SyDPaCC (Systematic Development of programs for Parallel and Cloud Computing) is a framework for the Coq interactive theorem prover. It allows to systematically develop correct parallel programs from specifications via verified and automated program transformations. The obtained programs are scalable, i.e. able to run on numerous processors. SyDPaCC produces programs written in the multi-paradigm and functional programming language OCaml with calls to the BSML (Bulk Synchronous parallel ML) parallel programming library. In this paper we present ongoing work towards an extension of SyDPaCC to be able to produce Scala programs using Apache Spark for parallel processing.
SyDPaCC (system Development of programs for Parallel and Cloud Computing)是Coq交互定理证明器的框架。它允许系统地开发通过验证和自动化程序转换规范的正确并行程序。获得的程序是可伸缩的,即能够在多个处理器上运行。SyDPaCC生成用多范式和函数式编程语言OCaml编写的程序,并调用BSML(批量同步并行ML)并行编程库。在本文中,我们介绍了正在进行的SyDPaCC扩展工作,以便能够使用Apache Spark进行并行处理来生成Scala程序。
{"title":"Towards Verified Scalable Parallel Computing with Coq and Spark","authors":"F. Loulergue, Jolan Philippe","doi":"10.1145/3605156.3606450","DOIUrl":"https://doi.org/10.1145/3605156.3606450","url":null,"abstract":"SyDPaCC (Systematic Development of programs for Parallel and Cloud Computing) is a framework for the Coq interactive theorem prover. It allows to systematically develop correct parallel programs from specifications via verified and automated program transformations. The obtained programs are scalable, i.e. able to run on numerous processors. SyDPaCC produces programs written in the multi-paradigm and functional programming language OCaml with calls to the BSML (Bulk Synchronous parallel ML) parallel programming library. In this paper we present ongoing work towards an extension of SyDPaCC to be able to produce Scala programs using Apache Spark for parallel processing.","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128386459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Most mainstream object-oriented languages provide a notion of equality between objects which can be customized to be weaker than reference equality, and which is coupled with the customizable notion of object hash code. This feature is so pervasive in object-oriented code that incorrect redefinition or use of equality and hash code may have a serious impact on software reliability and safety. Despite redefinition of equality and hash code in mutable classes is unsafe, many widely used API libraries do that in Java and other similar languages. When objects of such classes are used as keys in hash tables, programs may exhibit unexpected and unpredictable behavior. In this paper we propose a runtime verification solution to avoid or at least mitigate this issue. Our proposal uses RML, a rewriting-based domain specific language for runtime verification which is independent from code instrumentation and the programming language used to develop the software to be verified.
{"title":"Runtime Verification of Hash Code in Mutable Classes","authors":"D. Ancona, Angelo Ferrando, V. Mascardi","doi":"10.1145/3605156.3606452","DOIUrl":"https://doi.org/10.1145/3605156.3606452","url":null,"abstract":"Most mainstream object-oriented languages provide a notion of equality between objects which can be customized to be weaker than reference equality, and which is coupled with the customizable notion of object hash code. This feature is so pervasive in object-oriented code that incorrect redefinition or use of equality and hash code may have a serious impact on software reliability and safety. Despite redefinition of equality and hash code in mutable classes is unsafe, many widely used API libraries do that in Java and other similar languages. When objects of such classes are used as keys in hash tables, programs may exhibit unexpected and unpredictable behavior. In this paper we propose a runtime verification solution to avoid or at least mitigate this issue. Our proposal uses RML, a rewriting-based domain specific language for runtime verification which is independent from code instrumentation and the programming language used to develop the software to be verified.","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115537282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
L. Miljak, Casper Bach Poulsen, Flip van Spaendonck
The goal of automated refactoring is to reduce maintenance effort. To realize this, programmers need to be able to trust or manually check that refactorings actually preserve behavior. To allow programmers to focus on such checks, automated refactorings should preserve program well-typedness. However, historically automated refactorings in popular IDEs could break well-typedness. The reason is that modern languages have complex name binding semantics which makes it hard to guarantee well-typedness in general. In recent work, scope graphs have been proposed as a uniform model for name binding. The model supports complex name binding patterns, and its uniformity makes it attractive to consider for verifying that refactorings preserve well-typedness. This paper explores how to prove that refactorings preserve well-typedness, using scope graphs. We consider a simple refactoring for merging modules in a toy module language, and prove that this refactoring preserves well-typedness. We give a generic template for proving well-typedness preservation using scope graphs, and discuss how this template relates to refactorings more generally.
