Validating IoT Devices with Rate-Based Session Types

We develop a session types based framework for implementing and validating rate-based message passing systems in Internet of Things (IoT) domains. To model the indefinite repetition present in many embedded and IoT systems, we introduce a timed process calculus with a periodic recursion primitive. This allows us to model rate-based computations and communications inherent to these application domains. We introduce a definition of rate based session types in a binary session types setting and a new compatibility relationship, which we call rate compatibility. Programs which type check enjoy the standard session types guarantees as well as rate error freedom --- meaning processes which exchanges messages do so at the same rate. Rate compatibility is defined through a new notion of type expansion, a relation that allows communication between processes of differing periods by synthesizing and checking a common superperiod type. We prove type preservation and rate error freedom for our system, and show a decidable method for type checking based on computing superperiods for a collection of processes. We implement a prototype of our type system including rate compatibility via an embedding into the native type system of Rust. We apply this framework to a range of examples from our target domain such as Android software sensors, wearable devices, and sound processing

Towards A Practical High-Assurance Systems Programming Language

Writing correct and performant low-level systems code is a notoriously demanding job, even for experienced developers. To make the matter worse, formally reasoning about their correctness properties introduces yet another level of complexity to the task. It requires considerable expertise in both systems programming and formal verification. The development can be extremely costly due to the sheer complexity of the systems and the nuances in them, if not assisted with appropriate tools that provide abstraction and automation. Cogent is designed to alleviate the burden on developers when writing and verifying systems code. It is a high-level functional language with a certifying compiler, which automatically proves the correctness of the compiled code and also provides a purely functional abstraction of the low-level program to the developer. Equational reasoning techniques can then be used to prove functional correctness properties of the program on top of this abstract semantics, which is notably less laborious than directly verifying the C code. To make Cogent a more approachable and effective tool for developing real-world systems, we further strengthen the framework by extending the core language and its ecosystem. Specifically, we enrich the language to allow users to control the memory representation of algebraic data types, while retaining the automatic proof with a data layout refinement calculus. We repurpose existing tools in a novel way and develop an intuitive foreign function interface, which provides users a seamless experience when using Cogent in conjunction with native C. We augment the Cogent ecosystem with a property-based testing framework, which helps developers better understand the impact formal verification has on their programs and enables a progressive approach to producing high-assurance systems. Finally we explore refinement type systems, which we plan to incorporate into Cogent for more expressiveness and better integration of systems programmers with the verification process

Making Session Types Go

The ubiquitous nature of today’s multi-core processors means concurrency is ever more important to effectively use available computing resources. By its very nature however, concurrent programming is complex and error-prone - accounting for random process interleavings and managing shared resource control is difficult and can lead to instances of incorrect behavior or deadlocks in concurrent programs. As such, ensuring the cor- rectness of concurrent programs is of the utmost importance. Session types are a typing discipline for message-passing concurrency that is able to ensure strong compile-time correctness guarantees for concurrent programs by providing a protocols-as-types view of communication. In particular, we make use of the interpretation of intuitionistic linear logic formulas as session types, which serves as the basis for logical session types. These logical session types offer stronger guarantees at compile-time than simple session types. In this work we implement a (logically) session-typed functional language, along with its associated type checker, and develop a compiler for said language targeting the Go language. Our work features standard functional programming features combined with channel-based, session-typed, concurrency primitives and thread spawning. Concurrency and pure functional values are separated via a monad-like interface, in the style of Haskell. Our compilation pipeline takes a program, type checks it to ensure the absence of dead- locks and communication errors, and then translates it to valid Go code, leveraging Go’s channel and lightweight thread infrastructure. The translation requires compensating the mismatch between Go’s channel types and session types, which we achieve via a state machine view of session types. We showcase the expressiveness of our language via a series of examples, encoding concurrency idioms in the style of map-reduce, among others. We also perform a performance evaluation of our implementation, experimenting with different settings and testing it against a native Go implementation. We follow with a discussion of the experimental results. Finally, we end by discussing possible approaches to future work, namely in terms of compiler optimizations and increase in language expressiveness.Atualmente, a natureza ubíqua de processadores multi-core faz da concorrência algo cada vez mais importante para utilização eficaz dos recursos. Mas a programação concorrente é complexa e dada a erros – antecipar a execução intercalada de processos e gerir o controlo de recursos partilhados é difícil; pode levar a comportamento incorreto, ou deadlocks em programas concorrentes. Assim, assegurar a correção de programas concorrentes é da maior importância. Tipos de sessão são uma disciplina de tipos para concorrência baseada na troca de mensagens que é capaz de dar fortes garantias de correção em tempo de com- pilação para programas concorrentes, oferecendo uma visão da comunicação em termos de protocolos-como-tipos. Utilizamos a interpretação de fórmulas da lógica linear intuici- onista como tipos de sessão, que serve de base para tipos de sessão lógicos que oferecem garantias mais fortes do que tipos de sessão simples. Neste trabalho implementamos uma linguagem funcional, com tipos de sessão (lógicos), juntamente com o seu type checker, e desenvolvemos um compilador para a dita linguagem que tem por alvo a linguagem Go. A linguagem apresenta as funcionalidades standard da programação funcional, combinadas com thread spawning e primitivas de concorrência baseadas em canais e tipificadas com tipos de sessão. A concorrência e valores funcionais são separados por uma interface tipo monad, ao estilo de Haskell. O processo de compilação recebe um programa, verifica o seu tipo para assegurar a ausência de deadlocks e erros de comunicação, e tradu-lo para código Go, utilizando a infraestrutura de canais e lightweight threads de Go. A tradução implica uma compensação da diferença entre os tipos de canais em Go e os tipos de sessão, que alcançamos através duma visão de tipos de sessão como máquinas de estados. Demons- tramos a expressividade da linguagem através duma série de exemplos, implementando idiomas de concorrência como map-reduce, entre outros. Realizamos uma avaliação de desempenho da implementação, experimentado definições diferentes e testando-a contra uma implementação nativa em Go, discutindo depois os resultados experimentais. Por fim, propomos várias abordagens para trabalho futuro, em termos de optimização do compilador e aumento da expressividade da linguagem

Formally Verified Verifiable Electronic Voting Scheme

Since the introduction of secret ballots in Victoria, Australia in 1855, paper (ballots) are widely used around the world to record the preferences of eligible voters. Paper ballots provide three important ingredients: correctness, privacy, and verifiability. However, the paper ballot election brings various other challenges, e.g. it is slow for large democracies like India, error prone for complex voting method like single transferable vote, and poses operational challenges for large countries like Australia. In order to solve these problems and various others, many countries are adopting electronic voting. However, electronic voting has a whole new set of problems. In most cases, the software programs used to conduct the election have numerous problems, including, but not limited to, counting bugs, ballot identification, etc. Moreover, these software programs are treated as commercial in confidence and are not allowed to be inspected by members of the public. As a consequence, the result produced by these software programs can not be substantiated. In this thesis, we address the three main concerns posed by electronic voting, i.e. correctness, privacy, and verifiability. We address the correctness concern by using theorem prover to implement the vote counting algorithm, privacy concern by using cryptography, and verifiability concern by generating a independently checkable scrutiny sheet (certificate). Our work has been carried out in the Coq theorem prover

Computer Aided Verification

This open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency