5,520 research outputs found
Gradual Certified Programming in Coq
Expressive static typing disciplines are a powerful way to achieve
high-quality software. However, the adoption cost of such techniques should not
be under-estimated. Just like gradual typing allows for a smooth transition
from dynamically-typed to statically-typed programs, it seems desirable to
support a gradual path to certified programming. We explore gradual certified
programming in Coq, providing the possibility to postpone the proofs of
selected properties, and to check "at runtime" whether the properties actually
hold. Casts can be integrated with the implicit coercion mechanism of Coq to
support implicit cast insertion a la gradual typing. Additionally, when
extracting Coq functions to mainstream languages, our encoding of casts
supports lifting assumed properties into runtime checks. Much to our surprise,
it is not necessary to extend Coq in any way to support gradual certified
programming. A simple mix of type classes and axioms makes it possible to bring
gradual certified programming to Coq in a straightforward manner.Comment: DLS'15 final version, Proceedings of the ACM Dynamic Languages
Symposium (DLS 2015
Object-oriented Programming Laws for Annotated Java Programs
Object-oriented programming laws have been proposed in the context of
languages that are not combined with a behavioral interface specification
language (BISL). The strong dependence between source-code and interface
specifications may cause a number of difficulties when transforming programs.
In this paper we introduce a set of programming laws for object-oriented
languages like Java combined with the Java Modeling Language (JML). The set of
laws deals with object-oriented features taking into account their
specifications. Some laws deal only with features of the specification
language. These laws constitute a set of small transformations for the
development of more elaborate ones like refactorings
Existential witness extraction in classical realizability and via a negative translation
We show how to extract existential witnesses from classical proofs using
Krivine's classical realizability---where classical proofs are interpreted as
lambda-terms with the call/cc control operator. We first recall the basic
framework of classical realizability (in classical second-order arithmetic) and
show how to extend it with primitive numerals for faster computations. Then we
show how to perform witness extraction in this framework, by discussing several
techniques depending on the shape of the existential formula. In particular, we
show that in the Sigma01-case, Krivine's witness extraction method reduces to
Friedman's through a well-suited negative translation to intuitionistic
second-order arithmetic. Finally we discuss the advantages of using call/cc
rather than a negative translation, especially from the point of view of an
implementation.Comment: 52 pages. Accepted in Logical Methods for Computer Science (LMCS),
201
Process Realizability
We develop a notion of realizability for Classical Linear Logic based on a
concurrent process calculus.Comment: Appeared in Foundations of Secure Computation: Proceedings of the
1999 Marktoberdorf Summer School, F. L. Bauer and R. Steinbruggen, eds. (IOS
Press) 2000, 167-18
Implementing and reasoning about hash-consed data structures in Coq
We report on four different approaches to implementing hash-consing in Coq
programs. The use cases include execution inside Coq, or execution of the
extracted OCaml code. We explore the different trade-offs between faithful use
of pristine extracted code, and code that is fine-tuned to make use of OCaml
programming constructs not available in Coq. We discuss the possible
consequences in terms of performances and guarantees. We use the running
example of binary decision diagrams and then demonstrate the generality of our
solutions by applying them to other examples of hash-consed data structures
Perspectives for proof unwinding by programming languages techniques
In this chapter, we propose some future directions of work, potentially
beneficial to Mathematics and its foundations, based on the recent import of
methodology from the theory of programming languages into proof theory. This
scientific essay, written for the audience of proof theorists as well as the
working mathematician, is not a survey of the field, but rather a personal view
of the author who hopes that it may inspire future and fellow researchers
Middle-Out Reasoning for Logic Program Synthesis
We propose a novel approach to automating the synthesis of logic programs: Logic programs are synthesized as a by-product of the planning of a verification proof. The approach is a two-level one: At the object level, we prove program verification conjectures in a sorted, first-order theory. The conjectures are of the form 8args \Gamma\Gamma\Gamma\Gamma! : prog(args \Gamma\Gamma\Gamma\Gamma! ) $ spec(args \Gamma\Gamma\Gamma\Gamma! ). At the meta-level, we plan the object-level verification with an unspecified program definition. The definition is represented with a (second-order) meta-level variable, which becomes instantiated in the course of the planning
Validity-Guided Synthesis of Reactive Systems from Assume-Guarantee Contracts
Automated synthesis of reactive systems from specifications has been a topic
of research for decades. Recently, a variety of approaches have been proposed
to extend synthesis of reactive systems from proposi- tional specifications
towards specifications over rich theories. We propose a novel, completely
automated approach to program synthesis which reduces the problem to deciding
the validity of a set of forall-exists formulas. In spirit of IC3 / PDR, our
problem space is recursively refined by blocking out regions of unsafe states,
aiming to discover a fixpoint that describes safe reactions. If such a fixpoint
is found, we construct a witness that is directly translated into an
implementation. We implemented the algorithm on top of the JKind model checker,
and exercised it against contracts written using the Lustre specification
language. Experimental results show how the new algorithm outperforms JKinds
already existing synthesis procedure based on k-induction and addresses
soundness issues in the k-inductive approach with respect to unrealizable
results.Comment: 18 pages, 5 figures, 2 table
Computational Soundness for Dalvik Bytecode
Automatically analyzing information flow within Android applications that
rely on cryptographic operations with their computational security guarantees
imposes formidable challenges that existing approaches for understanding an
app's behavior struggle to meet. These approaches do not distinguish
cryptographic and non-cryptographic operations, and hence do not account for
cryptographic protections: f(m) is considered sensitive for a sensitive message
m irrespective of potential secrecy properties offered by a cryptographic
operation f. These approaches consequently provide a safe approximation of the
app's behavior, but they mistakenly classify a large fraction of apps as
potentially insecure and consequently yield overly pessimistic results.
In this paper, we show how cryptographic operations can be faithfully
included into existing approaches for automated app analysis. To this end, we
first show how cryptographic operations can be expressed as symbolic
abstractions within the comprehensive Dalvik bytecode language. These
abstractions are accessible to automated analysis, and they can be conveniently
added to existing app analysis tools using minor changes in their semantics.
Second, we show that our abstractions are faithful by providing the first
computational soundness result for Dalvik bytecode, i.e., the absence of
attacks against our symbolically abstracted program entails the absence of any
attacks against a suitable cryptographic program realization. We cast our
computational soundness result in the CoSP framework, which makes the result
modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape
- …