Specifying and Executing Optimizations for Parallel Programs

Compiler optimizations, usually expressed as rewrites on program graphs, are a core part of all modern compilers. However, even production compilers have bugs, and these bugs are difficult to detect and resolve. The problem only becomes more complex when compiling parallel programs; from the choice of graph representation to the possibility of race conditions, optimization designers have a range of factors to consider that do not appear when dealing with single-threaded programs. In this paper we present PTRANS, a domain-specific language for formal specification of compiler transformations, and describe its executable semantics. The fundamental approach of PTRANS is to describe program transformations as rewrites on control flow graphs with temporal logic side conditions. The syntax of PTRANS allows cleaner, more comprehensible specification of program optimizations; its executable semantics allows these specifications to act as prototypes for the optimizations themselves, so that candidate optimizations can be tested and refined before going on to include them in a compiler. We demonstrate the use of PTRANS to state, test, and refine the specification of a redundant store elimination optimization on parallel programs.Comment: In Proceedings GRAPHITE 2014, arXiv:1407.767

Pseudo-Retract Functors for Local Lattices and Bifinite L-Domains

Recently, a new category of domains used for the mathematical foundations of denotational semantics, that of L-domains, have been under study. In this paper we consider a related category of posets, that of local lattices. First, a completion operator taking posets to local lattices is developed, and then this operator is extended to a functor from posets with embedding-projection pairs to local lattices with embedding-projection pairs. The result of applying this functor to a local lattice yields a local lattice isomorphic to the first; this functor is a pseudo-retract. Using the functor into local lattices, a continuous pseudo-retraction functor from ω-bifinite posets to ω-bifinite L-domains can be constructed. Such a functor takes a universal domain for the ω-bifinite posets to a universal domain for the ω-bifinite L-domains. Moreover, the existence of such a functor implies that, from the existence of a saturated universal domain for the ω-algebraic bifinites, we can conclude the existence of a saturated universal domain for the ω-bifinite L-domains

Doing Algebra in Simple Type Theory

To fully utilize the power of higher-order logic in interactive theorem proving, it is desirable to be able to develop abstract areas of Mathematics such as algebra and topology in an automated setting. Theorems provers capable of higher order reasoning have generally had some form of type theory as theory object language. But mathematicians have tended to use the language of set theory to give definitions and prove theorems in algebra and topology. In this paper,we give an incremental description of how to express various basic algebraic concepts in terms of simple type theory. We present a method for representing algebras, subalgebras, quotient algebras, homorphisms and isomorphisms simple type theory, using group theory as an example in each case. Following this we discuss how to automatically apply such an abstract theory to concrete examples. Finally, we conclude with some observations about a potential inconvenience associated with this method of representation, and discuss a difficulty inherent in any attempt to remove this inconvenience

Verifying Optimizations for Concurrent Programs

While program correctness for compiled languages depends fundamentally on compiler correctness, compiler optimizations are not usually formally verified due to the effort involved, particularly in the presence of concurrency. In this paper, we present a framework for stating and reasoning about compiler optimizations and transformations on programs in the presence of relaxed memory models. The core of the framework is the PTRANS specification language, in which program transformations are expressed as rewrites on control flow graphs with temporal logic side conditions. We demonstrate our technique by verifying the correctness of a redundant store elimination optimization in a simple LLVM-like intermediate language, relying on a theorem that allows us to lift single-thread simulation relations to simulations on multithreaded programs

An Abstract Interpretation for ML Equality Kinds

The definition of Standard ML provides a form of generic equality which is inferred for certain types, called equality types, on which it is possible to define an equality relation in ML. However, the standard definition is incomplete in the sense that there are interesting and useful types which are not inferred to be equality types but for which an equality relation can be defined in ML in a uniform manner. In this paper, a refinement of the Standard ML system of equality types is introduced and is proven sound and complete with respect to the existence of a definable equality. The technique used here is based on an abstract interpretation of ML operators as monotone functions over a three point lattice. It is shown how the equality relation can be defined (as an ML program) from the definition of a type with our equality property. Finally, a sound, efficient algorithm for inferring the equality property which corrects the limitations of the standard definition in all cases of practical interest is demonstrated

