A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Embracing a mechanized formalization gap
[article]
2019
arXiv
pre-print
Preserved Fulltext
If a code base is so big and complicated that complete mechanical verification is intractable, can we still apply and benefit from verification methods? We show that by allowing a deliberate mechanized formalization gap we can shrink and simplify the model until it is manageable, while still retaining a meaningful, declaratively documented connection to the original, unmodified source code. Concretely, we translate core parts of the Haskell compiler GHC into Coq, using hs-to-coq, and verify invariants related to the use of term variables.
arXiv:1910.11724v1
fatcat:iancabvl3nbrxi2coyol7c4iie
Testing noninterference, quickly
2013
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Information-flow control mechanisms are difficult to design and labor intensive to prove correct. To reduce the time wasted on proof attempts doomed to fail due to broken definitions, we advocate modern random testing techniques for finding counterexamples during the design process. We show how to use QuickCheck, a property-based random-testing tool, to guide the design of a simple information-flow abstract machine. We find that both sophisticated strategies for generating well-distributed
doi:10.1145/2544174.2500574
fatcat:7emv7ekrwrep3jrsplqe7mu7wa
more »
... m programs and readily falsifiable formulations of noninterference properties are critically important. We propose several approaches and evaluate their effectiveness on a collection of injected bugs of varying subtlety. We also present an effective technique for shrinking large counterexamples to minimal, easily comprehensible ones. Taken together, our best methods enable us to quickly and automatically generate simple counterexamples for all these bugs.
choose your own derivative (extended abstract)
2016
Proceedings of the 1st International Workshop on Type-Driven Development - TyDe 2016
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We discuss a generalization of the synchronization mechanism selective choice. We argue that selective choice can be extended to synchronize arbitrary data structures of events, based on a typing paradigm introduced by McBride: the derivatives of recursive data types. We discuss our work in progress implementing generalized selective choice as a Haskell library based on generic programming.
doi:10.1145/2976022.2976024
dblp:conf/icfp/PaykinSF16
fatcat:nl7ringsrbdrplcfmhe27w6zpm
Towards a Fully Abstract Compiler Using Micro-Policies: Secure Compilation for Mutually Distrustful Components
[article]
2015
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Secure compilation prevents all low-level attacks on compiled code and allows for sound reasoning about security in the source language. In this work we propose a new attacker model for secure compilation that extends the well-known notion of full abstraction to ensure protection for mutually distrustful components. We devise a compiler chain (compiler, linker, and loader) and a novel security monitor that together defend against this strong attacker model. The monitor is implemented using a
arXiv:1510.00697v1
fatcat:pdzanfz66faohjbpnl2wcv3y7e
more »
... ently proposed, generic tag-based protection framework called micro-policies, which comes with hardware support for efficient caching and with a formal verification methodology. Our monitor protects the abstractions of a simple object-oriented language---class isolation, the method call discipline, and type safety---against arbitrary low-level attackers.
Testing noninterference, quickly
2016
Journal of functional programming
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Other Versions
AbstractInformation-flow control mechanisms are difficult both to design and to prove correct. To reduce the time wasted on doomed proof attempts due to broken definitions, we advocate modern random-testing techniques for finding counterexamples during the design process. We show how to use QuickCheck, a property-based random-testing tool, to guide the design of increasingly complex information-flow abstract machines, leading up to a sophisticated register machine with a novel and highly
doi:10.1017/s0956796816000058
fatcat:qyjrtvt6grhrnj3yd4hrebdgci
more »
... ive flow-sensitive dynamic enforcement mechanism that is sound in the presence of first-class public labels. We find that both sophisticated strategies for generating well-distributed random programs and readily falsifiable formulations of noninterference properties are critically important for efficient testing. We propose several approaches and evaluate their effectiveness on a collection of injected bugs of varying subtlety. We also present an effective technique for shrinking large counterexamples to minimal, easily comprehensible ones. Taken together, our best methods enable us to quickly and automatically generate simple counterexamples for more than 45 bugs. Moreover, we show how testing guides the discovery of the sophisticated invariants needed for the noninterference proof of our most complex machine.
Testing noninterference, quickly
2013
Proceedings of the 18th ACM SIGPLAN international conference on Functional programming - ICFP '13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Information-flow control mechanisms are difficult to design and labor intensive to prove correct. To reduce the time wasted on proof attempts doomed to fail due to broken definitions, we advocate modern random testing techniques for finding counterexamples during the design process. We show how to use QuickCheck, a property-based random-testing tool, to guide the design of a simple information-flow abstract machine. We find that both sophisticated strategies for generating well-distributed
doi:10.1145/2500365.2500574
dblp:conf/icfp/HritcuHPSVAL13
fatcat:xg5leydmkfa3tjv6snaufbm2xe
more »
... m programs and readily falsifiable formulations of noninterference properties are critically important. We propose several approaches and evaluate their effectiveness on a collection of injected bugs of varying subtlety. We also present an effective technique for shrinking large counterexamples to minimal, easily comprehensible ones. Taken together, our best methods enable us to quickly and automatically generate simple counterexamples for all these bugs.
