362,475 research outputs found
Reasoning about Programs With Effects
AbstractThis note presents a summary of my research on reasoning about programs with effects. This work has been carried out in collaboration with several colleagues over roughly the past ten years. The work has had two major sub-themes: reasoning about functional programs extended with imperative features; and reasoning about components of open distributed systems. Functional programming languages extended with imperative features include languages like Scheme and ML as well as object-based languages such as Java. This work has focused on operationally based semantics and formalisms for specifying and reasoning about such programs. The work on components of open distributed systems has been based on the actor model of computation and has focused on developing semantic models for modular specification and composition of actor systems
Handling Defeasibilities in Action Domains
Representing defeasibility is an important issue in common sense reasoning.
In reasoning about action and change, this issue becomes more difficult because
domain and action related defeasible information may conflict with general
inertia rules. Furthermore, different types of defeasible information may also
interfere with each other during the reasoning. In this paper, we develop a
prioritized logic programming approach to handle defeasibilities in reasoning
about action. In particular, we propose three action languages {\cal AT}^{0},
{\cal AT}^{1} and {\cal AT}^{2} which handle three types of defeasibilities in
action domains named defeasible constraints, defeasible observations and
actions with defeasible and abnormal effects respectively. Each language with a
higher superscript can be viewed as an extension of the language with a lower
superscript. These action languages inherit the simple syntax of {\cal A}
language but their semantics is developed in terms of transition systems where
transition functions are defined based on prioritized logic programs. By
illustrating various examples, we show that our approach eventually provides a
powerful mechanism to handle various defeasibilities in temporal prediction and
postdiction. We also investigate semantic properties of these three action
languages and characterize classes of action domains that present more
desirable solutions in reasoning about action within the underlying action
languages.Comment: 49 pages, 1 figure, to be appeared in journal Theory and Practice
Logic Programmin
Extended Call-by-Push-Value: Reasoning About Effectful Programs and Evaluation Order
Traditionally, reasoning about programs under varying evaluation regimes (call-by-value, call-by-name etc.) was done at the meta-level, treating them as term rewriting systems. Levy’s call-by-push-value (CBPV) calculus provides a more powerful approach for reasoning, by treating CBPV terms as a common intermediate language which captures both call-by-value and call-by-name, and by allowing equational reasoning about changes to evaluation order between or within programs.
We extend CBPV to additionally deal with call-by-need, which is non-trivial because of shared reductions. This allows the equational reasoning to also support call-by-need. As an example, we then prove that call-by-need and call-by-name are equivalent if nontermination is the only side-effect in the source language.
We then show how to incorporate an effect system. This enables us to exploit static knowledge of the potential effects of a given expression to augment equational reasoning; thus a program fragment might be invariant under change of evaluation regime only because of knowledge of its effects
Semantics for Noninterference with Interaction Trees (Artifact)
Noninterference is the strong information-security property that a program does not leak secrets through publicly-visible behavior. In the presence of effects such as nontermination, state, and exceptions, reasoning about noninterference quickly becomes subtle. We advocate using interaction trees (ITrees) to provide compositional mechanized proofs of noninterference for multi-language, effectful, nonterminating programs, while retaining executability of the semantics. We develop important foundations for security analysis with ITrees: two indistinguishability relations, leading to two standard notions of noninterference with adversaries of different strength, along with metatheory libraries for reasoning about each. We demonstrate the utility of our results using a simple imperative language with embedded assembly, along with a compiler into that assembly language
Semantics for Noninterference with Interaction Trees
Noninterference is the strong information-security property that a program does not leak secrets through publicly-visible behavior. In the presence of effects such as nontermination, state, and exceptions, reasoning about noninterference quickly becomes subtle. We advocate using interaction trees (ITrees) to provide compositional mechanized proofs of noninterference for multi-language, effectful, nonterminating programs, while retaining executability of the semantics. We develop important foundations for security analysis with ITrees: two indistinguishability relations, leading to two standard notions of noninterference with adversaries of different strength, along with metatheory libraries for reasoning about each. We demonstrate the utility of our results using a simple imperative language with embedded assembly, along with a compiler into that assembly language
Action Logic Programs: How to Specify Strategic Behavior in Dynamic Domains Using Logical Rules
We discuss a new concept of agent programs that combines logic programming with reasoning about actions. These agent logic programs are characterized by a clear separation between the specification of the agent’s strategic behavior and the underlying theory about the agent’s actions and their effects. This makes it a generic, declarative agent programming language, which can be combined with an action representation formalism of one’s choice. We present a declarative semantics for agent logic programs along with (two versions of) a sound and complete operational semantics, which combines the standard inference mechanisms for (constraint) logic programs with reasoning about actions
Divergences on Monads for Relational Program Logics
Several relational program logics have been introduced for integrating
reasoning about relational properties of programs and measurement of
quantitative difference between computational effects. Towards a general
framework for such logics, in this paper, we formalize quantitative difference
between computational effects as divergence on monad, then develop a relational
program logic acRL that supports generic computational effects and divergences
on them. To give a categorical semantics of acRL supporting divergences, we
give a method to obtain graded strong relational liftings from divergences on
monads. We derive two instantiations of acRL for the verification of 1) various
differential privacy of higher-order functional probabilistic programs and 2)
difference of distribution of costs between higher-order functional programs
with probabilistic choice and cost counting operations.Comment: Preprin
Pruning, Pushdown Exception-Flow Analysis
Statically reasoning in the presence of exceptions and about the effects of
exceptions is challenging: exception-flows are mutually determined by
traditional control-flow and points-to analyses. We tackle the challenge of
analyzing exception-flows from two angles. First, from the angle of pruning
control-flows (both normal and exceptional), we derive a pushdown framework for
an object-oriented language with full-featured exceptions. Unlike traditional
analyses, it allows precise matching of throwers to catchers. Second, from the
angle of pruning points-to information, we generalize abstract garbage
collection to object-oriented programs and enhance it with liveness analysis.
We then seamlessly weave the techniques into enhanced reachability computation,
yielding highly precise exception-flow analysis, without becoming intractable,
even for large applications. We evaluate our pruned, pushdown exception-flow
analysis, comparing it with an established analysis on large scale standard
Java benchmarks. The results show that our analysis significantly improves
analysis precision over traditional analysis within a reasonable analysis time.Comment: 14th IEEE International Working Conference on Source Code Analysis
and Manipulatio
- …