Mechanizing Webassembly Proposals

WebAssembly is a modern low-level programming language designed to provide high performance and security. To enable these goals, the language specifies a relatively small number of low-level types, instructions, and language constructs. The language is proven to be sound with respect to its types and execution, and a separate mechanized formalization of the specification and type soundness proofs confirms this. As an emerging technology, the language is continuously being developed, with modifications being proposed and discussed in the open and on a frequent basis. In order to ensure the soundness properties exhibited by the original core language are maintained as WebAssembly evolves, these proposals should too be mechanized and verified to be sound. This work extends the existing Isabelle mechanization to include three such proposals which add additional features to the language, and shows that the language maintains its soundness properties with their inclusion

Formalizing a hierarchical file system

An abstract file system is defined here as a partial function from (absolute) paths to data. Such a file system determines the set of valid paths. It allows the file system to be read and written at a valid path, and it allows the system to be modified by the Unix operations for creation, removal, and moving of files and directories. We present abstract definitions (axioms) for these operations. This specification is refined towards a pointer implementation. The challenge is to have a natural abstraction function from the implementation to the specification, to define operations on the concrete store that behave exactly in the same way as the corresponding functions on the abstract store, and to prove these facts. To mitigate the problems attached to partial functions, we do this in two steps: first a refinement towards a pointer implementation with total functions, followed by one that allows partial functions. These two refinements are proved correct by means of a number of invariants. Indeed, the insights gained consist, on the one hand, of the invariants of the pointer implementation that are needed for the refinement functions, and on the other hand of the precise enabling conditions of the operations on the different levels of abstraction. Each of the three specification levels is enriched with a permission system for reading, writing, or executing, and the refinement relations between these permission systems are explored. Files and directories are distinguished from the outset, but this rarely affects our part of the specifications. All results have been verified with the proof assistant PVS, in particular, that the invariants are preserved by the operations, and that, where the invariants hold, the operations commute with the refinement functions

Re-evaluating creativity in documentary filmmaking, creative analysis and creative constraints

This thesis presents an evaluation of creativity in documentary films through practice and critical theory. It argues for a more prominent consideration of the creative input in the production of documentary films, which has been neglected in the field, and often approached indirectly, coded as form, style or authorship. It employs creative practice as a mode of enquiry and explores scholarly criticism and theory from a practitioner’s perspective. Its written part is structured in three chapters: the first looks into realities and myths of creativity through the lens of the cognitive sciences, and elaborates on their findings’ usefulness to documentary film as creative analysis; the second explores the influence of documentary critical theory, expectations created of the film mode and practitioners’ approaches in the representation of reality; the third engages in documentary film as creative analysis, seeing films as creative negotiations of representational constraints. The thesis borrows from cognitive science and psychology ideas, methods and vocabulary for a critical creative analysis. It develops the analysis with attention to creative development and the problematisation of the film mode. Central to the proposed conceptual shift is the idea of ‘creative constraints’ as a useful frame for creativity. Building on ideas proposed by Jon Elster and Thomas Elsaesser, the thesis discusses the filmmaker’s choice and acceptance of self imposed creative constraints to structure their creative challenge, giving defining character to authorial approach and film results. The idea of creatively constraining a film and analysis of its creative development are put into practice in three experimental films, which form the practical part of the research. Each film was produced with a set of predetermined constraints in order to evaluate their consequences on the films’ forms and narrative, making practice integral to the enquiry. The first film, Mechanising the Catch, documents the arrival and processing of a fish catch at a port. The most obvious obstruction imposed on its production was to make use of social media video, specifically the one with the most extreme format impositions, Vine.co. For the second, Filling the Gaps, the most relevant creative constraint was to indirectly, through narrative development, call attention to the intervention of the spectator’s imagination in the construction of a documentary film. It explores the making of Albrecht Dürer’s 1515 rhinoceros engraving and enacts parallels to Dürer’s methods. The third, Loullabelle’s Café, explores natural constraints like access and ethics in the production of a documentary film. The film contains fictional sequences complemented with a documentary. The thesis mobilises cognitive science’s conceptual tools for demystifying creativity, suggesting parallels in documentary whereby the creative demands of the film mode are made visible. Together with the idea of self-imposed creative constraints, this leads to a reappraisal and re-evaluation of the balance of creativity in a documentary. It is a reminder of the fundamental intervention of creative input in documentary film in two aspects, creative interpretation and creative approach. The thesis proposes looking at documentaries as creative challenges to the use of the film media to represent the real, mediation and other constraints, and suggests each director’s instantiation of a documentary handles these differently. In line with these ideas and supplementing existing definitions, the thesis offers a definition of documentary by reference to creative constraints

