首页 > 最新文献

Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation最新文献

英文 中文
HipHop.js: (A)Synchronous reactive web programming HipHop.js:(A)同步响应式web编程
G. Berry, M. Serrano
We present HipHop.js, a synchronous reactive language that adds synchronous concurrency and preemption to JavaScript. Inspired from Esterel, HipHop.js simplifies the programming of non-trivial temporal behaviors as found in complex web interfaces or IoT controllers and the cooperation between synchronous and asynchronous activities. HipHop.js is compiled into plain sequential JavaScript and executes on unmodified runtime environments. We use three examples to present and discuss HipHop.js: a simple web login form to introduce the language and show how it differs from JavaScript, and two real life examples, a medical prescription pillbox and an interactive music system that show why concurrency and preemption help programming such temporal applications.
我们介绍HipHop.js,这是一种同步响应式语言,它为JavaScript添加了同步并发性和抢占。受Esterel的启发,HipHop.js简化了复杂web界面或物联网控制器中不平凡的时间行为的编程,以及同步和异步活动之间的合作。js被编译成普通的顺序JavaScript,并在未修改的运行时环境中执行。我们用三个例子来介绍和讨论HipHop.js:一个简单的web登录表单来介绍这种语言,并展示它与JavaScript的不同之处;两个现实生活中的例子,一个医疗处方药盒和一个交互式音乐系统,说明为什么并发和抢占有助于编程这种临时应用程序。
{"title":"HipHop.js: (A)Synchronous reactive web programming","authors":"G. Berry, M. Serrano","doi":"10.1145/3385412.3385984","DOIUrl":"https://doi.org/10.1145/3385412.3385984","url":null,"abstract":"We present HipHop.js, a synchronous reactive language that adds synchronous concurrency and preemption to JavaScript. Inspired from Esterel, HipHop.js simplifies the programming of non-trivial temporal behaviors as found in complex web interfaces or IoT controllers and the cooperation between synchronous and asynchronous activities. HipHop.js is compiled into plain sequential JavaScript and executes on unmodified runtime environments. We use three examples to present and discuss HipHop.js: a simple web login form to introduce the language and show how it differs from JavaScript, and two real life examples, a medical prescription pillbox and an interactive music system that show why concurrency and preemption help programming such temporal applications.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"22 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83249052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Compiler and runtime support for continuation marks 编译器和运行时对延续标记的支持
M. Flatt, R. Dybvig
Continuation marks enable dynamic binding and context inspection in a language with proper handling of tail calls and first-class, multi-prompt, delimited continuations. The simplest and most direct use of continuation marks is to implement dynamically scoped variables, such as the current output stream or the current exception handler. Other uses include stack inspection for debugging or security checks, serialization of an in-progress computation, and run-time elision of redundant checks. By exposing continuation marks to users of a programming language, more kinds of language extensions can be implemented as libraries without further changes to the compiler. At the same time, the compiler and runtime system must provide an efficient implementation of continuation marks to ensure that library-implemented language extensions are as effective as changing the compiler. Our implementation of continuation marks for Chez Scheme (in support of Racket) makes dynamic binding and lookup constant-time and fast, preserves the performance of Chez Scheme's first-class continuations, and imposes negligible overhead on program fragments that do not use first-class continuations or marks.
