64 research outputs found
LMS-Verify: abstraction without regret for verified systems programming
Performance critical software is almost always developed in C, as programmers do not trust high-level languages to deliver the same reliable performance. This is bad because low-level code in unsafe languages attracts security vulnerabilities and because development is far less productive, with PL advances mostly lost on programmers operating under tight performance constraints. High-level languages provide memory safety out of the box, but they are deemed too slow and unpredictable for serious system software.
Recent years have seen a surge in staging and generative programming: the key idea is to use high-level languages and their abstraction power as glorified macro systems to compose code fragments in first-order, potentially domain-specific, intermediate languages, from which fast C can be emitted. But what about security? Since the end result is still C code, the safety guarantees of the high-level host language are lost.
In this paper, we extend this generative approach to emit ACSL specifications along with C code. We demonstrate that staging achieves ``abstraction without regret'' for verification: we show how high-level programming models, in particular higher-order composable contracts from dynamic languages, can be used at generation time to compose and generate first-order specifications that can be statically checked by existing tools. We also show how type classes can automatically attach invariants to data types, reducing the need for repetitive manual annotations.
We evaluate our system on several case studies that varyingly exercise verification of memory safety, overflow safety, and functional correctness. We feature an HTTP parser that is (1) fast (2) high-level: implemented using staged parser combinators (3) secure: with verified memory safety. This result is significant, as input parsing is a key attack vector, and vulnerabilities related to HTTP parsing have been documented in all widely-used web servers.</jats:p
Type soundness for dependent object types (DOT)
Scala's type system unifies aspects of ML modules, object-oriented, and functional programming. The Dependent Object Types (DOT) family of calculi has been proposed as a new theoretic foundation for Scala and similar expressive languages. Unfortunately, type soundness has only been established for restricted subsets of DOT. In fact, it has been shown that important Scala features such as type refinement or a subtyping relation with lattice structure break at least one key metatheoretic property such as environment narrowing or invertible subtyping transitivity, which are usually required for a type soundness proof. The main contribution of this paper is to demonstrate how, perhaps surprisingly, even though these properties are lost in their full generality, a rich DOT calculus that includes recursive type refinement and a subtyping lattice with intersection types can still be proved sound. The key insight is that subtyping transitivity only needs to be invertible in code paths executed at run time, with contexts consisting entirely of valid runtime objects, whereas inconsistent subtyping contexts can be permitted for code that is never executed
AutoGraph: Imperative-style Coding with Graph-based Performance
There is a perceived trade-off between machine learning code that is easy to
write, and machine learning code that is scalable or fast to execute. In
machine learning, imperative style libraries like Autograd and PyTorch are easy
to write, but suffer from high interpretive overhead and are not easily
deployable in production or mobile settings. Graph-based libraries like
TensorFlow and Theano benefit from whole-program optimization and can be
deployed broadly, but make expressing complex models more cumbersome. We
describe how the use of staged programming in Python, via source code
transformation, offers a midpoint between these two library design patterns,
capturing the benefits of both. A key insight is to delay all type-dependent
decisions until runtime, via dynamic dispatch. We instantiate these principles
in AutoGraph, a software system that improves the programming experience of the
TensorFlow library, and demonstrate usability improvements with no loss in
performance compared to native TensorFlow graphs. We also show that our system
is backend agnostic, and demonstrate targeting an alternate IR with
characteristics not found in TensorFlow graphs
Staged parser combinators for efficient data processing
Parsers are ubiquitous in computing, and many applications depend on their performance for decoding data efficiently. Parser combinators are an intuitive tool for writing parsers: tight integration with the host language enables grammar specifications to be interleaved with processing of parse results. Unfortunately, parser combinators are typically slow due to the high overhead of the host language abstraction mechanisms that enable composition. We present a technique for eliminating such overhead. We use staging, a form of runtime code generation, to dissociate input parsing from parser composition, and eliminate intermediate data structures and computations associated with parser composition at staging time. A key challenge is to maintain support for input dependent grammars, which have no clear stage distinction. Our approach applies to top-down recursive-descent parsers as well as bottom-up nondeterministic parsers with key applications in dynamic programming on sequences, where we auto-generate code for parallel hardware. We achieve performance comparable to specialized, hand-written parsers
