18,545 research outputs found
The Meaning of Memory Safety
We give a rigorous characterization of what it means for a programming
language to be memory safe, capturing the intuition that memory safety supports
local reasoning about state. We formalize this principle in two ways. First, we
show how a small memory-safe language validates a noninterference property: a
program can neither affect nor be affected by unreachable parts of the state.
Second, we extend separation logic, a proof system for heap-manipulating
programs, with a memory-safe variant of its frame rule. The new rule is
stronger because it applies even when parts of the program are buggy or
malicious, but also weaker because it demands a stricter form of separation
between parts of the program state. We also consider a number of pragmatically
motivated variations on memory safety and the reasoning principles they
support. As an application of our characterization, we evaluate the security of
a previously proposed dynamic monitor for memory safety of heap-allocated data.Comment: POST'18 final versio
PHOTOS Monte Carlo for precision simulation of QED in decays - History and properties of the project
Because of properties of QED, the bremsstrahlung corrections to decays of
particles or resonances can be calculated, with a good precision, separately
from other effects. Thanks to the widespread use of event records such
calculations can be embodied into a separate module of Monte Carlo simulation
chains, as used in High Energy Experiments of today. The PHOTOS Monte Carlo
program is used for this purpose since nearly 20 years now. In the following
talk let us review the main ideas and constraints which shaped the program
version of today and enabled it widespread use. We will concentrate specially
on conflicting requirements originating from the properties of QED matrix
elements on one side and degrading (evolving) with time standards of event
record(s). These issues, quite common in other modular software applications,
become more and more difficult to handle as precision requirements become
higher.Comment: Prepared for XI International Workshop on Advanced Computing and
Analysis Techniques in Physics Research, Amsterdam, the Netherlands, April 23
200
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
Region-based memory management for Mercury programs
Region-based memory management (RBMM) is a form of compile time memory
management, well-known from the functional programming world. In this paper we
describe our work on implementing RBMM for the logic programming language
Mercury. One interesting point about Mercury is that it is designed with strong
type, mode, and determinism systems. These systems not only provide Mercury
programmers with several direct software engineering benefits, such as
self-documenting code and clear program logic, but also give language
implementors a large amount of information that is useful for program analyses.
In this work, we make use of this information to develop program analyses that
determine the distribution of data into regions and transform Mercury programs
by inserting into them the necessary region operations. We prove the
correctness of our program analyses and transformation. To execute the
annotated programs, we have implemented runtime support that tackles the two
main challenges posed by backtracking. First, backtracking can require regions
removed during forward execution to be "resurrected"; and second, any memory
allocated during a computation that has been backtracked over must be recovered
promptly and without waiting for the regions involved to come to the end of
their life. We describe in detail our solution of both these problems. We study
in detail how our RBMM system performs on a selection of benchmark programs,
including some well-known difficult cases for RBMM. Even with these difficult
cases, our RBMM-enabled Mercury system obtains clearly faster runtimes for 15
out of 18 benchmarks compared to the base Mercury system with its Boehm runtime
garbage collector, with an average runtime speedup of 24%, and an average
reduction in memory requirements of 95%. In fact, our system achieves optimal
memory consumption in some programs.Comment: 74 pages, 23 figures, 11 tables. A shorter version of this paper,
without proofs, is to appear in the journal Theory and Practice of Logic
Programming (TPLP
Comparing Tag Scheme Variations Using an Abstract Machine Generator
In this paper we study, in the context of a WAM-based abstract machine for Prolog, how variations in the encoding of type information in tagged words and in their associated basic operations impact performance and memory usage. We use a high-level language to specify encodings and the associated operations. An automatic generator constructs both the abstract machine using this encoding and the associated Prolog-to-byte code compiler. Annotations in this language make it possible to impose constraints on the final representation of tagged words, such as the effectively addressable space (fixing, for example, the word size of the target processor /architecture), the layout of the tag and value bits inside the tagged word, and how the basic operations are implemented. We evaluate large number of combinations of the different parameters in two scenarios: a) trying to obtain an optimal general-purpose abstract machine and b) automatically generating a specially-tuned abstract machine for a particular program. We conclude that we are able to automatically generate code featuring all the optimizations present in a hand-written, highly-optimized abstract machine and we canal so obtain emulators with larger addressable space and better performance
Linear Haskell: practical linearity in a higher-order polymorphic language
Linear type systems have a long and storied history, but not a clear path
forward to integrate with existing languages such as OCaml or Haskell. In this
paper, we study a linear type system designed with two crucial properties in
mind: backwards-compatibility and code reuse across linear and non-linear users
of a library. Only then can the benefits of linear types permeate conventional
functional programming. Rather than bifurcate types into linear and non-linear
counterparts, we instead attach linearity to function arrows. Linear functions
can receive inputs from linearly-bound values, but can also operate over
unrestricted, regular values.
To demonstrate the efficacy of our linear type system - both how easy it can
be integrated in an existing language implementation and how streamlined it
makes it to write programs with linear types - we implemented our type system
in GHC, the leading Haskell compiler, and demonstrate two kinds of applications
of linear types: mutable data with pure interfaces; and enforcing protocols in
I/O-performing functions
- …