Micro-Policies: Formally Verified, Tag-Based Security Monitors
2015
2015 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Recent advances in hardware design have demonstrated mechanisms allowing a wide range of low-level security policies (or micro-policies) to be expressed using rules on metadata tags. We propose a methodology for defining and reasoning about such tag-based reference monitors in terms of a high-level "symbolic machine," and we use this methodology to define and formally verify micro-policies for dynamic sealing, compartmentalization, control-flow integrity, and memory safety; in addition, we show
doi:10.1109/sp.2015.55
dblp:conf/sp/AmorimDGHPST15
fatcat:h3c43yx4ofblzhmkl7d64h2h5q
more »
... how to use the tagging mechanism to protect its own integrity. For each micro-policy, we prove by refinement that the symbolic machine instantiated with the policy's rules embodies a high-level specification characterizing a useful security property. Last, we show how the symbolic machine itself can be implemented in terms of a hardware rule cache and a software controller. Abstract machine specification for micro-policy P Symbolic machine instance for P Concrete machine running policy monitor for P Symbolic machine Concrete machine Symbolic micro-policy (tags, transfer function, and monitor services) for P Monitor code (transfer function and monitor services) for P refines refines Generic components Micro-policy-specific components Generic miss handler abstract symbolic concrete
Total Haskell is reasonable Coq
2018
Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs - CPP 2018
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2017 pre-print arXiv:1711.09286v1 fatcat:opwtltl6wzek5ettvzlreoo55u
We would like to use the Coq proof assistant to mechanically verify properties of Haskell programs. To that end, we present a tool, named hs-to-coq, that translates total Haskell programs into Coq programs via a shallow embedding. We apply our tool in three case studies -- a lawful Monad instance, "Hutton's razor", and an existing data structure library -- and prove their correctness. These examples show that this approach is viable: both that hs-to-coq applies to existing Haskell code, and
doi:10.1145/3167092
dblp:conf/cpp/Spector-Zabusky18
fatcat:yazpv47ixvaerk63v7zepb2q7i
more »
... the output it produces is amenable to verification.
Ready, Set, Verify! Applying hs-to-coq to real-world Haskell code
[article]
2018
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Spector-Zabusky et al. [2018] describe three case studies, two of which require less than 20 lines of Haskell. ...
In contrast, a proof of termination is a requirement for verifying functions using hs-to-coq [Spector-Zabusky et al. 2018 ]. ...
arXiv:1803.06960v2
fatcat:bgigt7yjivcqrffegj3tllnl3m
Ready, set, verify! applying hs-to-coq to real-world Haskell code (experience report)
2018
Proceedings of the ACM on Programming Languages
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
This work is licensed under a Creative Commons Attribution 4.0 International License. 89:2 Breitner, Spector-Zabusky, Li, Rizkallah, Wiegley, and Weirich functions, and type classes into equivalent Coq ...
Furthermore, by using multiple disparate specifications, we not 89:6 Breitner, Spector-Zabusky, Li, Rizkallah, Wiegley, and Weirich only increase the assurance that we captured all the important behaviors ...
Depending on how involved the termination argument for a given function is, we use one of the following approaches.
89:12 Breitner, Spector-Zabusky, Li, Rizkallah, Wiegley, and Weirich Obvious structural ...
doi:10.1145/3236784
dblp:journals/pacmpl/BreitnerSLRWW18
fatcat:y3m367mjffflxcrj2bru2rk554
Scalable Handling of Effects (Dagstuhl Seminar 21292)
2021
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Proc) → List α timeshare m := schedule [Paused (λ⟨⟩.reifyProcess m)]
Antal Spector-Zabusky (Jane Street -London, GB) License Creative Commons BY 4.0 International license © Antal Spector-Zabusky Joint ...
work of Antal Spector-Zabusky, Stephan Dolan, Leo White
Wouter Swierstra (Utrecht University, NL) and Robert Atkey (University of Strathclyde -Glasgow, GB)LicenseCreative Commons BY 4.0 International ...
doi:10.4230/dagrep.11.6.54
fatcat:daqhu5kcyffxvjxtl3qef6tid4
Keep your laziness in check
2018
Proceedings of the ACM on Programming Languages
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
ACKNOWLEDGMENTS We are grateful to José Manuel Calderón Trilla, Stephanie Weirich, Benjamin Pierce, Mayur Naik, Katrina Xiaoyue Yin, Jennifer Paykin, Robert Rand, Antal Spector-Zabusky, Matthew Weaver, ...
doi:10.1145/3236797
dblp:journals/pacmpl/FonerZL18
fatcat:g2hab4uqrvglxcvjdjdpxvidbm
Safe zero-cost coercions for Haskell
2016
Journal of functional programming
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Acknowledgments Thanks to Antal Spector-Zabusky for contributing to this version of FC; and to Edward Kmett and Dimitrios Vytiniotis for discussion and feedback. ...
doi:10.1017/s0956796816000150
fatcat:ee7rlcbwwzdxfn6lwv56dzcczu
Safe zero-cost coercions for Haskell
2014
Proceedings of the 19th ACM SIGPLAN international conference on Functional programming - ICFP '14
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Acknowledgments Thanks to Antal Spector-Zabusky for contributing to this version of FC; and to Edward Kmett and Dimitrios Vytiniotis for discussion and feedback. ...
doi:10.1145/2628136.2628141
dblp:conf/icfp/BreitnerEJW14
fatcat:fh445cf5zrcxdedft4ziy7mmfq
Safe zero-cost coercions for Haskell
2014
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Acknowledgments Thanks to Antal Spector-Zabusky for contributing to this version of FC; and to Edward Kmett and Dimitrios Vytiniotis for discussion and feedback. ...
doi:10.1145/2692915.2628141
fatcat:afiaulg7tvar5f2kmcqccbawvu
« Previous
Showing results 1 — 15 out of 19 results