204 research outputs found

    Special Delivery: Programming with Mailbox Types (Extended Version)

    Full text link
    The asynchronous and unidirectional communication model supported by mailboxes is a key reason for the success of actor languages like Erlang and Elixir for implementing reliable and scalable distributed systems. While many actors may send messages to some actor, only the actor may (selectively) receive from its mailbox. Although actors eliminate many of the issues stemming from shared memory concurrency, they remain vulnerable to communication errors such as protocol violations and deadlocks. Mailbox types are a novel behavioural type system for mailboxes first introduced for a process calculus by de'Liguoro and Padovani in 2018, which capture the contents of a mailbox as a commutative regular expression. Due to aliasing and nested evaluation contexts, moving from a process calculus to a programming language is challenging. This paper presents Pat, the first programming language design incorporating mailbox types, and describes an algorithmic type system. We make essential use of quasi-linear typing to tame some of the complexity introduced by aliasing. Our algorithmic type system is necessarily co-contextual, achieved through a novel use of backwards bidirectional typing, and we prove it sound and complete with respect to our declarative type system. We implement a prototype type checker, and use it to demonstrate the expressiveness of Pat on a factory automation case study and a series of examples from the Savina actor benchmark suite.Comment: Extended version of paper accepted to ICFP'2

    Runtime Verification Of SQL Correctness Properties with YR-DB-RUNTIME-VERIF

    Get PDF
    Software correctness properties are essential to maintain quality by continuous and regressive inte- gration testing, as well as runtime monitoring the program after customer deployment. This paper presents an effective and lightweight C ++ program verification framework: YR_DB_RUNTIME_VERIF, to check SQL (Structure Query Language) [1] software correctness properties specified as temporal safety properties [2]. A temporal safety property specifies what behavior shall not occur, in a software, as sequence of program events. YR_DB_RUNTIME_VERIF allows specification of a SQL temporal safety property by means of a very small state diagram mealy machine [3]. In YR_DB_RUNTIME_VERIF, a spec- ification characterizes effects of program events (via SQL statements) on database table columns by means of set interface operations (∈, ∈), and, enable to check these characteristics hold or not at runtime. Integration testing is achieved for instance by expressing a state diagram that encompasses both Graphical User Interface (GUI) states and MySQL [4] databases queries that glue them. For example, a simple specification would encompass states between ’Department administration’ and ’Stock listing’ GUI interfaces, and transitions between them by means of MySQL databases oper- ations. YR_DB_RUNTIME_VERIF doesn’t generate false warnings; YR_DB_RUNTIME_VERIF specifications are not desirable (forbidden) specifications (fail traces). This paper focuses its examples on MySQL database specifications, labeled as states diagrams events, for the newly developed and FOSS (Free and Open Source Software) Enterprise Resource Planing Software YEROTH–ERP–3.0 [5].PROF. DR.-ING. DIPL.-INF. xavier noumbissi noundo

    Exploring annotations for deductive verification

    Get PDF

    Multiparty session typing in Java, deductively

    Get PDF
    Multiparty session typing (MPST) is a method to automatically prove safety and liveness of protocol implementations relative to specifications. We present BGJ: a new tool to apply the MPST method in combination with Java. The checks performed using our tool are purely static (all errors are reported early at compile-time) and resource-efficient (near-zero cost abstractions at run-time), thereby addressing two issues of existing tools. BGJ is built using VerCors, but our approach is general

    Towards Safe Automated Refactoring of Imperative Deep Learning Programs to Graph Execution

    Full text link
    Efficiency is essential to support responsiveness w.r.t. ever-growing datasets, especially for Deep Learning (DL) systems. DL frameworks have traditionally embraced deferred execution-style DL code—supporting symbolic, graph-based Deep Neural Network (DNN) computation. While scalable, such development is error-prone, non-intuitive, and difficult to debug. Consequently, more natural, imperative DL frameworks encouraging eager execution have emerged at the expense of run-time performance. Though hybrid approaches aim for the best of both worlds, using them effectively requires subtle considerations to make code amenable to safe, accurate, and efficient graph execution. We present our ongoing work on automated refactoring that assists developers in specifying whether and how their otherwise eagerly-executed imperative DL code could be reliably and efficiently executed as graphs while preserving semantics. The approach, based on a novel imperative tensor analysis, will automatically determine when it is safe and potentially advantageous to migrate imperative DL code to graph execution and modify decorator parameters or eagerly executing code already running as graphs. The approach is being implemented as a PyDev Eclipse IDE plug-in and uses the WALA Ariadne analysis framework. We discuss our ongoing work towards optimizing imperative DL code to its full potential

