International audienceFrame and anti-frame rules have been proposed as proof rules for modular reasoning about programs. Frame rules allow one to hide irrelevant parts of the state during verification, whereas the anti-frame rule allows one to hide local state from the context. We discuss the semantic foundations of frame and anti-frame rules, and present the first sound model for Charguéraud and Pottier's type and capability system including both of these rules. The model is a possible worlds model based on the operational semantics and step-indexed heap relations, and the worlds are given by a recursively defined metric space. We also extend the model to account for Pottier's generalized frame and anti-frame rules, where invariants are ge...
239 p.Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2001.Programs are called stateful ...
It is generally agreed that the unrestricted use of state can make a program hard to understand, har...
Standard abstract model checking relies on abstract Kripke structures which approximate concrete mod...
Frame and anti-frame rules have been proposed as proof rules for modular reasoning about programs. F...
We present the first complete soundness proof of the antiframe rule, a recently proposed proof rule...
Standard abstract model checking relies on abstract Kripke structures which approximate concrete mod...
Code protection technologies require anti reverse engineering transformations to obfuscate programs ...
International audienceProVerif is a popular tool for the fully automatic analysis of security protoc...
From 29 August 2010 to 3 September 2010, the Dagstuhl Seminar 10351 ``Modelling, Controlling and Rea...
We investigate information hiding in object-based programs and the associated mismatch. While client...
Separation logic is a Hoare-style logic for reasoning about programs with heap-allocated mutable dat...
AbstractWe prove that the observational equivalence of third-order finitary (i.e. recursion-free) Id...
We provide a framework for reasoning about information-hiding requirements in multiagent systems and...
Since state-rich formalism [Figure not available: see fulltext.] is a combination of Z, CSP, refinem...
National audienceThe syntax of an imperative language does not mention explicitly the state, while i...
239 p.Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2001.Programs are called stateful ...
It is generally agreed that the unrestricted use of state can make a program hard to understand, har...
Standard abstract model checking relies on abstract Kripke structures which approximate concrete mod...
Frame and anti-frame rules have been proposed as proof rules for modular reasoning about programs. F...
We present the first complete soundness proof of the antiframe rule, a recently proposed proof rule...
Standard abstract model checking relies on abstract Kripke structures which approximate concrete mod...
Code protection technologies require anti reverse engineering transformations to obfuscate programs ...
International audienceProVerif is a popular tool for the fully automatic analysis of security protoc...
From 29 August 2010 to 3 September 2010, the Dagstuhl Seminar 10351 ``Modelling, Controlling and Rea...
We investigate information hiding in object-based programs and the associated mismatch. While client...
Separation logic is a Hoare-style logic for reasoning about programs with heap-allocated mutable dat...
AbstractWe prove that the observational equivalence of third-order finitary (i.e. recursion-free) Id...
We provide a framework for reasoning about information-hiding requirements in multiagent systems and...
Since state-rich formalism [Figure not available: see fulltext.] is a combination of Z, CSP, refinem...
National audienceThe syntax of an imperative language does not mention explicitly the state, while i...
239 p.Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2001.Programs are called stateful ...
It is generally agreed that the unrestricted use of state can make a program hard to understand, har...
Standard abstract model checking relies on abstract Kripke structures which approximate concrete mod...