Formal Aspects of Computing

, Volume 22, Issue 3–4, pp 363–384 | Cite as

A generic complete dynamic logic for reasoning about purity and effects

  • Till Mossakowski
  • Lutz Schröder
  • Sergey Goncharov
Original Article


For a number of programming languages, among them Eiffel, C, Java, and Ruby, Hoare-style logics and dynamic logics have been developed. In these logics, pre- and postconditions are typically formulated using potentially effectful programs. In order to ensure that these pre- and postconditions behave like logical formulae (that is, enjoy some kind of referential transparency), a notion of purity is needed. Here, we introduce a generic framework for reasoning about purity and effects. Effects are modelled abstractly and axiomatically, using Moggi’s idea of encapsulation of effects as monads. We introduce a dynamic logic (from which, as usual, a Hoare logic can be derived) whose logical formulae are pure programs in a strong sense. We formulate a set of proof rules for this logic, and prove it to be complete with respect to a categorical semantics. Using dynamic logic, we then develop a relaxed notion of purity which allows for observationally neutral effects such writing on newly allocated memory.


Monads for effects Dynamic logic Observational equivalence Completeness 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. BBdP98.
    Benton PN, Bierman GM, de Paiva V (1998) Computational types from a logical perspective. J Funct Program 8(2): 177–193zbMATHCrossRefGoogle Scholar
  2. Bec01.
    Beckert B (2001) A dynamic logic for the formal verification of Java card programs. In: Attali I, Jensen T, (eds) Java on smart cards: programming and security. Revised papers, Java card 2000, International workshop, Cannes, France, vol 2041 of LNCS, Springer, Berlin, pp 6–24Google Scholar
  3. BK03.
    Bonniot D, Keller B (2003) The Nice user’s manual., 2003
  4. Boe85.
    Boehm H-J (1985) Side effects and aliasing can have simple axiomatic descriptions. ACM Trans Program Lang Syst 7: 637–655zbMATHCrossRefGoogle Scholar
  5. Bri02.
    Bright W (2002) The D programming language. Dr. Dobb’s J Softw Tools 27(2): 36–40MathSciNetGoogle Scholar
  6. CK05.
    Cok DR, Kiniry JR (2005) ESC/Java2: uniting ESC/Java and JML: progress and issues in building and using ESC/Java2, including a case study involving the use of the tool to verify portions of an Internet voting tally system. In: Barthe G, Burdy L, Huisman M, Lanet J-L, Muntean T (eds) Construction and analysis of safe, secure, and interoperable smart devices (CASSIS 2004), vol 3362 of Lecture Notes in Computer Science, Springer, Berlin, pp 108–128Google Scholar
  7. FF02.
    Findler RB, Felleisen M (2002) Contracts for higher-order functions. In: ICFP, pp 48–59Google Scholar
  8. Füh02.
    Führmann C (2002) Varieties of effects. In: Foundations of software science and computation structures, vol 2303 of LNCS, Springer, Berlin, pp 144–158Google Scholar
  9. GSM06.
    Goncharov S, Schröder L, Mossakowski T (2006) Completeness of global evaluation logic. In: Mathematical foundations of computer science, MFCS 06, vol 4162 of LNCS, Springer, Berlin, pp 447–458Google Scholar
  10. Hin64.
    Hindley JR (1964) The Church–Rosser property and a result in combinatory logic. PhD thesis, University of Newcastle-upon-TyneGoogle Scholar
  11. Hoa69.
    Hoare CAR (1969) An axiomatic basis for computer programming. CACM, p 12Google Scholar
  12. Hui01.
    Huisman M (2001) Java program verification in higher order logic with PVS and Isabelle. PhD thesis, University of NijmegenGoogle Scholar
  13. JP03.
    Jacobs B, Poll E (2003) Coalgebras and Monads in the semantics of Java. Theoret Comput Sci 291: 329–349zbMATHCrossRefMathSciNetGoogle Scholar
  14. LBR06.
    Leavens GT, Baker AL, Ruby C (2006) Preliminary design of JML: A behavioral interface specification language for Java. ACM SIGSOFT Software Engineering Notes 31(3): 1–38CrossRefGoogle Scholar
