We present a statically typed embedding of relational programming�(specifically a dialect of miniKanren with disequality constraints) in Haskell.�Apart from handling types, our dialect extends standard relational combinator�repertoire with a variation of relational matching that supports static�exhaustiveness checks. To hide the boilerplate definitions and support�comfortable logic programming with user-defined data types we use generic�programming via GHC.Generics as well as metaprogramming via Template Haskell.�We demonstrate our dialect on several examples and compare its performance�against some other known implementations of miniKanren.
{"title":"typedKanren: Statically Typed Relational Programming with Exhaustive Matching in Haskell","authors":"Nikolai Kudasov, Artem Starikov","doi":"arxiv-2408.03170","DOIUrl":"https://doi.org/arxiv-2408.03170","url":null,"abstract":"We present a statically typed embedding of relational programming\u0000(specifically a dialect of miniKanren with disequality constraints) in Haskell.\u0000Apart from handling types, our dialect extends standard relational combinator\u0000repertoire with a variation of relational matching that supports static\u0000exhaustiveness checks. To hide the boilerplate definitions and support\u0000comfortable logic programming with user-defined data types we use generic\u0000programming via GHC.Generics as well as metaprogramming via Template Haskell.\u0000We demonstrate our dialect on several examples and compare its performance\u0000against some other known implementations of miniKanren.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141941251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mihai Nicola, Chaitanya Agarwal, Eric Koskinen, Thomas Wies
Many temporal safety properties of higher-order programs go beyond simple�event sequencing and require an automaton register (or "accumulator") to�express, such as input-dependency, event summation, resource usage, ensuring�equal event magnitude, computation cost, etc. Some steps have been made towards�verifying more basic temporal event sequences via reductions to fair�termination [Murase et al. 2016] or some input-dependent properties through�deductive proof systems [Nanjo et al. 2018]. However, there are currently no�automated techniques to verify the more general class of register-automaton�safety properties of higher-order programs. We introduce an abstract interpretation-based analysis to compute dependent,�register-automata effects of recursive, higher-order programs. We capture�properties of a program's effects in terms of automata that summarizes the�history of observed effects using an accumulator register. The key novelty is a�new abstract domain for context-dependent effects, capable of abstracting�relations between the program environment, the automaton control state, and the�accumulator value. The upshot is a dataflow type and effect system that�computes context-sensitive effect summaries. We demonstrate our work via a�prototype implementation that computes dependent effect summaries (and�validates assertions) for OCaml-like recursive higher order programs. As a�basis of comparison, we describe reductions to assertion checking for�effect-free programs, and demonstrate that our approach outperforms prior tools�Drift and RCaml/PCSat. Overall, across a set of 21 new benchmarks, RCaml/PCSat�could not verify any, Drift verified 9 benchmarks, and evDrift verified 19;�evDrift also had a 30.5x over Drift on those benchmarks that both tools could�solve.