{"title":"Verifying Well-Typedness Preservation of Refactorings using Scope Graphs","authors":"L. Miljak, Casper Bach Poulsen, Flip van Spaendonck","doi":"10.1145/3605156.3606455","DOIUrl":"https://doi.org/10.1145/3605156.3606455","url":null,"abstract":"The goal of automated refactoring is to reduce maintenance effort. To realize this, programmers need to be able to trust or manually check that refactorings actually preserve behavior. To allow programmers to focus on such checks, automated refactorings should preserve program well-typedness. However, historically automated refactorings in popular IDEs could break well-typedness. The reason is that modern languages have complex name binding semantics which makes it hard to guarantee well-typedness in general. In recent work, scope graphs have been proposed as a uniform model for name binding. The model supports complex name binding patterns, and its uniformity makes it attractive to consider for verifying that refactorings preserve well-typedness. This paper explores how to prove that refactorings preserve well-typedness, using scope graphs. We consider a simple refactoring for merging modules in a toy module language, and prove that this refactoring preserves well-typedness. We give a generic template for proving well-typedness preservation using scope graphs, and discuss how this template relates to refactorings more generally.","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"510 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122216571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Cárdenas, Paul Leger, Hiroaki Fukuda, Nicolás Cardozo
Static analyses, as points-to analysis, are useful to determine and assure different properties about a program, such as security or type safety. While existing analyses are effective in programs restricted to static features, precision declines in the presence of dynamic language features, and even further when the system behavior changes dynamically. As a consequence, improved points-to sets algorithms taking into account such language features and uses are required. In this paper, we present and extension of the point-to sets analysis to incorporate the language abstractions introduced by context-oriented programming adding the capability for programs to adapt their behavior dynamically to the system’s execution context. To do this, we extend WALA to detect the context-oriented language abstractions, and their representation within the system, to capture the dynamic behavior, in the particular case of the Context Traits JavaScript language extension. To prove the effectiveness of our extension, we evaluate the precision of the points-to set analysis with respect to the state of the art, over a set of context-oriented programs taken from the literature.
{"title":"Points-to Analysis for Context-Oriented JavaScript Programs","authors":"S. Cárdenas, Paul Leger, Hiroaki Fukuda, Nicolás Cardozo","doi":"10.1145/3605156.3606451","DOIUrl":"https://doi.org/10.1145/3605156.3606451","url":null,"abstract":"Static analyses, as points-to analysis, are useful to determine and assure different properties about a program, such as security or type safety. While existing analyses are effective in programs restricted to static features, precision declines in the presence of dynamic language features, and even further when the system behavior changes dynamically. As a consequence, improved points-to sets algorithms taking into account such language features and uses are required. In this paper, we present and extension of the point-to sets analysis to incorporate the language abstractions introduced by context-oriented programming adding the capability for programs to adapt their behavior dynamically to the system’s execution context. To do this, we extend WALA to detect the context-oriented language abstractions, and their representation within the system, to capture the dynamic behavior, in the particular case of the Context Traits JavaScript language extension. To prove the effectiveness of our extension, we evaluate the precision of the points-to set analysis with respect to the state of the art, over a set of context-oriented programs taken from the literature.","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133883758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Type systems usually characterize the shapes of values but not usually their free variables. Many desirable safety properties could be guaranteed by the type system if it knew exactly which variables were free in values. There has been much recent work investigating such systems, with an eventual goal of incorporating a capture tracking system into Scala. These systems are unfortunately complicated by advanced features in Scala's type system, particularly dependent types. We explore what a capture tracking system could look like without the full complication of dependent
{"title":"Dependency-Free Capture Tracking","authors":"Edward Lee, Kavin Satheeskumar, O. Lhoták","doi":"10.1145/3605156.3606454","DOIUrl":"https://doi.org/10.1145/3605156.3606454","url":null,"abstract":"Type systems usually characterize the shapes of values but not usually their free variables. Many desirable safety properties could be guaranteed by the type system if it knew exactly which variables were free in values. There has been much recent work investigating such systems, with an eventual goal of incorporating a capture tracking system into Scala. These systems are unfortunately complicated by advanced features in Scala's type system, particularly dependent types. We explore what a capture tracking system could look like without the full complication of dependent","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115588082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Type systems provide specifications and enable reasoning about the programs. Among other benefits, type systems provide guarantees of the absence of certain (ill-typed) program behaviors. Refinement types further enrich the expressiveness of type systems by allowing a predicate alongside the type. The crucial divide by zero and null pointer errors are safely eliminated with refinement types. Interestingly, Correctness-by-Construction (CbC) also provides a way to set specifications for the programs. The specifications are provided for the smaller modules. Larger programs are built by composing the functionally correct smaller modules. Therefore, CbC naturally results in verified and correct programs following the program specifications. In this short paper, we highlight that CbC meets refinement types in a sense that both approaches provide specifications for program correctness and larger programs are built by composing the functionally correct smaller modules.
