首页 > 最新文献

Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages最新文献

英文 中文
Fair reactive programming 公平响应式规划
Andrew Cave, Francisco Ferreira, P. Panangaden, B. Pientka
Functional Reactive Programming (FRP) models reactive systems with events and signals, which have previously been observed to correspond to the "eventually" and "always" modalities of linear temporal logic (LTL). In this paper, we define a constructive variant of LTL with least fixed point and greatest fixed point operators in the spirit of the modal mu-calculus, and give it a proofs-as-programs interpretation as a foundational calculus for reactive programs. Previous work emphasized the propositions-as-types part of the correspondence between LTL and FRP; here we emphasize the proofs-as-programs part by employing structural proof theory. We show that the type system is expressive enough to enforce liveness properties such as the fairness of schedulers and the eventual delivery of results. We illustrate programming in this calculus using (co)iteration operators. We prove type preservation of our operational semantics, which guarantees that our programs are causal. We give also a proof of strong normalization which provides justification that our programs are productive and that they satisfy liveness properties derived from their types.
功能反应性规划(FRP)对具有事件和信号的反应性系统进行建模,这些事件和信号先前已被观察到对应于线性时间逻辑(LTL)的“最终”和“始终”模式。本文根据模态模微积分的精神,定义了具有最小不动点算子和最大不动点算子的LTL的构造变分,并给出了作为反应性规划基础演算的证明-程序解释。先前的研究强调了LTL和FRP之间对应的命题类型部分;在这里,我们通过使用结构证明理论来强调证明即程序部分。我们展示了类型系统具有足够的表现力,可以强制执行动态属性,例如调度器的公平性和最终的结果交付。我们用(co)迭代运算符来说明微积分中的编程。我们证明了操作语义的类型保存,这保证了程序是因果关系的。我们也给出了一个强规格化的证明,证明我们的程序是可生产的,并且它们满足由它们的类型派生的活动性质。
{"title":"Fair reactive programming","authors":"Andrew Cave, Francisco Ferreira, P. Panangaden, B. Pientka","doi":"10.1145/2535838.2535881","DOIUrl":"https://doi.org/10.1145/2535838.2535881","url":null,"abstract":"Functional Reactive Programming (FRP) models reactive systems with events and signals, which have previously been observed to correspond to the \"eventually\" and \"always\" modalities of linear temporal logic (LTL). In this paper, we define a constructive variant of LTL with least fixed point and greatest fixed point operators in the spirit of the modal mu-calculus, and give it a proofs-as-programs interpretation as a foundational calculus for reactive programs. Previous work emphasized the propositions-as-types part of the correspondence between LTL and FRP; here we emphasize the proofs-as-programs part by employing structural proof theory. We show that the type system is expressive enough to enforce liveness properties such as the fairness of schedulers and the eventual delivery of results. We illustrate programming in this calculus using (co)iteration operators. We prove type preservation of our operational semantics, which guarantees that our programs are causal. We give also a proof of strong normalization which provides justification that our programs are productive and that they satisfy liveness properties derived from their types.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"94 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83918966","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Parametric effect monads and semantics of effect systems 参数效应单体与效应系统的语义
Shin-ya Katsumata
We study fundamental properties of a generalisation of monad called parametric effect monad, and apply it to the interpretation of general effect systems whose effects have sequential composition operators. We show that parametric effect monads admit analogues of the structures and concepts that exist for monads, such as Kleisli triples, the state monad and the continuation monad, Plotkin and Power's algebraic operations, and the categorical ┬┬-lifting. We also show a systematic method to generate both effects and a parametric effect monad from a monad morphism. Finally, we introduce two effect systems with explicit and implicit subeffecting, and discuss their denotational semantics and the soundness of effect systems.
