Hostname: page-component-745bb68f8f-l4dxg Total loading time: 0 Render date: 2025-01-18T00:20:15.505Z Has data issue: false hasContentIssue false

Hoare type theory, polymorphism and separation1

Published online by Cambridge University Press:  02 September 2008

ALEKSANDAR NANEVSKI
Affiliation:
Harvard University, Cambridge, MA, USA (e-mail: aleks@eecs.harvard.edu, greg@eecs.harvard.edu)
GREG MORRISETT
Affiliation:
Harvard University, Cambridge, MA, USA (e-mail: aleks@eecs.harvard.edu, greg@eecs.harvard.edu)
LARS BIRKEDAL
Affiliation:
IT University of Copenhagen, Copenhagen, Denmark (e-mail: birkedal@itu.dk)
Rights & Permissions [Opens in a new window]

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

We consider the problem of reconciling a dependently typed functional language with imperative features such as mutable higher-order state, pointer aliasing, and nontermination. We propose Hoare type theory (HTT), which incorporates Hoare-style specifications into types, making it possible to statically track and enforce correct use of side effects.

The main feature of HTT is the Hoare type {P}x:A{Q} specifying computations with precondition P and postcondition Q that return a result of type A. Hoare types can be nested, combined with other types, and abstracted, leading to a smooth integration with higher-order functions and type polymorphism.

We further show that in the presence of type polymorphism, it becomes possible to interpret the Hoare types in the “small footprint” manner, as advocated by separation logic, whereby specifications tightly describe the state required by the computation.

We establish that HTT is sound and compositional, in the sense that separate verifications of individual program components suffice to ensure the correctness of the composite program.

Type
Articles
Copyright
Copyright © Cambridge University Press 2008

Footnotes

1

A preliminary version of this paper was presented at the ACM SIGPLAN International Conference on Functional Programming, ICFP 2006.