{"title":"Inferring Accumulative Effects of Higher Order Programs","authors":"Mihai Nicola, Chaitanya Agarwal, Eric Koskinen, Thomas Wies","doi":"arxiv-2408.02791","DOIUrl":"https://doi.org/arxiv-2408.02791","url":null,"abstract":"Many temporal safety properties of higher-order programs go beyond simple\u0000event sequencing and require an automaton register (or \"accumulator\") to\u0000express, such as input-dependency, event summation, resource usage, ensuring\u0000equal event magnitude, computation cost, etc. Some steps have been made towards\u0000verifying more basic temporal event sequences via reductions to fair\u0000termination [Murase et al. 2016] or some input-dependent properties through\u0000deductive proof systems [Nanjo et al. 2018]. However, there are currently no\u0000automated techniques to verify the more general class of register-automaton\u0000safety properties of higher-order programs. We introduce an abstract interpretation-based analysis to compute dependent,\u0000register-automata effects of recursive, higher-order programs. We capture\u0000properties of a program's effects in terms of automata that summarizes the\u0000history of observed effects using an accumulator register. The key novelty is a\u0000new abstract domain for context-dependent effects, capable of abstracting\u0000relations between the program environment, the automaton control state, and the\u0000accumulator value. The upshot is a dataflow type and effect system that\u0000computes context-sensitive effect summaries. We demonstrate our work via a\u0000prototype implementation that computes dependent effect summaries (and\u0000validates assertions) for OCaml-like recursive higher order programs. As a\u0000basis of comparison, we describe reductions to assertion checking for\u0000effect-free programs, and demonstrate that our approach outperforms prior tools\u0000Drift and RCaml/PCSat. Overall, across a set of 21 new benchmarks, RCaml/PCSat\u0000could not verify any, Drift verified 9 benchmarks, and evDrift verified 19;\u0000evDrift also had a 30.5x over Drift on those benchmarks that both tools could\u0000solve.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141941153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Program logics are a powerful formal method in the context of program�verification. Can we develop a counterpart of program logics in the context of�language verification? This paper proposes language logics, which allow for�statements of the form ${P} mathcal{X} {Q}$ where $mathcal{X}$, the�subject of analysis, can be a language component such as a piece of grammar, a�typing rule, a reduction rule or other parts of a language definition. To�demonstrate our approach, we develop $mathbb{L}$, a language logic that can be�used to analyze language definitions on various aspects of language design. We�illustrate $mathbb{L}$ to the analysis of some selected aspects of a�programming language. We have also implemented an automated prover for�$mathbb{L}$, and we confirm that the tool repeats these analyses. Ultimately,�$mathbb{L}$ cannot verify languages. Nonetheless, we believe that this paper�provides a strong first step towards adopting the methods of program logics for�the analysis of languages.
{"title":"From Program Logics to Language Logics","authors":"Matteo Cimini","doi":"arxiv-2408.01515","DOIUrl":"https://doi.org/arxiv-2408.01515","url":null,"abstract":"Program logics are a powerful formal method in the context of program\u0000verification. Can we develop a counterpart of program logics in the context of\u0000language verification? This paper proposes language logics, which allow for\u0000statements of the form ${P} mathcal{X} {Q}$ where $mathcal{X}$, the\u0000subject of analysis, can be a language component such as a piece of grammar, a\u0000typing rule, a reduction rule or other parts of a language definition. To\u0000demonstrate our approach, we develop $mathbb{L}$, a language logic that can be\u0000used to analyze language definitions on various aspects of language design. We\u0000illustrate $mathbb{L}$ to the analysis of some selected aspects of a\u0000programming language. We have also implemented an automated prover for\u0000$mathbb{L}$, and we confirm that the tool repeats these analyses. Ultimately,\u0000$mathbb{L}$ cannot verify languages. Nonetheless, we believe that this paper\u0000provides a strong first step towards adopting the methods of program logics for\u0000the analysis of languages.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141941152","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Noninterference guarantees that an attacker cannot infer secrets by�interacting with a program. Information flow control (IFC) type systems assert�noninterference by tracking the level of information learned (pc) and�disallowing communication to entities of lesser or unrelated level than the pc.�Control flow constructs such as loops are at odds with this pattern because�they necessitate downgrading the pc upon recursion to be practical. In a�concurrent setting, however, downgrading is not generally safe. This paper�utilizes session types to track the flow of information and contributes an IFC�type system for message-passing concurrent processes that allows downgrading�the pc upon recursion. To make downgrading safe, the paper introduces regrading�policies. Regrading policies are expressed in terms of integrity labels, which�are also key to safe composition of entities with different regrading policies.�The paper develops the type system and proves progress-sensitive�noninterference for well-typed processes, ruling out timing attacks that�exploit the relative order of messages. The type system has been implemented in�a type checker, which supports security-polymorphic processes using local�security theories.