我们研究了一种称为参数效应单子的广义单子的基本性质,并将其应用于具有顺序复合算子的一般效应系统的解释。我们证明了参数效应单子承认存在的单子的结构和概念的类似物,如Kleisli三元组,状态单子和延拓单子,Plotkin和Power的代数运算,以及范畴提升。我们还展示了一种系统的方法,从单态映射生成效果和参数效果单态。最后,我们介绍了显性和隐性影响的两种效果系统,并讨论了它们的指称语义和效果系统的合理性。
{"title":"Parametric effect monads and semantics of effect systems","authors":"Shin-ya Katsumata","doi":"10.1145/2535838.2535846","DOIUrl":"https://doi.org/10.1145/2535838.2535846","url":null,"abstract":"We study fundamental properties of a generalisation of monad called parametric effect monad, and apply it to the interpretation of general effect systems whose effects have sequential composition operators. We show that parametric effect monads admit analogues of the structures and concepts that exist for monads, such as Kleisli triples, the state monad and the continuation monad, Plotkin and Power's algebraic operations, and the categorical ┬┬-lifting. We also show a systematic method to generate both effects and a parametric effect monad from a monad morphism. Finally, we introduce two effect systems with explicit and implicit subeffecting, and discuss their denotational semantics and the soundness of effect systems.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"26 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81015913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 103
A relationally parametric model of dependent type theory 依赖类型理论的关系参数模型
R. Atkey, Neil Ghani, Patricia Johann
Reynolds' theory of relational parametricity captures the invariance of polymorphically typed programs under change of data representation. Reynolds' original work exploited the typing discipline of the polymorphically typed lambda-calculus System F, but there is now considerable interest in extending relational parametricity to type systems that are richer and more expressive than that of System F. This paper constructs parametric models of predicative and impredicative dependent type theory. The significance of our models is twofold. Firstly, in the impredicative variant we are able to deduce the existence of initial algebras for all indexed=functors. To our knowledge, ours is the first account of parametricity for dependent types that is able to lift the useful deduction of the existence of initial algebras in parametric models of System F to the dependently typed setting. Secondly, our models offer conceptual clarity by uniformly expressing relational parametricity for dependent types in terms of reflexive graphs, which allows us to unify the interpretations of types and kinds, instead of taking the relational interpretation of types as a primitive notion. Expressing our model in terms of reflexive graphs ensures that it has canonical choices for the interpretations of the standard type constructors of dependent type theory, except for the interpretation of the universe of small types, where we formulate a refined interpretation tailored for relational parametricity. Moreover, our reflexive graph model opens the door to generalisations of relational parametricity, for example to higher-dimensional relational parametricity.
雷诺兹的关系参数理论抓住了多态类型程序在数据表示变化下的不变性。Reynolds的原始工作利用了多态类型λ演算系统F的类型原则,但现在有相当大的兴趣将关系参数扩展到比系统F更丰富和更具表现力的类型系统。本文构建了谓词和非谓词依赖类型理论的参数模型。我们的模型具有双重意义。首先,在谓词变式中,我们能够推导出所有索引=函子的初始代数的存在性。据我们所知,我们的是第一个关于依赖类型的参数化的解释,它能够将F系统参数模型中初始代数存在的有用演绎提升到依赖类型的设置。其次,我们的模型通过用自反图统一表达依赖类型的关系参数来提供概念清晰度,这使我们能够统一类型和种类的解释,而不是将类型的关系解释作为原始概念。用自反图来表达我们的模型,确保了它对依赖类型理论的标准类型构造函数的解释有规范的选择,除了对小类型的解释,在小类型的解释中,我们为关系参数制定了一个精致的解释。此外,我们的自反图模型为关系参数化的推广打开了大门,例如高维关系参数化。
{"title":"A relationally parametric model of dependent type theory","authors":"R. Atkey, Neil Ghani, Patricia Johann","doi":"10.1145/2535838.2535852","DOIUrl":"https://doi.org/10.1145/2535838.2535852","url":null,"abstract":"Reynolds' theory of relational parametricity captures the invariance of polymorphically typed programs under change of data representation. Reynolds' original work exploited the typing discipline of the polymorphically typed lambda-calculus System F, but there is now considerable interest in extending relational parametricity to type systems that are richer and more expressive than that of System F. This paper constructs parametric models of predicative and impredicative dependent type theory. The significance of our models is twofold. Firstly, in the impredicative variant we are able to deduce the existence of initial algebras for all indexed=functors. To our knowledge, ours is the first account of parametricity for dependent types that is able to lift the useful deduction of the existence of initial algebras in parametric models of System F to the dependently typed setting. Secondly, our models offer conceptual clarity by uniformly expressing relational parametricity for dependent types in terms of reflexive graphs, which allows us to unify the interpretations of types and kinds, instead of taking the relational interpretation of types as a primitive notion. Expressing our model in terms of reflexive graphs ensures that it has canonical choices for the interpretations of the standard type constructors of dependent type theory, except for the interpretation of the universe of small types, where we formulate a refined interpretation tailored for relational parametricity. Moreover, our reflexive graph model opens the door to generalisations of relational parametricity, for example to higher-dimensional relational parametricity.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"3 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78854012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
