Results 11  20
of
21
Semantic foundations for typed assembly languages
 Prog. Languages and Systems (TOPLAS
, 2008
"... Typed Assembly Languages (TALs) are used to validate the safety of machinelanguage programs. The Foundational ProofCarrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms—the axioms of a suitably expressive logic plus a specification of machine semanti ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Typed Assembly Languages (TALs) are used to validate the safety of machinelanguage programs. The Foundational ProofCarrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms—the axioms of a suitably expressive logic plus a specification of machine semantics. This paper proposes general semantic foundations that permit modular proofs of the soundness of TALs. These semantic foundations include Typed Machine Language (TML), a type theory for specifying properties of lowlevel data with powerful and orthogonal type constructors, and Lc, a compositional logic for specifying properties of machine instructions with simplified reasoning about unstructured control flow. Both of these components, whose semantics we specify using higherorder logic, are useful for proving the soundness of TALs. We demonstrate this by using TML and Lc to verify the soundness of a lowlevel, typed assembly language, LTAL, which is the target of our coreMLtosparc compiler. To prove the soundness of the TML type system we have successfully applied a new approach, that of stepindexed logical relations. This approach provides the first semantic model for a type system with updatable references to values of impredicative quantified types. Both impredicative polymorphism and mutable references are essential when representing function closures in compilers with typed closure conversion, or when compiling objects to simpler typed primitives.
A Stepindexed Semantics of Imperative Objects
"... Stepindexed semantic models of types were proposed as an alternative to purely syntactic proofs of type safety using subject reduction. Building on work by Ahmed, Appel and others, we introduce a stepindexed model for the imperative object calculus of Abadi and Cardelli. Providing a semantic accou ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Stepindexed semantic models of types were proposed as an alternative to purely syntactic proofs of type safety using subject reduction. Building on work by Ahmed, Appel and others, we introduce a stepindexed model for the imperative object calculus of Abadi and Cardelli. Providing a semantic account of this calculus using more ‘traditional’, domaintheoretic approaches has proved challenging due to the combination of dynamically allocated objects, higherorder store, and an expressive type system. Here we show that the stepindexed model can interpret a rich type discipline with object types, subtyping, recursive and bounded quantified types in the presence of state.
A Tutorial Example of the Semantic Approach to Foundational ProofCarrying Code
 PROC. SIXTEENTH INTERNATIONAL CONFERENCE ON REWRITING TECHNIQUES AND APPLICATIONS, LECTURE NOTES IN COMPUTER SCIENCE 3465
, 2005
"... Proofcarrying code provides a mechanism for insuring that a host, or code consumer, can safely run code delivered by a code producer. The host specifies a safety policy as a set of axioms and inference rules. In addition to a compiled program, the code producer delivers a formal proof of safety ex ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Proofcarrying code provides a mechanism for insuring that a host, or code consumer, can safely run code delivered by a code producer. The host specifies a safety policy as a set of axioms and inference rules. In addition to a compiled program, the code producer delivers a formal proof of safety expressed in terms of those rules that can be easily checked. Foundational proofcarrying code (FPCC) provides increased security and greater flexibility in the construction of proofs of safety. Proofs of safety are constructed from the smallest possible set of axioms and inference rules. For example, typing rules are not included. In our semantic approach to FPCC, we encode a semantics of types from first principles and the typing rules are proved as lemmas. In addition, we start from a semantic definition of machine instructions and safety is defined directly from this semantics. Since FPCC starts from basic axioms and lowlevel definitions, it is necessary to build up a library of lemmas and definitions so that reasoning about particular programs can be carried out at a higher level, and ideally, also be automated. We describe a highlevel organization that involves Hoarestyle reasoning about machine code programs. This organization is presented using a detailed example. The example, as well as illustrating the above mentioned approach to organizing proofs, is designed to provide a tutorial introduction to a variety of facets of our FPCC approach. For example, it illustrates how to prove safety of programs that traverse input data structures as well as allocate new ones.
Fair Cooperative Multithreading or Typing Termination in a HigherOrder Concurrent Imperative Language
 Proceedings, 18th International Conference on Concurrency Theory
, 2007
"... We propose a new operational model for shared variable concurrency, in the context of a concurrent, higherorder imperative language Ã la ML. In our model the scheduling of threads is cooperative, and a nonterminating process suspends itself on each recursive call. A property to ensure in such a m ..."