{"title":"Regrading Policies for Flexible Information Flow Control in Session-Typed Concurrency","authors":"Farzaneh Derakhshan, Stephanie Balzer, Yue Yao","doi":"arxiv-2407.20410","DOIUrl":"https://doi.org/arxiv-2407.20410","url":null,"abstract":"Noninterference guarantees that an attacker cannot infer secrets by\u0000interacting with a program. Information flow control (IFC) type systems assert\u0000noninterference by tracking the level of information learned (pc) and\u0000disallowing communication to entities of lesser or unrelated level than the pc.\u0000Control flow constructs such as loops are at odds with this pattern because\u0000they necessitate downgrading the pc upon recursion to be practical. In a\u0000concurrent setting, however, downgrading is not generally safe. This paper\u0000utilizes session types to track the flow of information and contributes an IFC\u0000type system for message-passing concurrent processes that allows downgrading\u0000the pc upon recursion. To make downgrading safe, the paper introduces regrading\u0000policies. Regrading policies are expressed in terms of integrity labels, which\u0000are also key to safe composition of entities with different regrading policies.\u0000The paper develops the type system and proves progress-sensitive\u0000noninterference for well-typed processes, ruling out timing attacks that\u0000exploit the relative order of messages. The type system has been implemented in\u0000a type checker, which supports security-polymorphic processes using local\u0000security theories.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141866615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Thibault DardinierETH Zurich, Michael SammlerETH Zurich, Gaurav ParthasarathyETH Zurich, Alexander J. SummersUniversity of British Columbia, Peter MüllerETH Zurich
Program verification tools are often implemented as front-end translations of�an input program into an intermediate verification language (IVL) such as�Boogie, GIL, Viper, or Why3. The resulting IVL program is then verified using�an existing back-end verifier. A soundness proof for such a translational�verifier needs to relate the input program and verification logic to the�semantics of the IVL, which in turn needs to be connected with the verification�logic implemented in the back-end verifiers. Performing such proofs is�challenging due to the large semantic gap between the input and output programs�and logics, especially for complex verification logics such as separation�logic. This paper presents a formal framework for reasoning about translational�separation logic verifiers. At its center is a generic core IVL that captures�the essence of different separation logics. We define its operational semantics�and formally connect it to two different back-end verifiers, which use symbolic�execution and verification condition generation, resp. Crucially, this�semantics uses angelic non-determinism to enable the application of different�proof search algorithms and heuristics in the back-end verifiers. An axiomatic�semantics for the core IVL simplifies reasoning about the front-end translation�by performing essential proof steps once and for all in the equivalence proof�with the operational semantics rather than for each concrete front-end�translation. We illustrate the usefulness of our formal framework by instantiating our�core IVL with elements of Viper and connecting it to two Viper back-ends as�well as a front-end for concurrent separation logic. All our technical results�have been formalized in Isabelle/HOL, including the core IVL and its semantics,�the semantics of two back-ends for a subset of Viper, and all proofs.
{"title":"Formal Foundations for Translational Separation Logic Verifiers (extended version)","authors":"Thibault DardinierETH Zurich, Michael SammlerETH Zurich, Gaurav ParthasarathyETH Zurich, Alexander J. SummersUniversity of British Columbia, Peter MüllerETH Zurich","doi":"arxiv-2407.20002","DOIUrl":"https://doi.org/arxiv-2407.20002","url":null,"abstract":"Program verification tools are often implemented as front-end translations of\u0000an input program into an intermediate verification language (IVL) such as\u0000Boogie, GIL, Viper, or Why3. The resulting IVL program is then verified using\u0000an existing back-end verifier. A soundness proof for such a translational\u0000verifier needs to relate the input program and verification logic to the\u0000semantics of the IVL, which in turn needs to be connected with the verification\u0000logic implemented in the back-end verifiers. Performing such proofs is\u0000challenging due to the large semantic gap between the input and output programs\u0000and logics, especially for complex verification logics such as separation\u0000logic. This paper presents a formal framework for reasoning about translational\u0000separation logic verifiers. At its center is a generic core IVL that captures\u0000the essence of different separation logics. We define its operational semantics\u0000and formally connect