Parametric completeness for separation theories 分离理论的参数完备性
J. Brotherston, Jules Villard
In this paper, we close the logical gap between provability in the logic BBI, which is the propositional basis for separation logic, and validity in an intended class of separation models, as employed in applications of separation logic such as program verification. An intended class of separation models is usually specified by a collection of axioms describing the specific model properties that are expected to hold, which we call a separation theory. Our main contributions are as follows. First, we show that several typical properties of separation theories are not definable in BBI. Second, we show that these properties become definable in a suitable hybrid extension of BBI, obtained by adding a theory of naming to BBI in the same way that hybrid logic extends normal modal logic. The binder-free extension captures most of the properties we consider, and the full extension HyBBI(↓) with the usual ↓ binder of hybrid logic covers all these properties. Third, we present an axiomatic proof system for our hybrid logic whose extension with any set of "pure" axioms is sound and complete with respect to the models satisfying those axioms. As a corollary of this general result, we obtain, in a parametric manner, a sound and complete axiomatic proof system for any separation theory from our considered class. To the best of our knowledge, this class includes all separation theories appearing in the published literature.
在本文中,我们缩小了逻辑BBI(分离逻辑的命题基础)中的可证明性与分离模型的预期类别中的有效性之间的逻辑差距,这些模型用于分离逻辑的应用,如程序验证。预期的分离模型类别通常由一组公理指定,这些公理描述了期望保持的特定模型属性,我们称之为分离理论。我们的主要贡献如下。首先,我们证明了分离理论的几个典型性质在BBI中是不可定义的。其次,我们证明了这些属性在BBI的一个合适的混合扩展中是可定义的,通过向BBI添加命名理论,以与混合逻辑扩展正常模态逻辑相同的方式获得。无绑定扩展捕获了我们考虑的大多数属性,而具有混合逻辑通常绑定的完整扩展HyBBI(↓)涵盖了所有这些属性。第三,对于我们的混合逻辑,我们给出了一个公理证明系统,它与任何一组“纯”公理的扩展对于满足这些公理的模型是健全完备的。作为这个一般结果的一个推论,我们以参数化的方式,得到了任何与我们所考虑的类分离的理论的一个健全的、完备的公理证明系统。据我们所知,这门课包括了所有出版文献中出现的分离理论。
{"title":"Parametric completeness for separation theories","authors":"J. Brotherston, Jules Villard","doi":"10.1145/2535838.2535844","DOIUrl":"https://doi.org/10.1145/2535838.2535844","url":null,"abstract":"In this paper, we close the logical gap between provability in the logic BBI, which is the propositional basis for separation logic, and validity in an intended class of separation models, as employed in applications of separation logic such as program verification. An intended class of separation models is usually specified by a collection of axioms describing the specific model properties that are expected to hold, which we call a separation theory. Our main contributions are as follows. First, we show that several typical properties of separation theories are not definable in BBI. Second, we show that these properties become definable in a suitable hybrid extension of BBI, obtained by adding a theory of naming to BBI in the same way that hybrid logic extends normal modal logic. The binder-free extension captures most of the properties we consider, and the full extension HyBBI(↓) with the usual ↓ binder of hybrid logic covers all these properties. Third, we present an axiomatic proof system for our hybrid logic whose extension with any set of \"pure\" axioms is sound and complete with respect to the models satisfying those axioms. As a corollary of this general result, we obtain, in a parametric manner, a sound and complete axiomatic proof system for any separation theory from our considered class. To the best of our knowledge, this class includes all separation theories appearing in the published literature.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"14 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73502774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
Authenticated data structures, generically 一般来说,经过身份验证的数据结构
Andrew K. Miller, M. Hicks, Jonathan Katz, E. Shi
An authenticated data structure (ADS) is a data structure whose operations can be carried out by an untrusted prover, the results of which a verifier can efficiently check as authentic. This is done by having the prover produce a compact proof that the verifier can check along with each operation's result. ADSs thus support outsourcing data maintenance and processing tasks to untrusted servers without loss of integrity. Past work on ADSs has focused on particular data structures (or limited classes of data structures), one at a time, often with support only for particular operations. This paper presents a generic method, using a simple extension to a ML-like functional programming language we call λ• (lambda-auth), with which one can program authenticated operations over any data structure defined by standard type constructors, including recursive types, sums, and products. The programmer writes the data structure largely as usual and it is compiled to code to be run by the prover and verifier. Using a formalization of λ• we prove that all well-typed λ• programs result in code that is secure under the standard cryptographic assumption of collision-resistant hash functions. We have implemented λ• as an extension to the OCaml compiler, and have used it to produce authenticated versions of many interesting data structures including binary search trees, red-black+ trees, skip lists, and more. Performance experiments show that our approach is efficient, giving up little compared to the hand-optimized data structures developed previously.
