423 research outputs found
FunTAL: Reasonably Mixing a Functional Language with Assembly
We present FunTAL, the first multi-language system to formalize safe
interoperability between a high-level functional language and low-level
assembly code while supporting compositional reasoning about the mix. A central
challenge in developing such a multi-language is bridging the gap between
assembly, which is staged into jumps to continuations, and high-level code,
where subterms return a result. We present a compositional stack-based typed
assembly language that supports components, comprised of one or more basic
blocks, that may be embedded in high-level contexts. We also present a logical
relation for FunTAL that supports reasoning about equivalence of high-level
components and their assembly replacements, mixed-language programs with
callbacks between languages, and assembly components comprised of different
numbers of basic blocks.Comment: 15 pages; implementation at https://dbp.io/artifacts/funtal/;
published in PLDI '17, Proceedings of the 38th ACM SIGPLAN Conference on
Programming Language Design and Implementation, June 18 - 23, 2017,
Barcelona, Spai
Modular, Fully-abstract Compilation by Approximate Back-translation
A compiler is fully-abstract if the compilation from source language programs
to target language programs reflects and preserves behavioural equivalence.
Such compilers have important security benefits, as they limit the power of an
attacker interacting with the program in the target language to that of an
attacker interacting with the program in the source language. Proving compiler
full-abstraction is, however, rather complicated. A common proof technique is
based on the back-translation of target-level program contexts to
behaviourally-equivalent source-level contexts. However, constructing such a
back- translation is problematic when the source language is not strong enough
to embed an encoding of the target language. For instance, when compiling from
STLC to ULC, the lack of recursive types in the former prevents such a
back-translation.
We propose a general and elegant solution for this problem. The key insight
is that it suffices to construct an approximate back-translation. The
approximation is only accurate up to a certain number of steps and conservative
beyond that, in the sense that the context generated by the back-translation
may diverge when the original would not, but not vice versa. Based on this
insight, we describe a general technique for proving compiler full-abstraction
and demonstrate it on a compiler from STLC to ULC. The proof uses asymmetric
cross-language logical relations and makes innovative use of step-indexing to
express the relation between a context and its approximate back-translation.
The proof extends easily to common compiler patterns such as modular
compilation and it, to the best of our knowledge, it is the first compiler full
abstraction proof to have been fully mechanised in Coq. We believe this proof
technique can scale to challenging settings and enable simpler, more scalable
proofs of compiler full-abstraction
10351 Abstracts Collection -- Modelling, Controlling and Reasoning About State
From 29 August 2010 to 3 September 2010, the Dagstuhl Seminar 10351
``Modelling, Controlling and Reasoning About State \u27\u27 was held in
Schloss Dagstuhl~--~Leibniz Center for Informatics. During the
seminar, several participants presented their current research, and
ongoing work and open problems were discussed. Abstracts of the
presentations given during the seminar as well as abstracts of seminar
results and ideas are put together in this paper. Links to extended
abstracts or full papers are provided, if available
The Journey of Biorthogonal Logical Relations to the Realm of Assembly Code
Logical relations appeared to be very fruitful for the development of modular proofs of compiler correctness. In this field, logical relations are parametrized by a high-level type system, and are even sometimes directly relating low level pieces of code to high-level programs. All those works rely crucially on biorthogonality to get extensionality and compositionality properties. But the use of biorthogonality in the definitions also complicates matters when it comes to operational correctness. Most of the time, such correctness results amount to show an unfolding lemma that makes reduction more explicit than in a biorthogonal definition. Unfortunately, unfolding lemmas are not easy to derive for rich languages and in particular for assembly code. In this paper, we focus on three different situations that enable to reach step-by-step the assembly code universe: the use of Curry-style polymorphism, the presence of syntactical equality in the language and finally an ideal assembly code with a notion of code pointer
An ontological framework for web service processes
The process notion is central in computing. Business processes and workflow processes are essential elements of software systems implementations. Processes are connected to notions of interaction and composition. The Web Services Framework as a development and deployment platform for services is based on the assembly of interacting processes as the compositional paradigm. Service-based software development on and for the Web platform embracing the philosophy of discovering and using third-party services makes a shared knowledge representation framework necessary. We develop a semantical and ontological framework for service process composition. We propose a framework for the compositional de�nition of Web services based on the �-calculus to de�ne protocol-like restrictions on service interactions and based on description logic and ontologies to guide the discovery and modelling of services and processes
Semantics of Separation-Logic Typing and Higher-order Frame Rules for<br> Algol-like Languages
We show how to give a coherent semantics to programs that are well-specified
in a version of separation logic for a language with higher types: idealized
algol extended with heaps (but with immutable stack variables). In particular,
we provide simple sound rules for deriving higher-order frame rules, allowing
for local reasoning
Types for Information Flow Control: Labeling Granularity and Semantic Models
Language-based information flow control (IFC) tracks dependencies within a
program using sensitivity labels and prohibits public outputs from depending on
secret inputs. In particular, literature has proposed several type systems for
tracking these dependencies. On one extreme, there are fine-grained type
systems (like Flow Caml) that label all values individually and track
dependence at the level of individual values. On the other extreme are
coarse-grained type systems (like HLIO) that track dependence coarsely, by
associating a single label with an entire computation context and not labeling
all values individually.