{"title":"Correctness-by-Construction Meets Refinement Types","authors":"Baber Rehman","doi":"10.1145/3605156.3606449","DOIUrl":"https://doi.org/10.1145/3605156.3606449","url":null,"abstract":"Type systems provide specifications and enable reasoning about the programs. Among other benefits, type systems provide guarantees of the absence of certain (ill-typed) program behaviors. Refinement types further enrich the expressiveness of type systems by allowing a predicate alongside the type. The crucial divide by zero and null pointer errors are safely eliminated with refinement types. Interestingly, Correctness-by-Construction (CbC) also provides a way to set specifications for the programs. The specifications are provided for the smaller modules. Larger programs are built by composing the functionally correct smaller modules. Therefore, CbC naturally results in verified and correct programs following the program specifications. In this short paper, we highlight that CbC meets refinement types in a sense that both approaches provide specifications for program correctness and larger programs are built by composing the functionally correct smaller modules.","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122920021","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose a novel approach of constructing structured SSA forms. Specifically, our declarative algorithm converts a Featherweight Java (FJ) program into its structured SSA form in a single pass. We prove that the proposed algorithm produces valid SSA forms which are semantically consistent with respect to the original source programs. We verify the resulting SSA forms are minimal. We demonstrate that structured SSA form can serve as a unified intermediate representation for both compiler optimization and program verification pipelines. We implemented the algorithm as a library.
{"title":"Constructing Structured SSA from FJ","authors":"Kenny Zhuo Ming Lu, Daniel Yu Hian Low","doi":"10.1145/3605156.3606457","DOIUrl":"https://doi.org/10.1145/3605156.3606457","url":null,"abstract":"We propose a novel approach of constructing structured SSA forms. Specifically, our declarative algorithm converts a Featherweight Java (FJ) program into its structured SSA form in a single pass. We prove that the proposed algorithm produces valid SSA forms which are semantically consistent with respect to the original source programs. We verify the resulting SSA forms are minimal. We demonstrate that structured SSA form can serve as a unified intermediate representation for both compiler optimization and program verification pipelines. We implemented the algorithm as a library.","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130043688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pedro Ângelo, V. Bono, M. Dezani-Ciancaglini, Mário Florido
We present FJ&λ⋆, a new core calculus that extends Featherweight Java (FJ) with interfaces, λ-expressions, intersection types and a form of dynamic type. Intersection types can be used anywhere, in particular to specify target types of λ-expressions. The dynamic type is exploited to specify parts of the class tables and programs we want to exclude temporarily from static typing. Our main result is the gradual guarantee, which says that if a program is well typed in a class table, then replacing type annotations (from the program and from the class table) with the dynamic type always produces a program that is still well typed in the obtained class table. Furthermore, if a typed program evaluates to a value in a class table, then replacing type annotations with dynamic types always produces a program that evaluates to the same value in the obtained class table.
