### Citations

1178 | A Calculus of Mobile Processes - I”,
- Milner, Parrow, et al.
- 1992
(Show Context)
Citation Context ...ly captured by (68). In the fully general form of local references, a newly generated reference can be exported to the outside of its original scope, reminiscent of scope extrusion in the π-calculus (=-=Milner et al. 1992-=-), and may outlive the generating procedure, e.g. λn.new x := n in x. A procedure can now have local state, possibly changing behaviour at each run, reflecting not only a given argument and global sta... |

1068 | A theory of type polymorphism in programming
- MILNER
- 1978
(Show Context)
Citation Context ...enerates nil of the corresponding reference type; the dereference of nil leads to err, and err, when evaluated, leads to err of the whole expression, which follows a standard treatment of type error (=-=Milner 1978-=-). Terms are augmented accordingly: e ::= ... | a | e[e ′ ] | size(e) | nil Ref(α) | err αs496 M. Berger et al. where, in e[e ′ ] has type Ref(α), provided we can type e with an array type (say α[]) a... |

945 | Separation logic: A logic for shared mutable data structures.
- Reynolds
- 2002
(Show Context)
Citation Context ...nvariance rule for non-located judgements (Honda et al. 2005): {C} M :u {C ′ } {C ∧ A} M :u {C ′ (52) ∧ A} This rule may also be compared to a similar rule studied by Reynolds, O’Hearn and others in (=-=Reynolds 2002-=-; O’Hearn et al. 2004): see Section 9.2.2 for a detailed comparison. Since a weakened stateless formula A in (52) is by definition !x-free for any x,[Invariance] above subsumes (52) (except we are now... |

744 |
A mathematical introduction to logic
- Enderton
- 1972
(Show Context)
Citation Context ...content quantification can be given, again following a first-order logic, by replacing the rule (CGen) with the axiom C -!x ⊃ [!x]C, and closing all axioms under universal content quantification (cf. =-=Enderton 2001-=-).sA logical analysis of aliasing in imperative higher-order functions 493 Proposition 1 (modal laws) All these laws have existential counterparts. 1. [!x](C1 ⊃ C2) ⊃ [!x]C1 ⊃ [!x]C2. 2. [!x]C ′ ≡ [!x... |

615 | From system F to typed assembly language.
- Morrisett, Walker, et al.
- 1999
(Show Context)
Citation Context ...arantee of low-level code addressing higher-order procedures and aliasing in an organised way. An example of work in this direction is Hamid and Shao (2004), where integration of typed assembly code (=-=Morrisett et al. 1999-=-) and Floyd-Hoare logic is studied to offer a formal framework to guarantee expressive safety properties for assembly code with references to higher-order code. How the present approach may be usable ... |

597 | Algebraic laws for non-determinism and concurrency”,
- Hennessy, Milner
- 1985
(Show Context)
Citation Context ...te ↦→ to represent content of memory cells. In contrast, the present work aims at a precise logical articulation of observational meaning of programmes in the traditions of both HennessyMilner logic (=-=Hennessy & Milner 1985-=-) and Hoare logic (Honda et al. 2006). Another difference is that our logic aims to make the best of first-order logic with equality to represent general aliasing situations. These differences come to... |

418 |
Introduction to Mathematical Logic.
- Mendelson
- 1964
(Show Context)
Citation Context ...n strategy. 3 Logic (1): Assertions 3.1 Terms and formulae This section introduces our logical language and formalises its semantics. The logical language is standard first-order logic with equality (=-=Mendelson 1987-=-) extended with assertions for quantification over type variables, evaluation and quantification over store content. The latter is the only substantial addition to the logic in Honda et al. (2005). e ... |

199 | Region-based memory management in Cyclone
- Grossman, Morrisett, et al.
- 2002
(Show Context)
Citation Context ...r et al. 3. Such interplay between higher-order procedures and aliasing is common in many nontrivial programs in ML, C and more recent typed and untyped low-level languages (Peyton Jones et al. 1999; =-=Grossman et al. 2002-=-; Shao 1997). Hoare logic (Hoare 1969), developed on the basis of Floyd’s assertion method (Floyd 1967), has been studied extensively as a verification method for first-order imperative programs with ... |