    Polymorphic Typestate for Session Types

    Full text link
    Session types provide a principled approach to typed communication protocols that guarantee type safety and protocol fidelity. Formalizations of session-typed communication are typically based on process calculi, concurrent lambda calculi, or linear logic. An alternative model based on context-sensitive typing and typestate has not received much attention due to its apparent restrictions. However, this model is attractive because it does not force programmers into particular patterns like continuation-passing style or channel-passing style, but rather enables them to treat communication channels like mutable variables. Polymorphic typestate is the key that enables a full treatment of session-typed communication. Previous work in this direction was hampered by its setting in a simply-typed lambda calculus. We show that higher-order polymorphism and existential types enable us to lift the restrictions imposed by the previous work, thus bringing the expressivity of the typestate-based approach on par with the competition. On this basis, we define PolyVGR, the system of polymorphic typestate for session types, establish its basic metatheory, type preservation and progress, and present a prototype implementation.Comment: 29 pages. Short version appears in PPDP 202

    Pre-deployment Analysis of Smart Contracts -- A Survey

    Full text link
    Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment. Several patterns about the strengths of different methods emerge through this classification process

    Advanced typing for asset-aware programming languages

    Get PDF
    openLa rilevazione di errori nei linguaggi di programmazione è sempre stata importante nel ridurre la presenza di bug e vulnerabilità del software e lo sviluppo di strumenti che aiutino i programmatori in tal senso sono cruciali per le aziende del settore. Nei programmi è possibile riscontrare diverse tipologie di errori che possono causare comportamenti inaspettati da parte del software o addirittura al crash. Fortunatamente, alcuni di questi errori possono essere individuati usando sistemi di tipi e compilatori. Tuttavia, i moderni compilatori potrebbero non essere più abbastanza: infatti, lo spettro di possibili errori introdotti dai programmatori si è molto ampliato insieme alla complessità dei sistemi informatici odierni, come ad esempio le blockchain. I linguaggi per questi ambienti dovrebbero considerare una nuova categoria di errori correlata agli asset: infatti, in questi casi la loro duplicazione, creazione o perdita arbitraria dovrebbe essere evitata. Queste tipologie di errori sono strettamente correlati al concetto di stato di un oggetto, il quale è un’istanza di uno smart contract. In questa tesi, vengono discussi due linguaggi di programmazione typestate-oriented progettati per lo sviluppo di smart contracts, Stipula e Obsidian, vengono messi a confronto in termini di espressività e proprietà. In questa analisi, si può notare che Stipula adotta un approccio più safe e flessibile di Obsidian nella scrittura di legal contracts, grazie alla disponibilità di determinate primitive di linguaggio. Queste funzionalità permettono una realizzazione più semplice e comprensibile dei contratti e costringe il programmatore a un approccio più safe nello sviluppo. D’altro canto, Stipula non possiede altre funzionalità, come tipi user-defined e strutture dati, tipiche dei linguaggi di programmazione a oggetti: in particolare, non supporta un sistema di tipi completo e che permetta di assicurare proprietà di safety per gli asset. Successivamente, viene fornita e discussa una realizzazione in Obsidian delle currencies e dei tokens usati in Stipula allo scopo di trovare un modo di aggiungere in questo nuovo linguaggio un sistema di ownership, il quale potrebbe aiutare nella rilevazione di errori per riferimenti ad asset. Vengono, dunque, fornite le dimostrazioni che gli statement presi in considerazione sono ben tipati: gli strumenti teorici usati nelle dimostrazioni forniscono effettivamente delle indicazioni su come l’ownership dovrebbe funzionare in Stipula. Questa tesi si concentra sulla ricerca di funzionalità e pratiche per migliorare l’espressività dei linguaggi typestate-oriented. Obsidian è un linguaggio staticamente tipato e typestate-oriented con una particolare attenzione alla safety, alla security e all’usabilità. Queste caratteristiche fanno parte anche dei principali obiettivi di Stipula, un nuovo linguagggio typestate-oriented per i legal contracts. L’inserimento di tali funzionalità in Stipula potrebbe essere un buon modo per migliorarne le proprietà di safety e l’esperienza d’uso del programmatore.Error detection in programming languages has always been important in reducing bugs and vulnerabilities in programs and tools that help programmers in this task are crucial for the industry. Several kinds of error may occur in programs that can cause unexpected behaviours and lead to crashes. Fortunately, some of them can be detected using type systems and compilers. However, modern compilers may not be enough anymore: in fact, the range of mistakes that programmers may introduce is widely spread with the increasing complexity of today’s systems, such as blockchains. Languages for these environments should consider new classes of errors related to assets: in fact, in this context arbitrary duplication, creation or loss of assets should be avoided. These new kinds of error are strictly related to the concept of the state of objects, which are in blockchains smart contract instances. In this thesis, we discuss two typestated-oriented programming languages designed for smart contracts development, Stipula and Obsidian, and compare their expressiveness and main properties. In this analysis, we notice that Stipula adopts a safer and more flexible approach than Obsidian in legal contract writing, due to the primitives available for programmers. These features enable a simpler and more readable implementation of contracts and enforce a safer approach to development. On the other hand, Stipula lacks typical functionalities, such as user-defined data and data structures, that other object-oriented programming languages have: in particular, it does not support a full-fledged type system that ensures safety properties on asset operation. Then, an Obsidian implementation for currencies and tokens used in Stipula is provided and discussed in order to find hints to add in this new language ownership, which would help in error detection for asset references. Proofs that they are well-typed are provided: the tools used in these demonstrations give us some hints, especially on how ownership should work in Stipula statements. This thesis focused on the search for features and practises to improve the expressiveness of typestate-oriented programming languages. Obsidian is a statically-typed and typestate-oriented with careful attention to safety, security and usability. These features fall within the main goals of Stipula, a newborn typestate-oriented language for legal contracts. The insertion of such features in Stipula may be a good way to improve its safety and users’ experience