延续标记在语言中支持动态绑定和上下文检查,并正确处理尾部调用和一级、多提示、分隔的延续。延续标记最简单和最直接的用途是实现动态作用域变量,例如当前输出流或当前异常处理程序。其他用途包括用于调试或安全检查的堆栈检查、正在进行的计算的序列化以及运行时冗余检查的省略。通过向编程语言的用户公开延续标记,可以将更多类型的语言扩展实现为库,而无需对编译器进行进一步更改。同时,编译器和运行时系统必须提供延续标记的有效实现,以确保库实现的语言扩展与更改编译器一样有效。我们对Chez Scheme的延续标记的实现(为了支持Racket)使得动态绑定和查找时间恒定且快速,保留了Chez Scheme一级延续的性能,并且对不使用一级延续或标记的程序片段施加了微不足道的开销。
{"title":"Compiler and runtime support for continuation marks","authors":"M. Flatt, R. Dybvig","doi":"10.1145/3385412.3385981","DOIUrl":"https://doi.org/10.1145/3385412.3385981","url":null,"abstract":"Continuation marks enable dynamic binding and context inspection in a language with proper handling of tail calls and first-class, multi-prompt, delimited continuations. The simplest and most direct use of continuation marks is to implement dynamically scoped variables, such as the current output stream or the current exception handler. Other uses include stack inspection for debugging or security checks, serialization of an in-progress computation, and run-time elision of redundant checks. By exposing continuation marks to users of a programming language, more kinds of language extensions can be implemented as libraries without further changes to the compiler. At the same time, the compiler and runtime system must provide an efficient implementation of continuation marks to ensure that library-implemented language extensions are as effective as changing the compiler. Our implementation of continuation marks for Chez Scheme (in support of Racket) makes dynamic binding and lookup constant-time and fast, preserves the performance of Chez Scheme's first-class continuations, and imposes negligible overhead on program fragments that do not use first-class continuations or marks.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"16 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80982459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Ethainter: a smart contract security analyzer for composite vulnerabilities Ethainter:用于组合漏洞的智能合约安全分析器
Lexi Brent, Neville Grech, Sifis Lagouvardos, Bernhard Scholz, Y. Smaragdakis
Smart contracts on permissionless blockchains are exposed to inherent security risks due to interactions with untrusted entities. Static analyzers are essential for identifying security risks and avoiding millions of dollars worth of damage. We introduce Ethainter, a security analyzer checking information flow with data sanitization in smart contracts. Ethainter identifies composite attacks that involve an escalation of tainted information, through multiple transactions, leading to severe violations. The analysis scales to the entire blockchain, consisting of hundreds of thousands of unique smart contracts, deployed over millions of accounts. Ethainter is more precise than previous approaches, as we confirm by automatic exploit generation (e.g., destroying over 800 contracts on the Ropsten network) and by manual inspection, showing a very high precision of 82.5% valid warnings for end-to-end vulnerabilities. Ethainter’s balance of precision and completeness offers significant advantages over other tools such as Securify, Securify2, and teEther.
无权限区块链上的智能合约由于与不受信任的实体交互而暴露于固有的安全风险。静态分析器对于识别安全风险和避免数百万美元的损失至关重要。我们介绍了Ethainter,一个在智能合约中使用数据清理来检查信息流的安全分析器。Ethainter识别复合攻击,这些攻击涉及通过多个事务升级受污染信息,从而导致严重违规。分析扩展到整个区块链,由数十万个独特的智能合约组成,部署在数百万个账户上。Ethainter比以前的方法更精确,正如我们通过自动漏洞生成(例如,破坏Ropsten网络上的800多个合约)和手动检查所证实的那样,显示出对端到端漏洞的有效警告的非常高的精度为82.5%。与其他工具(如Securify、Securify2和teEther)相比,Ethainter在精度和完整性方面的平衡提供了显著的优势。
{"title":"Ethainter: a smart contract security analyzer for composite vulnerabilities","authors":"Lexi Brent, Neville Grech, Sifis Lagouvardos, Bernhard Scholz, Y. Smaragdakis","doi":"10.1145/3385412.3385990","DOIUrl":"https://doi.org/10.1145/3385412.3385990","url":null,"abstract":"Smart contracts on permissionless blockchains are exposed to inherent security risks due to interactions with untrusted entities. Static analyzers are essential for identifying security risks and avoiding millions of dollars worth of damage. We introduce Ethainter, a security analyzer checking information flow with data sanitization in smart contracts. Ethainter identifies composite attacks that involve an escalation of tainted information, through multiple transactions, leading to severe violations. The analysis scales to the entire blockchain, consisting of hundreds of thousands of unique smart contracts, deployed over millions of accounts. Ethainter is more precise than previous approaches, as we confirm by automatic exploit generation (e.g., destroying over 800 contracts on the Ropsten network) and by manual inspection, showing a very high precision of 82.5% valid warnings for end-to-end vulnerabilities. Ethainter’s balance of precision and completeness offers significant advantages over other tools such as Securify, Securify2, and teEther.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"89 ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91451236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 81
Fast graph simplification for interleaved Dyck-reachability 交错堤岸可达性的快速图化简
Yuanbo Li, Qirun Zhang, T. Reps