Mechanising and evolving the formal semantics of WebAssembly: the Web's new low-level language

WebAssembly is the first new programming language to be supported natively by all major Web browsers since JavaScript. It is designed to be a natural low-level compilation target for languages such as C, C++, and Rust, enabling programs written in these languages to be compiled and executed efficiently on the Web. WebAssembly’s specification is managed by the W3C WebAssembly Working Group (made up of representatives from a number of major tech companies). Uniquely, the language is specified by way of a full pen-and-paper formal semantics. This thesis describes a number of ways in which I have both helped to shape the specification of WebAssembly, and built upon it. By mechanising the WebAssembly formal semantics in Isabelle/HOL while it was being drafted, I discovered a number of errors in the specification, drove the adoption of official corrections, and provided the first type soundness proof for the corrected language. This thesis also details a verified type checker and interpreter, and a security type system extension for cryptography primitives, all of which have been mechanised as extensions of my initial WebAssembly mechanisation. A major component of the thesis is my work on the specification of shared memory concurrency in Web languages: correcting and verifying properties of JavaScript’s existing relaxed memory model, and defining the WebAssembly-specific extensions to the corrected model which have been adopted as the basis of WebAssembly’s official threads specification. A number of deficiencies in the original JavaScript model are detailed. Some errors have been corrected, with the verified fixes officially adopted into subsequent editions of the language specification. However one discovered deficiency is fundamental to the model, an instance of the well-known "thin-air problem". My work demonstrates the value of formalisation and mechanisation in industrial programming language design, not only in discovering and correcting specification errors, but also in building confidence both in the correctness of the language’s design and in the design of proposed extensions.2019 Google PhD Fellowship in Programming Technology and Software Engineering Peterhouse Research Fellowshi

Continuous probability distributions in model-based specification languages

PhD ThesisModel-based speci cation languages provide a means for obtaining assurance of dependability of complex computer-based systems, but provide little support for modelling and analysing fault behaviour, which is inherently probabilistic in nature. In particular, the need for a detailed account of the role of continuous probability has been largely overlooked. This thesis addresses the role of continuous probability in model-based speci cation languages. A model-based speci cation language (sGCL) that supports continuous probability distributions is de ned. The use of sGCL and how it interacts with engineering practices is also explored. In addition, a re nement ordering for continuous probability distributions is given, and the challenge of combining non-determinism and continuous probability is discussed in depth. The thesis is presented in three parts. The rst uses two case studies to explore the use of probability in formal methods. The rst case study, on ash memory, is used to present the capabilities of probabilistic formal methods and to determine the kinds of questions that require continuous probability distributions to answer. The second, on an emergency brake system, illustrates the strengths and weaknesses of existing languages and provides a basis for exploring a prototype language that includes continuous probability. The second part of the thesis gives the formal de nition of sGCL's syntax and semantics. The semantics is made up of two parts, the proof theory (transformer semantics) and the underpinning mathematics (relational semantics). The additional language constructs and semantical features required to include non-determinism as well as continuous probability are also discussed. The most challenging aspect lies in proving the consistency of the semantics when non-determinism is also included. The third part uses a nal case study, on an aeroplane pitch monitor, to demonstrate the use of sGCL. The new analysis techniques provided by sGCL, and how they t in with engineering practices, are explored.EPSRC: The School of Computing Science, Newcastle University: DEPLOY project

'There's Something Very Familiar About All This': Time Machines, Cultural Tangents, and Mastering Time in H.G Wells's The Time Machine and the Back to the Future trilogy

Time travel cinema criticism frequently cites H.G. Wells’s fin-de-siècle novella The Time Machine (1895) as a master template for popular time travel narratives. Following the 30th anniversary of Back to the Future, a film still regarded in popular culture today as a landmark in time travel cinema and 1980s culture, this article positions the Back to the Future trilogy alongside Wells’s novella and its most successful film adaptation, The Time Machine (Pal, 1960), in order to explore the varied and cultural preoccupations that each of these time travel narratives articulate, alongside Back to the Future’s adaptation and intertextual references to Wells’s time travel tale. In particular, the article explores the depiction of time machines in both The Time Machine and the Back to the Future trilogy, its specific cultural anxieties regarding evolution and paradoxical erasure, and how these texts explore, both visually and narratively, the concept of mastering time. This article therefore contends that the Back to the Future trilogy is an adaptation and reimagining of Wells’s novella and Pal’s film for the 1980s generation