188 | Towards a mathematical science of computation.
- McCarthy
- 1962
(Show Context)
Citation Context ...res introduce aliasing between elements, studies of their proof rules such as Gries and Levin (1980), Luckham and Suzuki (1979) and Apt (1981) contain logical analyses of aliasing (which goes back to =-=McCarthy, 1962-=-). More recently, Kulczycki et al. (2003) study possible ways to reason about aliasing induced by call-by-reference procedure calls. 9.2.1 Cartwright and Oppen Cartwright and Oppen (1978, 1981) show h... |

184 | and H.Yang. Separation and information hiding. - O’Hearn - 2004 |

156 |
Semantics of Programming Languages
- Gunter
- 1992
(Show Context)
Citation Context ...gation), ∧ and ∨. !M dereferences M while M := N first evaluates M and obtains a location (say l), evaluates N and obtains a value (say V ), and assigns V to l. All these constructs are standard (cf. =-=Gunter 1995-=-; Pierce 2002). The notions of binding and α-convertibility are also conventional. fv(M) and fl(M) denote the sets of free variables and locations in M, respectively. We use abbreviations such as λ().... |

125 | Operational reasoning for functions with local state. - Pitts, Stark - 1998 |

121 | Equivalences in functional languages with effects - Mason, Talcott - 1991 |

100 | Data abstraction and information hiding - Leino, Nelson - 2000 |

80 | Writing Larch interface language specifications.
- Wing
- 1987
(Show Context)
Citation Context ...her facilitate convenient delineation of computational effects. Locations in our sense have been used before, in the context of object-oriented languages, and are sometimes called “modifies clauses” (=-=Wing 1987-=-; Müller et al. 2003). Our approach is novel in the following two points. Firstly, the set of locations that a programme can modify is specified entirely within the logic, without appealing to externa... |

75 | C––: a portable assembly language that supports garbage collection.
- Jones, Ramsey, et al.
- 1999
(Show Context)
Citation Context ...es 473s474 M. Berger et al. 3. Such interplay between higher-order procedures and aliasing is common in many nontrivial programs in ML, C and more recent typed and untyped low-level languages (Peyton =-=Jones et al. 1999-=-; Grossman et al. 2002; Shao 1997). Hoare logic (Hoare 1969), developed on the basis of Floyd’s assertion method (Floyd 1967), has been studied extensively as a verification method for first-order imp... |

70 |
Ten Years of Hoare’s Logic: A Survey.
- Apt
- 1981
(Show Context)
Citation Context ...967), has been studied extensively as a verification method for first-order imperative programs with diverse applications. However Hoare’s original proof system is sound only when aliasing is absent (=-=Apt 1981-=-; Cousot 1999): while various extensions have been studied, a general solution that extends the original method to treat aliasing, retaining its semantic basis (Greif & Meyer 1981; Hoare & Jifeng 1998... |

57 |
The C Programming Language, 2nd ed
- Kernighan, Ritchie
- 1988
(Show Context)
Citation Context ...of the array elements that may ideally be their mean value. In the following we specify and derive a full specification of one instance of the algorithm, directly taken from its well-known C version (=-=Kernighan & Ritchie 1988-=-). Using indentation for scoping, Figures 12 and 13 present thes522 M. Berger et al. 1 µq. λ(a,c,l,r). 2 if l < r then 3 let p’ = partition(a, c, l, r) in 4 q(a, c, l, p’-1); 5 q(a, c, p’+1, r) 1 λ(a,... |

43 | Assignment and Procedure Call Proof Rules. - Gries, Levin - 1980 |

37 | L3: A linear language with locations - Morrisett, Ahmed, et al. - 2005 |

30 | A logical analysis of aliasing in imperative higher-order functions - Berger, Honda, et al. - 2005 |

30 | Verification of Array, Record, and Pointer Operations in Pascal - Luckham, Suzuki - 1979 |

28 | A compositional logic for polymorphic higher-order functions
- Honda, Yoshida
- 2004
(Show Context)
Citation Context ...th arrays and stack-located references. Content quantification works seamlessly with the logical machinery for capturing pure and imperative higher-order behaviour studied by the authors (Honda 2004; =-=Honda & Yoshida 2004-=-; Honda et al. 2005) and thus facilitates precise description and efficient reasoning for a large class of higher-order behaviour and data structures. Thirdly, and somewhat paradoxically, we can elimi... |

23 | Descriptive and Relative Completeness of Logics for Higher-Order Functions
- Honda, Berger, et al.
- 2006
(Show Context)
Citation Context ...for aliasing in a hierarchy of logics The logic presented here is part of a family of stratified programme logics, starting from one for pure higher-order functions (Honda 2004; Honda & Yoshida 2004; =-=Honda et al. 2006-=-) and its immediate generalisation to imperative higher-order functions (Honda et al. 2005), to logics for languages with more complex behaviours. This allows us to use simplesA logical analysis of al... |