it to two different back-end verifiers, which use symbolic\u0000execution and verification condition generation, resp. Crucially, this\u0000semantics uses angelic non-determinism to enable the application of different\u0000proof search algorithms and heuristics in the back-end verifiers. An axiomatic\u0000semantics for the core IVL simplifies reasoning about the front-end translation\u0000by performing essential proof steps once and for all in the equivalence proof\u0000with the operational semantics rather than for each concrete front-end\u0000translation. We illustrate the usefulness of our formal framework by instantiating our\u0000core IVL with elements of Viper and connecting it to two Viper back-ends as\u0000well as a front-end for concurrent separation logic. All our technical results\u0000have been formalized in Isabelle/HOL, including the core IVL and its semantics,\u0000the semantics of two back-ends for a subset of Viper, and all proofs.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141866527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Marko Schmellenkamp, Thomas Zeume, Sven Argo, Sandra Kiefer, Cedric Siems, Fynn Stebel
We propose a scalable framework for deciding, proving, and explaining�(in)equivalence of context-free grammars. We present an implementation of the�framework and evaluate it on large data sets collected within educational�support systems. Even though the equivalence problem for context-free languages�is undecidable in general, the framework is able to handle a large portion of�these datasets. It introduces and combines techniques from several areas, such�as an abstract grammar transformation language to identify equivalent grammars�as well as sufficiently similar inequivalent grammars, theory-based comparison�algorithms for a large class of context-free languages, and a�graph-theory-inspired grammar canonization that allows to efficiently identify�isomorphic grammars.
{"title":"Detecting and explaining (in)equivalence of context-free grammars","authors":"Marko Schmellenkamp, Thomas Zeume, Sven Argo, Sandra Kiefer, Cedric Siems, Fynn Stebel","doi":"arxiv-2407.18220","DOIUrl":"https://doi.org/arxiv-2407.18220","url":null,"abstract":"We propose a scalable framework for deciding, proving, and explaining\u0000(in)equivalence of context-free grammars. We present an implementation of the\u0000framework and evaluate it on large data sets collected within educational\u0000support systems. Even though the equivalence problem for context-free languages\u0000is undecidable in general, the framework is able to handle a large portion of\u0000these datasets. It introduces and combines techniques from several areas, such\u0000as an abstract grammar transformation language to identify equivalent grammars\u0000as well as sufficiently similar inequivalent grammars, theory-based comparison\u0000algorithms for a large class of context-free languages, and a\u0000graph-theory-inspired grammar canonization that allows to efficiently identify\u0000isomorphic grammars.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141775834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Multi-head-self-attention (MHSA) mechanisms achieve state-of-the-art (SOTA)�performance across natural language processing and vision tasks. However, their�quadratic dependence on sequence lengths has bottlenecked inference speeds. To�circumvent this bottleneck, researchers have proposed various sparse-MHSA�models, where a subset of full attention is computed. Despite their promise,�current sparse libraries and compilers do not support high-performance�implementations for diverse sparse-MHSA patterns due to the underlying sparse�formats they operate on. These formats, which are typically designed for�high-performance & scientific computing applications, are either curated for�extreme amounts of random sparsity (<1% non-zero values), or specific sparsity�patterns. However, the sparsity patterns in sparse-MHSA are moderately sparse�(10-50% non-zero values) and varied, resulting in existing sparse-formats�trading off generality for performance. We bridge this gap, achieving both generality and performance, by proposing a�novel sparse format: affine-compressed-sparse-row (ACSR) and supporting�code-generation scheme, SPLAT, that generates high-performance implementations�for diverse sparse-MHSA patterns on GPUs. Core to our proposed format and code�generation algorithm is the observation that common sparse-MHSA patterns have�uniquely regular geometric properties. These properties, which can be analyzed�just-in-time, expose novel optimizations and tiling strategies that SPLAT�exploits to generate high-performance implementations for diverse patterns. To�demonstrate SPLAT's efficacy, we use it to generate code for various�sparse-MHSA models, achieving geomean speedups of 2.05x and 4.05x over�hand-written kernels written in triton and TVM respectively on A100 GPUs.�Moreover, its interfaces are intuitive and easy to use with existing�implementations of MHSA in JAX.