Many program-analysis problems can be formulated as graph-reachability problems. Interleaved Dyck language reachability. Interleaved Dyck language reachability (InterDyck-reachability) is a fundamental framework to express a wide variety of program-analysis problems over edge-labeled graphs. The InterDyck language represents an intersection of multiple matched-parenthesis languages (i.e., Dyck languages). In practice, program analyses typically leverage one Dyck language to achieve context-sensitivity, and other Dyck languages to model data dependences, such as field-sensitivity and pointer references/dereferences. In the ideal case, an InterDyck-reachability framework should model multiple Dyck languages simultaneously. Unfortunately, precise InterDyck-reachability is undecidable. Any practical solution must over-approximate the exact answer. In the literature, a lot of work has been proposed to over-approximate the InterDyck-reachability formulation. This paper offers a new perspective on improving both the precision and the scalability of InterDyck-reachability: we aim to simplify the underlying input graph G. Our key insight is based on the observation that if an edge is not contributing to any InterDyck-path, we can safely eliminate it from G. Our technique is orthogonal to the InterDyck-reachability formulation, and can serve as a pre-processing step with any over-approximating approaches for InterDyck-reachability. We have applied our graph simplification algorithm to pre-processing the graphs from a recent InterDyck-reachability-based taint analysis for Android. Our evaluation on three popular InterDyck-reachability algorithms yields promising results. In particular, our graph-simplification method improves both the scalability and precision of all three InterDyck-reachability algorithms, sometimes dramatically.
许多程序分析问题可以表述为图形可达性问题。交错戴克语言的可达性。交错Dyck语言可达性(interdyck -可达性)是一种基本框架,用于表达各种边标记图上的程序分析问题。InterDyck语言表示多种匹配括号语言(即Dyck语言)的交集。在实践中,程序分析通常利用一种Dyck语言来实现上下文敏感性,并利用其他Dyck语言来建模数据依赖性,例如字段敏感性和指针引用/解引用。在理想情况下,一个interdyck可达性框架应该同时对多种Dyck语言建模。不幸的是,准确的跨桥可达性是无法确定的。任何实际的解决方案都必须过于接近确切的答案。在文献中,已经提出了大量的工作,以过度逼近堤岸间可达性公式。本文提供了一个新的视角提高精度和可伸缩性InterDyck-reachability:我们的目标是简化底层输入图g .关键的观点是基于这样的观察:如果没有导致任何InterDyck-path优势,我们可以安全地从g .消除技术是正交InterDyck-reachability配方,并可以作为预处理步骤与任何over-approximating InterDyck-reachability方法。我们已经将我们的图形简化算法用于预处理最近基于interdyck可达性的Android污染分析的图形。我们对三种流行的dyck可达性算法的评估产生了有希望的结果。特别是,我们的图简化方法提高了所有三种interdyck可达性算法的可伸缩性和精度,有时甚至是显著的。
{"title":"Fast graph simplification for interleaved Dyck-reachability","authors":"Yuanbo Li, Qirun Zhang, T. Reps","doi":"10.1145/3385412.3386021","DOIUrl":"https://doi.org/10.1145/3385412.3386021","url":null,"abstract":"Many program-analysis problems can be formulated as graph-reachability problems. Interleaved Dyck language reachability. Interleaved Dyck language reachability (InterDyck-reachability) is a fundamental framework to express a wide variety of program-analysis problems over edge-labeled graphs. The InterDyck language represents an intersection of multiple matched-parenthesis languages (i.e., Dyck languages). In practice, program analyses typically leverage one Dyck language to achieve context-sensitivity, and other Dyck languages to model data dependences, such as field-sensitivity and pointer references/dereferences. In the ideal case, an InterDyck-reachability framework should model multiple Dyck languages simultaneously. Unfortunately, precise InterDyck-reachability is undecidable. Any practical solution must over-approximate the exact answer. In the literature, a lot of work has been proposed to over-approximate the InterDyck-reachability formulation. This paper offers a new perspective on improving both the precision and the scalability of InterDyck-reachability: we aim to simplify the underlying input graph G. Our key insight is based on the observation that if an edge is not contributing to any InterDyck-path, we can safely eliminate it from G. Our technique is orthogonal to the InterDyck-reachability formulation, and can serve as a pre-processing step with any over-approximating approaches for InterDyck-reachability. We have applied our graph simplification algorithm to pre-processing the graphs from a recent InterDyck-reachability-based taint analysis for Android. Our evaluation on three popular InterDyck-reachability algorithms yields promising results. In particular, our graph-simplification method improves both the scalability and precision of all three InterDyck-reachability algorithms, sometimes dramatically.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"82 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85597777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Binary rewriting without control flow recovery 没有控制流恢复的二进制重写
Gregory J. Duck, Xiang Gao, Abhik Roychoudhury