IsaK: A Complete Semantics of K

K (Roşu and Şerbănuţă, 2010) is a rewrite-based executable semantic framework in which programming languages, type systems and formal analysis tools can be de ned using con gurations, computations and rules. In this paper we de ne IsaK, a reference semantics for K, which was developed through discussion with the K team to meet their expectations of a semantics of K. IsaK is de ned in the interactive theorem prover Isabelle/HOL (Paulson, 1990), and, to the best of our knowledge, is the most complete of any existing K speci cation. IsaK de nes the full behavior of K, a useful sort system for K and suggests several undesirable behaviors in the current K implementations (K 3.6 and K 4.0). We also provide an OCaml based executable K interpreter generated automatically from the K speci cation in Isabelle. By using a prede ned K parser, the K interpreter is suitable to interpret major K de nitions for large languages such as the LLVM semantics in K, the Java semantics in K and the C semantics in K. We ran a test suite including 13 speci cations and 356 programs to test our K interpreter and we are able to compile all 13 speci cations and run the 338 programs not requiring keyboard input. As a utility of IsaK, we also formally prove a CTL application in IsaK correct.NSF Grant No.0917218Ope

Symbolic Semantics for CSP

Communicating Sequential Processes (CSP) is a well-known formal language for describing concur- rent systems. Brookes, Hoare and Roscoe [2] have given a transition semantics for CSP that underlies common approaches to model checking properties of CSP programs. In this paper, we present a gen- eralized transition semantics of CSP, which we call HCSP, that merges the original transition system with ideas from Floyd-Hoare Logic and symbolic computation. This generalized semantics is shown to be sound and complete with respect to the original trace semantics. Traces in our system are sym- bolic representations of families of traces as given by the original semantics. This more compact representation allows us to expand the original CSP systems to effectively model check some CSP programs which are difficult for other CSP systems to analyze. In particular, our system can han- dle certain classes of non-deterministic choices as a single transition, while the original semantics would treat each choice separately, possibly leading to large or unbounded case analyses. All work described in this paper has been carried out in the theorem prover Isabelle. This then provides us with a framework for automated and interactive analysis of CSP processes. It also give us the ability to extract Ocaml code for an HCSP-based simulator directly from Isabelle.NSF 0917218NASA Contract NNA10DE79Cunpublishednot peer reviewe

Formal Specifications and Analysis of the Computer Assisted Resuscitation Algorithm (CARA) Infusion Pump Control System

Reliability of medical devices such as the CARA Infusion Pump Control System is of extreme importance given that these devices are being used on patients in critical condition. The Infusion Pump Control System includes embedded processors and accompanying embedded software for monitoring as well as controlling sensors and actuators that allow the embedded systems to interact with their environments. This nature of the Infusion Pump Control System adds to the complexity of assuring the reliability of the total system. The traditional methods of developing embedded systems are inadequate for such safety-critical devices. In this paper, we study the application of formal methods to the requirements capture and analysis for the Infusion Pump Control System. Our approach consists of two phases. The first phase is to convert the informal design requirements into a set of reference specifications using a formal system, in this case EFSMs (Extended Finite State Machines). The second phase is to translate the reference specifications to the tools supporting formal analysis, such as SCR and Hermes. This allows us to conclude properties of the reference specifications. Our research goal is to develop a framework and methodology for the integrated use of formal methods in the development of embedded medical systems that require high assurance and confidence

Role-Based Access Control in a Mobile Environment

Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile environments, and in particular, the security policies regulating who can access the information in question. In this paper we describe a calculus for mobile processes and propose a mechanism for specifying access privileges based on a combination of the identity of the users seeking access, their credentials, and the location from which they seek it, within a reconfigurable nested structure. We define BACIR, a boxed ambient calculus extended with a Distributed Role-Based Access Control mechanism where each ambient controls its own access policy. A process in BACIR is associated with an owner and a set of activated roles that grant permissions for mobility and communication. The calculus includes primitives to activate and deactivate roles. The behavior of these primitives is determined by the process's owner, its current location and its currently activated roles. We consider two forms of security violations that our type system prevents: 1) attempting to move into an ambient without having the authorizing roles granting entry activated and 2) trying to use a communication port without having the roles required for access activated. We accomplish 1) and 2) by giving a static type system, an untyped transition semantics, and a typed transition semantics. We then show that a well-typed program never violates the dynamic security checks