Nested Hoare Triples and Frame Rules for Higher-Order Store

Abstract: Abstract. Separation logic is a Hoare-style logic for reasoning about programs with heap-allocated mutable data structures. As a step toward extending separation logic to high-level languages with ML-style general (higher-order) storage, we investigate the compatibility of nested Hoare triples with several variations of higher-order frame rules.The interaction of nested triples and frame rules can be subtle, and the inclusion of certain frame rules is in fact unsound. A particular combination of rules can be s… Show more

“…3 gives the syntax for the assertion language. Based on [17], the language allows nested triples to appear in assertions, such that we can reason about stored procedures. The assertion x → ∀a.…”

“…{a → } · (a) {a → }, for example, states that the content at address x is a procedure which satisfies the given Hoare triple. 2 Additions to the logic of [17] are the set and element expressions. In the formula P(e V * ; e S * ), the ; separates integer arguments from set arguments.…”

“…The deep frame rule [5,17] allows one to infer {P } C {Q} ⊗ I from {P } C {Q}, where ⊗ is a deep framing operator. Intuitively this operator adds the invariant I not just to the pre-and post-conditions of the triple {P } C {Q}, but also to all triples nested inside P and Q, at all levels.…”

“…Logics with nested triples [17,11], where assertions can contain Hoare triples which describe the behaviour of code stored on the program's heap, have been proposed as a way to reason modularly about higher-order store programs. Recent developments [17,18] have provided solid theoretical foundations for separation logics with nested triples.…”

“…Recent developments [17,18] have provided solid theoretical foundations for separation logics with nested triples. In this paper we present Crowfoot, the first automatic verification system to apply these developments in practice.…”

Crowfoot: A Verifier for Higher-Order Store Programs

“…3 gives the syntax for the assertion language. Based on [17], the language allows nested triples to appear in assertions, such that we can reason about stored procedures. The assertion x → ∀a.…”

“…{a → } · (a) {a → }, for example, states that the content at address x is a procedure which satisfies the given Hoare triple. 2 Additions to the logic of [17] are the set and element expressions. In the formula P(e V * ; e S * ), the ; separates integer arguments from set arguments.…”

“…The deep frame rule [5,17] allows one to infer {P } C {Q} ⊗ I from {P } C {Q}, where ⊗ is a deep framing operator. Intuitively this operator adds the invariant I not just to the pre-and post-conditions of the triple {P } C {Q}, but also to all triples nested inside P and Q, at all levels.…”

“…Logics with nested triples [17,11], where assertions can contain Hoare triples which describe the behaviour of code stored on the program's heap, have been proposed as a way to reason modularly about higher-order store programs. Recent developments [17,18] have provided solid theoretical foundations for separation logics with nested triples.…”

“…Recent developments [17,18] have provided solid theoretical foundations for separation logics with nested triples. In this paper we present Crowfoot, the first automatic verification system to apply these developments in practice.…”

Crowfoot: A Verifier for Higher-Order Store Programs

A Semantic Foundation for Hidden State

Verifying Generics and Delegates