Static binary rewriting has many important applications in software security and systems, such as hardening, repair, patching, instrumentation, and debugging. While many different static binary rewriting tools have been proposed, most rely on recovering control flow information from the input binary. The recovery step is necessary since the rewriting process may move instructions, meaning that the set of jump targets in the rewritten binary needs to be adjusted accordingly. Since the static recovery of control flow information is a hard problem in general, most tools rely on a set of simplifying heuristics or assumptions, such as specific compilers, specific source languages, or binary file meta information. However, the reliance on assumptions or heuristics tends to scale poorly in practice, and most state-of-the-art static binary rewriting tools cannot handle very large/complex programs such as web browsers. In this paper we present E9Patch, a tool that can statically rewrite x86_64 binaries without any knowledge of control flow information. To do so, E9Patch develops a suite of binary rewriting methodologies---such as instruction punning, padding, and eviction---that can insert jumps to trampolines without the need to move other instructions. Since this preserves the set of jump targets, the need for control flow recovery and related heuristics is eliminated. As such, E9Patch is robust by design, and can scale to very large (>100MB) stripped binaries including the Google Chrome and FireFox web browsers. We also evaluate the effectiveness of E9Patch against realistic applications such as binary instrumentation, hardening and repair.
静态二进制重写在软件安全和系统中有许多重要的应用,例如加固、修复、修补、检测和调试。虽然已经提出了许多不同的静态二进制重写工具,但大多数都依赖于从输入二进制中恢复控制流信息。恢复步骤是必要的,因为重写过程可能会移动指令,这意味着需要相应地调整重写二进制文件中的跳转目标集。由于控制流信息的静态恢复通常是一个难题,因此大多数工具依赖于一组简化的启发式或假设,例如特定的编译器、特定的源语言或二进制文件元信息。然而,在实践中,对假设或启发式的依赖往往伸缩性很差,而且大多数最先进的静态二进制重写工具不能处理非常大/复杂的程序,如web浏览器。在本文中,我们介绍了E9Patch,一个可以静态重写x86_64二进制文件的工具,而不需要任何控制流信息的知识。为此,E9Patch开发了一套二进制重写方法——例如指令双语、填充和驱逐——可以在不需要移动其他指令的情况下将跳跃插入蹦床。由于这保留了跳转目标集,因此消除了控制流恢复和相关启发式的需要。因此,E9Patch在设计上是健壮的,并且可以扩展到非常大(>100MB)的剥离二进制文件,包括> Chrome和FireFox web浏览器。我们还评估了E9Patch在实际应用中的有效性,如二进制仪器、硬化和修复。
{"title":"Binary rewriting without control flow recovery","authors":"Gregory J. Duck, Xiang Gao, Abhik Roychoudhury","doi":"10.1145/3385412.3385972","DOIUrl":"https://doi.org/10.1145/3385412.3385972","url":null,"abstract":"Static binary rewriting has many important applications in software security and systems, such as hardening, repair, patching, instrumentation, and debugging. While many different static binary rewriting tools have been proposed, most rely on recovering control flow information from the input binary. The recovery step is necessary since the rewriting process may move instructions, meaning that the set of jump targets in the rewritten binary needs to be adjusted accordingly. Since the static recovery of control flow information is a hard problem in general, most tools rely on a set of simplifying heuristics or assumptions, such as specific compilers, specific source languages, or binary file meta information. However, the reliance on assumptions or heuristics tends to scale poorly in practice, and most state-of-the-art static binary rewriting tools cannot handle very large/complex programs such as web browsers. In this paper we present E9Patch, a tool that can statically rewrite x86_64 binaries without any knowledge of control flow information. To do so, E9Patch develops a suite of binary rewriting methodologies---such as instruction punning, padding, and eviction---that can insert jumps to trampolines without the need to move other instructions. Since this preserves the set of jump targets, the need for control flow recovery and related heuristics is eliminated. As such, E9Patch is robust by design, and can scale to very large (>100MB) stripped binaries including the Google Chrome and FireFox web browsers. We also evaluate the effectiveness of E9Patch against realistic applications such as binary instrumentation, hardening and repair.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"2011 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86319401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 47
Promising 2.0: global optimizations in relaxed memory concurrency 有前途的2.0:放松内存并发性的全局优化
Sung-Hwan Lee, Minki Cho, A. Podkopaev, S. Chakraborty, C. Hur, O. Lahav, Viktor Vafeiadis
For more than fifteen years, researchers have tried to support global optimizations in a usable semantics for a concurrent programming language, yet this task has been proven to be very difficult because of (1) the infamous “out of thin air” problem, and (2) the subtle interaction between global and thread-local optimizations. In this paper, we present a solution to this problem by redesigning a key component of the promising semantics (PS) of Kang et al. Our updated PS 2.0 model supports all the results known about the original PS model (i.e., thread-local optimizations, hardware mappings, DRF theorems), but additionally enables transformations based on global value-range analysis as well as register promotion (i.e., making accesses to a shared location local if the location is accessed by only one thread). PS 2.0 also resolves a problem with the compilation of relaxed RMWs to ARMv8, which required an unintended extra fence.