{"title":"SPLAT: A framework for optimised GPU code-generation for SParse reguLar ATtention","authors":"Ahan Gupta, Yueming Yuan, Devansh Jain, Yuhao Ge, David Aponte, Yanqi Zhou, Charith Mendis","doi":"arxiv-2407.16847","DOIUrl":"https://doi.org/arxiv-2407.16847","url":null,"abstract":"Multi-head-self-attention (MHSA) mechanisms achieve state-of-the-art (SOTA)\u0000performance across natural language processing and vision tasks. However, their\u0000quadratic dependence on sequence lengths has bottlenecked inference speeds. To\u0000circumvent this bottleneck, researchers have proposed various sparse-MHSA\u0000models, where a subset of full attention is computed. Despite their promise,\u0000current sparse libraries and compilers do not support high-performance\u0000implementations for diverse sparse-MHSA patterns due to the underlying sparse\u0000formats they operate on. These formats, which are typically designed for\u0000high-performance & scientific computing applications, are either curated for\u0000extreme amounts of random sparsity (<1% non-zero values), or specific sparsity\u0000patterns. However, the sparsity patterns in sparse-MHSA are moderately sparse\u0000(10-50% non-zero values) and varied, resulting in existing sparse-formats\u0000trading off generality for performance. We bridge this gap, achieving both generality and performance, by proposing a\u0000novel sparse format: affine-compressed-sparse-row (ACSR) and supporting\u0000code-generation scheme, SPLAT, that generates high-performance implementations\u0000for diverse sparse-MHSA patterns on GPUs. Core to our proposed format and code\u0000generation algorithm is the observation that common sparse-MHSA patterns have\u0000uniquely regular geometric properties. These properties, which can be analyzed\u0000just-in-time, expose novel optimizations and tiling strategies that SPLAT\u0000exploits to generate high-performance implementations for diverse patterns. To\u0000demonstrate SPLAT's efficacy, we use it to generate code for various\u0000sparse-MHSA models, achieving geomean speedups of 2.05x and 4.05x over\u0000hand-written kernels written in triton and TVM respectively on A100 GPUs.\u0000Moreover, its interfaces are intuitive and easy to use with existing\u0000implementations of MHSA in JAX.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141785469","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Secure Multi-Party Computation (MPC) is an important enabling technology for�data privacy in modern distributed applications. Currently, proof methods for�low-level MPC protocols are primarily manual and thus tedious and error-prone,�and are also non-standardized and unfamiliar to most PL theorists. As a step�towards better language support and language-based enforcement, we develop a�new staged PL for defining a variety of low-level probabilistic MPC protocols.�We also formulate a collection of confidentiality and integrity hyperproperties�for our language model that are familiar from information flow, including�conditional noninterference, gradual release, and robust declassification. We�demonstrate their relation to standard MPC threat models of passive and�malicious security, and how they can be leveraged in security verification of�protocols. To prove these properties we develop automated tactics in�$mathbb{F}_2$ that can be integrated with separation logic-style reasoning.