21 | Interfacing hoare logic and type systems for foundational proof-carrying code - Hamid, Shao - 2004 |

15 | The Logic of Aliasing. - Cartwright, Oppen - 1981 |

14 | From Denotational to Operational and Axiomatic Semantics for ALGOL-like Languages: An Overview. - Halpern, Meyer, et al. - 1984 |

7 |
Modular specification of frame properties in jml
- Müller, Poetzsch-Heffter, et al.
- 2002
(Show Context)
Citation Context ...ate convenient delineation of computational effects. Locations in our sense have been used before, in the context of object-oriented languages, and are sometimes called “modifies clauses” (Wing 1987; =-=Müller et al. 2003-=-). Our approach is novel in the following two points. Firstly, the set of locations that a programme can modify is specified entirely within the logic, without appealing to externals506 M. Berger et a... |

7 |
Type Systems for Programming Languages
- Pierce
(Show Context)
Citation Context ...allocation of references (dynamic allocation is investigated in Yoshida et al. 2007). Assuming given an infinite set of variables (x,y,z,..., also called names), the syntax of programmes is standard (=-=Pierce 2002-=-) and given by the following grammar. (values) V,W ::=c | x | λxα .M | µfα⇒β .λyα .M |〈V,W〉|ini(V ) (programme) M,N ::=V | MN | M := N | !M | op( ˜M) | πi(M) |〈M,N〉 |ini(M) | if M then M1 else M2 | ca... |

5 |
Certification of Sorting Algorithms in the System Coq
- Filliâtre, Magaud
- 1999
(Show Context)
Citation Context ...s a proper comparison procedure is provided). In the following we shall discuss how these aspects can be treated in the present logic. Even including a recent formal verification of Quicksort in Coq (=-=Filliâtre & Magaud 1999-=-),sA logical analysis of aliasing in imperative higher-order functions 523 we believe a rigorous verification of Quicksort’s extensional behaviour with higher-order procedures and polymorphism is give... |

5 | Reasoning about procedure calls with repeated arguments and the reference-value distinction
- Kulczycki, Sitaraman, et al.
- 2002
(Show Context)
Citation Context ... no reference cells other than those passed as arguments to this programme are modified. 3.4.6 Assertions for swap A classical example for reasoning about aliasing (cf. Cartwright & Oppen 1978, 1981; =-=Kulczycki et al. 2003-=-) is the swapping routine: swap def = λ(x,y).let z =!x in (x :=!y;y := z) It receives two references of the same type and exchanges their content. The assertion that specifies the behaviour of swap na... |

3 |
An axiomatic basis of computer crogramming
- Hoare
- 1969
(Show Context)
Citation Context ... procedures and aliasing is common in many nontrivial programs in ML, C and more recent typed and untyped low-level languages (Peyton Jones et al. 1999; Grossman et al. 2002; Shao 1997). Hoare logic (=-=Hoare 1969-=-), developed on the basis of Floyd’s assertion method (Floyd 1967), has been studied extensively as a verification method for first-order imperative programs with diverse applications. However Hoare’s... |

3 | On the proper treatment of referencing, dereferencing and assignment - JANSSEN, BOAS, et al. - 1977 |

3 |
An Overview of the FLINT/ML
- Shao
- 1997
(Show Context)
Citation Context ...play between higher-order procedures and aliasing is common in many nontrivial programs in ML, C and more recent typed and untyped low-level languages (Peyton Jones et al. 1999; Grossman et al. 2002; =-=Shao 1997-=-). Hoare logic (Hoare 1969), developed on the basis of Floyd’s assertion method (Floyd 1967), has been studied extensively as a verification method for first-order imperative programs with diverse app... |

2 | A General Axiom of Assignment/Assignment and Linked Data Structures/ A proof of the Schorr-Waite Algorithm. Pages 25–52 of: (Bauer et al - Morris - 1982 |

2 |
Assignment and Linked Data Structures. Pages 35–43 of: (Bauer et al
- Morris
- 1982
(Show Context)
Citation Context ...class of higher-order imperative functions including stored procedures, but does not treat aliasing). Resuming studies by Cartwright–Oppen and Morris from 25 years ago (Cartwright & Oppen 1978, 1981; =-=Morris 1982-=-b), the present paper introduces a simple and tractable compositional programme logic for general aliasing and imperative higher-order functions. A central observation in the literature (Cartwright & ... |