在超过15年的时间里,研究人员一直试图用一种可用的语义来支持并发编程语言的全局优化,然而这项任务已经被证明是非常困难的,因为:(1)臭名昭著的“无中生有”问题,(2)全局优化和线程局部优化之间的微妙交互。在本文中,我们通过重新设计Kang等人的有希望语义(PS)的关键组件来解决这个问题。我们更新的PS 2.0模型支持原始PS模型的所有已知结果(即,线程本地优化,硬件映射,DRF定理),但还支持基于全局值范围分析和寄存器提升的转换(即,如果只有一个线程访问共享位置,则访问本地位置)。PS 2.0还解决了将宽松的rmw编译为ARMv8的问题,这需要一个意想不到的额外篱笆。
{"title":"Promising 2.0: global optimizations in relaxed memory concurrency","authors":"Sung-Hwan Lee, Minki Cho, A. Podkopaev, S. Chakraborty, C. Hur, O. Lahav, Viktor Vafeiadis","doi":"10.1145/3385412.3386010","DOIUrl":"https://doi.org/10.1145/3385412.3386010","url":null,"abstract":"For more than fifteen years, researchers have tried to support global optimizations in a usable semantics for a concurrent programming language, yet this task has been proven to be very difficult because of (1) the infamous “out of thin air” problem, and (2) the subtle interaction between global and thread-local optimizations. In this paper, we present a solution to this problem by redesigning a key component of the promising semantics (PS) of Kang et al. Our updated PS 2.0 model supports all the results known about the original PS model (i.e., thread-local optimizations, hardware mappings, DRF theorems), but additionally enables transformations based on global value-range analysis as well as register promotion (i.e., making accesses to a shared location local if the location is accessed by only one thread). PS 2.0 also resolves a problem with the compilation of relaxed RMWs to ARMv8, which required an unintended extra fence.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"34 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80265461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
Efficient handling of string-number conversion 有效地处理字符串-数字转换
P. Abdulla, M. Atig, Yu-Fang Chen, Bui Phi Diep, Julian T Dolby, Petr Janku, Hsin-hung Lin, L. Holík, Wei-Cheng Wu
String-number conversion is an important class of constraints needed for the symbolic execution of string-manipulating programs. In particular solving string constraints with string-number conversion is necessary for the analysis of scripting languages such as JavaScript and Python, where string-number conversion is a part of the definition of the core semantics of these languages. However, solving this type of constraint is very challenging for the state-of-the-art solvers. We propose in this paper an approach that can efficiently support both string-number conversion and other common types of string constraints. Experimental results show that it significantly outperforms other state-of-the-art tools on benchmarks that involves string-number conversion.
