Results 1  10
of
144
Mobile Resource Guarantees for Smart Devices
 Proceedings of CASSIS’04, LNCS
, 2005
"... Abstract. We present the Mobile Resource Guarantees framework: a system for ensuring that downloaded programs are free from runtime violations of resource bounds. Certificates are attached to code in the form of efficiently checkable proofs of resource bounds; in contrast to cryptographic certifica ..."
Abstract

Cited by 50 (6 self)
 Add to MetaCart
Abstract. We present the Mobile Resource Guarantees framework: a system for ensuring that downloaded programs are free from runtime violations of resource bounds. Certificates are attached to code in the form of efficiently checkable proofs of resource bounds; in contrast to cryptographic certificates of code origin, these are independent of trust networks. A novel programming language with resource constraints encoded in function types is used to streamline the generation of proofs of resource usage. 1
Speed: Precise and efficient static estimation of program computational complexity
 In POPL’09
, 2009
"... This paper describes an interprocedural technique for computing symbolic bounds on the number of statements a procedure executes in terms of its scalar inputs and userdefined quantitative functions of input datastructures. Such computational complexity bounds for even simple programs are usually ..."
Abstract

Cited by 47 (5 self)
 Add to MetaCart
This paper describes an interprocedural technique for computing symbolic bounds on the number of statements a procedure executes in terms of its scalar inputs and userdefined quantitative functions of input datastructures. Such computational complexity bounds for even simple programs are usually disjunctive, nonlinear, and involve numerical properties of heaps. We address the challenges of generating these bounds using two novel ideas. We introduce a proof methodology based on multiple counter instrumentation (each counter can be initialized and incremented at potentially multiple program locations) that allows a given linear invariant generation tool to compute linear bounds individually on these counter variables. The bounds on these counters are then composed together to generate total bounds that are nonlinear and disjunctive. We also give an algorithm for automating this proof
Automatic Inference of Upper Bounds for Recurrence Relations in Cost Analysis
 In SAS, LNCS
"... Abstract. The classical approach to automatic cost analysis consists of two phases. Given a program and some measure of cost, we first produce recurrence relations (RRs) which capture the cost of our program in terms of the size of its input data. Second, we convert such RRs into closed form (i.e., ..."
Abstract

Cited by 37 (11 self)
 Add to MetaCart
Abstract. The classical approach to automatic cost analysis consists of two phases. Given a program and some measure of cost, we first produce recurrence relations (RRs) which capture the cost of our program in terms of the size of its input data. Second, we convert such RRs into closed form (i.e., without recurrences). Whereas the first phase has received considerable attention, with a number of cost analyses available for a variety of programming languages, the second phase has received comparatively little attention. In this paper we first study the features of RRs generated by automatic cost analysis and discuss why existing computer algebra systems are not appropriate for automatically obtaining closed form solutions nor upper bounds of them. Then we present, to our knowledge, the first practical framework for the fully automatic generation of reasonably accurate upper bounds of RRs originating from cost analysis of a wide range of programs. It is based on the inference of ranking functions and loop invariants and on partial evaluation. 1
Memory Usage Verification for OO Programs
 In SAS 05
, 2005
"... Abstract. We present a new type system for an objectoriented (OO) language that characterizes the sizes of data structures and the amount of heap memory required to successfully execute methods that operate on these data structures. Key components of this type system include type assertions that us ..."
Abstract

Cited by 31 (3 self)
 Add to MetaCart
Abstract. We present a new type system for an objectoriented (OO) language that characterizes the sizes of data structures and the amount of heap memory required to successfully execute methods that operate on these data structures. Key components of this type system include type assertions that use symbolic Presburger arithmetic expressions to capture data structure sizes, the effect of methods on the data structures that they manipulate, and the amount of memory that methods allocate and deallocate. For each method, we conservatively capture the amount of memory required to execute the method as a function of the sizes of the method’s inputs. The safety guarantee is that the method will never attempt to use more memory than its type expressions specify. We have implemented a type checker to verify memory usages of OO programs. Our experience is that the type system can precisely and effectively capture memory bounds for a wide range of programs. 1
Automatic Certification of Heap Consumption
 In LPAR’04, LNAI 3452
, 2005
"... Abstract. We present a program logic for verifying the heap consumption of lowlevel programs. The proof rules employ a uniform assertion format and have been derived from a general purpose program logic [1]. In a proofcarrying code scenario, the inference of invariants is delegated to the code pro ..."
Abstract

Cited by 27 (15 self)
 Add to MetaCart
Abstract. We present a program logic for verifying the heap consumption of lowlevel programs. The proof rules employ a uniform assertion format and have been derived from a general purpose program logic [1]. In a proofcarrying code scenario, the inference of invariants is delegated to the code provider, who employs a certifying compiler that generates a certificate from program annotations and analysis. The granularity of the proof rules matches that of the linear type system presented in [6], which enables us to perform verification by replaying typing derivations in a theorem prover, given the specifications of individual methods. The resulting verification conditions are of limited complexity, and are automatically discharged. We also outline a proof system that relaxes the linearity restrictions and relates to the type system of usage aspects presented in [2]. 1
Grail: A Functional Form for Imperative Mobile Code
, 2003
"... In Robert Louis Stevenson's novel [31], Dr Jekyll is a wellregarded member of polite society, while his alter ego Mr Hyde shares the same physical form but roams abroad communing with the lowest elements. In this paper we present Grail, a wellbehaved firstorder functional language that is th ..."
Abstract

