Local Reasoning about Programs that Alter Data Structures

  title={Local Reasoning about Programs that Alter Data Structures},
  author={Peter W. O'Hearn and John C. Reynolds and Hongseok Yang},
  booktitle={Annual Conference for Computer Science Logic},
We describe an extension of Hoare's logic for reasoning about programs that alter data structures. We consider a low-level storage model based on a heap with associated lookup, update, allocation and deallocation operations, and unrestricted address arithmetic. The assertion language is based on a possible worlds model of the logic of bunched implications, and includes spatial conjunction and implication connectives alongside those of classical logic. Heap operations are axiomatized using what… 

Separation logic: a logic for shared mutable data structures

  • J. C. Reynolds
  • Computer Science
    Proceedings 17th Annual IEEE Symposium on Logic in Computer Science
  • 2002
An extension of Hoare logic that permits reasoning about low-level imperative programs that use shared mutable data structure is developed, including extensions that permit unrestricted address arithmetic, dynamically allocated arrays, and recursive procedures.

Separation Logic for Higher-Order Store

This paper introduces an extension of the logic and proves it sound, including the Frame Rule that enables specifications of code to be extended by invariants on parts of the heap that are not accessed, and introduces the benefits of local reasoning available to languages with higher-order store.

An Outline of Separation Logic

This paper introduces Separation Logic as an extension of the standard Hoare Logic with the help of a programming language that has four pointer manipulating commands.

Tutorial on Separation Logic (Invited Tutorial)

This tutorial covers the basics of separating conjunction logic, and describes how that is, and where rough edges lie (programs whose proofs are still more complex than the authors would like).

A Context Logic for Tree Update

A small imperative programming language for updating trees, small Hoare-style axioms for the commands in the style of O’Hearn, Reynolds and Yang, and how weakest preconditions are derivable from the small axiom with a generalized frame rule are introduced.

Local Reasoning on Recursive Data Structures

A program verification method which combines strongest postcondition reasoning in the form symbolic execution, and unfolding recursive definitions of the data structure in question is presented, paving the way for dealing with a class of programs which traverse a complex data structure.

Linear logic and imperative programming

A new imperative language is developed that allows programmers to define and manipulate heap-allocated data structures using ILC formulas, which modularly combines substructural reasoning with general constraint-based reasoning.

Computability and Complexity Results for a Spatial Assertion Language for Data Structures

It is shown that validity, even for this restricted language, is not r.e., but that the quantifier-free sublanguage is decidable, and the complexity of model checking and validity for several fragments is considered.

Abstract Local Reasoning for Program Modules

Hoare logic is an important tool for formally proving correctness properties of programs. It takes advantage of modularity by treating program fragments in terms of provable specifications. However,

Weak Updates and Separation Logic

SLw, a logic that extends separation logic with reference types and elegantly reasons about the interaction between strong and weak updates is presented and a semantic framework for reference types is described, which is used to prove the soundness of SLw.



Intuitionistic reasoning about shared mutable data structure

This work extends Hoare's approach to proving the correctness of imperative programs, to deal with programs that perform destructive updates to data structures containing more than one pointer to the same location.

BI as an assertion language for mutable data structures

A model in which the law of the excluded middleholds is given is given, thus showing that the approach is compatible with classical logic, and a local character enjoyed by specifications in the logic is described, which enables a class of frame axioms, which say what parts of the heap don't change, to be inferred automatically.

Proving Pointer Programs in Hoare Logic

The challenge is to approach the simplicity of Hoare logic’s treatment of variable assignment, where substitution affects only relevant assertion formula.

An Example of Local Reasoning in BI Pointer Logic: the Schorr−Waite Graph Marking Algorithm

The promise of local reasoning in BI pointer logic is shown by an example: the Schorr-Waite graph marking algorithm, giving an evidence that even in a program with no clear separations of data structures, the locality of memory access can still be exploited in a formal proof with Frame Introduction and BI multiplicative connectives and that the resulting veriication becomes signiicantly simpler.

Local reasoning for stateful programs

A rule is formulated which allows one to derive a global property from a local one, an extension of O'Hearn's Frame Rule for programs with procedures, which uses a symmetric noninterference predicate and a spatial conjunction to ensure that a program phrase doesn't alter the portion of the store that a conjoined property depends on.

A Trace Model for Pointers and Objects

A mathematical model and language for the formulation of assertions about objects and pointers are introduced, and a graphical calculus may help in reasoning about program correctness, which deals with both garbage-collected heaps and the other kind.

Parametricity and local variables

This work uses relational parametricity to construct a model for an Algol-like language in which interactions between local and non-local entities satisfy certain relational criteria, and supports straightforward validations of all the test equivalences that have been proposed in the literature for local-variable semantics.

Methods and logics for proving programs

Semantic analysis of pointer aliasing, allocation and disposal in Hoare logic

A semantics that validates the approach to reasoning about pointers is described, and it is used to help devise axioms for operations that allocate and dispose of memory.

From Algol to polymorphic linear lambda-calculus

This work translates two variations on Algol 60 into a purely functional language with polymorphic linear types, and demonstrates that a linearly-typed functional language can be at least as expressive as AlGol.