tag:talks.cs.umd.edu,2005:/lists/1/feedPL Reading Group2024-03-28T19:42:37-04:00tag:talks.cs.umd.edu,2005:Talk/32012-02-08T22:08:10-05:002012-04-09T12:50:19-04:00https://talks.cs.umd.edu/talks/3Just do it: Simple Monadic Equational Reasoning<a href="http://www.cs.umd.edu/~guts/">Nataliya Guts - University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4185 A.V. Williams Building (AVW)</a><br>Friday, February 10, 2012, 3:00-4:00 pm<br><br><b>Abstract:</b> <p>
<a href="http://www.cs.ox.ac.uk/jeremy.gibbons/publications/mr.pdf">Just do it: Simple Monadic Equational Reasoning</a>, Jeremy Gibbons and Ralf Hinze, In ICFP '11.</p>
<p>
One of the appeals of pure functional programming is that it is so amenable to equational reasoning. One of the problems of pure functional programming is that it rules out computational effects. Moggi and Wadler showed how to get round this problem by using monads to encapsulate the effects, leading in essence to a phase distinction---a pure functional evaluation yielding an impure imperative computation. Still, it has not been clear how to reconcile that phase distinction with the continuing appeal of functional programming; does the impure imperative part become inaccessible to equational reasoning? We think not; and to back that up, we present a simple axiomatic approach to reasoning about programs with computational effects. </p>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/82012-02-09T15:37:03-05:002012-04-09T12:51:56-04:00https://talks.cs.umd.edu/talks/8The Essence of Javascript<a href="http://www.cs.cmu.edu/~smagill/">Stephen Magill</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4185 A.V. Williams Building (AVW)</a><br>Friday, March 2, 2012, 3:00-4:00 pm<br><br><b>Abstract:</b> <p>
<a href="http://www.cs.brown.edu/~sk/Publications/Papers/Published/gsk-essence-javascript/">The Essence of Javascript</a>, Arjun Guha, Claudiu Saftoiu, and Shriam Krishnamurthi. In ECOOP '10.</p>
<p>
We reduce JavaScript to a core calculus structured as a small-step operational semantics. We present several peculiarities of the language and show that our calculus models them. We explicate the desugaring process that turns JavaScript programs into ones in the core. We demonstrate faithfulness to JavaScript using real-world test suites. Finally, we illustrate utility by defining a security property, implementing it as a type system on the core, and extending it to the full language.</p>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/142012-02-12T20:13:54-05:002012-04-09T12:53:21-04:00https://talks.cs.umd.edu/talks/14Automated Analysis of Security-Critical Javascript APIs<a href="http://www.cs.umd.edu/~micinski/">Kristopher Micinski - University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4185 A.V. Williams Building (AVW)</a><br>Friday, March 9, 2012, 3:00-4:00 pm<br><br><b>Abstract:</b> <p>
<a href="http://www-cs-students.stanford.edu/~ataly/Papers/sp11.pdf">Automated Analysis of Security-Critical Javascript APIs</a>, Ankur Taly, et. al., In Oakland '11</p>
<p>
JavaScript is widely used to provide client-side functionality in Web applications. To provide services ranging from maps to advertisements, Web applications may incorporate untrusted JavaScript code from third parties. The trusted portion of each application may then expose an API to untrusted code, interposing a reference monitor that mediates access to security-critical resources. However, a JavaScript reference monitor can only be effective if it cannot be circumvented through programming tricks or programming language idiosyncracies. In order to verify complete mediation of critical resources for applications of interest, we define the semantics of a restricted version of JavaScript devised by the ECMA Standards committee for isolation purposes, and develop and test an automated tool that can soundly establish that a given API cannot be circumvented or subverted. Our tool reveals a previously-undiscovered vulnerability in the widely-examined Yahoo! ADsafe filter and verifies confinement of the repaired filter and other examples from the Object-Capability literature.</p>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/242012-02-18T19:40:49-05:002012-02-25T13:10:02-05:00https://talks.cs.umd.edu/talks/24An Application of Ramsey's Theorem to Proving Programs Terminate: An Exposition<a href="http://www.cs.umd.edu/~gasarch/">William Gasarch - University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4185 A.V. Williams Building (AVW)</a><br>Friday, February 24, 2012, 3:30-4:30 pm<br><br><b>Abstract:</b> <p>
Draft available at http://www.cs.umd.edu/~gasarch/mathnotes/ramseypl.pdf</p>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/662012-03-29T11:03:53-04:002012-08-24T15:33:09-04:00https://talks.cs.umd.edu/talks/66PhD Proposal: Knowledge-Based SecurityPiotr Mardziel - University of Maryland, College Park<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Wednesday, April 11, 2012, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>
THE PRELIMINARY ORAL EXAMINATION FOR THE DEGREE OF Ph.D. IN COMPUTER SCIENCE FOR</p>
<p>
Piotr Mardziel</p>
<p>
Popular services such as Facebook, Twitter, and Flicker require users to relinquish private information in return for some social benefit. The services turn this information into profit via, among other things, targeted advertisements. The relinquished control over one's data requires the users to trust the service.</p>
<p>
Recent proposals call for a reversal of this existing order, letting users keep tighter control over their own data. To retain the utility associated with the traditional services, for both the user and the service, the users can then provide some secure interface to their information. This requires some means of discerning safe requests from insecure ones. Moreover, preserving utility for uncertain use cases may require permissive, yet sound protection mechanisms.</p>
<p>
In our recent work cite{mardziel11belief} we described an approach, which we term emph{knowledge-based security} to (a) explicitly model a potential adversary's background knowledge, (b) how it changes as a result of learning aspects of a users private data, and (c) limit it's certainty as a means of privacy protection. Additionally the system has good compositional properties, an adversary's new knowledge is then the new background knowledge for future interactions.</p>
<p>
We propose application of knowledge-based security to protection of time-varying data (eg. location). This setting offers an additional challenge: not only is the protection of the data itself relevant, but so is the protection of its dynamic time-varying characteristics. Current approaches fail to consistently and compositionally capture adversary knowledge and how it changes.</p>
<p>
We generalized our work to the coalition sharing setting cite{mardziel12knowledge}, in which several distrusting agents want to make mutual use of their secret data, without revealing it beyond some certainty threshold. The work demonstrates the theoretical feasibility of knowledge-based security for coalitions but the setting imposes severe computational challenges and requires some assumptions which might not realistically hold.</p>
<p>
The computational challenges can be better addressed by an investigation of the enforcement of knowledge-based security policies via emph{secure multi-party computation}, a method of performing a query over secret data without revealing this data. Among the restrictive assumptions in the coalition setting is the notion that a participant reveals nothing by their choice of program to execute over the shared set of secrets. This assumption does not hold if the participants are rational agents intent on learning the other's secret, as opposed to merely interacting in the coalition for some mutual good. Additionally, sound reasoning about this information flow can be useful for the detection of collusion among participants, as indicated by knowledge colluding agents wouldn't normally possess. The final aspect of our proposal is the investigation of these aspects of knowledge-based security.</p>
<p>
Examining Committee:</p>
<p>
Dr. Michael Hicks - Chair</p>
<p>
Dr. Amol Deshpande - Dept’s Representative</p>
<p>
Dr. Jeff Foster - Committee Member</p>
<p>
EVERYBODY IS INVITED TO ATTEND THE PRESENTATION</p>
<div>
</div>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/672012-03-29T11:06:30-04:002012-03-29T11:06:30-04:00https://talks.cs.umd.edu/talks/67Precise and Fully-Automatic Verification of Container-Manipulating Programs<a href="http://www.cs.wm.edu/~tdillig/">Thomas and Isil Dillig - College of William & Mary</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Friday, April 6, 2012, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>
One of the key challenges in automated software verification is obtaining a conservative, yet sufficiently precise understanding of the contents of data structures in the heap. A particularly important and widely-used class of heap data structures is containers, which support operations such as inserting, retrieving, removing, and iterating over elements. Examples of containers include arrays, lists, vectors, sets, maps, stacks, queues, etc. In this talk, we will describe a sound, precise, scalable, and automatic static analysis technique for reasoning about the contents of container data structures. This technique is capable of tracking position-value and key-value correlations, supports reasoning about arbitrary nestings of these data structures, and integrates container reasoning directly into a heap analysis, allowing, for the first time, the verification of complex programs that manipulate heap objects through container data structures. More specifically, we will introduce a symbolic heap abstraction that augments a graph representation of the heap with logical formulas and that reduces some of the difficulty of heap reasoning to standard logic operations, such as existential quantifier elimination and satisfiability. We will present experimental results demonstrating that this technique is very useful for verifying memory safety in complex heap- and container-manipulating C and C++ programs that use arrays and other container data structures from the STL and QT libraries.</p>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/692012-04-01T22:35:38-04:002012-04-25T22:51:43-04:00https://talks.cs.umd.edu/talks/69Cause Clue Clauses: Error Localization using Maximum Satisï¬ability<a href="http://www.cs.umd.edu/~guts">Nataliya Guts - University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4185 A.V. Williams Building (AVW)</a><br>Friday, April 27, 2012, 3:00-4:00 pm<br><br><b>Abstract:</b> <p>
<a href="http://bugassist.mpi-sws.org/MJPLDI11.pdf">Cause Clue Clauses: Error Localization using Maximum Satis�ability</a>, Manu Jose and Rupak Majumdar, In PDLI '11.</p>
<div>
Much effort is spent by programmers everyday in trying to reduce long, failing execution traces to the cause of the error. We present an algorithm for error cause localization based on a reduction to the maximal satis�ability problem (MAX-SAT), which asks what is the maximum number of clauses of a Boolean formula that can be simultaneously satis�ed by an assignment. At an intuitive level, our algorithm takes as input a program and a failing test, and comprises the following three steps. First, using bounded model checking, and a bound obtained from the execution of the test, we encode the semantics of a bounded unrolling of the program as a Boolean trace formula. Second, for a failing program execution (e.g., one that violates an assertion or a post-condition), we construct an unsatis�able formula by taking the formula and additionally asserting that the input is the failing test and that the assertion condition does hold at the end. Third, using MAX-SAT, we �nd a maximal set of clauses in this formula that can be satis�ed together, and output the complement set as a potential cause of the error.</div>
<div>
</div>
<div>
We have implemented our algorithm in a tool called BugAssist that performs error localization for C programs. We demonstrate the effectiveness of BugAssist on a set of benchmark examples with injected faults, and show that in most cases, BugAssist can quickly and precisely isolate a few lines of code whose change eliminates the error. We also demonstrate how our algorithm can be modi�ed to automatically suggest �xes for common classes of errors such as off-by-one.</div>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/702012-04-01T22:39:43-04:002012-04-09T12:47:41-04:00https://talks.cs.umd.edu/talks/70Temporal Higher-Order Contracts<a href="http://www.cs.umd.edu/~micinski/">Kristopher Micinski - University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4185 A.V. Williams Building (AVW)</a><br>Friday, April 20, 2012, 3:00-4:00 pm<br><br><b>Abstract:</b> <p>
