Results 1  10
of
30
SafeDrive: Safe and recoverable extensions using languagebased techniques
 In OSDI’06
, 2006
"... We present SafeDrive, a system for detecting and recovering from type safety violations in software extensions. SafeDrive has low overhead and requires minimal changes to existing source code. To achieve this result, SafeDrive uses a novel type system that provides finegrained isolation for existing ..."
Abstract

Cited by 76 (5 self)
 Add to MetaCart
(Show Context)
We present SafeDrive, a system for detecting and recovering from type safety violations in software extensions. SafeDrive has low overhead and requires minimal changes to existing source code. To achieve this result, SafeDrive uses a novel type system that provides finegrained isolation for existing extensions written in C. In addition, SafeDrive tracks invariants using simple wrappers for the host system API and restores them when recovering from a violation. This approach achieves finegrained memory error detection and recovery with few code changes and at a significantly lower performance cost than existing solutions based on hardwareenforced domains, such as Nooks [33], L4 [21], and Xen [13], or softwareenforced domains, such as SFI [35]. The principles used in SafeDrive can be applied to any large system with loadable, errorprone extension modules. In this paper we describe our experience using SafeDrive for protection and recovery of a variety of Linux device drivers. In order to apply SafeDrive to these device drivers, we had to change less than 4 % of the source code. SafeDrive recovered from all 44 crashes due to injected faults in a network card driver. In experiments with 6 different drivers, we observed increases in kernel CPU utilization of 4–23 % with no noticeable degradation in endtoend performance. 1
MBase: Representing Knowledge and Context for the Integration of Mathematical Software Systems
, 2000
"... In this article we describe the data model of the MBase system, a webbased, ..."
Abstract

Cited by 46 (12 self)
 Add to MetaCart
In this article we describe the data model of the MBase system, a webbased,
TypeTheoretic Methodology For Practical Programming Languages
 DEPARTMENT OF COMPUTER SCIENCE, CORNELL UNIVERSITY
, 1998
"... The significance of type theory to the theory of programming languages has long been recognized. Advances in programming languages have often derived from understanding that stems from type theory. However, these applications of type theory to practical programming languages have been indirect; the ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
The significance of type theory to the theory of programming languages has long been recognized. Advances in programming languages have often derived from understanding that stems from type theory. However, these applications of type theory to practical programming languages have been indirect; the differences between practical languages and type theory have prevented direct connections between the two. This dissertation presents systematic techniques directly relating practical programming languages to type theory. These techniques allow programming languages to be interpreted in the rich mathematical domain of type theory. Such interpretations lead to semantics that are at once denotational and operational, combining the advantages of each, and they also lay the foundation for formal verification of computer programs in type theory. Previous type theories either have not provided adequate expressiveness to interpret practical languages, or have provided such expressiveness at the expense of essential features of the type theory. In particular, no previous type theory has supported a notion of partial functions (needed to interpret recursion in practical languages), and a notion of total functions and objects (needed to reason about data values), and an intrinsic notion of equality (needed for most interesting results). This dissertation presents the first type theory incorporating all three, and discusses issues arising in the design of that type theory. This type theory is used as the target of a typetheoretic semantics for a expressive programming calculus. This calculus may serve as an internal language for a variety of functional programming languages. The semantics is stated as a syntaxdirected embedding of the programming calculus into type theory. A critical point arising in both the type theory and the typetheoretic semantics is the issue of admissibility. Admissibility governs what types it is legal to form recursive functions over. To build a useful type theory for partial functions it is necessary to have a wide class of admissible types. In particular, it is necessary for all the types arising in the typetheoretic semantics to be admissible. In this dissertation I present a class of admissible types that is considerably wider than any previously known class.
Dependent Intersection: A New Way of Defining Records in Type Theory
"... Record types are an important tool for programming and are essential in objectoriented calculi. Dependent record types are proven to be very useful for program specification and verification. Unfortunately, all known embedding of the dependent record type in the type theory had some imperfections. I ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
(Show Context)
Record types are an important tool for programming and are essential in objectoriented calculi. Dependent record types are proven to be very useful for program specification and verification. Unfortunately, all known embedding of the dependent record type in the type theory had some imperfections. In this paper we present a new type constructor, dependent intersection, i.e., the intersection of two types, where the second type may depend on elements of the first one (do not confuse it with the intersection of a family of types). This new type constructor allows us to define dependent records in a very simple way.
Building Reliable, HighPerformance Networks with the Nuprl Proof Development System
 UNDER CONSIDERATION FOR PUBLICATION IN J. FUNCTIONAL PROGRAMMING
"... Proof systems for expressive type theories provide a foundation for the verification and synthesis of programs. But despite their successful application to numerous programming problems there remains an issue with scalability. Are proof environments capable of reasoning about large software systems? ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
Proof systems for expressive type theories provide a foundation for the verification and synthesis of programs. But despite their successful application to numerous programming problems there remains an issue with scalability. Are proof environments capable of reasoning about large software systems? Can the support they offer be useful in practice? In this article we answer this question by showing how the Nuprl proof development system and its rich type theory have contributed to the design of reliable, highperformance networks by synthesizing optimized code for application configurations of the Ensemble group communication toolkit. We present a typetheoretical semantics of OCaml, the implementation language of Ensemble, and tools for automatically importing system code into the Nuprl system. We describe reasoning strategies for generating verifiably correct fastpath optimizations of application configurations that substantially reduce endtoend latency in Ensemble. We also discuss briefly how to use Nuprl for checking configurations against specifications and for the design of reliable adaptive network protocols.
NuPRL’s class theory and its applications
 Foundations of Secure Computation, NATO ASI Series, Series F: Computer & System Sciences
, 2000
"... This article presents a theory of classes and inheritance built on top of constructive type theory. Classes are defined using dependent and very dependent function types that are found in the Nuprl constructive type theory. Inheritance is defined in terms of a general subtyping relation over the und ..."
Abstract

