Reynolds has developed a logic for reasoning about mutable data structures in which the
pre-and postconditions are written in an intuitionistic logic enriched with a spatial form of …

The reliability of infrastructure software, such as operating systems and web servers, is often
hampered by the mismanagement of resources, such as memory and network connections …

Programs are called stateful when they manipulate the state of a computer explicitly, for
example, by assignment. The main theme of the thesis is reasoning about stateful programs …

By combining existing type systems with standard type-based compilation techniques, we
describe how to write strongly typed programs that include a function that acts as at racing …

We check statically whether it is safe for untrusted foreign machine code to be loaded into a
trusted host system. Our technique works on ordinary machine code, and mechanically …

Programming languages with sound static type systems have significant software
engineering advantages over unsafe programming languages. Types can enforce a wide …

We study the new ANSI C type qualifier restrict, which allows programmers to specify
pointers that are not aliased to other pointers. The main contribution of this paper is a formal …

This thesis presents a system for specifying constraints on dynamically changing referencing
relationships of heap objects, and an analysis for static verification of these constraints. The …

This paper explores the use of object models for specifying verifiable heap invariants. We
define a simple language based on sets and relations and illustrate its use through …

This paper explores the use of object models for specifying verifiable heap invariants. We
define a simple language based on sets and relations and illustrate its use through …