    Programming languages and tools with multiparty session

    Get PDF
    Distributed software systems are used in a wide variety of applications, including health care, telecommunications, finance, and entertainment. These systems typically consist of multiple software components, each with its own local memory, that are deployed across networks of hosts and communicate by passing messages in order to achieve a common goal. Distributed systems offer several benefits, including scalability — since computation happens independently on each component, it is easy and generally inexpensive to add additional components and functionality as necessary; reliability—since systems can be made up of hundreds of components working together, there is little disruption if a single component fails; performance—since work loads can be broken up and sent to multiple components, distributed systems tend to be very efficient. However, they can also be difficult to implement and analyze due to the need for heterogeneous software components to communicate and synchronize correctly and the potential for hardware or software failures. Distributed and concurrent programming is challenging due to the complexity of coordinating the communication and interactions between the various components of a system that may be running on different machines or different threads. Behavioural types can help to address some of these difficulties by providing a way to formally specify the communication between components of a distributed system. This specification can then be used to verify the correctness of the communication between these components using static typechecking, dynamic monitoring, or a combination of the two. Perhaps the most well-known form of behavioural types are session types. They define the sequences of messages that are exchanged between two or more parties in a communication protocol, as well as the order in which these messages are exchanged. More generally, behavioural types include typestate systems, which specify the state-dependent availability of operations, choreographies, which specify collective communication behaviour, and behavioural contracts that specify the expected behaviour of a system. By using behavioural types, it is possible to ensure that the communication between components of a distributed system is well-defined and follows a set of predefined rules, which can help to prevent errors and ensure that the system behaves correctly. The focus of this thesis is on using session type systems to provide static guarantees about the runtime behaviour of concurrent programs. We investigate two strands of work in this context. The first strand focuses on the relationship between session types and linearity. Linearity is a property of certain resources, in this case communication channels, that can only be used once. For instance a linear variable can only be assigned once, after which it cannot be changed. This property is useful for session types because it helps to prevent race conditions and guarantees that no messages are lost or duplicated. We look at relaxing the standard access control in multiparty session types systems. This is typically based on linear or affine types, that offer strong guarantees of communication safety and session. However, these exclude many naturally occurring scenarios that make use of shared channels or need to store channels in shared data structures. We introduce a new and more flexible session type system, which allows channel references to be shared and stored in persistent data structures. We prove that the resulting language satisfies type safety, and we illustrate our type system through examples. The second strand of research in this thesis looks at the expressive power of session types, and their connection to typestate for safe distributed programming in the Java language. Typestates are a way of annotating objects with a set of operations that are valid to perform on them at a given state. We expand the expressive power of two existing tools, use them to represent real-world case studies, and end by considering language usability and human factors

    Choreographies and Cost Semantics for Reliable Communicating Systems

    Get PDF
    Communicating systems have become ubiquitous in today\u27s society.Unfortunately, the complexity of their interactions makesthem particularly prone to failures such as deadlocked statescaused by misbehaving components, or memory exhaustion due to a surgein message traffic (malicious or not).These vulnerabilities constitute a real risk to users, withconsequences ranging from minor inconveniences to the possibility ofloss of life and capital.This thesis presents results that aim to increase the reliability of communicating systems.First, we implement a choreography language that can, by construction, only describe deadlock-free systems.Second, we develop a cost semantics to prove programs free of out-of-memory errors.Lastly, we improve both results by using novel semantic approaches that strengthen key theorems and facilitate further proof development.All of these results are formalized in the HOL4 theorem prover and integrated with the CakeML verified stack
    • …
    corecore