Abstract
 Add to MetaCart
We propose a new operational model for shared variable concurrency, in the context of a concurrent, higherorder imperative language Ã la ML. In our model the scheduling of threads is cooperative, and a nonterminating process suspends itself on each recursive call. A property to ensure in such a model is fairness, that is, any thread should yield the scheduler after some finite computation. To this end, we follow and adapt the classical method for proving termination in typed formalisms, namely the realizability technique. There is a specific difficulty with higherorder state, which is that one cannot define a realizability interpretation simply by induction on types, because applying a function may have sideeffects at types not smaller than the type of the function. Moreover, such higherorder sideeffects may give rise to computations that diverge without resorting to explicit recursion. We overcome these difficulties by introducing a type and effect system for our language that enforces a stratification of the memory. The stratification prevents the circularities in the memory that may cause divergence, and allows us to define a realizability interpretation of the types and effects, which we then use to prove the intended termination property. Our realizability interpretation also copes with dynamic thread creation.
A Secure Programming Paradigm for Network Virtualization (Invited Paper)
"... Abstract—The central paradigm of today’s successful Internet is to keep the network core simple and move complexity towards the network end points. Unfortunately, this very paradigm limits network management and control capabilities, and creates opportunities for attacks such as worms, viruses, and ..."
Abstract
 Add to MetaCart
Abstract—The central paradigm of today’s successful Internet is to keep the network core simple and move complexity towards the network end points. Unfortunately, this very paradigm limits network management and control capabilities, and creates opportunities for attacks such as worms, viruses, and spam that often seriously disrupt and degrade Internet and user performance. The thrust of this paper is that such problems cannot be effectively solved unless a paradigm shift is adopted. Towards a more secure and manageable Internet, we propose “virtualization ” of the Internet, by carefully balancing its scalability and programmability properties. Our objective is to provide a programmable virtual Internet to users and to let them manage, control, and optimize it based on their individual needs. I.
Research Statement
"... plosion of interest in tools for intelligent data analysis: information retrieval, automatic similarity comparison and categorization of Web pages, information extraction and questionanswering. Statistical text analysis has proved to be a powerful tool for many of these tasks. The mathematical appr ..."
Abstract
 Add to MetaCart
plosion of interest in tools for intelligent data analysis: information retrieval, automatic similarity comparison and categorization of Web pages, information extraction and questionanswering. Statistical text analysis has proved to be a powerful tool for many of these tasks. The mathematical approach and its a#nity to physics  in statistical text analysis documents are represented as points in a highly dimensional vector space, where each dimension corresponds to a unique term occurring in the documents  was what drew me to Computer Science in the first place. From there, I went on to investigate more sophisticated mathematical techniques such as Singular Value Decomposition, Principal Component Analysis and matrix envelope minimization for finding groups of related texts and themes in a collection of documents. Experience with these techniques led to a job in the software industry, first at a startup company that created one of the first Web metasearch engines, and then at
An Indexed Model of Impredicative Polymorphism and Mutable References
, 2003
"... We present a semantic model of the polymorphic lambda calculus augmented with a higherorder store, allowing the storage of values of any type, including impredicative quantified types, mutable references, recursive types, and functions. Our model provides the first denotational semantics for a type ..."
Abstract
 Add to MetaCart
We present a semantic model of the polymorphic lambda calculus augmented with a higherorder store, allowing the storage of values of any type, including impredicative quantified types, mutable references, recursive types, and functions. Our model provides the first denotational semantics for a type system with updatable references to values of impredicative quantified types. The central idea behind our semantics is that instead of tracking the exact type of a mutable reference in a possible world our model keeps track of the approximate type. While highlevel languages like ML and Java do not themselves support storage of impredicative existential packages in mutable cells, this feature is essential when representing ML function closures, that is, in a target language for typed closure conversion of ML programs. 1
General Terms Languages, Verification Keywords Proof Checker, ProofCarrying Code
"... ABSTRACT Proof checkers for proofcarrying code (and similar systems) can suffer from two problems: huge proof witnesses and untrustworthy proof rules. No previous design has addressed both of these problems simultaneously. We show the theory, design, and implementation of a proofchecker that permi ..."
Abstract
 Add to MetaCart
ABSTRACT Proof checkers for proofcarrying code (and similar systems) can suffer from two problems: huge proof witnesses and untrustworthy proof rules. No previous design has addressed both of these problems simultaneously. We show the theory, design, and implementation of a proofchecker that permits small proof witnesses and machinecheckable proofs of the soundness of the system.
Reasoning on Assembly Code using Linear Logic
, 2013
"... We present a logic for reasoning on assembly code. The logic is an extension of intuitionistic linear logic with greatest fixed points, pointer assertions for reasoning about the heap, and modalities for reasoning about program execution. One of the modality corresponds to the step relation of the s ..."
Abstract
 Add to MetaCart
We present a logic for reasoning on assembly code. The logic is an extension of intuitionistic linear logic with greatest fixed points, pointer assertions for reasoning about the heap, and modalities for reasoning about program execution. One of the modality corresponds to the step relation of the semantics of an assembly code interpreter. Safety is defined as the greatest fixed point of this modal operator. We can deal with first class code pointers, in a modular way, by defining an indexed model of the logic. 1.