<a href="http://users.soe.ucsc.edu/~cormac/papers/icfp11.pdf">Temporal Higher-Order Contracts</a>, Tim Disney, Cormac Flanagan, and Jay McCarthy, In ICFP '11.</p>
<div>
Behavioral contracts are embraced by software engineers because they document module interfaces, detect interface violations, and help identify faulty modules (packages, classes, functions, etc). This paper extends prior higher-order contract systems to also express and enforce temporal properties, which are common in software systems with imperative state, but which are mostly left implicit or are at best informally speci�ed. The paper presents both a programmatic contract API as well as a temporal contract language, and reports on experience and performance results from implementing these contracts in Racket.</div>
<div>
</div>
<div>
Our development formalizes module behavior as a trace of events such as function calls and returns. Our contract system provides both non-interference (where contracts cannot influence correct executions) and also a notion of completeness (where contracts can enforce any decidable, pre�x-closed predicate on event traces).</div>
<p>
</p>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/712012-04-01T22:42:19-04:002012-04-09T12:55:17-04:00https://talks.cs.umd.edu/talks/71MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones<a href="http://www.cs.umd.edu/~ksaur/">Karla Saur - University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4185 A.V. Williams Building (AVW)</a><br>Friday, May 4, 2012, 3:00-4:00 pm<br><br><b>Abstract:</b> <p>
<a href="http://www.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/MoCFI-NDSS-2012.pdf">MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones</a>, Lucas Davi, et. al., In NDSS '12.</p>
<div>
Runtime and control-flow attacks (such as code injection or return-oriented programming) constitute one of the most severe threats to software programs. These attacks are prevalent and have been recently applied to smartphone applications as well, of which hundreds of thousands are downloaded by users every day. While a framework for control-flow integrity (CFI) enforcement, an approach to prohibit this kind of attacks, exists for the Intel x86 platform, there is no such a solution for smartphones.</div>
<div>
</div>
<div>
In this paper, we present a novel framework, MoCFI (Mobile CFI), that provides a general countermeasure against control-flow attacks on smartphone platforms by enforcing CFI. We show that CFI on typical smartphone platforms powered by an ARM processor is technically involved due to architectural differences between ARM and Intel x86,</div>
<div>
as well as the speciï¬�cs of smartphone OSes. Our framework performs CFI on-the-fly during runtime without requiring the application’s source code. For our reference implementation we chose Apple’s iOS, because it has been an attractive target for control-flow attacks. Nevertheless, our framework is also applicable to other ARM-based devices such as Google’s Android. Our performance evaluation demonstrates that MoCFI is efï¬�cient and does not induce notable overhead when applied to popular iOS applications.</div>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/982012-04-19T17:27:35-04:002012-08-24T15:29:31-04:00https://talks.cs.umd.edu/talks/98PhD Defense: Clear, Correct, and Efficient Dynamic Software UpdatesChristopher M. Hayden - University of Maryland, College Park<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3258 A.V. Williams Building (AVW)</a><br>Monday, April 30, 2012, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>
THE DISSERTATION DEFENSE FOR THE DEGREE OF Ph.D. IN COMPUTER SCIENCE FOR</p>
<p>
Christopher M. Hayden</p>
<p>
Dynamic software updating (DSU) allows programs to be updated as they execute, enabling important changes (e.g., security fixes) to take effect immediately without losing active program state. Most DSU systems aim to add runtime updating support transparently to programs--that is, all updating behavior is orchestrated by the DSU system, while avoiding program code modifications. This philosophy of transparency also extends to existing notions of DSU correctness, which emphasize generic correctness properties that apply to all runtime updates, such as type safety.</p>
<p>
We claim that runtime updating support should be treated as a program feature, both for establishing correctness and for implementation. For establishing correctness, this means that developers should specify and check the specific behaviors that an updated program will exhibit as they do for other program features, rather than relying on overly general notions of correctness. We argue that developers can write DSU specifications with little work--usually by adapting single-version specifications--and check them using standard methods: testing and verification. For implementing DSU, treating updating support as a program feature means that the updating behavior is made manifest in the program's code, exposing the programmer to the details they need to understand, while relying on the DSU system for everything else. We argue that this approach provides several benefits: simplified developer reasoning about update behavior, little developer effort to implement, support for arbitrary program changes, lightweight tool support, and negligible runtime overhead.</p>
<p>
To support this thesis, we present three pieces of work. First, we describe an empirical study of the techniques used by existing DSU systems to determine when an update can take place. We find that automatic techniques are unable to prevent erroneous behavior and conclude that placing update points in developer-chosen main loops is most effective. Next, we present an approach to specifying and checking the correctness of program features under DSU. We propose a specification strategy that can adapt single-version specifications to describe DSU behavior and a new tool that allows reasoning about DSU specifications using standard checking tools. We have implemented our approach for C, and applied it to updates to the Redis key-value store and several synthetic programs. Finally, we present Kitsune, a new DSU system for C programs, that supports the developer in implementing runtime updating as a program feature. We have used Kitsune to update five popular, open-source, single- and multi-threaded programs, and find that few program changes are required to use Kitsune, and that it incurs essentially no performance overhead.</p>
<p>
Examining Committee:</p>
<p>
Committee Chair: Dr. Michael Hicks</p>
<p>
CO-Chair Dr. Jeffrey S. Foster </p>
<p>
Dean’s Representative: Dr. Shuvra Bhattacharyya</p>
<p>
Committee Members: Dr. Amol Deshpande</p>
<p>
Dr. Peter Keleher</p>
<p>
EVERYONE IS INVITED TO ATTEND THE PRESENTATIVE PORTION OF THIS DEFENSE</p>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/1172012-05-14T23:25:45-04:002012-05-14T23:25:45-04:00https://talks.cs.umd.edu/talks/117Polymonads: reasoning and inference<a href="http://www.cs.umd.edu/~guts/">Nataliya Guts - University of Maryland</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4185 A.V. Williams Building (AVW)</a><br>Friday, May 18, 2012, 3:00-4:00 pm<br><br><b>Abstract:</b> <p>
<span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">Joint work with Mike Hicks, Daan Leijen, and Nikhil Swamy</span><br style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">
<br style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">
<span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">Many useful programming constructions can be expressed as monads. Examples </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">include probabilistic modeling, functional reactive programming, parsing, and </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">information flow tracking, not to mention effectful functionality like state </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">and I/O. In our previous work[SGLH11], we presented a type-based rewriting </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">algorithm to make programming with arbitrary monads as easy as using ML’s </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">built-in support for state and I/O. Developers write programs using monadic </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">values of type m τ as if they were of type τ, and our algorithm inserts the </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">necessary binds, units, and monad-to-monad morphisms so that the program </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">typechecks.</span><br style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">
<br style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">
<span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">A number of other programming idioms resemble monads but deviate from the </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">standard monad binding mechanism. Examples include parameterized monads, </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">monads for effects, information flow state tracking. Our present work</span><br style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">
<span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">aims to provide </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">support for formal reasoning and lightweight programming for such constructs. </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">We present a new expressive paradigm, polymonads, including the equivalent of </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">monad and morphism laws. Polymonads subsume conventional monads and all </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">other examples mentioned above. On the practical side, we provide an extension </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">of our type inference rewriting algorithm to support lightweight </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">programming with </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">polymonads.</span><br style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">
<br style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">
<span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">[SGLH11] N. Swamy, N. Guts, D. Leijen, M. Hicks. </span><span style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">Lightweight Monadic Programming in ML. In ICFP, 2011.</span><br style="font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">
<a href="http://www.cs.umd.edu/~mwh/papers/swamy11monad.html" style="color: rgb(17, 85, 204); font-family: arial, sans-serif; font-size: 13px; background-color: rgba(255, 255, 255, 0.917969); ">http://www.cs.umd.edu/~mwh/<wbr></wbr>papers/swamy11monad.html</a></p>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/1392012-07-26T08:57:46-04:002012-07-26T08:57:46-04:00https://talks.cs.umd.edu/talks/139The Myrmics Memory Allocator: Hierarchical, Message-Passing Allocation for Global Address Spaces<a href="http://www.ics.forth.gr/~polyvios/">Polyvios Pratikakis - Institute of Computer Science (ICS), Foundation for Research and Technology (FORTH)</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Friday, August 10, 2012, 2:00-3:00 pm<br><br><b>Abstract:</b> <p>
Constantly increasing hardware parallelism poses more and more challenges to programmers and language designers. One approach to harness the massive parallelism is to move to task-based programming models that rely on runtime systems for dependency analysis and scheduling. Such models generally benefit from the existence of a global address space. This paper presents the parallel memory allocator of the Myrmics runtime system, in which multiple allocator instances organized in a tree hierarchy cooperate to implement a global address space with dynamic region support on distributed memory machines. The Myrmics hierarchical memory allocator is a step towards improved productivity and performance in parallel programming. Productivity is improved through the use of dynamic regions in a global address space, which provide a convenient shared memory abstraction for dynamic and irregular data structures. Performance is improved through scaling on many-core systems without system-wide cache coherency. We evaluate the stand-alone allocator on an MPI-based x86 cluster and find that it scales well for up to 512 worker cores, while it can outperform Unified Parallel C by a factor of 3.7-10.7x.</p>