字符串-数字转换是字符串操作程序的符号执行所需的一类重要约束。特别是,使用字符串-数字转换解决字符串约束对于JavaScript和Python等脚本语言的分析是必要的,其中字符串-数字转换是这些语言核心语义定义的一部分。然而,对于最先进的求解器来说,解决这种类型的约束是非常具有挑战性的。本文提出了一种既能有效支持字符串-数字转换又能有效支持其他常见类型字符串约束的方法。实验结果表明,在涉及字符串-数字转换的基准测试中,它明显优于其他最先进的工具。
{"title":"Efficient handling of string-number conversion","authors":"P. Abdulla, M. Atig, Yu-Fang Chen, Bui Phi Diep, Julian T Dolby, Petr Janku, Hsin-hung Lin, L. Holík, Wei-Cheng Wu","doi":"10.1145/3385412.3386034","DOIUrl":"https://doi.org/10.1145/3385412.3386034","url":null,"abstract":"String-number conversion is an important class of constraints needed for the symbolic execution of string-manipulating programs. In particular solving string constraints with string-number conversion is necessary for the analysis of scripting languages such as JavaScript and Python, where string-number conversion is a part of the definition of the core semantics of these languages. However, solving this type of constraint is very challenging for the state-of-the-art solvers. We propose in this paper an approach that can efficiently support both string-number conversion and other common types of string constraints. Experimental results show that it significantly outperforms other state-of-the-art tools on benchmarks that involves string-number conversion.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"117 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81039685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
The essence of Bluespec: a core language for rule-based hardware design Bluespec的本质是:基于规则的硬件设计的核心语言
Thomas Bourgeat, Clément Pit-Claudel, A. Chlipala, Arvind
The Bluespec hardware-description language presents a significantly higher-level view than hardware engineers are used to, exposing a simpler concurrency model that promotes formal proof, without compromising on performance of compiled circuits. Unfortunately, the cost model of Bluespec has been unclear, with performance details depending on a mix of user hints and opaque static analysis of potential concurrency conflicts within a design. In this paper we present Koika, a derivative of Bluespec that preserves its desirable properties and yet gives direct control over the scheduling decisions that determine performance. Koika has a novel and deterministic operational semantics that uses dynamic analysis to avoid concurrency anomalies. Our implementation includes Coq definitions of syntax, semantics, key metatheorems, and a verified compiler to circuits. We argue that most of the extra circuitry required for dynamic analysis can be eliminated by compile-time BSV-style static analysis.
Bluespec硬件描述语言提供了比硬件工程师习惯的更高层次的视图,提供了一个更简单的并发模型,促进形式化证明,而不影响编译电路的性能。不幸的是,Bluespec的成本模型一直不清楚,性能细节取决于用户提示和设计中潜在并发性冲突的不透明静态分析。在本文中,我们介绍了Koika,它是Bluespec的衍生物,保留了其理想的属性,并提供了对决定性能的调度决策的直接控制。Koika有一种新颖的、确定的操作语义,它使用动态分析来避免并发异常。我们的实现包括语法、语义、关键元定理的Coq定义,以及经过验证的电路编译器。我们认为动态分析所需的大部分额外电路可以通过编译时bsv风格的静态分析来消除。
{"title":"The essence of Bluespec: a core language for rule-based hardware design","authors":"Thomas Bourgeat, Clément Pit-Claudel, A. Chlipala, Arvind","doi":"10.1145/3385412.3385965","DOIUrl":"https://doi.org/10.1145/3385412.3385965","url":null,"abstract":"The Bluespec hardware-description language presents a significantly higher-level view than hardware engineers are used to, exposing a simpler concurrency model that promotes formal proof, without compromising on performance of compiled circuits. Unfortunately, the cost model of Bluespec has been unclear, with performance details depending on a mix of user hints and opaque static analysis of potential concurrency conflicts within a design. In this paper we present Koika, a derivative of Bluespec that preserves its desirable properties and yet gives direct control over the scheduling decisions that determine performance. Koika has a novel and deterministic operational semantics that uses dynamic analysis to avoid concurrency anomalies. Our implementation includes Coq definitions of syntax, semantics, key metatheorems, and a verified compiler to circuits. We argue that most of the extra circuitry required for dynamic analysis can be eliminated by compile-time BSV-style static analysis.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"36 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91102934","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
OOElala: order-of-evaluation based alias analysis for compiler optimization OOElala:用于编译器优化的基于求值顺序的别名分析
Ankush Phulia, Vaibhav Bhagee, Sorav Bansal
In C, the order of evaluation of expressions is unspecified; further for expressions that do not involve function calls, C semantics ensure that there cannot be a data race between two evaluations that can proceed in either order (or concurrently). We explore the optimization opportunity enabled by these non-deterministic expression evaluation semantics in C, and provide a sound compile-time alias analysis to realize the same. Our algorithm is implemented as a part of the Clang/LLVM infrastructure, in a tool called OOElala. Our experimental results demonstrate that the untapped optimization opportunity is significant: code patterns that enable such optimizations are common; the enabled transformations can range from vectorization to improved instruction selection and register allocation; and the resulting speedups can be as high as 2.6x on already-optimized code.
