Entity

Time filter

Source Type

United States

Gonthier G.,Microsoft | Ziliani B.,MPI | Nanevski A.,IMDEA Software Institute | Dreyer D.,MPI
Proceedings of the ACM SIGPLAN International Conference on Functional Programming, ICFP | Year: 2011

Most interactive theorem provers provide support for some form of user-customizable proof automation. In a number of popular systems, such as Coq and Isabelle, this automation is achieved primarily through tactics, which are programmed in a separate language from that of the prover's base logic. While tactics are clearly useful in practice, they can be difficult to maintain and compose because, unlike lemmas, their behavior cannot be specified within the expressive type system of the prover itself. We propose a novel approach to proof automation in Coq that allows the user to specify the behavior of custom automated routines in terms of Coq's own type system. Our approach involves a sophisticated application of Coq's canonical structures, which generalize Haskell type classes and facilitate a flexible style of dependently-typed logic programming. Specifically, just as Haskell type classes are used to infer the canonical implementation of an overloaded term at a given type, canonical structures can be used to infer the canonical proof of an overloaded lemma for a given instantiation of its parameters. We present a series of design patterns for canonical structure programming that enable one to carefully and predictably coax Coq's type inference engine into triggering the execution of user-supplied algorithms during unification, and we illustrate these patterns through several realistic examples drawn from Hoare Type Theory. We assume no prior knowledge of Coq and describe the relevant aspects of Coq type inference from first principles. Copyright © 2011 ACM. Source


Attiya H.,Technion - Israel Institute of Technology | Gotsman A.,IMDEA Software Institute | Hans S.,Technion - Israel Institute of Technology | Rinetzky N.,Tel Aviv University
Proceedings of the Annual ACM Symposium on Principles of Distributed Computing | Year: 2013

Transactional memory (TM) has been hailed as a paradigm for simplifying concurrent programming. While several consistency conditions have been suggested for TM, they fall short of formalizing the intuitive semantics of atomic blocks, the interface through which a TM is used in a programming language. To close this gap, we formalize the intuitive expectations of a programmer as observational refinement between TM implementations: a concrete TM observationally refines an abstract one if every user-observable behavior of a program using the former can be reproduced if the program uses the latter. This allows the programmer to reason about the behavior of a program using the intuitive semantics formalized by the abstract TM; the observational refinement relation implies that the conclusions will carry over to the case when the program uses the concrete TM. We show that, for a particular programming language and notions of observable behavior, a variant of the well-known consistency condition of opacity is sufficient for observational refinement, and its restriction to complete histories is furthermore necessary. Our results suggest a new approach to evaluating and comparing TM consistency conditions. They can also reduce the effort of proving that a TM implements its programming language interface correctly, by only requiring its developer to show that it satisfies the corresponding consistency condition. Copyright 2013 ACM. Source


Barthe G.,IMDEA Software Institute | Kunz C.,IMDEA Madrid Institute for Advanced Studies
ACM Transactions on Programming Languages and Systems | Year: 2011

A certificate is a mathematical object that can be used to establish that a piece of mobile code satisfies some security policy. In general, certificates cannot be generated automatically. There is thus an interest in developing methods to reuse certificates generated for source code to provide strong guarantees of the compiled code correctness. Certificate translation is a method to transform certificates of program correctness along semantically justified program transformations. These methods have been developed in previous work, but they were strongly dependent on particular programming and verification settings. This article provides a more general development in the setting of abstract interpretation, showing the scalability of certificate translation. © 2011 ACM. Source


Johnson N.M.,University of California at Berkeley | Juan C.,IMDEA Software Institute | Chen K.Z.,University of California at Berkeley | McCamant S.,University of California at Berkeley | And 4 more authors.
Proceedings - IEEE Symposium on Security and Privacy | Year: 2011

A security analyst often needs to understand two runs of the same program that exhibit a difference in program state or output. This is important, for example, for vulnerability analysis, as well as for analyzing a malware program that features different behaviors when run in different environments. In this paper we propose a differential slicing approach that automates the analysis of such execution differences. Differential slicing outputs a causal difference graph that captures the input differences that triggered the observed difference and the causal path of differences that led from those input differences to the observed difference. The analyst uses the graph to quickly understand the observed difference. We implement differential slicing and evaluate it on the analysis of 11 real-world vulnerabilities and 2 malware samples with environment-dependent behaviors. We also evaluate it in an informal user study with two vulnerability analysts. Our results show that differential slicing successfully identifies the input differences that caused the observed difference and that the causal difference graph significantly reduces the amount of time and effort required for an analyst to understand the observed difference. © 2011 IEEE. Source


Haemmerle R.,Technical University of Madrid | Lopez-Garcia P.,IMDEA Software Institute | Hermenegildo M.V.,IMDEA Madrid Institute for Advanced Studies
PPDP'11 - Proceedings of the 2011 Symposium on Principles and Practices of Declarative Programming | Year: 2011

This paper introduces and studies the notion of CLP projection for Constraint Handling Rules (CHR). The CLP projection consists of a naive translation of CHR programs into Constraint Logic Programs (CLP). We show that the CLP projection provides a safe operational and declarative approximation for CHR programs. We demonstrate moreover that a confluent CHR program has a least model, which is precisely equal to the least model of its CLP projection (closing hence a ten year-old conjecture by Abdennadher et al.). Finally, we illustrate how the notion of CLP projection can be used in practice to apply CLP analyzers to CHR. In particular, we show results from applying AProVE to prove termination, and CiaoPP to infer both complexity upper bounds and types for CHR programs. Copyright © 2011 ACM. Source

Discover hidden collaborations