Cited by 15 (7 self)
 Add to MetaCart
(Show Context)
This article presents a theory of classes and inheritance built on top of constructive type theory. Classes are defined using dependent and very dependent function types that are found in the Nuprl constructive type theory. Inheritance is defined in terms of a general subtyping relation over the underlying types. Among the basic types is the intersection type which plays a critical role in the applications because it provides a method of composing program components. The class theory is applied to defining algebraic structures such as monoids, groups, rings, etc. and relating them. It is also used to define communications protocols as infinite state automata. The article illustrates the role of these formal automata in defining the services of a distributed group communications system. In both applications the inheritance mechanisms allow reuse of proofs and the statement of general properties of system composition. 1
NuprlLight: An implementation framework for higherorder logics
 IN 14TH INTERNATIONAL CONFERENCE ON AUTOMATED DEDUCTION
, 1997
"... Recent developments in higherorder logics and theorem prover design have led to an ..."
Abstract

Cited by 13 (8 self)
 Add to MetaCart
(Show Context)
Recent developments in higherorder logics and theorem prover design have led to an
An objectoriented approach to verifying group communication systems
, 1998
"... Group communication system assist the development of faulttolerant distributed algorithms by providing precise guarantees on message ordering, delivery, and synchronization. Ensemble is a widely used group communication system that is highly modular and configurable. Formally verifying Ensemble is ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Group communication system assist the development of faulttolerant distributed algorithms by providing precise guarantees on message ordering, delivery, and synchronization. Ensemble is a widely used group communication system that is highly modular and configurable. Formally verifying Ensemble is a formidable task, but it has wideranging benefits, from formal assistance in the design of new distributed applications, to ensuring the reliability of critical distributed algorithms for all applications that use Ensemble. In this paper, we present a verification framework that we are using the verify Ensemble in the Nuprl proof development system. The framework is based on I/O automata, which are ideal for the verification in some respects: they they specify modular components that range from concrete protocol code to abstract services. But traditional I/O automata do not allow reuse of formal theorems as automata are composed. We present a new typetheoretic basis for I/O automata that preserves safety properties during composition using an objectoriented methodology.
MetaPRL  A Modular Logical Environment
, 2003
"... MetaPRL is the latest system to come out of over twenty five years of research by the Cornell PRL group. While initially created at Cornell, MetaPRL is currently a collaborative project involving several universities in several countries. The MetaPRL system combines the properties of an interactive ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
MetaPRL is the latest system to come out of over twenty five years of research by the Cornell PRL group. While initially created at Cornell, MetaPRL is currently a collaborative project involving several universities in several countries. The MetaPRL system combines the properties of an interactive LCFstyle tacticbased proof assistant, a logical framework, a logical programming environment, and a formal methods programming toolkit. MetaPRL is distributed under an opensource license and can be downloaded from http://metaprl.org/. This paper provides an overview of the system focusing on the features that did not exist in the previous generations of PRL systems.
Predicate transformers for infinitestate automata in nuprl type theory
 In Proceedings of 3 rd Irish Workshop in Formal Methods
, 1999
"... This paper has two goals. The first is to present a formalization in Nuprl type theory of a very general methodology for system description, specification and verification. The method is especially suitable for describing distributed systems, and is based on a modification of the I/O automata of Lyn ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
This paper has two goals. The first is to present a formalization in Nuprl type theory of a very general methodology for system description, specification and verification. The method is especially suitable for describing distributed systems, and is based on a modification of the I/O automata of Lynch & Tuttle. By using infinite extendible records as the state spaces of automata we gain a key inheritance property that make modular verification tractible. The second goal is to show how we can state and prove metatheorems about the method in Nuprl by a reflection procedure whereby we define syntax and semantics for both system descriptions and specifications within Nuprl type theory. We can then define a syntactic predicate transformation algorithm that generates syntactic verification conditions, and then prove the metatheorem that shows that the truth of (the meanings of) the verification conditions implies that (the meaning of) the description satisfies (the meaning of) the specification. 1