References

Abadi, Martin & Leino, K. Rustan, M. (2004) A logic of object-oriented programs. In Verification: Theory and Practice. Lecture Notes in Computer Science, Vol. 2772. Springer, Berlin, Germany, pp. 1141.Google Scholar
Ahmed, Amal, Fluet, Matthew & Morrisett, Greg. (2005) A step-indexed model of substructural state. In International Conference on Functional Programming, ICFP'05, ACM Press, New York, pp. 7891.Google Scholar
Altenkirch, Thorsten, Dybjer, Peter, Hofmann, Martin & Scott, Phil. (2001) Normalization by evaluation for typed lambda calculus with coproducts. In S ymposium on Logic in Computer Science, LICS01 IEEE Computer Society Press, Los Alamitos, California, pp. 303310.Google Scholar
Amtoft, Torben, Bandhakavi, Sruthi & Banerjee, Anindya. (2006) A logic for information flow in object-oriented programs. In Symposium on Principles of Programming Languages POPL 06, ACM Press, New York, pp. 91102.Google Scholar
Augustsson, Lennart. (1998) Cayenne – A language with dependent types. In International Conference on Functional Programming ICFP'98, ACM Press, New York, pp. 239250.Google Scholar
Barnes, John. (2003) High Integrity Software: The SPARK Approach to Safety and Security. Addison-Wesley, Boston, MA.Google Scholar
Barnett, Mike, Leino, K. Rustan, M. & Schulte, Wolfram. (2004) The Spec# programming system: An overview. In International Workshop on Construction and Analysis of Safe, Secure and Interoperable Smart Devices, CASSIS'04. Lecture Notes in Computer Science, Vol. 3362. Springer, Berlin, Germany.Google Scholar
Berger, Martin, Honda, Kohei & Yoshida, Nobuko. (2005) A logical analysis of aliasing in imperative higher-order functions. In International Conference on Functional Programming ICFP 5, ACM Press, New York, pp. 280293.Google Scholar
Biering, B., Birkedal, L. & Torp-Smith, N. (July, 2005). BI Hyperdoctrines, Higher-Order Separation Logic, and Abstraction. Technical Report ITU-TR-2005-69. IT University of Copenhagen.CrossRefGoogle Scholar
Birkedal, Lars, Torp-Smith, Noah & Reynolds, John C. (2004) Local reasoning about a copying garbage collector. In Symposium on Principles of Programming LanguagesPOPL'04, ACM Press, New York, pp. 220231.Google Scholar
Birkedal, Lars, Torp-Smith, Noah & Yang, Hongseok. (2005) Semantics of separation-logic typing and higher-order frame rules. In Symposium on Logic in Computer Science LICS'05, IEEE Comp. Soc. Press, Los Alamitos, California, pp. 260290.Google Scholar
Burdy, Lilian, Cheon, Yoonsik, Cok, David, Ernst, Michael, Kiniry, Joe, Leavens, Gary T., Leino, K. Rustan, M. & Poll, Erik. (2005) An overview of JML tools and applications. Int. J. Software Tools Technol. Transfer 7 (3), 212232.Google Scholar
Cartwright, Robert & Oppen, Derek C. (1978) Unrestricted procedure calls in Hoare's logic. In Symposium on Principles of Programming Languages POPL'78, ACM Press, NY, pp. 131140.Google Scholar
Chen, Chiyan & Xi, Hongwei. (2005) Combining programming with theorem proving. In International Conference on Functional Programming ICFP'05, ACM Press, NY, pp. 6677.Google Scholar
Church, Alonzo. (1940) A formulation of the simple theory of types. J. Symbol. Logic 5 (2), 5668.CrossRefGoogle Scholar
Collinson, Matthew & Pym, David J. (2006) Bunching for regions and locations. Electr. Notes Theor. Comput. Sci. 158, 171197.CrossRefGoogle Scholar
Condit, Jeremy, Harren, Matthew, Anderson, Zachary, Gay, David & Necula, George. (2007) Dependent types for low-level programming. In European Symposium on Programming ESOP'07. Lecture Notes in Computer Science, Vol. 4421. Springer, Berlin, Germany.Google Scholar
Cook, Stephen A. (1978) Soundness and completeness of an axiom system for program verification. SIAM J. Comput. 7 (1), 7090.CrossRefGoogle Scholar
Detlefs, David L., Leino, K. Rustan, M., Nelson, Greg & Saxe, James B. (December, 1998) Extended Static Checking. Research Report 159, Compaq Systems Research Center.Google Scholar
Dijkstra, Edsger W. (1975) Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18 (8), 453457.Google Scholar
Dybjer, Peter. (1994) Inductive families. Formal Aspects Comput. 6 (4), 440465.CrossRefGoogle Scholar
Dybjer, Peter & Setzer, Anton. (2006) Indexed induction-recursion. J. Logic Algebraic Program. 66 (1), 149.Google Scholar
Evans, David & Larochelle, David. (2002) Improving security using extensible lightweight static analysis. IEEE Software 19 (1), 4251.CrossRefGoogle Scholar
Feng, Xinyu, Ferreira, Rodrigo & Shao, Zhong. (2007) On the relationship between concurrent separation logic and assume-guarantee reasoning. In European Symposium on Programming ESOP'07. Lecture Notes in Computer Science, Vol. 4421. Springer, Berlin, Germany, pp. 173188.Google Scholar