<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/1692012-09-09T12:58:14-04:002012-09-13T11:36:18-04:00https://talks.cs.umd.edu/talks/169First PLUM lightning sessionPLUM reading group - UMD<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Thursday, September 13, 2012, 2:00-3:00 pm<br><br><b>Abstract:</b> <p>First PLUM lightning group session.</p>
<p> </p>
<p><a href="https://docs.google.com/spreadsheet/ccc?key=0AjyE2GGELG_5dGRLaWxCWFYtNjd3ZXZxWlZrejFMc3c#gid=0">https://docs.google.com/spreadsheet/ccc?key=0AjyE2GGELG_5dGRLaWxCWFYtNjd3ZXZxWlZrejFMc3c#gid=0</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/2082012-10-10T22:00:42-04:002012-10-10T22:00:42-04:00https://talks.cs.umd.edu/talks/208Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications<a href="http://www.cs.umd.edu/users/jsjeon/">Jinseong Jeon - University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Friday, October 12, 2012, 11:00-11:45 am<br><br><b>Abstract:</b> <p><span style="font-family: arial, helvetica, sans-serif; font-size: small;"><a href="http://www.cs.umd.edu/~jfoster/papers/spsm12.pdf">Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications</a>, Jinseong Jeon, Kristopher K. Micinski, Jeffrey A. Vaughan, Ari Fogel, Nikhilesh Reddy, Jeffrey S. Foster, and Todd Millstein, In SPSM '12.</span></p>
<p> </p>
<p><span style="font-size: small; font-family: arial, helvetica, sans-serif;">Google’s Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by adding finer-grained permissions to Android. Underlying our framework is a taxonomy of four major groups of Android permissions, each of which admits some common strategies for deriving sub-permissions. We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings. We then developed a suite of tools that allow these fine-grained permissions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users on existing apps. We evaluated our tools on a set of top apps from Google Play, and found that fine-grained permissions are applicable to a wide variety of apps and that they can be retrofitted to increase security of existing apps without affecting functionality.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/2732013-02-05T13:40:52-05:002013-02-25T10:56:09-05:00https://talks.cs.umd.edu/talks/273Scaling Formal Verification by Easing the Burden of ProofZach Tatlock - University of California, San Diego<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Wednesday, February 27, 2013, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="font-size: medium;"><span style="font-family: Calibri;">As our dependence on software grows, so too do the risks posed by programming errors. In principle, programmers could eliminate the dangerous and exploitable errors that plague modern systems by formally proving their code correct. Unfortunately, the overwhelming burden of constructing such proofs has made formal verification prohibitively expensive for most applications.</span></span></p>
<p><span style="font-size: medium;"><span style="font-family: Calibri;">In this talk I will describe techniques I developed to radically reduce the formal verification proof burden. In particular, I will focus on formal shim verification, a new method to scale formal verification up to large systems. With formal shim verification, a system is partitioned into components which must interact and access resources through a narrow interface known as the shim. By sandboxing all untrusted components and verifying the shim, we can establish formal correctness guarantees for the entire system while only reasoning about a tiny fraction of the code. We applied formal shim verification to guarantee several important security properties in a new, modern web browser dubbed QUARK. In addition, I will also briefly discuss my previous work on automated, domain specific language (DSL) based techniques to reduce the proof burden for formally verifying compiler optimizations.</span></span></p>
<p> </p><br><b>Bio:</b> <p class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-size: medium;"><span style="font-family: Calibri;">Zachary Tatlock is a PhD candidate in Computer Science and Engineering at UC San Diego where he is a member of the Programming Systems group. He received BS degrees in Computer Science and Mathematics from Purdue University. His research draws upon proof assistants, Satisfiability Modulo Theories (SMT) solvers, and type systems to improve software reliability and security in domains ranging from embedded database query languages and compiler optimizations to web browsers.</span></span></p>
<p class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri; font-size: medium;"> </span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/3502013-05-06T15:31:26-04:002013-05-13T01:32:51-04:00https://talks.cs.umd.edu/talks/350When not all bits are equal: incorporating "worth" into information-flow measures<a href="http://hans.math.upenn.edu/~msalvim/">Mario Alvim - UPenn</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Thursday, May 16, 2013, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p class="p1">Joint work with Andre Scedrov and Fred B. Schneider</p>
<p class="p2"> </p>
<p class="p1">Abstract:</p>
<p class="p1">---------</p>
<p class="p1">Quantitative information flow (QIF) is concerned with measuring how much information about a system's secrets is being leaked to an adversary. The adversary is presumed to have a priori information about the secrets before execution starts and to access public obervables as execution proceeds. By combining a priori information and public observables, the adversary achieves a posteiori information about the secrets. The leakage from an execution is then computed either (i) as the difference between a posteriori information and a priori information or, equivalently, (ii) as the difference between a priori uncertainty and a posteriori uncertainty (since knowledge of information is the dual of uncertainty).</p>
<p class="p2"> </p>
<p class="p1">Approaches to QIF traditionally have presumed that all leaks involving a given number of bits are equally harmful. The presumption is unrealistic, so we describe a new approach to QIF. Here, secrets are defined in terms of fields, where derived secrets obtained by combining these fields can be assigned a different worth (perhaps in proportion to the harm that would result from disclosure). New measures that incorporate worth into QIF are then defined; they generalize probability of guessing, guessing entropy, and Shannon entropy. A lattice of information is derived to provide an underlying algebraic structure for an adversary's state of knowledge in this more-general setting.</p>
<p class="p2"> </p>
<p class="p1">Finally, we discuss directions to define worth assignments that are soundly based on the the relevant aspects of the scenario of interest. We take particular interest for defining worth assignments for anonymity systems.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/3822013-08-06T10:47:51-04:002013-08-06T10:47:51-04:00https://talks.cs.umd.edu/talks/382NetKAT: Semantic Foundations for Networks<a href="http://www.cs.cornell.edu/~jnfoster/">Nate Foster - Cornell</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Thursday, August 8, 2013, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p class="p1">Recent years have seen growing interest in high-level programming languages for networks. But the design of these languages has been largely ad hoc, driven more by the needs of applications and the capabilities of network hardware than by foundational principles. The lack of a semantic foundation has left language designers with little guidance in determining how to incorporate new features, and programmers without a means to reason precisely about their code.</p>
<p class="p2">This talk will present NetKAT, a new language for programming networks that is based on a solid mathematical foundation and comes equipped with a sound and complete equational theory. I will describe the design of NetKAT, including primitives for filtering, modifying, and transmitting packets; operators for combining programs in parallel and in sequence; and a Kleene star operator for iteration. I will show that NetKAT is an instance of a canonical and well-studied mathematical structure called a Kleene algebra with tests (KAT) and prove that its equational theory is sound and complete with respect to its denotational semantics. Finally, I will discuss practicalapplications of the equational theory including syntactic techniques for checking reachability properties, proving the correctness of compilation and optimization algorithms, and establishing a non-interference property that ensures isolation between programs.</p>
<p class="p1">NetKAT is joint work with Carolyn Anderson, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker.</p><br><b>Bio:</b> <p class="p1">Nate Foster is an Assistant Professor of Computer Science at Cornell University. His research focuses on developing language abstractions and tools for building reliable systems. He received a PhD in Computer Science from the University of Pennsylvania in 2009, an MPhil in History and Philosophy of Science from Cambridge University in 2008, and a BA in Computer Science from Williams College in 2001. He was a postdoc at Princeton University from 2009-2010. His awards include a Sloan Research Fellowship, an NSF CAREER Award, a Yahoo! Academic Career Enhancement Award, and the Morris and Dorothy Rubinoff Award.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/3852013-08-20T07:43:33-04:002013-08-20T07:43:33-04:00https://talks.cs.umd.edu/talks/385Beyond Termination<a href="http://research.microsoft.com/en-us/people/bycook/">Byron Cook - Principal Researcher at Microsoft Research, and Professor at University College London</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3258 A.V. Williams Building (AVW)</a><br>Tuesday, September 10, 2013, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p> </p>
<p class="p1">So we can prove program termination. Now what? In this talk I will discuss the development of tools that build on termination proving techniques. </p><br><b>Bio:</b> <p> </p>
<p class="p1">Prof. Dr. Byron Cook is Principal Researcher at Microsoft Research, and Professor at University College London. Byron has worked in the past on Haskell, hardware modelling and verification, biological systems modelling and verification SAT/SMT, symbolic software model checking, temporal logics, and termination proving.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/3832013-08-12T10:44:24-04:002013-08-27T10:47:39-04:00https://talks.cs.umd.edu/talks/383End-User Programming and Intelligent Tutoring SystemsSumit Gulwani - Microsoft Corporation<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=CSI">Room 1115 Computer Science Instructional Center (CSI)</a><br>Monday, September 9, 2013, 4:00-5:00 pm<br><br><b>Abstract:</b> <p class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: medium;"><span style="font-family: Calibri;">Millions of end users today have access to programmable environments such as spreadsheets and smartphones, but lack the programming expertise to write even small scripts. These users can effectively communicate their intent using examples and natural language.<span> </span>Our methodology involves designing a domain-specific language (DSL), developing a synthesis algorithm for learning programs in the DSL that match the user's (often under-specified) intent, and using machine learning to rank these programs. In this talk, I will demonstrate this methodology for various domains including spreadsheet macros, database queries, and smartphone scripts. </span></span></p>
<p class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: medium;"><span style="font-family: Calibri;">In the second half of the talk, I will present surprising applications of this synthesis methodology in the area of intelligent tutoring systems including problem generation, solution generation,<span> </span>and feedback generation. I will demonstrate these applications for various domains including arithmetic, algebra, geometry, logic, automata theory, and introductory programming. The underlying synthesizers leverage search techniques from various communities including use of SAT/SMT solvers (formal methods community), version space algebras (machine learning community), and A*-style goal-directed heuristics (AI community).</span></span></p><br><b>Bio:</b> <p> <span style="font-size: medium;"><span style="font-family: Calibri;">Sumit Gulwani is a researcher at Microsoft Research, Redmond. His research interests are in the cross-disciplinary application areas of automating end-user programming (for spreadsheets, smartphones, robots), and in building intelligent tutoring systems (for K-14 math/programming/science/language subjects). He has expertise in program synthesis (from examples, natural language, logic) and program analysis techniques. Sumit obtained his Phd in Computer Science from UC-Berkeley in 2005, and was awarded the ACM SIGPLAN Outstanding Doctoral Dissertation Award. He obtained his BTech in Computer Science and Engineering from IIT Kanpur in 2000, and was awarded the President's Gold Medal.</span></span></p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p class="MsoNormal" style="margin: 0in 0in 10pt;"> </p>