1 | Proving Pointer Programmes in Hoare Logic - Bornat - 2000 |

1 |
A logical analysis of aliasing in imperative higher-order functions 545
- Cartwright, Oppen
- 1978
(Show Context)
Citation Context ...with a treatment for a general class of higher-order imperative functions including stored procedures, but does not treat aliasing). Resuming studies by Cartwright–Oppen and Morris from 25 years ago (=-=Cartwright & Oppen 1978-=-, 1981; Morris 1982b), the present paper introduces a simple and tractable compositional programme logic for general aliasing and imperative higher-order functions. A central observation in the litera... |

1 |
Methods and logics for proving programmes
- Cousot
- 1999
(Show Context)
Citation Context ...been studied extensively as a verification method for first-order imperative programs with diverse applications. However Hoare’s original proof system is sound only when aliasing is absent (Apt 1981; =-=Cousot 1999-=-): while various extensions have been studied, a general solution that extends the original method to treat aliasing, retaining its semantic basis (Greif & Meyer 1981; Hoare & Jifeng 1998) and tractab... |

1 |
Assigning meaning to programmes
- Floyd
- 1967
(Show Context)
Citation Context ... ML, C and more recent typed and untyped low-level languages (Peyton Jones et al. 1999; Grossman et al. 2002; Shao 1997). Hoare logic (Hoare 1969), developed on the basis of Floyd’s assertion method (=-=Floyd 1967-=-), has been studied extensively as a verification method for first-order imperative programs with diverse applications. However Hoare’s original proof system is sound only when aliasing is absent (Apt... |

1 |
Specifying the semantics of while programmes: A tutorial and critique of a paper by Hoare and Lauer
- Greif, Meyer
- 1981
(Show Context)
Citation Context ... only when aliasing is absent (Apt 1981; Cousot 1999): while various extensions have been studied, a general solution that extends the original method to treat aliasing, retaining its semantic basis (=-=Greif & Meyer 1981-=-; Hoare & Jifeng 1998) and tractability, has not been known, not to speak of its combination with arbitrary imperative higher-order functions (our earlier work [Honda et al. 2005] extends Hoare logic ... |

1 |
From process logic to programme logic
- Honda
- 2004
(Show Context)
Citation Context ...n dealing with arrays and stack-located references. Content quantification works seamlessly with the logical machinery for capturing pure and imperative higher-order behaviour studied by the authors (=-=Honda 2004-=-; Honda & Yoshida 2004; Honda et al. 2005) and thus facilitates precise description and efficient reasoning for a large class of higher-order behaviour and data structures. Thirdly, and somewhat parad... |

1 |
An observationally complete programme logic for imperative higher-order functions
- Honda, Yoshida, et al.
- 2005
(Show Context)
Citation Context ... its semantic basis (Greif & Meyer 1981; Hoare & Jifeng 1998) and tractability, has not been known, not to speak of its combination with arbitrary imperative higher-order functions (our earlier work [=-=Honda et al. 2005-=-] extends Hoare logic with a treatment for a general class of higher-order imperative functions including stored procedures, but does not treat aliasing). Resuming studies by Cartwright–Oppen and Morr... |

1 |
A general axiom of assignment. Pages 25–34 of
- Morris
- 1982
(Show Context)
Citation Context ...class of higher-order imperative functions including stored procedures, but does not treat aliasing). Resuming studies by Cartwright–Oppen and Morris from 25 years ago (Cartwright & Oppen 1978, 1981; =-=Morris 1982-=-b), the present paper introduces a simple and tractable compositional programme logic for general aliasing and imperative higher-order functions. A central observation in the literature (Cartwright & ... |

1 |
A proof of the Schorr–Waite algorithm. Pages 44–52 of: Friedrich L
- Morris
- 1982
(Show Context)
Citation Context ...class of higher-order imperative functions including stored procedures, but does not treat aliasing). Resuming studies by Cartwright–Oppen and Morris from 25 years ago (Cartwright & Oppen 1978, 1981; =-=Morris 1982-=-b), the present paper introduces a simple and tractable compositional programme logic for general aliasing and imperative higher-order functions. A central observation in the literature (Cartwright & ... |

1 | Polymorphism and separation in Hoare type theory. ICFP06 - Nanevski, Morrisett, et al. - 2006 |