16,886 research outputs found
Implementing a Functional Language for Flix
Static program analysis is a powerful technique for maintaining software, with
applications such as compiler optimizations, code refactoring, and bug finding.
Static analyzers are typically implemented in general-purpose programming
languages, such as C++ and Java; however, these analyzers are complex and
often difficult to understand and maintain. An alternate approach is to use
Datalog, a declarative language. Implementors can express analysis constraints
declaratively, which makes it easier to understand and ensure correctness of the
analysis. Furthermore, the declarative nature of the analysis allows multiple,
independent analyses to be easily combined.
Flix is a programming language for static analysis, consisting of a logic
language and a functional language. The logic language is inspired by
Datalog, but supports user-defined lattices. The functional language allows
implementors to write functions, something which is not supported in Datalog.
These two extensions, user-defined lattices and functions, allow Flix to
support analyses that cannot be expressed by Datalog, such as a constant
propagation analysis. Datalog is limited to constraints on relations, and
although it can simulate finite lattices, it cannot express lattices over an
infinite domain. Finally, another advantage of Flix is that it supports
interoperability with existing tools written in general-purpose programming
languages.
This thesis discusses the implementation of the Flix functional language,
which involves abstract syntax tree transformations, an interpreter back-end,
and a code generator back-end. The implementation must support a number of
interesting language features, such as pattern matching, first-class functions,
and interoperability.
The thesis also evaluates the implementation, comparing the interpreter and code
generator back-ends in terms of correctness and performance. The performance
benchmarks include purely functional programs (such as an N-body simulation),
programs that involve both the logic and functional languages (such as matrix
multiplication), and a real-world static analysis (the Strong Update analysis).
Additionally, for the purely functional benchmarks, the performance of Flix
is compared to C++, Java, Scala, and Ruby.
In general, the performance of compiled Flix code is significantly faster
than interpreted Flix code. This applies to all the purely functional
benchmarks, as well as benchmarks that spend most of the time in the functional
language, rather than the logic language. Furthermore, for purely functional
code, the performance of compiled Flix is often comparable to Java and Scala
Verified Correctness and Security of mbedTLS HMAC-DRBG
We have formalized the functional specification of HMAC-DRBG (NIST 800-90A),
and we have proved its cryptographic security--that its output is
pseudorandom--using a hybrid game-based proof. We have also proved that the
mbedTLS implementation (C program) correctly implements this functional
specification. That proof composes with an existing C compiler correctness
proof to guarantee, end-to-end, that the machine language program gives strong
pseudorandomness. All proofs (hybrid games, C program verification, compiler,
and their composition) are machine-checked in the Coq proof assistant. Our
proofs are modular: the hybrid game proof holds on any implementation of
HMAC-DRBG that satisfies our functional specification. Therefore, our
functional specification can serve as a high-assurance reference.Comment: Appearing in CCS '1
TRX: A Formally Verified Parser Interpreter
Parsing is an important problem in computer science and yet surprisingly
little attention has been devoted to its formal verification. In this paper, we
present TRX: a parser interpreter formally developed in the proof assistant
Coq, capable of producing formally correct parsers. We are using parsing
expression grammars (PEGs), a formalism essentially representing recursive
descent parsing, which we consider an attractive alternative to context-free
grammars (CFGs). From this formalization we can extract a parser for an
arbitrary PEG grammar with the warranty of total correctness, i.e., the
resulting parser is terminating and correct with respect to its grammar and the
semantics of PEGs; both properties formally proven in Coq.Comment: 26 pages, LMC
Synthesizing Certified Code
Code certification is a lightweight approach for formally demonstrating software quality. Its basic idea is to require code producers to provide formal proofs that their code satisfies certain quality properties. These proofs serve as certificates that can be checked independently. Since code certification uses the same underlying technology as program verification, it requires detailed annotations (e.g., loop invariants) to make the proofs possible. However, manually adding annotations to the code is time-consuming and error-prone. We address this problem by combining code certification with automatic program synthesis. Given a high-level specification, our approach simultaneously generates code and all annotations required to certify the generated code. We describe a certification extension of AutoBayes, a synthesis tool for automatically generating data analysis programs. Based on built-in domain knowledge, proof annotations are added and used to generate proof obligations that are discharged by the automated theorem prover E-SETHEO. We demonstrate our approach by certifying operator- and memory-safety on a data-classification program. For this program, our approach was faster and more precise than PolySpace, a commercial static analysis tool
Action semantics in retrospect
This paper is a themed account of the action semantics project, which Peter Mosses has led since the 1980s. It explains his motivations for developing action semantics, the inspirations behind its design, and the foundations of action semantics based on unified algebras. It goes on to outline some applications of action semantics to describe real programming languages, and some efforts to implement programming languages using action semantics directed compiler generation. It concludes by outlining more recent developments and reflecting on the success of the action semantics project
First steps towards the certification of an ARM simulator using Compcert
The simulation of Systems-on-Chip (SoC) is nowadays a hot topic because,
beyond providing many debugging facilities, it allows the development of
dedicated software before the hardware is available. Low-consumption CPUs such
as ARM play a central role in SoC. However, the effectiveness of simulation
depends on the faithfulness of the simulator. To this effect, we propose here
to prove significant parts of such a simulator, SimSoC. Basically, on one hand,
we develop a Coq formal model of the ARM architecture while on the other hand,
we consider a version of the simulator including components written in
Compcert-C. Then we prove that the simulation of ARM operations, according to
Compcert-C formal semantics, conforms to the expected formal model of ARM. Size
issues are partly dealt with using automatic generation of significant parts of
the Coq model and of SimSoC from the official textual definition of ARM.
However, this is still a long-term project. We report here the current stage of
our efforts and discuss in particular the use of Compcert-C in this framework.Comment: First International Conference on Certified Programs and Proofs 7086
(2011
Functional programming languages for verification tools: experiences with ML and Haskell
We compare Haskell with ML as programming languages for verification tools, based on our experience developing TRUTH in Haskell and the Edinburgh Concurrency Workbench (CWB) in ML. We discuss not only technical language features but also the "worlds" of the languages, for example, the availability of tools and libraries
- …