ADS (authenticated data structure)是一种数据结构,它的操作可以由不受信任的证明者执行,验证者可以有效地检查其结果是否可信。这是通过让证明者生成一个紧凑的证明来完成的,验证者可以与每个操作的结果一起检查。因此,ads支持将数据维护和处理任务外包给不受信任的服务器,而不会丢失完整性。过去关于ads的工作主要集中在特定的数据结构(或有限的数据结构类)上,每次一个,通常只支持特定的操作。本文提出了一种泛型方法,使用类似ml的函数式编程语言λ•(lambda-auth)的简单扩展,可以在任何由标准类型构造函数定义的数据结构上编程认证操作,包括递归类型、和和乘积。程序员像往常一样编写数据结构,并将其编译为由证明者和验证者运行的代码。使用λ•的形式化,我们证明了在抗碰撞哈希函数的标准密码学假设下,所有类型良好的λ•程序都会产生安全的代码。我们已经将λ•实现为OCaml编译器的扩展,并使用它生成许多有趣的数据结构的认证版本,包括二叉搜索树、红黑+树、跳跃表等。性能实验表明,我们的方法是有效的,与以前开发的手动优化数据结构相比,放弃的很少。
{"title":"Authenticated data structures, generically","authors":"Andrew K. Miller, M. Hicks, Jonathan Katz, E. Shi","doi":"10.1145/2535838.2535851","DOIUrl":"https://doi.org/10.1145/2535838.2535851","url":null,"abstract":"An authenticated data structure (ADS) is a data structure whose operations can be carried out by an untrusted prover, the results of which a verifier can efficiently check as authentic. This is done by having the prover produce a compact proof that the verifier can check along with each operation's result. ADSs thus support outsourcing data maintenance and processing tasks to untrusted servers without loss of integrity. Past work on ADSs has focused on particular data structures (or limited classes of data structures), one at a time, often with support only for particular operations. This paper presents a generic method, using a simple extension to a ML-like functional programming language we call λ• (lambda-auth), with which one can program authenticated operations over any data structure defined by standard type constructors, including recursive types, sums, and products. The programmer writes the data structure largely as usual and it is compiled to code to be run by the prover and verifier. Using a formalization of λ• we prove that all well-typed λ• programs result in code that is secure under the standard cryptographic assumption of collision-resistant hash functions. We have implemented λ• as an extension to the OCaml compiler, and have used it to produce authenticated versions of many interesting data structures including binary search trees, red-black+ trees, skip lists, and more. Performance experiments show that our approach is efficient, giving up little compared to the hand-optimized data structures developed previously.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"190 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72762028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 79
Tracing compilation by abstract interpretation 通过抽象解释跟踪编译
Stefano Dissegna, F. Logozzo, Francesco Ranzato
Tracing just-in-time compilation is a popular compilation schema for the efficient implementation of dynamic languages, which is commonly used for JavaScript, Python, and PHP. It relies on two key ideas. First, it monitors the execution of the program to detect so-called hot paths, i.e., the most frequently executed paths. Then, it uses some store information available at runtime to optimize hot paths. The result is a residual program where the optimized hot paths are guarded by sufficient conditions ensuring the equivalence of the optimized path and the original program. The residual program is persistently mutated during its execution, e.g., to add new optimized paths or to merge existing paths. Tracing compilation is thus fundamentally different than traditional static compilation. Nevertheless, despite the remarkable practical success of tracing compilation, very little is known about its theoretical foundations. We formalize tracing compilation of programs using abstract interpretation. The monitoring (viz., hot path detection) phase corresponds to an abstraction of the trace semantics that captures the most frequent occurrences of sequences of program points together with an abstraction of their corresponding stores, e.g., a type environment. The optimization (viz., residual program generation) phase corresponds to a transform of the original program that preserves its trace semantics up to a given observation as modeled by some abstraction. We provide a generic framework to express dynamic optimizations and to prove them correct. We instantiate it to prove the correctness of dynamic type specialization. We show that our framework is more general than a recent model of tracing compilation introduced in POPL~2011 by Guo and Palsberg (based on operational bisimulations). In our model we can naturally express hot path reentrance and common optimizations like dead-store elimination, which are either excluded or unsound in Guo and Palsberg's framework.
