Re: valid pointers

• To: leavens@cs.iastate.edu (Gary Leavens)
• Subject: Re: valid pointers
• From: mtv@godiva.lcs.mit.edu (Mark Vandevoorde)
• Date: Mon, 15 Mar 93 08:56:29 EST
• Cc: mtv@godiva.lcs.mit.edu, detlefs, baker@cs.iastate.edu, cheon@cs.iastate.edu, horning, kjones, ymtan@larch.lcs.mit.edu
• In-Reply-To: Your message of Sat, 13 Mar 93 15:31:43 -0600. <9303132131.AA09243@bambam.cs.iastate.edu>

Gary,

> This makes sense, because if you never deallocate, then there is nothing
> to prove.  

Even in a garbage-collected languageg, one might want to prove that an object
can be reclaimed, e.g., to substitute mutation for allocation.  In fact, I
became interested in this problem for this reason.

>           But this seems to be a verification issue.  Can't we verify against
> specifications written with "trashed" and use a verification logic that
> talks about "last_used"?

Yes.

> I would think it possible (perhaps naively) to do *specification* in C++
> in the same way as CLU.  That is, to have an implicit pre-condition that
> every pointer accessible is valid.  The pre-condition you note seems to
> be automatically derivable, and it would be a burden to have all C++
> specifications have to mention it explicitly.

Yes, but the implicit pre- and post-conditions may be stronger than some
would want in a language with explicit deallocation.  For example, if
allocation routines return memory containing meaningless pointers, one needs
initialization routines whose pre-conditions allow them to initialize such
memory.  My default pre-condition does not.

 -Mark

• valid pointers
• From: leavens@cs.iastate.edu (Gary Leavens)

• valid pointers
• From: leavens@cs.iastate.edu (Gary Leavens)

• Prev: valid pointers
• Next: valid pointers
• Index: Larch archive index