Cited by 27 (13 self)
 Add to MetaCart
In Robert Louis Stevenson's novel [31], Dr Jekyll is a wellregarded member of polite society, while his alter ego Mr Hyde shares the same physical form but roams abroad communing with the lowest elements. In this paper we present Grail, a wellbehaved firstorder functional language that is the target for an MLlike compiler; while also being a wholly imperative language of assignments that travels and executes as Java classfiles. We use this dual identity in the Mobile Resource Guarantees project, where Grail serves as proofcarrying code to provide assurances of time and space performance, thereby supporting secure and reliable global computing.
Light types for polynomial time computation in lambdacalculus
 In Proceedings of the 19th IEEE Syposium on Logic in Computer Science
, 2004
"... We propose a new type system for lambdacalculus ensuring that welltyped programs can be executed in polynomial time: Dual light affine logic (DLAL). DLAL has a simple type language with a linear and an intuitionistic type arrow, and one modality. It corresponds to a fragment of Light affine logic ..."
Abstract

Cited by 27 (10 self)
 Add to MetaCart
We propose a new type system for lambdacalculus ensuring that welltyped programs can be executed in polynomial time: Dual light affine logic (DLAL). DLAL has a simple type language with a linear and an intuitionistic type arrow, and one modality. It corresponds to a fragment of Light affine logic (LAL). We show that contrarily to LAL, DLAL ensures good properties on lambdaterms: subject reduction is satisfied and a welltyped term admits a polynomial bound on the reduction by any strategy. Finally we establish that as LAL, DLAL allows to represent all polytime functions. 1
TypeBased Amortised HeapSpace Analysis
 In ESOP 2006, LNCS 3924
, 2006
"... Abstract. We present a type system for a compiletime analysis of heapspace requirements of Java style objectoriented programs with explicit deallocation. Our system is based on an amortised complexity analysis: the data is arbitrarily assigned a potential related to its size and layout; allocation ..."
Abstract

Cited by 26 (9 self)
 Add to MetaCart
Abstract. We present a type system for a compiletime analysis of heapspace requirements of Java style objectoriented programs with explicit deallocation. Our system is based on an amortised complexity analysis: the data is arbitrarily assigned a potential related to its size and layout; allocations must be ”payed for ” from this potential. The potential of each input then furnishes an upper bound on the heap space usage for the computation on this input. We successfully treat inheritance, downcast, update and aliasing. Example applications for the analysis include destinationpassing style and doublylinked lists. Type inference is explicitly not included; the contribution lies in the system elides most technical lemmas and proofs, even nontrivial ones, due to space limitations. A full version is available at the authors ’ web pages. 1
Certified memory usage analysis
 In FM’05, number 3582 in LNCS
, 2005
"... Abstract. We present a certified algorithm for resource usage analysis, applicable to languages in the style of Java byte code. The algorithm verifies that a program executes in bounded memory. The algorithm is destined to be used in the development process of applets and for enhanced byte code veri ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
Abstract. We present a certified algorithm for resource usage analysis, applicable to languages in the style of Java byte code. The algorithm verifies that a program executes in bounded memory. The algorithm is destined to be used in the development process of applets and for enhanced byte code verification on embedded devices. We have therefore aimed at a lowcomplexity algorithm derived from a loop detection algorithm for control flow graphs. The expression of the algorithm as a constraintbased static analysis of the program over simple lattices provides a link with abstract interpretation that allows to state and prove formally the correctness of the analysis with interpretation framework implemented in the Coq proof assistant which has been used to provide a complete formalisation and formal verification of all correctness proofs.
Eekelen. Polynomial size analysis of firstorder functions
, 2007
"... Abstract. We present a sizeaware type system for firstorder shapely function definitions. Here, a function definition is called shapely when the size of the result is determined exactly by a polynomial in the sizes of the arguments. Examples of shapely function definitions may be matrix multiplica ..."
Abstract

Cited by 20 (11 self)
 Add to MetaCart
Abstract. We present a sizeaware type system for firstorder shapely function definitions. Here, a function definition is called shapely when the size of the result is determined exactly by a polynomial in the sizes of the arguments. Examples of shapely function definitions may be matrix multiplication and the Cartesian product of two lists. The type checking problem for the type system is shown to be undecidable in general. We define a natural syntactic restriction such that the type checking becomes decidable, even though size polynomials are not necessarily linear or monotonic. Furthermore, a method that infers polynomial size dependencies for a nontrivial class of function definitions is suggested. 1