跟踪即时编译是一种流行的编译模式,用于有效实现动态语言,它通常用于JavaScript、Python和PHP。它依赖于两个关键思想。首先,它监视程序的执行,以检测所谓的热路径,即最频繁执行的路径。然后,它使用运行时可用的一些存储信息来优化热路径。结果得到一个残差程序,其中优化热路径被充分条件保护,保证了优化路径与原程序的等价。残留程序在执行过程中持续发生变异,例如,添加新的优化路径或合并现有路径。因此,跟踪编译与传统的静态编译有着根本的不同。然而,尽管跟踪编译在实践中取得了显著的成功,但人们对其理论基础知之甚少。我们使用抽象解释形式化程序的跟踪编译。监控(即热路径检测)阶段对应于跟踪语义的抽象,跟踪语义捕获最频繁出现的程序点序列,以及它们相应存储的抽象,例如,类型环境。优化(即剩余程序生成)阶段对应于原始程序的转换,该转换保留其跟踪语义,直到通过某些抽象建模的给定观察。我们提供了一个通用框架来表达动态优化并证明它们是正确的。通过实例化来证明动态类型专门化的正确性。我们表明,我们的框架比最近由Guo和Palsberg在POPL~2011中引入的跟踪编译模型(基于操作双模拟)更通用。在我们的模型中,我们可以自然地表达热路径重新进入和常见的优化,如dead-store消除,这些在Guo和Palsberg的框架中要么被排除在外,要么不健全。
{"title":"Tracing compilation by abstract interpretation","authors":"Stefano Dissegna, F. Logozzo, Francesco Ranzato","doi":"10.1145/2535838.2535866","DOIUrl":"https://doi.org/10.1145/2535838.2535866","url":null,"abstract":"Tracing just-in-time compilation is a popular compilation schema for the efficient implementation of dynamic languages, which is commonly used for JavaScript, Python, and PHP. It relies on two key ideas. First, it monitors the execution of the program to detect so-called hot paths, i.e., the most frequently executed paths. Then, it uses some store information available at runtime to optimize hot paths. The result is a residual program where the optimized hot paths are guarded by sufficient conditions ensuring the equivalence of the optimized path and the original program. The residual program is persistently mutated during its execution, e.g., to add new optimized paths or to merge existing paths. Tracing compilation is thus fundamentally different than traditional static compilation. Nevertheless, despite the remarkable practical success of tracing compilation, very little is known about its theoretical foundations. We formalize tracing compilation of programs using abstract interpretation. The monitoring (viz., hot path detection) phase corresponds to an abstraction of the trace semantics that captures the most frequent occurrences of sequences of program points together with an abstraction of their corresponding stores, e.g., a type environment. The optimization (viz., residual program generation) phase corresponds to a transform of the original program that preserves its trace semantics up to a given observation as modeled by some abstraction. We provide a generic framework to express dynamic optimizations and to prove them correct. We instantiate it to prove the correctness of dynamic type specialization. We show that our framework is more general than a recent model of tracing compilation introduced in POPL~2011 by Guo and Palsberg (based on operational bisimulations). In our model we can naturally express hot path reentrance and common optimizations like dead-store elimination, which are either excluded or unsound in Guo and Palsberg's framework.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"11 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74013327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
A constraint-based approach to solving games on infinite graphs 基于约束的无限图博弈求解方法
Tewodros A. Beyene, Swarat Chaudhuri, C. Popeea, A. Rybalchenko
We present a constraint-based approach to computing winning strategies in two-player graph games over the state space of infinite-state programs. Such games have numerous applications in program verification and synthesis, including the synthesis of infinite-state reactive programs and branching-time verification of infinite-state programs. Our method handles games with winning conditions given by safety, reachability, and general Linear Temporal Logic (LTL) properties. For each property class, we give a deductive proof rule that --- provided a symbolic representation of the game players --- describes a winning strategy for a particular player. Our rules are sound and relatively complete. We show that these rules can be automated by using an off-the-shelf Horn constraint solver that supports existential quantification in clause heads. The practical promise of the rules is demonstrated through several case studies, including a challenging "Cinderella-Stepmother game" that allows infinite alternation of discrete and continuous choices by two players, as well as examples derived from prior work on program repair and synthesis.