Continuation-Passing C: compiling threads to events through continuations
In this paper, we introduce Continuation Passing C (CPC), a programming
language for concurrent systems in which native and cooperative threads are
unified and presented to the programmer as a single abstraction. The CPC
compiler uses a compilation technique, based on the CPS transform, that yields
efficient code and an extremely lightweight representation for contexts. We
provide a proof of the correctness of our compilation scheme. We show in
particular that lambda-lifting, a common compilation technique for functional
languages, is also correct in an imperative language like C, under some
conditions enforced by the CPC compiler. The current CPC compiler is mature
enough to write substantial programs such as Hekate, a highly concurrent
BitTorrent seeder. Our benchmark results show that CPC is as efficient, while
using significantly less space, as the most efficient thread libraries
available.Comment: Higher-Order and Symbolic Computation (2012). arXiv admin note:
substantial text overlap with arXiv:1202.324
Shell model description of normal parity bands in odd-mass heavy deformed nuclei
The low-energy spectra and B(E2) electromagnetic transition strengths of
159Eu, 159Tb and 159Dy are described using the pseudo SU(3) model. Normal
parity bands are built as linear combinations of SU(3) states, which are the
direct product of SU(3) proton and neutron states with pseudo spin zero (for
even number of nucleons) and pseudo spin 1/2 (for odd number of nucleons). Each
of the many-particle states have a well-defined particle number and total
angular momentum. The Hamiltonian includes spherical Nilsson single-particle
energies, the quadrupole-quadrupole and pairing interactions, as well as three
rotor terms which are diagonal in the SU(3) basis. The pseudo SU(3) model is
shown to be a powerful tool to describe odd-mass heavy deformed nuclei.Comment: 11 pages, 2 figures, Accepted to be published in Phys. Rev.
Type soundness proofs with definitional interpreters
While type soundness proofs are taught in every graduate PL class, the gap between realistic languages and what is accessible to formal proofs is large. In the case of Scala, it has been shown that its formal model, the Dependent Object Types (DOT) calculus, cannot simultaneously support key metatheoretic properties such as environment narrowing and subtyping transitivity, which are usually required for a type soundness proof. Moreover, Scala and many other realistic languages lack a general substitution property.
The first contribution of this paper is to demonstrate how type soundness proofs for advanced, polymorphic, type systems can be carried out with an operational semantics based on high-level, definitional interpreters, implemented in Coq. We present the first mechanized soundness proofs in this style for System F<: and several extensions, including mutable references. Our proofs use only straightforward induction, which is significant, as the combination of big-step semantics, mutable references, and polymorphism is commonly believed to require coinductive proof techniques.
The second main contribution of this paper is to show how DOT-like calculi emerge from straightforward generalizations of the operational aspects of F<:, exposing a rich design space of calculi with path-dependent types in between System F and DOT, which we dub the System D Square.
By working directly on the target language, definitional interpreters can focus the design space and expose the invariants that actually matter at runtime. Looking at such runtime invariants is an exciting new avenue for type system design.This research was supported by NSF through awards 1553471 and 1564207
Measuring the Activity of Plasma Membrane and Vacuolar Transporters in Yeast.
The yeast proteome includes about 300 polytopic membrane proteins known or predicted to function as transporters. Such proteins ensure active or passive transport of small ions or metabolites across the plasma or internal membranes. Despite decades of research on yeast transporters, many of these remain uncharacterized in terms of substrate selectivity range, subcellular localization, and biological function. Assaying the uptake of radiolabeled compounds into whole cells or isolated organelles remains a powerful method for characterizing the function and biochemical properties of these proteins. Here we describe established protocols for measuring transporter activity in whole cells, intact vacuoles, or reconstituted vacuolar vesicles. These methods have proved particularly useful in the context of our work on yeast amino acid transporters, and can in principle be applied to assaying the uptake of other categories of compounds
- …