In this paper, we show that, despite their glaring differences, both these
styles are, in fact, equally expressive. To do this, we show a semantics- and
type-preserving translation from a coarse-grained type system to a fine-grained
one and vice-versa. The forward translation isn't surprising, but the backward
translation is: It requires a construct to arbitrarily limit the scope of a
context label in the coarse-grained type system (e.g., HLIO's "toLabeled"
construct). As a separate contribution, we show how to extend work on logical
relation models of IFC types to higher-order state. We build such logical
relations for both the fine-grained type system and the coarse-grained type
system. We use these relations to prove the two type systems and our
translations between them sound.Comment: 31st IEEE Symposium on Computer Security Foundations (CSF 2018
Verified Compilers for a Multi-Language World
Though there has been remarkable progress on formally verified compilers in recent years, most of these compilers suffer from a serious limitation: they are proved correct under the assumption that they will only be used to compile whole programs. This is an unrealistic assumption since most software systems today are comprised of components written in different languages - both typed and untyped - compiled by different compilers to a common target, as well as low-level libraries that may be handwritten in the target language.
We are pursuing a new methodology for building verified compilers for today\u27s world of multi-language software. The project has two central themes, both of which stem from a view of compiler correctness as a language interoperability problem. First, to specify correctness of component compilation, we require that if a source component s compiles to target component t, then t linked with some arbitrary target code t\u27 should behave the same as s interoperating with t\u27. The latter demands a formal semantics of interoperability between the source and target languages. Second, to enable safe interoperability between components compiled from languages as different as ML, Rust, Python, and C, we plan to design a gradually type-safe target language based on LLVM that supports safe interoperability between more precisely typed, less precisely typed, and type-unsafe components. Our approach opens up a new avenue for exploring sensible language interoperability while also tackling compiler correctness
Fully Composable and Adequate Verified Compilation with Direct Refinements between Open Modules (Technical Report)
Verified compilation of open modules (i.e., modules whose functionality
depends on other modules) provides a foundation for end-to-end verification of
modular programs ubiquitous in contemporary software. However, despite
intensive investigation in this topic for decades, the proposed approaches are
still difficult to use in practice as they rely on assumptions about the
internal working of compilers which make it difficult for external users to
apply the verification results. We propose an approach to verified
compositional compilation without such assumptions in the setting of verifying
compilation of heterogeneous modules written in first-order languages
supporting global memory and pointers. Our approach is based on the memory
model of CompCert and a new discovery that a Kripke relation with a notion of
memory protection can serve as a uniform and composable semantic interface for
the compiler passes. By absorbing the rely-guarantee conditions on memory
evolution for all compiler passes into this Kripke Memory Relation and by
piggybacking requirements on compiler optimizations onto it, we get
compositional correctness theorems for realistic optimizing compilers as
refinements that directly relate native semantics of open modules and that are
ignorant of intermediate compilation processes. Such direct refinements support
all the compositionality and adequacy properties essential for verified
compilation of open modules. We have applied this approach to the full
compilation chain of CompCert with its Clight source language and demonstrated
that our compiler correctness theorem is open to composition and intuitive to
use with reduced verification complexity through end-to-end verification of
non-trivial heterogeneous modules that may freely invoke each other (e.g.,
mutually recursively)
- …