我们提出了一种基于约束的方法来计算无限状态规划的状态空间上的双人图博弈中的获胜策略。这种博弈在程序验证和综合中有许多应用,包括无限状态反应程序的合成和无限状态程序的分支时间验证。我们的方法处理由安全性、可达性和一般线性时间逻辑(LTL)属性给出的获胜条件的游戏。对于每个属性类,我们给出一个演绎证明规则,该规则提供了游戏玩家的符号表示,描述了特定玩家的获胜策略。我们的规则是健全的,比较完整的。我们展示了这些规则可以通过使用现成的Horn约束求解器来实现自动化,该约束求解器支持子句头中的存在量化。这些规则的实际应用是通过几个案例研究来证明的,包括一个具有挑战性的“灰姑娘-继母游戏”,允许两个玩家无限地选择离散和连续的选择,以及来自先前程序修复和合成工作的例子。
{"title":"A constraint-based approach to solving games on infinite graphs","authors":"Tewodros A. Beyene, Swarat Chaudhuri, C. Popeea, A. Rybalchenko","doi":"10.1145/2535838.2535860","DOIUrl":"https://doi.org/10.1145/2535838.2535860","url":null,"abstract":"We present a constraint-based approach to computing winning strategies in two-player graph games over the state space of infinite-state programs. Such games have numerous applications in program verification and synthesis, including the synthesis of infinite-state reactive programs and branching-time verification of infinite-state programs. Our method handles games with winning conditions given by safety, reachability, and general Linear Temporal Logic (LTL) properties. For each property class, we give a deductive proof rule that --- provided a symbolic representation of the game players --- describes a winning strategy for a particular player. Our rules are sound and relatively complete. We show that these rules can be automated by using an off-the-shelf Horn constraint solver that supports existential quantification in clause heads. The practical promise of the rules is demonstrated through several case studies, including a challenging \"Cinderella-Stepmother game\" that allows infinite alternation of discrete and continuous choices by two players, as well as examples derived from prior work on program repair and synthesis.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"60 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76016603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 88
Probabilistic relational verification for cryptographic implementations 密码实现的概率关系验证
G. Barthe, C. Fournet, B. Grégoire, Pierre-Yves Strub, N. Swamy, Santiago Zanella Béguelin
Relational program logics have been used for mechanizing formal proofs of various cryptographic constructions. With an eye towards scaling these successes towards end-to-end security proofs for implementations of distributed systems, we present RF*, a relational extension of F*, a general-purpose higher-order stateful programming language with a verification system based on refinement types. The distinguishing feature of F* is a relational Hoare logic for a higher-order, stateful, probabilistic language. Through careful language design, we adapt the F* typechecker to generate both classic and relational verification conditions, and to automatically discharge their proofs using an SMT solver. Thus, we are able to benefit from the existing features of F*, including its abstraction facilities for modular reasoning about program fragments. We evaluate RF* experimentally by programming a series of cryptographic constructions and protocols, and by verifying their security properties, ranging from information flow to unlinkability, integrity, and privacy. Moreover, we validate the design of RF* by formalizing in Coq a core probabilistic λ calculus and a relational refinement type system and proving the soundness of the latter against a denotational semantics of the probabilistic lambda λ calculus.