<p> </p>
<p class="MsoNormal" style="margin: 0in 0in 10pt;"> </p>
<p> </p>
<p class="MsoNormal" style="margin: 0in 0in 10pt;"> </p>
<p class="MsoNormal" style="margin: 0in 0in 10pt;"> </p>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/17">CS Research Seminar</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/3902013-08-26T10:54:21-04:002013-10-07T13:48:50-04:00https://talks.cs.umd.edu/talks/390Atomicity Refinement for Verified Compilation<a href="http://www.cs.purdue.edu/homes/suresh/">Suresh Jagannathan - Professor of Computer Science, Purdue University, soon to be a PM at DARPA</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Tuesday, September 17, 2013, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p class="p1">This talk presents a methodology for the verified compilation of high-level managed languages like Java or C# whose intermediate representations provide support for shared-memory synchronization and automatic (concurrent) memory management. Ensuring the correctness of compilers for these languages is challenging because high-level actions are translated into sequences of non-atomic actions with compiler-injected snippets of potentially racy code; the behavior of this code depends not only the actions of other threads, but also on out-of-order reorderings performed by the processor. A naïve correctness proof of the compiler would require reasoning over all possible thread interleavings that can arise during execution, an impractical and non-scalable exercise.</p>
<p class="p1">To address this challenge, we define a refinement-based proof methodology that precisely relates concurrent code expressed at different abstraction levels, cognizant throughout of the relaxed memory semantics of the underlying processor. Our technique allows the compiler writer to reason compositionally about the atomicity of low-level concurrent code used to implement managed services. We validate the effectiveness of our approach by demonstrating the verified compilation of the non-trivial components comprising a realistic concurrent garbage collector, including racy write barriers and memory allocators.</p>
<p class="p1">This is joint work with David Pichardie, Vincent Laporte, Gustavo Petri, and Jan Vitek.</p><br><b>Bio:</b> <p class="p1">Suresh Jagannathan is a Professor of Computer Science at Purdue University. His research interests are in programming languages and their implementation, with a focus on compilation, program analysis, and verification, especially with respect to concurrent and distributed systems. Prior to joining Purdue, he was a Senior Research Scientist at the NEC Research Institute in Princeton, NJ. He received his Ph.D from MIT.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/4372013-09-27T17:37:25-04:002013-09-27T17:38:14-04:00https://talks.cs.umd.edu/talks/437Automation, Analysis, and Reconstruction of Systematic Software Changes<a href="http://users.ece.utexas.edu/~miryung/">Miryung Kim - University of Texas at Austin</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3258 A.V. Williams Building (AVW)</a><br>Thursday, November 7, 2013, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">Software modifications are often systematic. Adding features </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">and fixing bugs often require similar, but not identical, changes to </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">many code locations. In this </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">talk</span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">, I will present three research </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">themes on how to support systematic changes during software evolution. </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">First, I will present LASE, an approach that automates systematic </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">edits by learning context-aware edit scripts from examples. It handles </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">both issues of recommending change locations and applying </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">context-aware customized transformation. Second, I will present a </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">field study of refactoring benefits and challenges at Microsoft. It is </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">widely believed that refactoring improves software quality and </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">developer productivity. However, few empirical studies quantitatively </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">assess refactoring benefits. Our analysis of Windows 7 version history </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">finds that the binary modules refactored by a designated refactoring </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">team experienced significant reduction in the number of inter-module </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">dependencies and post-release defects, indicating a tangible benefit </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">of refactoring. Finally, I will present refactoring reconstruction and </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">advanced program differencing techniques that detect systematic </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">changes from program versions to help developers during peer code </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">reviews.</span></p><br><b>Bio:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">Miryung Kim is an Assistant Professor in the Department of </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">Electrical and Computer Engineering at the University of Texas at </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">Austin since 2009. She received her B.S. in Computer Science from </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">Korea Advanced Institute of Science and Technology in 2001 and her </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">M.S. and Ph.D. in Computer Science and Engineering from the University </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">of Washington under the supervision of Dr. David Notkin in 2003 and </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">2008 respectively. She received NSF CAREER award, Microsoft Software </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">Engineering Innovation Foundation Award in 2011, and IBM Jazz </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">Innovation Award in 2009. She also spent her time as a visiting </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">researcher in the Research in Software Engineering (RiSE) group at </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">Microsoft Research during the summer of 2011. She ranked No. 1 among </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">all engineering and science students in KAIST in 2001 and received </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">Korean Ministry of Education, Science, and Technology Award, the </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 13px;">highest honor given to an undergraduate student in Korea.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/4532013-10-03T10:17:19-04:002013-10-03T10:17:19-04:00https://talks.cs.umd.edu/talks/453TouchDevelop: Productive Scripting on and for Touch-based Devices and Web Services<a href="http://research.microsoft.com/~tball">Thomas Ball - Microsoft Research</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=CSI">2117 Computer Science Instructional Center (CSI)</a><br>Wednesday, October 23, 2013, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>TouchDevelop (www.touchdevelop.com) is a programming environment that provides high-level abstractions to enable the productive creation of scripts on and for touch-based devices that access web services. TouchDevelop has four main components:</p>
<p>1. A statically typed scripting language with novel abstractions to support (a) stateless GUIs with support for live programming and (b) replicated data for collaborative applications;</p>
<p>2. A browser-hosted touch-based integrated development environment that makes it possible to productively create small scripts with a single finger on a variety of devices.</p>
<p>3. A set of high-level APIs to make it easy to access device sensors/resources and web services;</p>
<p>4. A cloud back-end that enables a social approach to software development.</p>
<p>In this talk, I'll first briefly demonstrate TouchDevelop. I'll then dig into the language abstractions and run-time support for live programming and replicated data, as well as the research opportunities opened up by hosting a software environment fully in the cloud.</p><br><b>Bio:</b> <p>Thomas Ball (Tom) is a Principal Researcher and Research Manager at Microsoft Research. From 1993-1999, he was at Bell Laboratories, where he made contributions in program visualization and profiling. His 1997 PLDI paper on path profiling with colleagues Ammons and Larus received the PLDI 2007 Most Influential Paper Award. In 1999, Tom moved to Microsoft Research, where he started the SLAM software model checking project with Sriram Rajamani, leading to the Static Driver Verifier (SDV) tool for finding defects in device driver code. A 2001 PLDI paper on SLAM's predicate abstraction procedure for C programs received the PLDI 2011 Most Influential Paper Award. Tom and Sriram received the 2011 CAV Award for SLAM/SDV. Tom is a 2011 ACM Fellow for "contributions to software analysis and defect detection". At Microsoft, he has nurtured research areas such as automated theorem proving, program testing/verification, and empirical software engineering.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29382021-09-29T23:35:12-04:002021-09-29T23:35:12-04:00https://talks.cs.umd.edu/talks/2938Viaduct: An Extensible, Optimizing Compiler for Secure Distributed ProgramsIan Sweet - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 4, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p><span dir="ltr" style="left: 61.8529px; top: 318.519px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.961145);">Modern distributed systems involve interactions between</span><br><span dir="ltr" style="left: 61.8529px; top: 332.212px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.946657);">principals with limited trust, so cryptographic mechanisms</span><br><span dir="ltr" style="left: 61.8529px; top: 345.907px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.976911);">are needed to protect confidentiality and integrity. At the</span><br><span dir="ltr" style="left: 61.8529px; top: 359.601px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.902001);">same time, most developers lack the training to securely em-</span><br><span dir="ltr" style="left: 61.8529px; top: 373.294px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.898149);">ploy cryptography. We present Viaduct, a compiler that trans-</span><br><span dir="ltr" style="left: 61.8529px; top: 386.988px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.940402);">forms high-level programs into secure, efficient distributed</span><br><span dir="ltr" style="left: 61.8529px; top: 400.681px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.904185);">realizations. Viaduct’s source language allows developers to</span><br><span dir="ltr" style="left: 61.8529px; top: 414.375px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.972915);">declaratively specify security policies by annotating their</span><br><span dir="ltr" style="left: 61.8529px; top: 428.069px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.956908);">programs with information flow labels. The compiler uses</span><br><span dir="ltr" style="left: 61.8529px; top: 441.763px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.892791);">these labels to synthesize distributed programs that use cryp-</span><br><span dir="ltr" style="left: 61.8529px; top: 455.457px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.978533);">tography efficiently while still defending the source-level</span><br><span dir="ltr" style="left: 61.8529px; top: 469.15px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.904244);">security policy. The Viaduct approach is general, and can be</span><br><span dir="ltr" style="left: 61.8529px; top: 482.844px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.925431);">easily extended with new security mechanisms.