18 research outputs found
Scather: programming with multi-party computation and MapReduce
We present a prototype of a distributed computational infrastructure, an associated high level programming language, and an underlying formal framework that allow multiple parties to leverage their own cloud-based computational resources (capable of supporting MapReduce [27] operations) in concert with multi-party computation (MPC) to execute statistical analysis algorithms that have privacy-preserving properties. Our architecture allows a data analyst unfamiliar with MPC to: (1) author an analysis algorithm that is agnostic with regard to data privacy policies, (2) to use an automated process to derive algorithm implementation variants that have different privacy and performance properties, and (3) to compile those implementation variants so that they can be deployed on an infrastructures that allows computations to take place locally within each participant’s MapReduce cluster as well as across all the participants’ clusters using an MPC protocol. We describe implementation details of the architecture, discuss and demonstrate how the formal framework enables the exploration of tradeoffs between the efficiency and privacy properties of an analysis algorithm, and present two example applications that illustrate how such an infrastructure can be utilized in practice.This work was supported in part by NSF Grants: #1430145, #1414119, #1347522, and #1012798
Type-Based Analysis of Logarithmic Amortised Complexity
We introduce a novel amortised resource analysis couched in a type-and-effect
system. Our analysis is formulated in terms of the physicist's method of
amortised analysis, and is potential-based. The type system makes use of
logarithmic potential functions and is the first such system to exhibit
*logarithmic amortised complexity*. With our approach we target the automated
analysis of self-adjusting data structures, like splay trees, which so far have
only manually been analysed in the literature. In particular, we have
implemented a semi-automated prototype, which successfully analyses the zig-zig
case of *splaying*, once the type annotations are fixed.Comment: 35 pages. arXiv admin note: text overlap with arXiv:1807.0824
Type-based cost analysis for lazy functional languages
We present a static analysis for determining the execution costs of lazily evaluated functional languages, such as Haskell. Time- and space-behaviour of lazy functional languages can be hard to predict, creating a significant barrier to their broader acceptance. This paper applies a type-based analysis employing amortisation and cost effects to statically determine upper bounds on evaluation costs. While amortisation performs well with finite recursive data, we significantly improve the precision of our analysis for co-recursive programs (i.e. dealing with potentially infinite data structures) by tracking self-references. Combining these two approaches gives a fully automatic static analysis for both recursive and co-recursive definitions. The analysis is formally proven correct against an operational semantic that features an exchangeable parametric cost-model. An arbitrary measure can be assigned to all syntactic constructs, allowing to bound, for example, evaluation steps, applications, allocations, etc. Moreover, automatic inference only relies on first-order unification and standard linear programming solving. Our publicly available implementation demonstrates the practicability of our technique on editable non-trivial examples.PostprintPeer reviewe
Bounded Expectations: Resource Analysis for Probabilistic Programs
This paper presents a new static analysis for deriving upper bounds on the
expected resource consumption of probabilistic programs. The analysis is fully
automatic and derives symbolic bounds that are multivariate polynomials of the
inputs. The new technique combines manual state-of-the-art reasoning techniques
for probabilistic programs with an effective method for automatic
resource-bound analysis of deterministic programs. It can be seen as both, an
extension of automatic amortized resource analysis (AARA) to probabilistic
programs and an automation of manual reasoning for probabilistic programs that
is based on weakest preconditions. As a result, bound inference can be reduced
to off-the-shelf LP solving in many cases and automatically-derived bounds can
be interactively extended with standard program logics if the automation fails.
Building on existing work, the soundness of the analysis is proved with respect
to an operational semantics that is based on Markov decision processes. The
effectiveness of the technique is demonstrated with a prototype implementation
that is used to automatically analyze 39 challenging probabilistic programs and
randomized algorithms. Experimental results indicate that the derived constant
factors in the bounds are very precise and even optimal for many programs
Expected Runtime of Quantum Programs
Building upon recent work on probabilistic programs, we formally define the
notion of expected runtime for quantum programs. A representation of the
expected runtimes of quantum programs is introduced with an interpretation as
an observable in physics. A method for computing the expected runtimes of
quantum programs in finite-dimensional state spaces is developed. Several
examples are provided as applications of this method; in particular, an open
problem of computing the expected runtime of quantum random walks is solved
using our method
Automatic Static Cost Analysis for Parallel Programs
Abstract. Static analysis of the evaluation cost of programs is an extensively studied problem that has many important applications. However, most automatic methods for static cost analysis are limited to sequential evaluation while programs are increasingly evaluated on modern multicore and multiprocessor hardware. This article introduces the first automatic analysis for deriving bounds on the worst-case evaluation cost of parallel first-order functional programs. The analysis is performed by a novel type system for amortized resource analysis. The main innovation is a technique that separates the reasoning about sizes of data structures and evaluation cost within the same framework. The cost semantics of parallel programs is based on call-by-value evaluation and the standard cost measures work and depth. A soundness proof of the type system establishes the correctness of the derived cost bounds with respect to the cost semantics. The derived bounds are multivariate resource polynomials which depend on the sizes of the arguments of a function. Type inference can be reduced to linear programming and is fully automatic. A prototype implementation of the analysis system has been developed to experimentally evaluate the effectiveness of the approach. The experiments show that the analysis infers bounds for realistic example programs such as quick sort for lists of lists, matrix multiplication, and an implementation of sets with lists. The derived bounds are often asymptotically tight and the constant factors are close to the optimal ones
Verifying and Synthesizing Constant-Resource Implementations with Types
We propose a novel type system for verifying that programs correctly
implement constant-resource behavior. Our type system extends recent work on
automatic amortized resource analysis (AARA), a set of techniques that
automatically derive provable upper bounds on the resource consumption of
programs. We devise new techniques that build on the potential method to
achieve compositionality, precision, and automation.
A strict global requirement that a program always maintains constant resource
usage is too restrictive for most practical applications. It is sufficient to
require that the program's resource behavior remain constant with respect to an
attacker who is only allowed to observe part of the program's state and
behavior. To account for this, our type system incorporates information flow
tracking into its resource analysis. This allows our system to certify programs
that need to violate the constant-time requirement in certain cases, as long as
doing so does not leak confidential information to attackers. We formalize this
guarantee by defining a new notion of resource-aware noninterference, and prove
that our system enforces it.
Finally, we show how our type inference algorithm can be used to synthesize a
constant-time implementation from one that cannot be verified as secure,
effectively repairing insecure programs automatically. We also show how a
second novel AARA system that computes lower bounds on resource usage can be
used to derive quantitative bounds on the amount of information that a program
leaks through its resource use. We implemented each of these systems in
Resource Aware ML, and show that it can be applied to verify constant-time
behavior in a number of applications including encryption and decryption
routines, database queries, and other resource-aware functionality.Comment: 30, IEEE S&P 201