71 research outputs found
Higher-order representation predicates in separation logic
International audienceIn Separation Logic, representation predicates are used to describe mutable data structures, by establishing a relationship between the entry point of the structure, the piece of heap over which this structure spans, and the logical model associated with the structure. When a data structure is polymorphic, such as in the case of a container, its representation predicate needs to be parameterized not just by the type of the items stored in the structure, but also by the representation predicates associated with these items. Such higher-order representation predicates can be used in particular to control whether containers should own their items. In this paper, we present, through a collection of practical examples, solutions to the challenges associated with reasoning about accesses into data structures that own their elements
Pretty-Big-Step Semantics
International audienceIn spite of the popularity of small-step semantics, big-step semantics remain used by many researchers. However, big-step semantics suffer from a serious duplication problem, which appears as soon as the semantics account for exceptions and/or divergence. In particular, many premises need to be copy-pasted across several evaluation rules. This duplication problem, which is particularly visible when scaling up to full-blown languages, results in formal definitions growing far bigger than necessary. Moreover, it leads to unsatisfactory redundancy in proofs. In this paper, we address the problem by introducing pretty-big-step semantics. Pretty-big-step semantics preserve the spirit of big-step semantics, in the sense that terms are directly related to their results, but they eliminate the duplication associated with big-step semantics
Improving Type Error Messages in OCaml
International audienceCryptic type error messages are a major obstacle to learning OCaml or other ML-based languages. In many cases, error messages cannot be interpreted without a sufficiently-precise model of the type inference algorithm. The problem of improving type error messages in ML has received quite a bit of attention over the past two decades, and many different strategies have been considered. The challenge is not only to produce error messages that are both sufficiently concise and systematically useful to the programmer, but also to handle a full-blown programming language and to cope with large-sized programs efficiently. In this work, we present a modification to the traditional ML type inference algorithm implemented in OCaml that, by significantly reducing the left-to-right bias, allows us to report error messages that are more helpful to the programmer. Our algorithm remains fully predictable and continues to produce fairly concise error messages that always help making some progress towards fixing the code. We implemented our approach as a patch to the OCaml compiler in just a few hundred lines of code. We believe that this patch should benefit not just to beginners, but also to experienced programs developing large-scale OCaml programs
Temporary Read-Only Permissions for Separation Logic
International audienceWe present an extension of Separation Logic with a general mechanism for temporarily converting any assertion (or "permission") to a read-only form. No accounting is required: our read-only permissions can be freely duplicated and discarded. We argue that, in circumstances where mutable data structures are temporarily accessed only for reading, our read-only permissions enable more concise specifications and proofs. The metatheory of our proposal is verified in Coq
An AST for Representing Programs with Invariants and Proofs
National audienceDeductive verification enables one to check that a program satisfies its specification. There are mainly two approaches: either the user provides invariants in the form of annotations and use a tool to extract proof obligations, like in, e.g., Why3; or the user verifies the program through interactive proofs, like in, e.g., CFML, by providing invariants during the proof steps. We are interested in expressing in Coq the representation of a program, accompanied with not only its invariants but also its proof terms. Concretely, we present an AST for representing source code and specification in a deep embedding style, and embedded lemmas in shallow embedding style. Such lemmas can be established using the full capabilities of the prover. We develop a way to build these ASTs from source code using CFML-style interactive tactics. We also develop a way to build these ASTs by extracting proof obligations from source code already annotated with its invariants. Besides, we provide a way to validate our ASTs by reifying them as Coq proof terms. This work is a first step towards a long term project to devise a trustworthy, userguided, source-to-source optimization framework. On the one hand, we may need to exploit invariants to justify the correctness of code transformations. On the other hand, to be able to chain transformations, we also need every transformation to update the program annotations
Efficient Representations for Large Dynamic Sequences in ML
International audienceThe use of sequence containers, including stacks, queues, and double-ended queues, is ubiquitous in programming. When the maximal number of elements is not known in advance, containers need to grow dynamically. For this purpose, most ML programs either rely on lists or vectors. These structures are inefficient, both in terms of time and space usage. We investigate the use of chunked-based data structures. Such structures save a lot of memory and may deliver better performance than classic container data structures. We observe a 2x speedup compared with vectors, and up to a 3x speedup compared with lengthy lists
A High-Level Separation Logic for Heap Space under Garbage Collection (Extended Version)
We present a Separation Logic with space credits for reasoning about heapspace in a sequential call-by-value lambda-calculus equipped with garbagecollection and mutable state. A key challenge is to designsound, modular, lightweight mechanisms for establishing the unreachability ofa block. Prior work in this area uses pointed-by assertions to keep track ofthe predecessors of every block, but is carried out in the setting of anassembly-like programming language. We take up the challenge in the setting ofa high-level language, where a key problem is to identify and reason about thememory locations that the garbage collector considers as roots. For thispurpose, we propose novel "stackable" assertions, which keep track of theexistence of stack-to-heap pointers without explicitly recording their origin.Furthermore, we explain how to reason about closures -- concreteheap-allocated data structures that implement the abstract concept of afirst-class function. We demonstrate the expressiveness and tractability ofour program logic via a range of examples, including recursive functions onlinked lists, objects implemented using closures and mutable internal state,recursive functions in continuation-passing style, and three stackimplementations that exhibit different space bounds. These last three examplesillustrate reasoning about the reachability of the items stored in a containeras well as amortized reasoning about space. All of our results are proved inCoq on top of Iris
A Space and Bandwidth Efficient Multicore Algorithm for the Particle-in-Cell Method
International audienceThe Particle-in-Cell (PIC) method allows solving partial differential equation through simulations, with important applications in plasma physics. To simulate thousands of billions of particles on clusters of multicore machines, prior work has proposed hybrid algorithms that combine domain decomposition and particle decomposition with carefully optimized algorithms for handling particles processed on each multicore socket. Regarding the multicore processing, existing algorithms either suffer from suboptimal execution time, due to sorting operations or use of atomic instructions, or suffer from suboptimal space usage. In this paper, we propose a novel parallel algorithm for two-dimensional PIC simulations on multicore hardware that features asymptotically-optimal memory consumption, and does not perform unnecessary accesses to the main memory. In practice, our algorithm reaches 65% of the maximum bandwidth, and shows excellent scalability on the classical Landau damping and two-stream instability test cases
- …