Flanagan, Cormac. (2006) Hybrid type checking. In Symposium on Principles of Programming Languages POPL'06, ACM Press, NY, pp. 245256.Google Scholar
Fluet, Matthew, Morrisett, Greg & Ahmed, Amal. (2006) Linear regions are all you need. In European Symposium on Programming ESOP'06, Springer, Berlin, Germany, pp. 721.Google Scholar
Ghani, N. (1995) Beta–eta equality for coproducts. In International Conference on Typed Lambda Calculus and Applications TLCA'95. Lecture Notes in Computer Science, Vol. 902. Springer, Berlin, Germany, pp. 171185.CrossRefGoogle Scholar
Gill, Andrew, Launchbury, John & Peyton, Jones, Simon, L. (1993) A short cut to deforestation. In International Conference on Functional Programming Languages and Computer Architecture, FPCA'93, ACM Press, NY, pp. 223232.CrossRefGoogle Scholar
Girard, Jean-Yves, Lafont, Yves & Taylor, Paul. (1989) Proofs and Types. Cambridge, UK: Cambridge University Press.Google Scholar
Greif, I. & Meyer, A. (1979) Specifying programming language semantics: A tutorial and critique of a paper by Hoare and Lauer. In Symposium on Principles of Programming Languages POPL'79, ACM Press, NY, pp. 180189.Google Scholar
Harris, Tim, Marlow, Simon, Peyton Jones, Simon & Herlihy, Maurice. (2005) Composable memory transactions. In Symposium on Principles and Practice of Parallel Programming PPOPP'05, ACM Press, NY, pp. 4860.Google Scholar
Hoare, C. A. R. (1969) An axiomatic basis for computer programming. Commun. ACM 12 (10), 576580.CrossRefGoogle Scholar
Hofmann, Martin. (July, 1995) Extensional Concepts in Intensional Type Theory. Ph.D. Thesis, Department of Computer Science, University of Edinburgh. Technical Report ECS-LFCS-95-327.Google Scholar
Honda, Kohei, Yoshida, Nobuko & Berger, Martin. (2005) An observationally complete program logic for imperative higher-order functions. In Symposium on Logic in Computer Science LICS'05, IEEE Comp. Sci. Press, Los Alamitos, CA, pp. 270279.Google Scholar
Howard, W. A. (1980) The formulae-as-types notion of construction. In Essays on Combinatory Logic, Lambda Calculus and Formalism, Curry, H. B. (ed). Academic Press, New York, pp. 479490.Google Scholar
Jim, Trevor, Morrisett, Greg, Grossman, Dan, Hicks, Michael, Cheney, James & Wang, Yanling. (2002) Cyclone: A safe dialect of C. In USENIX Annual Technical Conference, USENIX'02, Usenix Association, Berkeley, CA, pp. 275288.Google Scholar
Krishnaswami, Neelakantan. (2006) Separation logic for a higher-order typed language. In Workshop on Semantics, Program Analysis and Computing Environments for Memory Management SPAC'06, Informal Proceedings, pp. 7382.Google Scholar
Leavens, Gary T., Baker, Albert L. & Ruby, Clyde. (1999) JML: A notation for detailed design. In Behavioral Specifications of Businesses and Systems. International Series in Engineering and Computer Science, Vol. 523. Kluwer Academic Publishers, Norwell, MA, pp. 175188.CrossRefGoogle Scholar
Leino, K. R. M. & Nelson, G. (2002) Data abstraction and information hiding. ACM Trans. Program. Lang. Syst. 24 (5), 491553.Google Scholar
Leino, K. Rustan, M., Nelson, Greg & Saxe, James B. (October, 2000) ESC Java User's Manual. Technical Note 2000-002. Compaq Systems Research Center.Google Scholar
Luo, Zhaohui. (1990) An Extended Calculus of Constructions. Ph.D. Thesis, University of Edinburgh. Technical Report ECS-LFCS-90-118.Google Scholar
Luo, Zhaohui. (1994) Computation and Reasoning: A Type Theory for Computer Science. Oxford University Press, Oxford, UK.CrossRefGoogle Scholar
Mandelbaum, Yitzhak, Walker, David & Harper, Robert. (2003) An effective theory of type refinements. In International Conference on Functional Programming ICFP'03, ACM Press, NY, pp. 213226.Google Scholar
Martin-Löf, Per. (1996) On the meanings of the logical constants and the justifications of the logical laws. Nordic J. Philosophic. Logic 1 (1), 1160.Google Scholar
McBride, Conor. (1999) Dependently Typed Functional Programs and Their Proofs. Ph.D. Thesis, University of Edinburgh. Technical Report ECS-LFCS-00-419.Google Scholar
McBride, Conor & McKinna, James. (2005) The view from the left. J. Funct. Program. 14 (1), 69111.CrossRefGoogle Scholar
McCarthy, John L. (1962) Towards a mathematical science of computation. In Congress of the International Federation for Information Processing, IFIP'62, Elsevier Amsterdam, Netherlands, pp. 2128.Google Scholar
Moggi, Eugenio. (1989) Computational lambda-calculus and monads. In Symposium on Logic in Computer Science LICS'89, IEEE Comp. Sci. Press, Los Alamitos, CA, pp. 1423.Google Scholar
Moggi, Eugenio. (1991) Notions of computation and monads. Info. Comput. 93 (1), 5592.CrossRefGoogle Scholar
Morrisett, Greg, Ahmed, Amal & Fluet, Matthew. (2005) L3: A linear language with locations. In International Conference on Typed Lambda Calculus and Applications TLCA'05. Lecture Notes in Computer Science, Vol. 3461. Springer, Berlin, Germany, pp. 293307.Google Scholar
