62 research outputs found
Reaching for the Star: Tale of a Monad in Coq
Monadic programming is an essential component in the toolbox of functional programmers. For the pure and total programmers, who sometimes navigate the waters of certified programming in type theory, it is the only means to concisely implement the imperative traits of certain algorithms. Monads open up a portal to the imperative world, all that from the comfort of the functional world. The trend towards certified programming within type theory begs the question of reasoning about such programs. Effectful programs being encoded as pure programs in the host type theory, we can readily manipulate these objects through their encoding. In this article, we pursue the idea, popularized by Maillard [Kenji Maillard, 2019], that every monad deserves a dedicated program logic and that, consequently, a proof over a monadic program ought to take place within a Floyd-Hoare logic built for the occasion. We illustrate this vision through a case study on the SimplExpr module of CompCert [Xavier Leroy, 2009], using a separation logic tailored to reason about the freshness of a monadic gensym
Targeted Static Analysis for OCaml C Stubs: eliminating gremlins from the code
Migration to OCaml 5 requires updating a lot of C bindings due to the removal
of naked pointer support. Writing OCaml user-defined primitives in C is a
necessity, but is unsafe and error-prone. It does not benefit from either
OCaml's or C's type checking, and existing C static analysers are not aware of
the OCaml GC safety rules, and cannot infer them from existing macros alone.The
alternative is automatically generating C stubs, which requires correctly
managing value lifetimes. Having a static analyser for OCaml to C interfaces is
useful outside the OCaml 5 porting effort too.
After some motivating examples of real bugs in C bindings a static analyser
is presented that finds these known classes of bugs. The tool works on the
OCaml abstract parse and typed trees, and generates a header file and a caller
model. Together with a simplified model of the OCaml runtime this is used as
input to a static analysis framework, Goblint. An analysis is developed that
tracks dereferences of OCaml values, and together with the existing framework
reports incorrect dereferences. An example is shown how to extend the analysis
to cover more safety properties.
The tools and runtime models are generic and could be reused with other
static analysis tools.Comment: submitted to the OCaml 2023 workshop added references about
OCaml/Rust interop and XenServer origin
Value Partitioning: A Lightweight Approach to Relational Static Analysis for JavaScript
In static analysis of modern JavaScript libraries, relational analysis at key locations is critical to provide sound and useful results. Prior work addresses this challenge by the use of various forms of trace partitioning and syntactic patterns, which is fragile and does not scale well, or by incorporating complex backwards analysis. In this paper, we propose a new lightweight variant of trace partitioning named value partitioning that refines individual abstract values instead of entire abstract states. We describe how this approach can effectively capture important relational properties involving dynamic property accesses, functions with free variables, and predicate functions. Furthermore, we extend an existing JavaScript analyzer with value partitioning and demonstrate experimentally that it is a simple, precise, and efficient alternative to the existing approaches for analyzing widely used JavaScript libraries
Affine Disjunctive Invariant Generation with Farkas' Lemma
Invariant generation is the classical problem that aims at automated
generation of assertions that over-approximates the set of reachable program
states in a program. We consider the problem of generating affine invariants
over affine while loops (i.e., loops with affine loop guards, conditional
branches and assignment statements), and explore the automated generation of
disjunctive affine invariants. Disjunctive invariants are an important class of
invariants that capture disjunctive features in programs such as multiple
phases, transitions between different modes, etc., and are typically more
precise than conjunctive invariants over programs with these features. To
generate tight affine invariants, existing constraint-solving approaches have
investigated the application of Farkas' Lemma to conjunctive affine invariant
generation, but none of them considers disjunctive affine invariants
flap: A Deterministic Parser with Fused Lexing
Lexers and parsers are typically defined separately and connected by a token
stream. This separate definition is important for modularity and reduces the
potential for parsing ambiguity. However, materializing tokens as data
structures and case-switching on tokens comes with a cost. We show how to fuse
separately-defined lexers and parsers, drastically improving performance
without compromising modularity or increasing ambiguity. We propose a
deterministic variant of Greibach Normal Form that ensures deterministic
parsing with a single token of lookahead and makes fusion strikingly simple,
and prove that normalizing context free expressions into the deterministic
normal form is semantics-preserving. Our staged parser combinator library,
flap, provides a standard interface, but generates specialized token-free code
that runs two to six times faster than ocamlyacc on a range of benchmarks.Comment: PLDI 2023 with appendi
Fundamental Approaches to Software Engineering
This open access book constitutes the proceedings of the 24th International Conference on Fundamental Approaches to Software Engineering, FASE 2021, which took place during March 27–April 1, 2021, and was held as part of the Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to take place in Luxembourg but changed to an online format due to the COVID-19 pandemic. The 16 full papers presented in this volume were carefully reviewed and selected from 52 submissions. The book also contains 4 Test-Comp contributions
Tools and Algorithms for the Construction and Analysis of Systems
This open access two-volume set constitutes the proceedings of the 27th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2021, which was held during March 27 – April 1, 2021, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to take place in Luxembourg and changed to an online format due to the COVID-19 pandemic. The total of 41 full papers presented in the proceedings was carefully reviewed and selected from 141 submissions. The volume also contains 7 tool papers; 6 Tool Demo papers, 9 SV-Comp Competition Papers. The papers are organized in topical sections as follows: Part I: Game Theory; SMT Verification; Probabilities; Timed Systems; Neural Networks; Analysis of Network Communication. Part II: Verification Techniques (not SMT); Case Studies; Proof Generation/Validation; Tool Papers; Tool Demo Papers; SV-Comp Tool Competition Papers
- …