{"title":"Gradual Guarantee for FJ with lambda-Expressions","authors":"Pedro Ângelo, V. Bono, M. Dezani-Ciancaglini, Mário Florido","doi":"10.1145/3605156.3606453","DOIUrl":"https://doi.org/10.1145/3605156.3606453","url":null,"abstract":"We present FJ&λ⋆, a new core calculus that extends Featherweight Java (FJ) with interfaces, λ-expressions, intersection types and a form of dynamic type. Intersection types can be used anywhere, in particular to specify target types of λ-expressions. The dynamic type is exploited to specify parts of the class tables and programs we want to exclude temporarily from static typing. Our main result is the gradual guarantee, which says that if a program is well typed in a class table, then replacing type annotations (from the program and from the class table) with the dynamic type always produces a program that is still well typed in the obtained class table. Furthermore, if a typed program evaluates to a value in a class table, then replacing type annotations with dynamic types always produces a program that evaluates to the same value in the obtained class table.","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127994260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Automatic Differentiation (AD) has become a dominant technique in ML. AD frameworks have first been implemented for imperative languages using tapes. Meanwhile, functional implementations of AD have been developed, often based on dual numbers, which are close to the formal specification of differentiation and hence easier to prove correct. But these papers have focussed on correctness not efficiency. Recently, it was shown how an approach using dual numbers could be made efficient through the right optimizations. Optimizations are highly dependent on order, as one optimization can enable another. It can therefore be useful to have fine-grained control over the scheduling of optimizations. One method expresses compiler optimizations as rewrite rules, whose application can be combined and controlled using strategy languages. Previous work describes the use of term rewriting and strategies to generate high-performance code in a compiler for a functional language. In this work, we implement dual numbers AD in a functional array programming language using rewrite rules and strategy combinators for optimization. We aim to combine the elegance of differentiation using dual numbers with a succinct expression of the optimization schedule using a strategy language. We give preliminary evidence suggesting the viability of the approach on a micro-benchmark.
{"title":"Using Rewrite Strategies for Efficient Functional Automatic Differentiation","authors":"Timon Böhler, D. Richter, M. Mezini","doi":"10.1145/3605156.3606456","DOIUrl":"https://doi.org/10.1145/3605156.3606456","url":null,"abstract":"Automatic Differentiation (AD) has become a dominant technique in ML. AD frameworks have first been implemented for imperative languages using tapes. Meanwhile, functional implementations of AD have been developed, often based on dual numbers, which are close to the formal specification of differentiation and hence easier to prove correct. But these papers have focussed on correctness not efficiency. Recently, it was shown how an approach using dual numbers could be made efficient through the right optimizations. Optimizations are highly dependent on order, as one optimization can enable another. It can therefore be useful to have fine-grained control over the scheduling of optimizations. One method expresses compiler optimizations as rewrite rules, whose application can be combined and controlled using strategy languages. Previous work describes the use of term rewriting and strategies to generate high-performance code in a compiler for a functional language. In this work, we implement dual numbers AD in a functional array programming language using rewrite rules and strategy combinators for optimization. We aim to combine the elegance of differentiation using dual numbers with a succinct expression of the optimization schedule using a strategy language. We give preliminary evidence suggesting the viability of the approach on a micro-benchmark.","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132333199","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose an approach for modular verification of programs written in an object-oriented language where, like in C++, the same virtual method call is bound to different methods at different points during the construction or destruction of an object. Our separation logic combines Parkinson and Bierman's abstract predicate families with essentially explicitly tracking each subobject's vtable pointer. Our logic supports polymorphic destruction. Virtual inheritance is not yet supported. We formalized our approach and implemented it in our VeriFast tool for semi-automated modular formal verification of C++ programs.
{"title":"Verifying C++ Dynamic Binding","authors":"Niels Mommen, Bart Jacobs","doi":"10.1145/3605156.3606448","DOIUrl":"https://doi.org/10.1145/3605156.3606448","url":null,"abstract":"We propose an approach for modular verification of programs written in an object-oriented language where, like in C++, the same virtual method call is bound to different methods at different points during the construction or destruction of an object. Our separation logic combines Parkinson and Bierman's abstract predicate families with essentially explicitly tracking each subobject's vtable pointer. Our logic supports polymorphic destruction. Virtual inheritance is not yet supported. We formalized our approach and implemented it in our VeriFast tool for semi-automated modular formal verification of C++ programs.","PeriodicalId":254071,"journal":{"name":"Proceedings of the 25th ACM International Workshop on Formal Techniques for Java-like Programs","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126090988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: