Your search keyword '"Steve Zdancewic"' showing total 11 results

1. Modular, compositional, and executable formal semantics for LLVM IR

Author

Vadim Zaliva, Calvin Beck, Irene Yoon, Yannick Zakowski, Steve Zdancewic, Ilia Zaichuk, CASH - Compilation and Analysis, Software and Hardware (CASH), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire de l'Informatique du Parallélisme (LIP), École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Centre National de la Recherche Scientifique (CNRS), University of Pennsylvania, and Department of Computer and Information Science [Pennsylvania] (CIS)

Subjects

Monads, Verified Compilation, Correctness, Semantics (computer science), Computer science, Formal semantics (linguistics), 0102 computer and information sciences, 02 engineering and technology, computer.software_genre, Semantic data model, 01 natural sciences, Operational semantics, Software and its engineering, 0202 electrical engineering, electronic engineering, information engineering, Coq, Safety, Risk, Reliability and Quality, Theory of computation, Denotational semantics, Bisimulation, [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL], Interpretation (logic), Programming language, 020207 software engineering, computer.file_format, Semantics, Compilers, 010201 computation theory & mathematics, Program verification, LLVM, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, Executable, computer, Software

Abstract

International audience; This paper presents a novel formal semantics, mechanized in Coq, for a large, sequential subset of the LLVM IR. In contrast to previous approaches, which use relationally-specified operational semantics, this new semantics is based on monadic interpretation of interaction trees, a structure that provides a more compositional approach to defining language semantics while retaining the ability to extract an executable interpreter. Our semantics handles many of the LLVM IR's non-trivial language features and is constructed modularly in terms of event handlers, including those that deal with nondeterminism in the specification. We show how this semantics admits compositional reasoning principles derived from the interaction trees equational theory of weak bisimulation, which we extend here to better deal with nondeterminism, and we use them to prove that the extracted reference interpreter faithfully refines the semantic model. We validate the correctness of the semantics by evaluating it on unit tests and LLVM IR programs generated by HELIX.

Published

2021

2. Interaction trees: representing recursive and impure programs in Coq

Author

Chung-Kil Hur, Benjamin C. Pierce, Steve Zdancewic, Li-yao Xia, Gregory Malecha, Yannick Zakowski, Paul He, Computer Science Department, University of Pennsylvania [Philadelphia], Seoul National University [Seoul] (SNU), and BedRock Systems Inc.

Subjects

FOS: Computer and information sciences, Computer science, Semantics (computer science), monads, 02 engineering and technology, computer.software_genre, Operational semantics, Denotational semantics, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Coq, Safety, Risk, Reliability and Quality, Formal verification, compiler correctness, ComputingMilieux_MISCELLANEOUS, Compiler correctness, Bisimulation, Computer Science - Programming Languages, [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL], Programming language, Coinduction, 020207 software engineering, 16. Peace & justice, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, Structural induction, coinduction, computer, Software, Programming Languages (cs.PL)

Abstract

"Interaction trees" (ITrees) are a general-purpose data structure for representing the behaviors of recursive programs that interact with their environments. A coinductive variant of "free monads," ITrees are built out of uninterpreted events and their continuations. They support compositional construction of interpreters from "event handlers", which give meaning to events by defining their semantics as monadic actions. ITrees are expressive enough to represent impure and potentially nonterminating, mutually recursive computations, while admitting a rich equational theory of equivalence up to weak bisimulation. In contrast to other approaches such as relationally specified operational semantics, ITrees are executable via code extraction, making them suitable for debugging, testing, and implementing software artifacts that are amenable to formal verification. We have implemented ITrees and their associated theory as a Coq library, mechanizing classic domain- and category-theoretic results about program semantics, iteration, monadic structures, and equational reasoning. Although the internals of the library rely heavily on coinductive proofs, the interface hides these details so that clients can use and reason about ITrees without explicit use of Coq's coinduction tactics. To showcase the utility of our theory, we prove the termination-sensitive correctness of a compiler from a simple imperative source language to an assembly-like target whose meanings are given in an ITree-based denotational semantics. Unlike previous results using operational techniques, our bisimulation proof follows straightforwardly by structural induction and elementary rewriting via an equational theory of combinators for control-flow graphs., Comment: 28 pages, 4 pages references, published at POPL 2020

Published

2019

3. QWIRE: a core language for quantum circuits

Author

Robert Rand, Jennifer Paykin, and Steve Zdancewic

Subjects

010302 applied physics, Quantum programming, Theoretical computer science, Programming language, Interface (Java), Computer science, Model of computation, 020207 software engineering, 0102 computer and information sciences, 02 engineering and technology, computer.software_genre, 01 natural sciences, Computer Graphics and Computer-Aided Design, Operational semantics, Denotational semantics, 010201 computation theory & mathematics, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, computer, Host (network), Quantum, Software, computer.programming_language, Quantum computer

Abstract

This paper introduces QWIRE (``choir''), a language for defining quantum circuits and an interface for manipulating them inside of an arbitrary classical host language. QWIRE is minimal---it contains only a few primitives---and sound with respect to the physical properties entailed by quantum mechanics. At the same time, QWIRE is expressive and highly modular due to its relationship with the host language, mirroring the QRAM model of computation that places a quantum computer (controlled by circuits) alongside a classical computer (controlled by the host language). We present QWIRE along with its type system and operational semantics, which we prove is safe and strongly normalizing whenever the host language is. We give circuits a denotational semantics in terms of density matrices. Throughout, we investigate examples that demonstrate the expressive power of QWIRE, including extensions to the host language that (1) expose a general analysis framework for circuits, and (2) provide dependent types.

Published

2017

4. Formalizing the LLVM intermediate representation for verified program transformations

Author

Milo M. K. Martin, Santosh Nagarakatte, Steve Zdancewic, and Jianzhou Zhao

Subjects

Intermediate language, Theoretical computer science, Static single assignment form, Computer science, Programming language, Formal semantics (linguistics), Proof assistant, computer.software_genre, Computer Graphics and Computer-Aided Design, Operational semantics, Semantics of logic, Test suite, Software_PROGRAMMINGLANGUAGES, computer, Memory safety, Implementation, Software, Interpreter

Abstract

This paper presents Vellvm (verified LLVM), a framework for reasoning about programs expressed in LLVM's intermediate representation and transformations that operate on it. Vellvm provides a mechanized formal semantics of LLVM's intermediate representation, its type system, and properties of its SSA form. The framework is built using the Coq interactive theorem prover. It includes multiple operational semantics and proves relations among them to facilitate different reasoning styles and proof techniques. To validate Vellvm's design, we extract an interpreter from the Coq formal semantics that can execute programs from LLVM test suite and thus be compared against LLVM reference implementations. To demonstrate Vellvm's practicality, we formalize and verify a previously proposed transformation that hardens C programs against spatial memory safety violations. Vellvm's tools allow us to extract a new, verified implementation of the transformation pass that plugs into the real LLVM infrastructure; its performance is competitive with the non-verified, ad-hoc original.

Published

2012

5. A type-theoretic interpretation of pointcuts and advice

Author

David Walker, Steve Zdancewic, and Jay Ligatti

Subjects

Theoretical computer science, Type theory, Computer science, Programming language, Semantics (computer science), 020207 software engineering, 02 engineering and technology, Aspects, computer.software_genre, Aspect-oriented programming languages, Operational semantics, Language primitive, High-level programming language, 020204 information systems, Programming language specification, 0202 electrical engineering, electronic engineering, information engineering, First-generation programming language, Low-level programming language, computer, Software, Programming language theory

Abstract

This article defines the semantics of MinAML, an idealized aspect-oriented programming language, by giving a type-directed translation from a user-friendly external language to a compact, well-defined core language. We argue that our framework is an effective way to give semantics to aspect-oriented programming languages in general because the translation eliminates shallow syntactic differences between related constructs and permits definition of an elegant and extensible core language.The core language extends the simply-typed lambda calculus with two central new abstractions: explicitly labeled program points and first-class advice. The labels serve both to trigger advice and to mark continuations that the advice may return to. These constructs are defined orthogonally to the other features of the language and we show that our abstractions can be used in both functional and object-oriented contexts. We prove Preservation and Progress lemmas for our core language and show that the translation from MinAML source into core is type-preserving. Together these two results imply that the source language is type safe. We also consider several extensions to our basic framework including a general mechanism for analyzing the current call stack.

Published

2006

6. Formalizing Java-MaC

Author

Myong Kim, Usa Sammapun, Raman Sharykin, Margaret DeLap, and Steve Zdancewic

Subjects

Correctness, General Computer Science, Java, Computer science, Programming language, Scala, strictfp, Runtime verification, computer.software_genre, Java concurrency, Operational semantics, Theoretical Computer Science, Real time Java, Instrumentation (computer programming), computer, Java Modeling Language, computer.programming_language, Computer Science(all)

Abstract

The Java-MaC framework is a run-time verification system for Java programs that can be used to dynamically test and enforce safety policies. This paper presents a formal model of the Java-MaC safety properties in terms of an operational semantics for Middleweight Java, a realistic subset of full Java. This model is intended to be used as a framework for studying the correctness of Java-MaC program instrumentation, optimizations, and future experimentation with run-time monitor expressiveness. As a preliminary demonstration of this model's applicability for these tasks, the paper sketches a correctness result for a simple program instrumentation scheme.

Published

2003

7. Syntactic type abstraction

Author

Dan Grossman, Steve Zdancewic, and Greg Morrisett

Subjects

Structure (mathematical logic), Theoretical computer science, Computer science, Programming language, Principal (computer security), Mathematical proof, computer.software_genre, Syntax, Operational semantics, Subject reduction, Parametricity, computer, Software, Abstraction (linguistics)

Abstract

Software developers often structure programs in such a way that different pieces of code constitute distinct principals . Types help define the protocol by which these principals interact. In particular, abstract types allow a principal to make strong assumptions about how well-typed clients use the facilities that it provides. We show how the notions of principals and type abstraction can be formalized within a language. Different principals can know the implementation of different abstract types. We use additional syntax to track the flow of values with abstract types during the evaluation of a program and demonstrate how this framework supports syntactic proofs (in the sytle of subject reduction) for type-abstraction properties. Such properties have traditionally required semantic arguments; using syntax aboids the need to build a model and recursive typesfor the language. We present various typed lambda calculi with principals, including versions that have mutable state and recursive types.

Published

2000

8. Dependent interoperability

Author

Steve Zdancewic, Peter-Michael Osera, and Vilhelm Sjöberg

Subjects

Marshalling, Theoretical computer science, Computer science, Programming language, Modulo, Interoperability, Language interoperability, Boundary (topology), Value (computer science), computer.software_genre, Dependent type, computer, Operational semantics

Abstract

In this paper we study the problem of interoperability --- combining constructs from two separate programming languages within one program --- in the case where one of the two languages is dependently typed and the other is simply typed.We present a core calculus called SD, which combines dependently- and simply-typed sub-languages and supports user-defined (dependent) datatypes, among other standard features. SD has "boundary terms" that mediate the interaction between the two sub-languages. The operational semantics of SD demonstrates how the necessary dynamic checks, which must be done when passing a value from the simply-typed world to the dependently typed world, can be extracted from the dependent type constructors themselves, modulo user-defined functions for marshaling values across the boundary.We establish type-safety and other meta-theoretic properties of SD, and contrast this approach to others in the literature.

Published

2012

9. Lightweight linear types in system f°

Author

Karl Mazurak, Steve Zdancewic, and Jianzhou Zhao

Subjects

Soundness, Programming language, Computer science, System F, Linear system, Linearity, Parametricity, computer.software_genre, Mathematical proof, computer, Operational semantics, Linear logic

Abstract

We present System F°, an extension of System F that uses kinds to distinguish between linear and unrestricted types, simplifying the use of linearity for general-purpose programming. We demonstrate through examples how System F° can elegantly express many useful protocols, and we prove that any protocol representable as a DFA can be encoded as an F° type. We supply mechanized proofs of System F°'s soundness and parametricity properties, along with a nonstandard operational semantics that formalizes common intuitions about linearity and aids in reasoning about protocols.We compare System F° to other linear systems, noting that the simplicity of our kind-based approach leads to a more explicit account of what linearity is meant to capture, allowing otherwise-conflicting interpretations of linearity (in particular, restrictions on aliasing versus restrictions on resource usage) to coexist peacefully. We also discuss extensions to System F^o aimed at making the core language more practical, including the additive fragment of linear logic, algebraic datatypes, and recursion.

Published

2010

10. A theory of aspects

Author

David Walker, Jay Ligatti, and Steve Zdancewic

Subjects

Computer science, Programming language, Semantics (computer science), Aspect-oriented programming, computer.software_genre, Semantics, Computer Graphics and Computer-Aided Design, Syntax, Operational semantics, Language primitive, Type theory, High-level programming language, First-generation programming language, Lambda calculus, Core language, Low-level programming language, Typed lambda calculus, computer, Software, computer.programming_language, Programming language theory

Abstract

This paper define the semantics of MinAML, an idealized aspect-oriented programming language, by giving a type-directed translation from its user-friendly external language to its compact, well-defined core language. We argue that our framework is an effective way to give semantics to aspect-oriented programming languages in general because the translation eliminates shallow syntactic differences between related constructs and permits definition of a clean, easy-to-understand, and easy-to-reason-about core language.The core language extends the simply-typed lambda calculus with two central new abstractions: explicitly labeled program points and first-class advice. The labels serve both to trigger advice and to mark continuations that the advice may return to. These constructs are defined orthogonally to the other features of the language and we show that our abstractions can be used in both functional and object-oriented contexts. The labels are well-scoped and the language as a whole is well-typed. Consequently, programmers can use lexical scoping in the standard way to prevent aspects from interfering with local program invariants.

Published

2003

11. Secure Information Flow and CPS

Author

Andrew C. Myers and Steve Zdancewic

Subjects

Imperative programming, Syntax (programming languages), Assembly language, Computer science, Programming language, Information flow (information theory), Computer security, computer.software_genre, computer, Operational semantics, computer.programming_language

Abstract

Security-typed languages enforce secrecy or integrity policies by type-checking. This paper investigates continuation-passing style as a means of proving that such languages enforce non-interference and as a first step towards understanding their compilation. We present a low-level, secure calculus with higher-order, imperative features. Our type system makes novel use of ordered linear continuations.

Published

2001