</span><br><span dir="ltr" style="left: 73.2648px; top: 496.537px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.944882);">Our implementation of the Viaduct compiler comes with</span><br><span dir="ltr" style="left: 61.8529px; top: 510.232px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.93624);">an extensible runtime system that includes plug-in support</span><br><span dir="ltr" style="left: 61.8529px; top: 523.925px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.953115);">for multiparty computation, commitments, and zero-know-</span><br><span dir="ltr" style="left: 61.8529px; top: 537.619px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.866573);">ledge proofs. We have evaluated the system on a set of bench-</span><br><span dir="ltr" style="left: 61.8529px; top: 551.313px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.912591);">marks, and the results indicate that our approach is feasible</span><br><span dir="ltr" style="left: 61.8529px; top: 565.006px; font-size: 11.4114px; font-family: sans-serif; transform: scaleX(0.941774);">and can use cryptography in efficient, nontrivial ways.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/5132013-12-01T16:13:55-05:002013-12-01T16:13:55-05:00https://talks.cs.umd.edu/talks/513An effect-oriented approach to concurrency-bug detection and recovery<a href="http://pages.cs.wisc.edu/~shanlu/">Shan Lu - University of Wisconsin, Madison</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Tuesday, December 10, 2013, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Concurrency bugs are caused by unsynchronized interaction among threads. This complicated cause makes concurrency bugs much more difficult to detect and recover from than sequential bugs. With multi-threaded software becoming prevalent in the multi-core era, concurrency bugs are widespread. They frequently escape in-house bug detection and severely hurt system reliability during production runs.</p>
<p>This talk will present an effect-oriented approach to in-house concurrency-bug detection and production-run concurrency-bug failure recovery. I will first use a characteristics study to demonstrate that concurrency and sequential bugs have drastically different causes but mostly similar effects. I will then present two bug detection tools, ConMem and ConSeq. Guided by the effect patterns of concurrency bugs, ConMem and ConSeq can detect concurrency bugs before they manifest with higher coverage and accuracy than traditional cause-oriented approaches. Of course, no bug detection tool is perfect. Next, I will discuss how we build ConAir to handle bugs that escape into production runs. ConAir is a static code transformation tool that enables automatic failure recovery through rollback reexecution. Different from traditional rollback-reexecution techniques, ConAir leverages the effect patterns of concurrency bugs to avoid memory checkpoint and multi-threaded rollback. As a result, it incurs negligible run-time overhead (<1%) with no OS/hardware change. I will conclude the talk by discussing other research in my group that tackles concurrency bugs and performance bugs.</p>
<p> </p><br><b>Bio:</b> <p>Shan Lu is the Claire Boothe Luce Assistant Professor of Computer Sciences at University of Wisconsin, Madison. She earned her Ph.D. at University of Illinois, Urbana-Champaign, in 2008. At University of Wisconsin, her group works on detecting, diagnosing, and fixing concurrency bugs and performance bugs. Shan Lu won NSF Career Award in 2010, and the Distinguished Alumni Educator Award from Department of Computer Science at University of Illinois in 2013. Her co-authored papers won the Best Paper Award at USENIX FAST in 2013, ACM-SIGPLAN CACM Research Highlight Nomation in 2011, and IEEE Micro Top Picks in 2006. She currently serves as the Information Director of ACM-SIGOPS.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/5212013-12-05T15:17:31-05:002013-12-05T15:17:31-05:00https://talks.cs.umd.edu/talks/521Running Probabilistic Programs Backward <a href="http://students.cs.byu.edu/~ntoronto/">Neil Toronto - Brigham Young University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Wednesday, December 18, 2013, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>To be useful in Bayesian practice, a probabilistic language must support conditioning: imposing constraints in a way that preserves the relative probabilities of program outputs. Every language to date that supports probabilistic conditioning also places seemingly artificial restrictions on legal programs, such as disallowing unbounded loops and recursion, and restricting conditions to simple equality constraints such as x = 2. <br> <br>These common restrictions arise from reasoning about probability using only probability densities. To overcome them, we have developed a probabilistic language semantics using a measure-theoretic approach: defining program output distributions by the probabilities of preimages. <br> <br>The translation compiles probabilistic programs into any functional language capable of uncountably infinite operations. Unfortunately, no such language is actually realizable (as far as we know). We therefore have derived an approximating semantics, whose translation compiles programs into Turing-equivalent functional languages, and have proved that it is sound. We have implemented the approximating semantics almost directly in Typed Racket. <br> <br>We demonstrate the implementation's expressive power on some typically Bayesian problems. We also demonstrate it on some problems whose straightforward solutions cannot be expressed using densities, such as problems involving bounded measuring devices, and stochastic ray tracing.</p><br><b>Bio:</b> <p>Neil Toronto is a doctoral student in Computer Science at Brigham Young University.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/5492014-01-31T07:13:15-05:002014-04-17T09:26:52-04:00https://talks.cs.umd.edu/talks/549The Frenetic Project: Declarative Languages for Programming Networks<a href="https://www.cs.princeton.edu/~dpw/">David Walker - Professor of Computer Science, Princeton University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Monday, April 21, 2014, 2:00-3:00 pm<br><br><b>Abstract:</b> <p><span style="font-size: 10pt; font-family: CMR10;">In a software-defined network, each switch exports a simple, standard and relatively direct interface to its underlying hardware. These switches are organized and managed by a separate, logically centralized </span><span style="font-size: 10pt; font-family: CMR10;">controller </span><span style="font-size: 10pt; font-family: CMR10;">machine or cluster of machines. Software-defined networks are growing in popularity throughout industry, particularly as a means to customize network management of high-speed datacenters.</span></p>
<div class="page" title="Page 1">
<div class="layoutArea">
<div class="column">
<p><span style="font-size: 10pt; font-family: CMR10;">In this talk, we will discuss the Frenetic project, whose goal over the last several years has been to develop new, high-level, declarative, domain-specific languages for programming software-defined networks. In particular, we will discuss several of the core abstractions and programming language features we have developed, what key problems they solve, their formal semantics, and how to compile them to the underlying switch hardware. We will also touch on the next generation of software-defined networks and future opportunities for declarative language design. </span></p>
</div>
</div>
</div><br><b>Bio:</b> <p>David Walker is a Professor of Computer Science at Princeton University. He received his B.Sc. from Queen's University (Canada) in 1995 and his Ph.D. in Computer Science from Cornell University in 2001. At Princeton, he studies programming languages, compilers, type systems, and domain-specific languages. After arriving at Princeton in February 2002, he won an NSF Career award in 2003 and Alfred Sloan Fellowship in 2004. In 2007, with his students and colleagues at Princeton, he won the PLDI best paper award for the paper entitled "Fault-Tolerant Typed Assembly Language." In 2008, his paper "From System F to Typed Assembly Language," co-authored with Greg Morrisett, Karl Crary and Neal Glew, won a 10-year retrospective award for the highest impact POPL 1998 paper. In 2013, with his students and colleagues at Princeton and Cornell, he won the NSDI community award for his paper on "Composing Software-Defined Networks." He is currently serving as an associate editor for the ACM Transactions on Programming Languages and is the Program Chair for POPL 2015.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29332021-09-26T19:26:15-04:002021-09-26T19:26:15-04:00https://talks.cs.umd.edu/talks/2933Toward a Theory of Programming Language and Reasoning Assistant Design: Minimizing (No abstract yet)<br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/6022014-02-25T14:05:15-05:002014-02-25T14:05:15-05:00https://talks.cs.umd.edu/talks/602Fissile Type Analysis: Modular Checking of Almost Everywhere Invariants<a href="http://www.cs.colorado.edu/~bec/">Bor-Yuh Evan Chang - University of Colorado, Boulder</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Wednesday, February 26, 2014, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>We present a generic analysis approach to the imperative relationship update problem, in which destructive updates temporarily violate a global invariant of interest. Such invariants can be conveniently and concisely specified with dependent refinement types, which are efficient to check flow-insensitively. Unfortunately, while traditional flow-insensitive type checking is fast, it is inapplicable when the desired invariants can be temporarily broken. While most prior approaches have ratcheted up the complexity of the type analysis and associated type invariant, we propose a generic lifting of modular refinement type analyses with a symbolic analysis to efficiently and effectively check concise invariants that hold almost everywhere. The result is an efficient, highly modular flow-insensitive type analysis to optimistically check the preservation of global relationship invariants that can fall back to a precise, disjunctive symbolic analysis when the optimistic assumption is violated. A significant challenge is selectively violating the global type consistency invariant over heap locations, which we achieve via almost type-consistent heaps. To evaluate our approach, we have encoded the problem of verifying the safety of reflective method calls in dynamic languages as a refinement type checking problem. Our analysis is capable of validating reflective call safety at interactive speeds on commonly-used Objective-C libraries and applications.</p>
<p> </p><br><b>Bio:</b> <p>Bor-Yuh Evan Chang is an Assistant Professor of Computer Science at the University of Colorado Boulder. He is interested in tools and techniques for building, understanding, and ensuring reliable computational systems. His techniques target using novel ways of interacting with the programmer to design more precise and practical program analyses. He is a recipient of an NSF CAREER award. He received his M.S. and Ph.D. from the University of California Berkeley and his B.S. from Carnegie Mellon University.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/6302014-03-07T09:45:26-05:002014-03-08T09:09:11-05:00https://talks.cs.umd.edu/talks/630Cinquecento and Programming by Debugging<a href="http://www.cs.cmu.edu/~smagill/">Stephen Magill - IDA/CCS</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, April 7, 2014, 2:00-3:00 pm<br><br><b>Abstract:</b> <p> </p>
<p class="p1">Cinquecento is a programming language designed for debugging and other program analysis tasks. As the language and runtime have evolved, several features that were originally designed to support debugging have been adopted as general-purpose programming techniques. In this talk I will give an overview of the Cinquecento language and present two examples of code that has benefited from this re-purposing: the Cinquecento libc implementation and the foreign function interface.</p><br><b>Bio:</b> <p> </p>
