finegrained concurrency. First, building on rely/guarantee reasoning and separation logic, it develops a new logic, RGSep, that subsumes these two logics and enables simple, modular proofs of finegrained concurrent algorithms that use complex dynamically allocated data structures and may explicitly deallocate memory. RGSep allows for ownershipbased reasoning and ownership