关系程序逻辑已被用于机械化各种密码结构的形式证明。为了将这些成功扩展到分布式系统实现的端到端安全证明,我们提出了RF*, F*的关系扩展,F*是一种通用的高阶状态编程语言,具有基于细化类型的验证系统。F*的显著特征是用于高阶、有状态、概率语言的关系Hoare逻辑。通过仔细的语言设计,我们调整了F*类型检查器来生成经典和关系验证条件,并使用SMT求解器自动释放它们的证明。因此,我们能够受益于F*的现有特性,包括它对程序片段进行模块化推理的抽象功能。我们通过编程一系列加密结构和协议,并通过验证其安全属性(从信息流到不可链接性、完整性和隐私性),对RF*进行了实验评估。此外,我们通过在Coq中形式化一个核心概率λ演算和一个关系细化类型系统来验证RF*的设计,并证明后者针对概率λ演算的指称语义的合理性。
{"title":"Probabilistic relational verification for cryptographic implementations","authors":"G. Barthe, C. Fournet, B. Grégoire, Pierre-Yves Strub, N. Swamy, Santiago Zanella Béguelin","doi":"10.1145/2535838.2535847","DOIUrl":"https://doi.org/10.1145/2535838.2535847","url":null,"abstract":"Relational program logics have been used for mechanizing formal proofs of various cryptographic constructions. With an eye towards scaling these successes towards end-to-end security proofs for implementations of distributed systems, we present RF*, a relational extension of F*, a general-purpose higher-order stateful programming language with a verification system based on refinement types. The distinguishing feature of F* is a relational Hoare logic for a higher-order, stateful, probabilistic language. Through careful language design, we adapt the F* typechecker to generate both classic and relational verification conditions, and to automatically discharge their proofs using an SMT solver. Thus, we are able to benefit from the existing features of F*, including its abstraction facilities for modular reasoning about program fragments. We evaluate RF* experimentally by programming a series of cryptographic constructions and protocols, and by verifying their security properties, ranging from information flow to unlinkability, integrity, and privacy. Moreover, we validate the design of RF* by formalizing in Coq a core probabilistic λ calculus and a relational refinement type system and proving the soundness of the latter against a denotational semantics of the probabilistic lambda λ calculus.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"99 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76544968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 103
A type-directed abstraction refinement approach to higher-order model checking 用于高阶模型检查的面向类型的抽象细化方法
S. Ramsay, R. Neatherway, C. Ong
The trivial-automaton model checking problem for higher-order recursion schemes has become a widely studied object in connection with the automatic verification of higher-order programs. The problem is formidably hard: despite considerable progress in recent years, no decision procedures have been demonstrated to scale robustly beyond recursion schemes that comprise more than a few hundred rewrite rules. We present a new, fixed-parameter polynomial time algorithm, based on a novel, type directed form of abstraction refinement in which behaviours of a scheme are distinguished by the abstraction according to the intersection types that they inhabit (the properties that they satisfy). Unlike other intersection type approaches, our algorithm reasons both about acceptance by the property automaton and acceptance by its dual, simultaneously, in order to minimize the amount of work done by converging on the solution to a problem instance from both sides. We have constructed Preface, a prototype implementation of the algorithm, and assembled an extensive body of evidence to demonstrate empirically that the algorithm readily scales to recursion schemes of several thousand rules, well beyond the capabilities of current state-of-the-art higher-order model checkers.
高阶递归方案的平凡自动机模型检验问题已成为高阶程序自动验证研究的热点。这个问题非常困难:尽管近年来取得了相当大的进展,但没有一个决策过程被证明可以健壮地扩展到包含数百个重写规则的递归方案之外。我们提出了一种新的固定参数多项式时间算法,基于一种新的、类型导向的抽象改进形式,其中方案的行为根据它们所处的交集类型(它们满足的属性)通过抽象来区分。与其他交叉类型的方法不同,我们的算法同时考虑属性自动机的可接受性和对偶的可接受性,以便通过从两边收敛到问题实例的解来最小化所做的工作量。我们构建了前言,这是该算法的一个原型实现,并收集了大量证据,以经验证明该算法很容易扩展到数千条规则的递归方案,远远超出了当前最先进的高阶模型检查器的能力。
{"title":"A type-directed abstraction refinement approach to higher-order model checking","authors":"S. Ramsay, R. Neatherway, C. Ong","doi":"10.1145/2535838.2535873","DOIUrl":"https://doi.org/10.1145/2535838.2535873","url":null,"abstract":"The trivial-automaton model checking problem for higher-order recursion schemes has become a widely studied object in connection with the automatic verification of higher-order programs. The problem is formidably hard: despite considerable progress in recent years, no decision procedures have been demonstrated to scale robustly beyond recursion schemes that comprise more than a few hundred rewrite rules. We present a new, fixed-parameter polynomial time algorithm, based on a novel, type directed form of abstraction refinement in which behaviours of a scheme are distinguished by the abstraction according to the intersection types that they inhabit (the properties that they satisfy). Unlike other intersection type approaches, our algorithm reasons both about acceptance by the property automaton and acceptance by its dual, simultaneously, in order to minimize the amount of work done by converging on the solution to a problem instance from both sides. We have constructed Preface, a prototype implementation of the algorithm, and assembled an extensive body of evidence to demonstrate empirically that the algorithm readily scales to recursion schemes of several thousand rules, well beyond the capabilities of current state-of-the-art higher-order model checkers.