Name
Abstract | ||
|---|---|---|
Dedicated to the memory of John C. Reynolds (1935--2013). The hiding of internal invariants creates a mismatch between procedure specifications in an interface and proof obligations on the implementations of those procedures. The mismatch is sound if the invariants depend only on encapsulated state, but encapsulation is problematic in contemporary software due to the many uses of shared mutable objects. The mismatch is formalized here in a proof rule that achieves flexibility via explicit restrictions on client effects, expressed using ghost state and ordinary first order assertions. The restrictions amount to a stateful frame condition that must be satisfied by any client; this dynamic encapsulation boundary complements conventional scope-based encapsulation. The technical development is based on a companion article, Part I, that presents Region Logic---a programming logic with stateful frame conditions for commands. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1145/2485981 | J. ACM |
Keywords | DocType | Volume |
Local Reasoning,proof obligation,ghost state,proof rule,Part II,stateful frame condition,restrictions amount,internal invariants,dynamic encapsulation boundary,Global Invariants,encapsulated state,client effect,Dynamic Boundaries,conventional scope-based encapsulation | Journal | 60 |
Issue | ISSN | Citations |
3 | 0004-5411 | 3 |
PageRank | References | Authors |
0.36 | 55 | 2 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Anindya Banerjee | 1 | 1324 | 70.68 |
| David Naumann | 2 | 1101 | 84.12 |