<p class="p1">Stephen Magill is a research scientist at the IDA Center for Computing Sciences (CCS), where he works on program analysis techniques. Prior to this he was a post-doc in the PLUM group at the University of Maryland, where he worked on verifying correctness of dynamic software updates and reasoning about privacy. He received his Ph.D. from Carnegie Mellon University, where he developed Thor, a tool for automatic program analysis using separation logic that is capable of verifying a rich combination of program properties including memory safety, termination, and arithmetic.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/7752014-09-18T18:41:29-04:002014-09-23T14:36:36-04:00https://talks.cs.umd.edu/talks/775End-to-End Information-Flow Security for Interactive Systems<a href="http://w.lfp.li/">Willard Rafnsson - Chamlers</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Wednesday, September 24, 2014, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <blockquote style="color: #500050; font-family: arial, sans-serif; font-size: 12.7272720336914px;">We provide means to achieve end-to-end information-flow security in interactive systems. In a general computation model for asynchronous message-passing components, we consider two popular confidentiality properties: progress-sensitive noninterference (PSNI), and progress-insensitive noninterference (PINI), the latter of which is enforced by practical tools like JSFlow, Paragon, Jif, FlowCaml, SPARK, and sequential LIO. After identifying shortcomings in previous formalizations of PSNI and PINI, we devise a new, preservation-based, formalization which guarantees secure systems interact securely. We prove this compositionality guarantee for a dataflow-style core of combinators, and derive a rich language of security-preserving combinators from it. While both PSNI and PINI are preserved under arbitrary wirings, PINI fundamentally relies on the lack of scheduling fairness to guarantee security of interactions. This makes PINI unfit for autonomous interactive systems security. To facilitate building secure systems in parts, we advance secure multi-execution (SME): a combinator which repairs insecurities. SME thus makes any interactive system, secure or not, readily pluggable into a secure composite system. We prove soundness for all fair schedulers, and redesign SME to enforce PSNI, obtaining a more semantics-preserving combinator. We furthermore give a model for information release in SME. Finally, for scenarios where semantics must be preserved, we demonstrate how PSNI and PINI can be enforced statically by a type-based enforcement. Save for our static enforcements, all our results are language-independent.</blockquote><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/7952014-09-30T00:33:07-04:002014-09-30T00:33:07-04:00https://talks.cs.umd.edu/talks/795Definitional Interpreters for Higher-Order Programming LanguagesDavid Van Horn - UMD<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">MC2 Conference Room A.V. Williams Building (AVW)</a><br>Friday, October 10, 2014, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Higher-order programming languages (i.e., languages in which procedures or labels can occur as</p>
<p>values) are usually defined by interpreters that are themselves written in a programming language based on the</p>
<p>lambda calculus (i.e., an applicative language such as pure LISP). Examples include McCarthy’s definition of</p>
<p>LISP, Landin’s SECD machine, the Vienna definition of PL/I, Reynolds’ definitions of GEDANKEN, and recent</p>
<p>unpublished work by L. Morris and C. Wadsworth. Such definitions can be classified according to whether the</p>
<p>interpreter contains higher-order functions, and whether the order of application (i.e., call by value versus call by</p>
<p>name) in the defined language depends upon the order of application in the defining language. As an example,</p>
<p>we consider the definition of a simple applicative programming language by means of an interpreter written in a</p>
<p>similar language. Definitions in each of the above classifications are derived from one another by informal but</p>
<p>constructive methods. The treatment of imperative features such as jumps and assignment is also discussed.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/8572014-12-04T13:14:56-05:002014-12-04T13:14:56-05:00https://talks.cs.umd.edu/talks/857Counterexample-Guided Abstraction Refinement for Symbolic Model Checking<a href="http://www.cs.umd.edu/~javran/">Javran Cheng - University of Maryland</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Friday, December 5, 2014, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>The state explosion problem remains a major hurdle in applying symbolic model checking to large hardware designs. State space abstraction, having been essential for verifying designs of industrial complexity, is typically a manual process, requiring considerable creativity and insight.</p>
<p><a class="moz-txt-link-freetext" href="http://gki.informatik.uni-freiburg.de/teaching/ws0708/aipsem/papers/clarke-et-al:jacm-2003.pdf">http://gki.informatik.uni-freiburg.de/teaching/ws0708/aipsem/papers/clarke-et-al:jacm-2003.pdf</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/8612014-12-15T21:36:06-05:002014-12-15T21:37:54-05:00https://talks.cs.umd.edu/talks/861Galois Transformers and Modular Abstract Interpreters<a href="http://david.darais.com/">David Darais - Harvard University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Thursday, December 18, 2014, 1:15-2:15 pm<br><br><b>Abstract:</b> <p>The design and implementation of static analyzers is becoming increasingly systematic. In fact, for large classes of analyzers, design and implementation have remained seemingly (and now stubbornly) on the verge of full mechanization for several years. A stumbling block in full mechanization has been the ad hoc nature of soundness proofs accompanying each analyzer. While design and implementation is largely systematic, soundness proofs can change significantly with seemingly minor changes to the semantics or analyzers. An achievement of this work is to systematize, parameterize and modularize the proofs of soundness, so as to make them composable across analytic properties.</p>
<p>We solve the problem of systematically constructing static analyzers by introducing Galois transformers: monad transformers that transports Galois connection properties. In concert with a monadic interpreter, we define a library of monad transformers that implement building blocks for classic analysis parameters like context-, path-, and heap- (in-)sensitivity. Moreover, these can be composed together independent of the language being analyzed.</p>
<p>Significantly, a Galois transformer can be proved sound once and for all, making it a reusable analysis component. As new analysis features and abstractions are developed and mixed in, soundness proofs need not be reconstructed, as the composition of a monad transformer stack is sound by virtue of its constituents. Galois transformers provide a viable foundation for reusable and composable metatheory for program analysis. Finally, these Galois transformers shift the level of abstraction in analysis design and implementation to a level where non-specialists have the ability to synthesize sound analyzers over a number of parameters.</p>
<p>To demonstrate the approach we have implemented a static analysis framework based on Galois transformers in Haskell. Like the formal framework, our Haskell library provides compositional, language-independent tools for constructing a wide range of static analyses.</p>
<p>This is joint work with Matthew Might and David Van Horn.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/8742015-01-22T14:29:38-05:002015-01-22T14:29:38-05:00https://talks.cs.umd.edu/talks/874Good Enough Dependability: A New Paradigm For Dependable Systems Design<a href="http://blogs.ubc.ca/karthik/">Karthik Pattabiraman - Assistant Professor, ECE, University of British Columbia (UBC)</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, February 18, 2015, 1:30-2:30 pm<br><br><b>Abstract:</b> <p>Good Enough Dependability: A New Paradigm For Dependable Systems Design<br><br>Commodity software is designed with the assumption that the hardware is fault-free, and hence software hardly ever needs to deal with hardware errors. However, this assumption is increasingly difficult to satisfy as CMOS devices scale to smaller and smaller sizes, and as manufacturing variations increase. In addition, traditional solutions such as guard-banding and dual modular redundancy (DMR) are challenging to apply in commodity systems due to stringent power constraints. Therefore, there is a compelling need to develop low overhead software approaches for protecting programs from hardware errors. <br><br>In this talk, I will describe our approach to build software systems that are resilient to hardware faults. We call this approach “good enough dependability”, as it leverages the properties of the application to provide targeted protection for the most important errors. First, I will present a compiler-based approach to identify critical data in soft-computing applications, or applications that have inherent resilience to many errors. We call the errors that cause significant deviation from the correct output of the application as Egregious Data Corruptions (EDCs), and provide targeted protection for such errors. I will then discuss how we extend this approach to Silent Data Corruptions (SDCs) in general-purpose applications, which are not inherently error resilient. Finally, I will present other work we have done in applying the good enough dependability paradigm to (1) mitigate software bugs in modern javascript-based web applications, and (2) smart gird security. <br><br>This is joint work with my graduate students, colleagues at UBC, and industry collaborators.</p><br><b>Bio:</b> <p>Bio: Karthik Pattabiraman received his M.S and PhD. degrees from the University of Illinois at Urbana-Champaign (UIUC) in 2004 and 2009 respectively. After a post-doctoral stint at Microsoft Research (Redmond), Karthik joined the University of British Columbia (UBC) as an assistant professor of electrical and computer engineering in 2010. Karthik's research interests are in building reliable and secure systems through compiler and architectural techniques, and in software engineering for modern web applications. Karthik has won a best student paper award at the IEEE International Conference on Dependable Systems and Networks (DSN), 2008, a best paper runner up award at the IEEE International Conference on Software Testing (ICST), 2013 and a Distinguished paper award at the IEEE/ACM International Conference on Software Engineering (ICSE), 2014. Karthik was the general chair for the IEEE Pacific Rim International Symposium on Dependable Computing (PRDC), 2013, and has served on the program committees of conferences such as DSN and ISSRE. Find out more about him at: http://blogs.ubc.ca/karthik/</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9282015-02-23T19:26:01-05:002015-03-06T12:07:54-05:00https://talks.cs.umd.edu/talks/928Prove If You Can, Test If You Cannot<a href="http://www.cs.umd.edu/~rance/">Rance Cleaveland - Computer Science Dept., University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, March 9, 2015, 1:30-2:30 pm<br><br><b>Abstract:</b> <p></p>