Nanevski, Aleksandar, Ahmed, Amal, Morrisett, Greg & Birkedal, Lars. (2007) Abstract predicates and mutable ADTs in Hoare type theory. In European Symposium on Programming ESOP'07. Lecture Notes in Computer Science, Vol. 4421. Springer, Berlin, Germany, pp. 189204.Google Scholar
Necula, George C. (January, 1997). Proof-carrying code. In Symposium on Principles of Programming Languages POPL'97, ACM Press, NY, pp. 106119.Google Scholar
O'Donnell, Michael J. (1982) A critique of the foundations of Hoare style programming logics. Commun. ACM 25 (12), 927935.CrossRefGoogle Scholar
O'Hearn, Peter, Reynolds, John & Yang, Hongseok. (2001) Local reasoning about programs that alter data structures. In International Workshop on Computer Science Logic CSL'01. Lecture Notes in Computer Science, Vol. 2142. Springer, Berlin, Germany, pp. 119.Google Scholar
O'Hearn, Peter W., Yang, Hongseok & Reynolds, John C. (2004) Separation and information hiding. In Symposium on Principles of Programming Languages POPL'04, ACM Press, NY, pp. 268280.Google Scholar
Paulson, Lawrence C. (1990) A formulation of the simple theory of types (for Isabelle). In International Conference in Computer Logic, COLOG'88. Lecture Notes in Computer Science, Vol. 417. Springer, Berlin, Germany, pp. 246274.Google Scholar
PeytonJones, Simon Jones, Simon (ed). (2003) Haskell 98 Language and Libraries: The Revised Report. Cambridge, UK: Cambridge University Press.Google Scholar
Peyton, Jones, Simon, L. & Wadler, Philip. (1993) Imperative functional programming. In Symposium on Principles of Programming Languages POPL'93, ACM Press, NY, pp. 7184.Google Scholar
Pfenning, Frank & Davies, Rowan. (2001) A judgmental reconstruction of modal logic. Math. Struct. Comput. Sci. 11 (4), 511540.CrossRefGoogle Scholar
Pierce, Benjamin C. & Turner, David N. (2000) Local type inference. ACM Trans. Program. Lang. Syst. 22 (1), 144.Google Scholar
Reus, Bernhard & Schwinghammer, Jan. (2006) Separation logic for higher-order store. In International Workshop on Computer Science Logic CSL'06, Szeged, Hungary.Google Scholar
Reynolds, John C. (2002) Separation logic: A logic for shared mutable data structures. In Symposium on Logic in Computer Science LICS'02, IEEE Comp. Sci. Press, Los Alamitos, CA, pp. 5574.Google Scholar
Shao, Zhong, Trifonov, Valery, Saha, Bratin & Papaspyrou, Nikolaos. (2005) A type system for certified binaries. ACM Trans. Program. Lang. Syst. 27 (1), 145.CrossRefGoogle Scholar
Sheard, Tim. (2004) Languages of the future. In International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA'04, ACM Press, NY, pp. 116119.Google Scholar
Smith, Frederick, Walker, David & Morrisett, Greg. (2000) Alias types. In European Symposium on Programming ESOP'00. Lecture Notes in Computer Science, Vol. 1782. Springer, Berlin, Germany, pp. 366381.Google Scholar
SRI International & DSTO. (July, 1991) The HOL System: Description. Cambridge, UK: University of Cambridge Computer Laboratory.Google Scholar
Tan, Gang & Appel, Andrew W. (2006) A compositional logic for control flow. In International Conference on Verification, Model Checking and Abstract Interpretation VMCAI'06. Lecture Notes in Computer Science, Vol. 3855. Springer, Berlin, Germany, pp. 8094.Google Scholar
Wadler, Philip. (1998) The marriage of effects and monads. In International Conference on Functional Programming ICFP'98, ACM Press, NY, pp. 6374.Google Scholar
Watkins, Kevin, Cervesato, Iliano, Pfenning, Frank & Walker, David. (2004) A concurrent logical framework: The propositional fragment. In Types for Proofs and Programs. Lecture Notes in Computer Science, Vol. 3085. Springer, Berlin, Germany, pp. 355377.Google Scholar
Westbrook, Edwin, Stump, Aaron & Wehrman, Ian. (2005) A language-based approach to functionally correct imperative programming. In International Conference on Functional Programming ICFP'05, ACM Press, NY, pp. 268279.Google Scholar
Xi, Hongwei & Pfenning, Frank. (1998) Eliminating array bound checking through dependent types. In Conference on Programming Language Design and Implementation PLDI'98, ACM Press, NY, pp. 249257.Google Scholar
Xi, Hongwei & Pfenning, Frank. (1999) Dependent types in practical programming. In Symposium on Principles of Programming Languages POPL'99, ACM Press, NY, pp. 214227.Google Scholar
Zhu, Dengping & Xi, Hongwei. (2005) Safe programming with pointers through stateful views. In Practical Aspects of Declarative Languages PADL'05. Lecture Notes in Computer Science, Vol. 3350. Springer, Berlin, Germany, pp. 8397.Google Scholar
Submit a response

Discussions

No Discussions have been published for this article.