在C语言中,表达式的求值顺序未指定;此外,对于不涉及函数调用的表达式,C语义确保在两个可以按顺序(或并发)进行的求值之间不会存在数据竞争。我们探索了C语言中这些非确定性表达式求值语义所带来的优化机会,并提供了一个完善的编译时别名分析来实现这一目标。我们的算法作为Clang/LLVM基础架构的一部分,在一个名为OOElala的工具中实现。我们的实验结果表明,未开发的优化机会是重要的:支持此类优化的代码模式是常见的;支持的转换范围从向量化到改进的指令选择和寄存器分配;对于已经优化的代码,最终的速度提升可以高达2.6倍。
{"title":"OOElala: order-of-evaluation based alias analysis for compiler optimization","authors":"Ankush Phulia, Vaibhav Bhagee, Sorav Bansal","doi":"10.1145/3385412.3385962","DOIUrl":"https://doi.org/10.1145/3385412.3385962","url":null,"abstract":"In C, the order of evaluation of expressions is unspecified; further for expressions that do not involve function calls, C semantics ensure that there cannot be a data race between two evaluations that can proceed in either order (or concurrently). We explore the optimization opportunity enabled by these non-deterministic expression evaluation semantics in C, and provide a sound compile-time alias analysis to realize the same. Our algorithm is implemented as a part of the Clang/LLVM infrastructure, in a tool called OOElala. Our experimental results demonstrate that the untapped optimization opportunity is significant: code patterns that enable such optimizations are common; the enabled transformations can range from vectorization to improved instruction selection and register allocation; and the resulting speedups can be as high as 2.6x on already-optimized code.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"42 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77268352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Gillian, part i: a multi-language platform for symbolic execution 第一部分:符号执行的多语言平台
J. Santos, P. Maksimovic, Sacha-Élie Ayoun, Philippa Gardner
We introduce Gillian, a platform for developing symbolic analysis tools for programming languages. Here, we focus on the symbolic execution engine at the heart of Gillian, which is parametric on the memory model of the target language. We give a formal description of the symbolic analysis and a modular implementation that closely follows this description. We prove a parametric soundness result, introducing restriction on abstract states, which generalises path conditions used in classical symbolic execution. We instantiate to obtain trusted symbolic testing tools for JavaScript and C, and use these tools to find bugs in real-world code, thus demonstrating the viability of our parametric approach.
我们介绍Gillian,一个为编程语言开发符号分析工具的平台。在这里,我们关注的是Gillian核心的符号执行引擎,它在目标语言的内存模型上是参数化的。我们给出了符号分析的形式化描述,以及紧跟此描述的模块化实现。我们证明了一个参数完备性结果,引入了抽象状态的限制,推广了经典符号执行中使用的路径条件。我们实例化以获得JavaScript和C语言的可信符号测试工具,并使用这些工具来查找真实代码中的错误,从而证明我们的参数化方法的可行性。
{"title":"Gillian, part i: a multi-language platform for symbolic execution","authors":"J. Santos, P. Maksimovic, Sacha-Élie Ayoun, Philippa Gardner","doi":"10.1145/3385412.3386014","DOIUrl":"https://doi.org/10.1145/3385412.3386014","url":null,"abstract":"We introduce Gillian, a platform for developing symbolic analysis tools for programming languages. Here, we focus on the symbolic execution engine at the heart of Gillian, which is parametric on the memory model of the target language. We give a formal description of the symbolic analysis and a modular implementation that closely follows this description. We prove a parametric soundness result, introducing restriction on abstract states, which generalises path conditions used in classical symbolic execution. We instantiate to obtain trusted symbolic testing tools for JavaScript and C, and use these tools to find bugs in real-world code, thus demonstrating the viability of our parametric approach.","PeriodicalId":20580,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation","volume":"54 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77951838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
期刊
Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1