{"title":"Language-Based Security for Low-Level MPC","authors":"Christian Skalka, Joseph P. Near","doi":"arxiv-2407.16504","DOIUrl":"https://doi.org/arxiv-2407.16504","url":null,"abstract":"Secure Multi-Party Computation (MPC) is an important enabling technology for\u0000data privacy in modern distributed applications. Currently, proof methods for\u0000low-level MPC protocols are primarily manual and thus tedious and error-prone,\u0000and are also non-standardized and unfamiliar to most PL theorists. As a step\u0000towards better language support and language-based enforcement, we develop a\u0000new staged PL for defining a variety of low-level probabilistic MPC protocols.\u0000We also formulate a collection of confidentiality and integrity hyperproperties\u0000for our language model that are familiar from information flow, including\u0000conditional noninterference, gradual release, and robust declassification. We\u0000demonstrate their relation to standard MPC threat models of passive and\u0000malicious security, and how they can be leveraged in security verification of\u0000protocols. To prove these properties we develop automated tactics in\u0000$mathbb{F}_2$ that can be integrated with separation logic-style reasoning.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141775835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Luca Aceto, Daniele Gorla, Stian Lybech, Mohammad Hamdaqa
We continue the development of TinySol, a minimal object-oriented language�based on Solidity, the standard smart-contract language used for the Ethereum�platform. We first extend TinySol with exceptions and a gas mechanism, and�equip it with a small-step operational semantics. Introducing the gas mechanism�is fundamental for modelling real-life smart contracts in TinySol, since this�is the way in which termination of Ethereum smart contracts is usually ensured.�We then devise a type system for smart contracts guaranteeing that such�programs never run out of gas at runtime. This is a desirable property for�smart contracts, since a transaction that runs out of gas is aborted, but the�price paid to run the code is not returned to the invoker.
{"title":"Preventing Out-of-Gas Exceptions by Typing","authors":"Luca Aceto, Daniele Gorla, Stian Lybech, Mohammad Hamdaqa","doi":"arxiv-2407.15676","DOIUrl":"https://doi.org/arxiv-2407.15676","url":null,"abstract":"We continue the development of TinySol, a minimal object-oriented language\u0000based on Solidity, the standard smart-contract language used for the Ethereum\u0000platform. We first extend TinySol with exceptions and a gas mechanism, and\u0000equip it with a small-step operational semantics. Introducing the gas mechanism\u0000is fundamental for modelling real-life smart contracts in TinySol, since this\u0000is the way in which termination of Ethereum smart contracts is usually ensured.\u0000We then devise a type system for smart contracts guaranteeing that such\u0000programs never run out of gas at runtime. This is a desirable property for\u0000smart contracts, since a transaction that runs out of gas is aborted, but the\u0000price paid to run the code is not returned to the invoker.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141775836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We address the problem of preserving non-interference across compiler�transformations under speculative semantics. We develop a proof method that�ensures the preservation uniformly across all source programs. The basis of our�proof method is a new form of simulation relation. It operates over directives�that model the attacker's control over the micro-architectural state, and it�accounts for the fact that the compiler transformation may change the influence�of the micro-architectural state on the execution (and hence the directives).�Using our proof method, we show the correctness of dead code elimination. When�we tried to prove register allocation correct, we identified a previously�unknown weakness that introduces violations to non-interference. We have�confirmed the weakness for a mainstream compiler on code from the libsodium�cryptographic library. To reclaim security once more, we develop a novel static�analysis that operates on a product of source program and register-allocated�program. Using the analysis, we present an automated fix to existing register�allocation implementations. We prove the correctness of the fixed register�allocations with our proof method.
{"title":"SNIP: Speculative Execution and Non-Interference Preservation for Compiler Transformations","authors":"Sören van der Wall, Roland Meyer","doi":"arxiv-2407.15080","DOIUrl":"https://doi.org/arxiv-2407.15080","url":null,"abstract":"We address the problem of preserving non-interference across compiler\u0000transformations under speculative semantics. We develop a proof method that\u0000ensures the preservation uniformly across all source programs. The basis of our\u0000proof method is a new form of simulation relation. It operates over directives\u0000that model the attacker's control over the micro-architectural state, and it\u0000accounts for the fact that the compiler transformation may change the influence\u0000of the micro-architectural state on the execution (and hence the directives).\u0000Using our proof method, we show the correctness of dead code elimination. When\u0000we tried to prove register allocation correct, we identified a previously\u0000unknown weakness that introduces violations to non-interference. We have\u0000confirmed the weakness for a mainstream compiler on code from the libsodium\u0000cryptographic library. To reclaim security once more, we develop a novel static\u0000analysis that operates on a product of source program and register-allocated\u0000program. Using the analysis, we present an automated fix to existing register\u0000allocation implementations. We prove the correctness of the fixed register\u0000allocations with our proof method.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141785247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: