In a paper published in 1972 Hoare articulated the fundamental notions of hiding invariants and simulations. Hiding: invariants on encapsulated data representations need not be mentioned in specifications that comprise the API of a module. Simulation: correctness of a new data representation and implementation can be established by proving simulation between the old and new implementations using a coupling relation defined on the encapsulated state. These results were formalized semantically and for a simple model of state, though the paper claimed this could be extended to encompass dynamically allocated objects. In recent years, progress has been made towards formalizing the claim, for simulation, though mainly in semantic developments. In this paper, the ideas are combined with the idea in Hoare's 1969 paper: a logic of programs. For a language with dynamically allocated shared mutable objects, we introduce a relational Hoare logic that formalizes encapsulation, hiding of invariants, and relating two implementations via coupling relations. Relations and other assertions are expressed in first order logic. Specifications can express a wide range of relational properties such as conditional equivalence and noninterference with declassification. The proof rules facilitate reasoning by means of convenient alignments and are shown sound with respect to a conventional operational semantics. Applicability to representative examples of data abstraction is demonstrated using an SMT-based implementation.
翻译:在1972年出版的一篇论文中,Hoare阐述了隐匿变异物和模拟的基本概念。隐藏:封装数据表示的变数不必在构成模块的API的规格中提及。模拟:可以通过利用封装状态上界定的混合关系来证明旧和新执行之间的模拟,从而确定新数据表示和执行的正确性。这些结果是正式化的语义和简单的国家模式,尽管文件声称这可以扩展为包括动态分配的对象。近年来,在模拟(主要是语义发展)方面,封装数据表示的要求正式化方面取得了进展。在本文中,这些想法与Hoare1969年论文中的想法:程序逻辑相结合。对于具有动态分配共同变异物体的语言,我们采用了一种关联的Hoare逻辑,将封装、隐藏变异物和通过联动关系与两个执行相联系。关系和其他说法在第一顺序逻辑中得到了表达。具体描述可以表达广泛的关系属性,如有条件的等和不干预与解级化的特性发展。在本文件中,这些想法与Hare're的理论结合:程序逻辑的逻辑逻辑:对于动态分配的逻辑的逻辑的逻辑,证据的推理学系系的推理学系系系系系系系系系的推。
相关内容
微信扫码咨询专知VIP会员