<p class="MsoNormal"><span style="font-size: 12.0pt; line-height: 107%;">Current formal methods focus on mathematical proof as a means for establishing that a system is correct with respect to a formal specification.<span> </span>This perspective can limit the applicability of formal methods, since the development of such proofs remains a very difficult task requiring specialized expertise, even with computer assistance.<span> </span>This presentation argues that formal-specification approaches that support both proof and testing as V&V technologies can enhance the practical usefulness of formal methods.<span> </span>It then describes an approach, called instrumentation-based verification, <span> </span>that is intended to realize this vision.</span></p><br><b>Bio:</b> <p>http://www.cs.umd.edu/~rance/bio.html</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9352015-02-27T14:07:27-05:002015-02-27T14:07:27-05:00https://talks.cs.umd.edu/talks/935Incremental Computation with Adapton<a href="www.cs.umd.edu/~hammer">Matthew A Hammer - Computer Science Dept., University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, March 2, 2015, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>A computation is incremental if repeating it with a changed input is<br>faster than from-scratch recomputation. Many software systems use<br>incremental computation (IC) as a fundamental aspect of their<br>design. Everyday examples include spreadsheets (incremental formula<br>evaluation), development environments (incremental type checking,<br>static analysis, translation, optimization) and database interaction<br>(incremental view maintenance). If IC research succeeds, future<br>"everyday" examples may include software testing (incremental<br>re-testing when code changes) and scientific simulation (incremental<br>re-simulation when parameters change).<br><br>In this talk, I will outline a vision for giving IC a special status<br>in our programming languages, similar to the status that garbage<br>collection (GC) receives today in nearly all "high-level" languages.<br>Just as language support for GC has liberated programmers from the<br>inherent complexity and tedium of manual memory management, I believe<br>that IC offers a similar potential to elevate us and the systems we<br>can express as programmers. I will outline Adapton, which provides<br>language abstractions for IC that seem most promising today, showing<br>how they unify and subsume prior approaches to IC proposed in both the<br>distant and recent past. I will outline current challenges, and goals<br>for future work.</p><br><b>Bio:</b> <p>Matthew Hammer is a postdoctoral researcher at the University of<br>Maryland in College Park. He has a PhD from the University of Chicago<br>and was a visiting student at the Max Planck Institute for Software<br>Systems. His PhD project produced CEAL, a C-based language for<br>incremental computation. He has a MS in CS from the Toyota<br>Technological Institute at Chicago, and a BS in CS from the University<br>of Wisconsin, Madison.<br><br>Matthew's current research in programming languages and language-based<br>security consists of two on-going projects: Wysteria and Adapton.<br>Wysteria expresses new multi-party computation protocols (built on<br>existing cryptographic techniques) in the form of a high-level,<br>functional programming language. Meanwhile, Adapton offers a new,<br>unifying approach to expressing incremental computation.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9482015-03-07T08:40:08-05:002015-03-07T08:40:08-05:00https://talks.cs.umd.edu/talks/948Incremental Computation with Adapton<a href="http://www.cs.umd.edu/~hammer/">Matthew Hammer - UMD</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Monday, March 9, 2015, 3:30-4:30 pm<br><br><b>Abstract:</b> <p class="p1">A computation is incremental if repeating it with a changed input is faster than from-scratch recomputation. Many software systems use incremental computation (IC) as a fundamental aspect of their design. Everyday examples include spreadsheets (incremental formula evaluation), development environments (incremental type checking, static analysis, translation, optimization) and database interaction (incremental view maintenance). If IC research succeeds, future "everyday" examples may include software testing (incremental re-testing when code changes) and scientific simulation (incremental re-simulation when parameters change).</p>
<p class="p1">In this talk, I will outline a vision for giving IC a special status in our programming languages, similar to the status that garbage collection (GC) receives today in nearly all "high-level" languages. Just as language support for GC has liberated programmers from the inherent complexity and tedium of manual memory management, I believe that IC offers a similar potential to elevate us and the systems we can express as programmers. I will outline Adapton, which provides language abstractions for IC that seem most promising today, showing how they unify and subsume prior approaches to IC proposed in both the distant and recent past. I will outline current challenges, and goals for future work.</p><br><b>Bio:</b> <p>Matthew Hammer is a postdoctoral researcher at the University of Maryland in College Park. He has a PhD from the University of Chicago and was a visiting student at the Max Planck Institute for Software Systems. His PhD project produced CEAL, a C-based language for incremental computation. He has a MS in CS from the Toyota Technological Institute at Chicago, and a BS in CS from the University of Wisconsin, Madison.</p>
<p>Matthew's current research in programming languages and language-based security consists of two on-going projects: Wysteria and Adapton. Wysteria expresses new multi-party computation protocols (built on existing cryptographic techniques) in the form of a high-level, functional programming language. Meanwhile, Adapton offers a new, unifying approach to expressing incremental computation.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9732015-03-26T21:05:03-04:002015-03-26T21:05:16-04:00https://talks.cs.umd.edu/talks/973Liquid Types (Rondon et. al.)ThanhVu (Vu) Nguyen - PLUM, UMD CS<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, March 30, 2015, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>http://goto.ucsd.edu/~rjhala/papers/liquid_types.pdf.</p>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9742015-03-26T21:06:56-04:002015-03-26T21:06:56-04:00https://talks.cs.umd.edu/talks/974Total Functional Programming (D. A. Turner)Kris Micinski - PLUM, UMD CS<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, April 6, 2015, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>https://uf-ias-2012.wikispaces.com/file/view/turner.pdf</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9752015-03-26T21:07:56-04:002015-03-26T21:13:27-04:00https://talks.cs.umd.edu/talks/975Hybrid Type Checking (Corman Flanagan)Brianna Ren - PLUM, UMD CS<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, April 13, 2015, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>https://users.soe.ucsc.edu/~cormac/papers/popl06-hybrid.pdf</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9762015-03-26T21:09:29-04:002015-03-26T21:13:44-04:00https://talks.cs.umd.edu/talks/976A Core Calculus of Dependency (Abadi et. al.)Matthew Hammer - PLUM, UMD CS<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, April 27, 2015, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>http://www.cs.ucla.edu/~palsberg/tba/papers/abadi-banerjee-heintze-riecke-popl99.pdf</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9772015-03-26T21:20:52-04:002015-03-26T21:20:52-04:00https://talks.cs.umd.edu/talks/977Relatively Complete Counterexamples for Higher-Order ProgramsPhuc Nguyen - PLUM, UMD CS<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, May 4, 2015, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>http://arxiv.org/abs/1411.3967</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9782015-03-27T09:31:26-04:002015-03-27T09:31:26-04:00https://talks.cs.umd.edu/talks/978Tracking the Flow of Ideas through the Programming Languages Literature<a href="http://www.cs.princeton.edu/~mg19/">Michael Greenberg - Princeton University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, April 20, 2015, 1:00-2:00 pm<br><br><b>Abstract:</b> <div>How have conferences like ICFP, OOPSLA, PLDI, and POPL evolved over the last 20 years? Did generalizing the Call for Papers for OOPSLA in 2007 or changing the name of the umbrella conference to SPLASH in 2010 have any effect on the kinds of papers published there? How do POPL and PLDI papers compare, topic-wise? Is there related work that I am missing? Have the ideas in O’Hearn’s classic paper on separation logic shifted the kinds of papers that appear in POPL? Does a proposed program committee cover the range of submissions expected for the conference? If we had better tools for analyzing the programming language literature, we might be able to answer these questions and others like them in a data-driven way. We explore how topic modeling, a branch of machine learning, might help the programming language community better understand our literature.</div>
<div> </div>
<div>This is joint work with Kathleen Fisher and David Walker.</div><br><b>Bio:</b> <div>Michael Greenberg is wrapping up a postdoc at Princeton University before starting as an assistant professor at Pomona College. He received his BA in Computer Science and Egyptology from Brown University (2007) and his PhD in Computer Science from the University of Pennsylvania (2013).</div>
<div class="yj6qo ajU">
<div id=":yy" class="ajR"><img class="ajT" src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif" alt=""></div>
</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/9942015-04-08T12:04:06-04:002015-04-08T12:47:42-04:00https://talks.cs.umd.edu/talks/994Running Probabilistic Programs Backwards<a href="http://www.cs.umd.edu/~ntoronto/">Neil Toronto - UMD</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Friday, April 10, 2015, 2:00-3:00 pm<br><br><b>Abstract:</b> <p>Many probabilistic programming languages allow programs to be run under constraints in order to carry out Bayesian inference. Running programs under constraints could enable other uses such as rare event simulation and probabilistic verification---except that all such probabilistic languages are necessarily limited because they are defined or implemented in terms of an impoverished theory of probability. Measure-theoretic probability provides a more general foundation, but its generality makes finding computational content difficult.</p>
<p><br>We develop a measure-theoretic semantics for a first-order probabilistic language with recursion, which interprets programs as functions that compute preimages. Preimage functions are generally uncomputable, so we derive an abstract semantics. We implement the abstract semantics and use the implementation to carry out Bayesian inference, stochastic ray tracing (a rare event simulation), and probabilistic verification of floating-point error bounds.</p>
<p>This is joint work with Jay McCarthy and David Van Horn.</p>
<p>Paper: http://arxiv.org/abs/1412.4053</p><br><b>Bio:</b> <p>Neil Toronto is a post-doc in the PLUM lab at UMD.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/10502015-06-14T17:37:23-04:002015-06-30T12:30:34-04:00https://talks.cs.umd.edu/talks/1050Symbolic Execution for Evolving Software<a href="https://www.doc.ic.ac.uk/~cristic/">Cristian Cadar - Imperial College</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3258 A.V. Williams Building (AVW)</a><br>Tuesday, July 14, 2015, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>One of the distinguishing characteristics of software systems is that they evolve: new patches are committed to software repositories and new versions are released to users on a continuous basis. Unfortunately, many of these changes bring unexpected bugs that break the stability of the system or affect its security. In this talk, I describe our work on devising novel symbolic execution techniques for increasing the confidence in evolving software: a technique for reasoning about the correctness of optimisations, in particular those that take advantage of SIMD and GPGPU capabilities; a technique for high-coverage patch testing, and a technique for revealing regression bugs and behavioural divergences across versions.</p><br><b>Bio:</b> <p>Cristian Cadar leads the <a title="Software Reliability Group" href="https://srg.doc.ic.ac.uk">Software Reliability Group</a> in the Department of Computing at Imperial College London. His research interests span the areas of software engineering, computer systems and security, with an emphasis on designing practical techniques for improving the reliability and security of software systems. Cristian received a PhD in Computer Science from Stanford University, and undergraduate and Master's degrees from the Massachusetts Institute of Technology. He was awarded the Jochen Liedtke Young Researcher Award in 2015, an EPSRC Early-Career Fellowship in 2013, and artifact or paper awards at ISSTA 2014, ESEC/FSE 2013 and OSDI 2008.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/11652015-10-19T10:43:48-04:002015-10-19T10:43:48-04:00https://talks.cs.umd.edu/talks/1165Galois Transformers and Modular Abstract Interpreters: Reusable Metatheory for Program AnalysisDavid Darais - PLUM, UMD<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Wednesday, October 21, 2015, 3:30-4:30 pm<br><br><b>Abstract:</b> <pre>The field of program analysis is experiencing a renaissance as recent software
analyzers have succeeded in verifying the correctness, safety and integrity of
increasingly large software systems. Progress in the design of real-world
analyzers comes from exploring the vast design space, however the process for
designing and implementing static analyzers with non-standard features has
grown too complex. Worse, changing the design of a static analyzer in
mid-development often requires a redesign from scratch.