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"22 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78731044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 53
Backpack: retrofitting Haskell with interfaces 背包:用接口改造Haskell
S. Kilpatrick, Derek Dreyer, S. Jones, S. Marlow
Module systems like that of Haskell permit only a weak form of modularity in which module implementations depend directly on other implementations and must be processed in dependency order. Module systems like that of ML, on the other hand, permit a stronger form of modularity in which explicit interfaces express assumptions about dependencies, and each module can be typechecked and reasoned about independently. In this paper, we present Backpack, a new language for building separately-typecheckable *packages* on top of a weak module system like Haskell's. The design of Backpack is inspired by the MixML module calculus of Rossberg and Dreyer, but differs significantly in detail. Like MixML, Backpack supports explicit interfaces and recursive linking. Unlike MixML, Backpack supports a more flexible applicative semantics of instantiation. Moreover, its design is motivated less by foundational concerns and more by the practical concern of integration into Haskell, which has led us to advocate simplicity---in both the syntax and semantics of Backpack---over raw expressive power. The semantics of Backpack packages is defined by elaboration to sets of Haskell modules and binary interface files, thus showing how Backpack maintains interoperability with Haskell while extending it with separate typechecking. Lastly, although Backpack is geared toward integration into Haskell, its design and semantics are largely agnostic with respect to the details of the underlying core language.
像Haskell这样的模块系统只允许弱形式的模块化,其中模块实现直接依赖于其他实现,并且必须按照依赖顺序进行处理。另一方面,像ML这样的模块系统允许更强形式的模块化,其中显式接口表示关于依赖关系的假设,并且每个模块都可以独立地进行类型检查和推理。在本文中,我们介绍了Backpack,这是一种新的语言,用于在弱模块系统(如Haskell)上构建可单独类型检查的“包”。Backpack的设计灵感来自Rossberg和Dreyer的MixML模块演算,但在细节上有很大的不同。与MixML一样,Backpack支持显式接口和递归链接。与MixML不同,Backpack支持更灵活的实例化应用语义。此外,它的设计动机与其说是出于基础考虑,倒不如说更多的是出于集成到Haskell中的实际考虑,这使得我们提倡简单——无论是在语法还是语义上——而不是原始的表达能力。Backpack包的语义是通过对Haskell模块集和二进制接口文件的细化来定义的,从而展示了Backpack如何在通过单独的类型检查扩展Haskell的同时保持与Haskell的互操作性。最后,尽管Backpack旨在与Haskell集成,但它的设计和语义在很大程度上与底层核心语言的细节无关。
{"title":"Backpack: retrofitting Haskell with interfaces","authors":"S. Kilpatrick, Derek Dreyer, S. Jones, S. Marlow","doi":"10.1145/2535838.2535884","DOIUrl":"https://doi.org/10.1145/2535838.2535884","url":null,"abstract":"Module systems like that of Haskell permit only a weak form of modularity in which module implementations depend directly on other implementations and must be processed in dependency order. Module systems like that of ML, on the other hand, permit a stronger form of modularity in which explicit interfaces express assumptions about dependencies, and each module can be typechecked and reasoned about independently. In this paper, we present Backpack, a new language for building separately-typecheckable *packages* on top of a weak module system like Haskell's. The design of Backpack is inspired by the MixML module calculus of Rossberg and Dreyer, but differs significantly in detail. Like MixML, Backpack supports explicit interfaces and recursive linking. Unlike MixML, Backpack supports a more flexible applicative semantics of instantiation. Moreover, its design is motivated less by foundational concerns and more by the practical concern of integration into Haskell, which has led us to advocate simplicity---in both the syntax and semantics of Backpack---over raw expressive power. The semantics of Backpack packages is defined by elaboration to sets of Haskell modules and binary interface files, thus showing how Backpack maintains interoperability with Haskell while extending it with separate typechecking. Lastly, although Backpack is geared toward integration into Haskell, its design and semantics are largely agnostic with respect to the details of the underlying core language.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":"31 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79030192","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
期刊
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1