Higher-Order, Data-Parallel Structured Deduction

State-of-the-art Datalog engines include expressive features such as ADTs (structured heap values), stratified aggregation and negation, various primitive operations, and the opportunity for further extension using FFIs. Current parallelization approaches for state-of-art Datalogs target shared-memory locking data-structures using conventional multi-threading, or use the map-reduce model for distributed computing. Furthermore, current state-of-art approaches cannot scale to formal systems which pervasively manipulate structured data due to their lack of indexing for structured data stored in the heap. In this paper, we describe a new approach to data-parallel structured deduction that involves a key semantic extension of Datalog to permit first-class facts and higher-order relations via defunctionalization, an implementation approach that enables parallelism uniformly both across sets of disjoint facts and over individual facts with nested structure. We detail a core language, $DL_s$, whose key invariant (subfact closure) ensures that each subfact is materialized as a top-class fact. We extend $DL_s$ to Slog, a fully-featured language whose forms facilitate leveraging subfact closure to rapidly implement expressive, high-performance formal systems. We demonstrate Slog by building a family of control-flow analyses from abstract machines, systematically, along with several implementations of classical type systems (such as STLC and LF). We performed experiments on EC2, Azure, and ALCF's Theta at up to 1000 threads, showing orders-of-magnitude scalability improvements versus competing state-of-art systems

A Formally Verified Heap Allocator

We present the formal verification of a heap allocator written in C. We use the Isabelle/HOL proof assistant to formally verify the correctness of the heap allocator at the source code level. The C source code of the heap allocator is imported into Isabelle/HOL using CParser and AutoCorres. In addition to providing the guarantee that the heap allocator is free of bugs and therefore is suitable for use in security critical projects, our work facilitates verification of other projects written in C that utilize Isabelle and AutoCorres

Formal Verification of a Modern Boot Loader

We introduce the Syracuse Assured Boot Loader Executive (SABLE), a trustworthy secure loader. A trusted boot loader performs a cryptographic measurement (hash) of program code and executes it unconditionally, allowing later-stage software to verify the integrity of the system through local or remote attestation. A secure loader differs from a trusted loader in that it executes subsequent code only if measurements of that code match known-good values. We have applied a rigorous formal verification technique recently demonstrated in practice by NICTA in their verification of the seL4 microkernel. We summarize our design philosophy from a high level and present our formal verification strategy

Improving Logic Programming for Program Analysis

Using logic programming languages has seen a resurgence in the domain of static program analysis. Such languages like Datalog, while useful, suffer from limitations in expressivity and real-world applicability. This dissertation explores tackling these limitations from different angles. \emph{Slog} extends Datalog with nested facts. By allowing facts to reference other facts, Slog becomes a Turing-complete language, allowing it to express a wider range of analyses. Moreover, Slog has been designed with an eye towards automatic non-shared-memory parallelization. \emph{Ascent} embeds a logic programming language like Datalog in Rust, a high-performance, type-safe programming language. By embedding Ascent in Rust, a wealth of Rust-provided abstractions like functions and data types become available to Ascent, enhancing the expressivity of logic programs, and allowing Ascent programs to seamlessly interoperate with arbitrary logic written in Rust. Ascent also utilizes Rust\u27s trait system to enable defining fixed-point computations on non-powerset lattices. \emph{BYODS} further extends Ascent by providing a mechanism for users to bring their own data structures to back relations in Ascent programs. This alleviates a significant pain point of logic programming: lack of control over data structures means many analyses that are expressible in Datalog suffer from severe algorithmic inefficiencies, rendering their implementation in Datalog of little practical use. Explicit representation of transitive and equivalence relations as sets-of-facts in Datalog are examples of such algorithmic inefficiencies. For Slog, I formalize the core of the language, this includes presenting machine checked proofs demonstrating this core language has properties desired of a Datalog-derived language. I also present benchmarks showing the superior performance of the Slog backend compared with Souffl\\u27e on a program analysis task that requires manipulating structured data, a task to which Slog is well-suited. To evaluate Ascent, I reimplement the Rust borrow checker, a static analysis required by the Rust compiler, demonstrating the usefulness of Ascent. I also use benchmarks to compare the performance of Ascent vs Flix and Souffl\\u27e. To evaluate \byods{}, I implement a multitude of data structure providers for equivalence and transitive relations, index-sharing, and a reimplementation of lattices as a data structure provider. I use these data structure providers to implement an improved Rust borrow checker, PageRank, along with smaller, more targeted benchmark programs. My evaluation shows speedups, including improvements in time and space complexity when using these data structure providers