  15. Mac97.
    Mac Lane S (1997) Categories for the working mathematician. Springer, BerlinGoogle Scholar
  16. Mey92.
    Meyer B (1992) Eiffel: the language. Prentice-Hall, Englewood CliffsGoogle Scholar
  17. Mog91.
    Moggi E (1991) Notions of computation and monads. Inform Comput 93: 55–92zbMATHCrossRefMathSciNetGoogle Scholar
  18. Mog95.
    Moggi E (1995) A semantics for evaluation logic. Fund Inform 22: 117–152zbMATHMathSciNetGoogle Scholar
  19. MSG08.
    Mossakowski T, Schröder L, Goncharov S (2008) A generic complete dynamic logic for reasoning about purity and effects. In: Fiadeiro J, Inverardi P (eds) Fundamental approaches to software engineering (FASE 2008), vol 4961 of Lecture Notes in Computer Science.. Springer, Berlin, pp 199–214CrossRefGoogle Scholar
  20. Nau07.
    Naumann DA (2007) Observational purity and encapsulation. Theoret Comput Sci 376: 205–224zbMATHCrossRefMathSciNetGoogle Scholar
  21. Nip02.
    Nipkow T (2002) Hoare logics in Isabelle/HOL. In: Schwichtenberg H, Steinbrüggen R (eds) Proof and system-reliability.. Kluwer, Dordrecht, pp 341–367Google Scholar
  22. Omo91.
    Omohundro SM (1991) The Sather language. Technical report. International Computer Science Institute, BerkeleyGoogle Scholar
  23. Pit91.
    Pitts A (1991) Evaluation logic. In: Higher Order Workshop, Workshops in computing. Springer, Berlin, pp 162–189Google Scholar
  24. PJ03.
    Peyton-Jones S (ed) (2003) Haskell 98 language and libraries—the revised report. Cambridge, 2003. also: J Funct Program 13Google Scholar
  25. Pra76.
    Pratt V (1976) Semantical considerations on Floyd-Hoare logic. In: Foundations of conputer science, FOCS 76. IEEE, pp 109–121Google Scholar
  26. SC02.
    Sonntag B, Colnet D (2002) Lisaac: the power of simplicity at work for operating system. In: Technology of object-oriented languages and systems, TOOLS Pacific 02, vol 10 of CRPIT. ACS, pp 45–52Google Scholar
  27. SM03.
    Schröder L, Mossakowski T (2003) Monad-independent Hoare logic in HasCasl. In Fundamental aspects of software engineering, FASE 03, vol 2621 of LNCS, pp 261–277Google Scholar
  28. SM04a.
    Schröder L, Mossakowski T (2004) Monad-independent dynamic logic in HasCasl. J Logic Comput 14: 571–619zbMATHCrossRefMathSciNetGoogle Scholar
  29. SM04b.
    Schröder L, Mossakowski T (2004) Generic exception handling and the Java monad. In: Algebraic methodology and software technology, AMAST 04, vol 3116 of LNCS, Springer, Berlin, pp 443–459Google Scholar
  30. Ste04.
    Stenzel K (2004) A formally verified calculus for full java card. In: Rattray C, Maharaj S, Shankland C, (eds) AMAST, vol 3116 of Lecture Notes in Computer Science, Springer, Berlin, pp 491–505Google Scholar
  31. Thi97.
    Thielecke H (1997) Categorical structure of continuation passing style. PhD thesis, University of EdinburghGoogle Scholar
  32. vdBJ01.
    van den Berg J, Jacobs B (2001) The LOOP compiler for java and JML. In: Margaria T, Yi W, (eds) TACAS, vol 2031 of Lecture Notes in Computer Science, Springer, Berlin, pp 299–312Google Scholar
  33. vO01.
    von Oheimb D (2001) Hoare logic for java in isabelle/HOL. Concurr Comput Practice Experience 13: 1173–1214zbMATHCrossRefGoogle Scholar
  34. Wal05.
    Walter D (2005) Monadic dynamic logic: application and implementation. Master’s thesis, University of Bremen, 2005. Available at
  35. WSM05.
    Walter D, Schröder L, Mossakowski T (2005) Parametrized exceptions. In: Algebra and coalgebra in computer science, CALCO 05, vol 3629 of LNCS. Springer, Berlin, pp 424–438Google Scholar

Copyright information

© British Computer Society 2010

Authors and Affiliations

  • Till Mossakowski
    • 1
    • 2
  • Lutz Schröder
    • 1
    • 2
  • Sergey Goncharov
    • 1
  1. 1.Safe and secure cognitive systemsDFKI GmbHBremenGermany
  2. 2.Department of Computer ScienceUniversity of BremenBremenGermany

Personalised recommendations