In this talk I will present Galois transformers, a framework which supports
rapid design and implementation of a large family of static analyzers. Galois
transformers synthesize analysis machinery and proofs of correctness for free,
and are inspired by the trifecta combination of monad transformers, Galois
connections and monadic abstract interpreters. Galois transformers enable the
designer of a program analysis to rapidly prototype variations in abstract
domain, context sensitivity, object sensitivity, path sensitivity and a wide
range of analysis optimizations. Furthermore, these orthogonal tuning knobs are
constructed in a language-independent framework, allowing reuse across entirely
different programming language semantics. Finally, Galois transformers
synthesize a large portion of the end-to-end proofs of correct abstraction
required by high-assurance analyzers.</pre><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/11312015-09-21T07:17:10-04:002015-09-21T13:51:48-04:00https://talks.cs.umd.edu/talks/1131Multi-version execution for efficient dynamic analysis<a href="http://www.luispina.me/">Luis Pina - Imperial College, London</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Monday, November 2, 2015, 10:30-11:30 am<br><br><b>Abstract:</b> <p>Bug-finding tools based on dynamic analysis (DA) have become ubiquitous during software development. Notable examples include tools such as Valgrind or the compiler sanitizers provided by Clang and GCC. While precise, these analyses incur a large performance overhead (often several times slower than native execution), which makes them prohibitively expensive to use in production. In this work, we are investigating the exciting possibility of deploying expensive analyses in production code using a multi-version execution approach with partial checking.</p><br><b>Bio:</b> <p>Luis Pina is currently a post-doctoral researcher at Imperial College, London. He will soon receive his PhD from from IST Lisbon, having worked for several years at PLUM, the laboratory for Programming Languages research at the University of Maryland, under Michael Hicks. </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/11532015-10-07T08:34:53-04:002015-10-07T08:34:53-04:00https://talks.cs.umd.edu/talks/1153Gradual Typing for DartFabio Strocco - Department of Computer Science, Aarhus University<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Wednesday, October 14, 2015, 3:30-4:30 pm<br><br><b>Abstract:</b> <p>Dart is an object oriented programming language which allows to put<br>static types only where appropriate. This way, programmers can choose where in<br>their code to benefit from safety guarantees and documentation/tool support<br>supported by the static typing discipline, and where to exploit the flexibility<br>provided by dynamic typing.<br><br>Furthermore, Dart's optional typing approach is in line with the idea of gradual <br>evolution from dynamic scripts to fully fledged static programs.<br>Moreover, the type system provides features that make language formalization and<br>type inference algorithms design challenging and novel.<br><br>In this talk, I will show the research I have been doing during my PhD.<br>I will first show a formal model of a core of Dart. Basing on such model I will discuss<br>alternative type system and their properties. Finally, I will show<br>a (work in progress) type inference algorithm for Dart that fits well with optional typing.</p><br><b>Bio:</b> <p>Bio: Fabio is a PhD student at Aarhus University in Denmark. He is currently on its third year of PhD and<br>he is working on type systems and type inference for Dart, an Object oriented programming language.<br>Its main goal is to investigate on different type systems and type inference techniques and to see how<br>they are precise applied to real-world programs and what are the main limitations.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/12072015-11-12T11:37:15-05:002015-11-12T11:37:15-05:00https://talks.cs.umd.edu/talks/1207Algorithmic Analysis for Asynchronous Programs<a href="http://www.mpi-sws.org/~rupak/">Rupak Majumdar - Max Planck Institute for Software Systems</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Monday, November 16, 2015, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Asynchronous programming is a general programming idiom where concurrent tasks are executed by a co-operative scheduler, and appear from low-level kernel or embedded systems code to smartphone and web programming environments. In its simplest form, the underlying programming system exposes an asynchronous procedure call construct, which allows the programmer to post a procedure for future execution in case a certain event occurs. When the corresponding event occurs, a scheduler picks the associated procedure and runs it to completion.</p>
<p>In this talk, I will describe algorithmic analysis techniques for asynchronous programs. On the one hand, I will talk about formal models for different styles of asynchronous programs and the decidability landscape. On the other, I will talk about our attempts to build model checking and program analysis tools for programs written in this style, both for verification and for systematic testing.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/12452015-12-20T19:53:21-05:002015-12-20T19:53:21-05:00https://talks.cs.umd.edu/talks/1245Program verification under weak memory consistency<a href="http://www.mpi-sws.org/~viktor/">Viktor Vafeiadis - MPI-SWS</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Wednesday, January 27, 2016, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Weak memory models formalize the inconsistent behaviors that one can observe in multithreaded programs running on modern hardware. In so doing, they complicate the already-difficult task of reasoning about correctness of concurrent code. Worse, they render impotent most formal methods that have been developed to tame concurrency, which almost universally assume a strong (i.e., sequentially consistent) memory model. In response, we have developed a number of alternative reasoning techniques that are sound for programs running weak memory consistency. I will cover both program logics, such as relaxed separation logic, as well as theorems that allow reducing reasoning about well-structured weakly consistent implementations down to sequential consistency, and show how these can be applied to reason about a practical RCU implementation.</p><br><b>Bio:</b> <p>Viktor Vafeiadis is a tenure-track researcher at MPI-SWS. He got his BA (2004) and PhD (2008) from the University of Cambridge. Before joining MPI-SWS in October 2010, he was a postdoc at Microsoft Research and at the University of Cambridge.</p>
<p>He is broadly interested in programming languages and verification with a focus on program logics for weak memory (RSL, FSL, GPS, OGRA), program logics for interleaving concurrency (RGSep, deny-guarantee, CAP, CSL soundness), compiler verification (C11 compilation, CompCertTSO, Pilsner, SepCompCert), automated verification of concurrent programs (Cave), and interactive theorem proving (Paco, Mtac, adjustable references).</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/13142016-02-03T23:11:20-05:002016-02-17T10:22:51-05:00https://talks.cs.umd.edu/talks/1314Pycket: a tracing JIT for a functional language<a href="http://homes.soic.indiana.edu/samth/">Sam Tobin-Hochstadt - Indiana University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Wednesday, February 24, 2016, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Traditionally, functional languages have come with sophisticated ahead<br> of time compilers, while dynamic object-oriented languages have used<br> dynamic JIT compilers. In this talk, I will present Pycket, a new<br> implementation of Racket that uses a tracing JIT compiler to provide<br> significant speedups over existing systems. Pycket is particularly<br> effective at removing the overhead of indirections such as generic<br> operations. It's also able to offer order-of-magnitude speedups on<br> programs using gradual typing, alleviating major performance problems<br> in this area.</p><br><b>Bio:</b> <p>Sam Tobin-Hochstadt is an Assistant Professor at Indiana University,<br> focusing on programming languages and software engineering. He created<br> Typed Racket, the first gradually-typed language. He also serves on<br> the standards committee for JavaScript, and co-created the JavaScript<br> module system. He received his Ph.D from Northeastern University under<br> Matthias Felleisen.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/13832016-04-04T10:13:21-04:002016-04-04T10:13:21-04:00https://talks.cs.umd.edu/talks/1383A Delta for Hybrid Type Checking<a href="http://www2.informatik.uni-freiburg.de/~thiemann/">Peter Thiemann - Universität Freiburg</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Friday, May 13, 2016, 1:30-2:30 pm<br><br><b>Abstract:</b> <p>A hybrid type checker defers parts of the type checking to run time. At compile time, the checker attempts to statically verify as many subtyping constraints as possible. Constraints that cannot be proved by the static checker, are reified as run-time casts in an intermediate language, which is a variant of the blame calculus.</p>
<p>The goal of this work is to simplify casts in the intermediate blame calculus by exploiting context information. To this end, we develop a coercion calculus that corresponds to the blame calculus via a pair of translations and we define the formal framework to simplify these coercions. We give a concrete instance of the calculus and demonstrate that simplification can be regarded as a synthesis problem.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/13842016-04-05T08:25:26-04:002016-04-05T08:25:26-04:00https://talks.cs.umd.edu/talks/1384Tedsuto: A General Framework for Testing Dynamic Software Updates<a href="http://www.luispina.me/">Luis Pina - Imperial College, London</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Friday, April 8, 2016, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Dynamic software updating (DSU) is a technique for patching running programs, to fix bugs or add new features. DSU avoids the downtime of stop-and-restart updates, but creates new risks-an incorrect or ill-timed dynamic update could result in a crash or misbehavior, defeating the whole purpose of DSU. To reduce such risks, dynamic updates should be carefully tested before they are deployed. This talk presents Tedsuto, a general testing framework for DSU, along with a concrete implementation of it for Rubah, a state-of-the-art Java-based DSU system. Tedsuto uses system-level tests developed for the old and new versions of the updateable software, and systematically tests whether a dynamic update might result in a test failure. Very often this process is fully automated, while in some cases (e.g., to test new-version functionality) some manual annotations are required. To evaluate Tedsuto's efficacy, we applied it to dynamic updates previously developed (and tested in an ad hoc manner) for the H2 SQL database server and the CrossFTP server- two real-world, multithreaded systems. We used three large test suites, totalling 446 tests, and we found a variety of update-related bugs in short order, and at low cost.</p>
<p>Joint work with Michael Hicks.</p><br><b>Bio:</b> <p>Luis earned his PhD from the Information Systems and Computer Engineering at Instituto Superior Técnico, Lisbon, in 2016. He was part of the PLUM group at University of Maryland from 2012 to 2015, and part of the ESW group at INESC-ID in Lisbon from 2009 to 2012. He developed my thesis work on Dynamic Software Updating (DSU) under the supervision of Prof. Michael Hicks at UMD and Prof. Luís Veiga at IST. Currently, he has a post-doctoral position at the SRG Group at Imperial College London, working with Cristian Cadar.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/13932016-04-13T15:02:32-04:002016-04-13T15:02:42-04:00https://talks.cs.umd.edu/talks/1393Static Analysis with Introspective Polyvariance<a href="http://thomas.gilray.org/">Thomas Gilray - University of Utah</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Wednesday, April 20, 2016, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <div>Static analysis of dynamic and functional programming languages requires a precise accounting of various interpenetrating concerns. For example, in functional languages like Racket, a precise analysis of data flow (for closures) is required for a precise analysis of control flow, and in dynamic scripting languages like JavaScript, a precise modeling of hashmaps and their keys is required for every use of an object's fields and methods. For each of these concerns, a careful compromise must be struck between precision and complexity for an analysis to provide useful information at a reasonable computational cost.</div>
<div> </div>
<div>In this talk, I will review abstracting abstract machines (AAM), a general methodology for deriving a static analysis from a language's concrete (exact) semantics, and show how this approach may be extended to the notion of polyvariance. Specific polyvariant techniques such as call sensitivity, object sensitivity, and argument sensitivity, represent strategies for managing the trade-off between precision and complexity in an analysis and may be well suited for one program, while being both expensive and ineffective on another. I will show how a single function in AAM-style analyses, an allocator, can be used to both unify and generalize this class of techniques. I will then apply this new perspective to developing an introspective polyvariant technique which guarantees perfect stack precision (i.e., no conflation of return flows) for free---that is, at no asymptotic complexity overhead and requiring only the replacement of an allocation function, a trivial change in AAM-style analyses.</div><br><b>Bio:</b> <p>Thomas Gilray recently defended his PhD thesis at the University of Utah. His primary research area is static analysis of higher-order languages (also called control-flow analysis). More broadly, his interests include semantics, language design, compilers and implementations, safety and verification, parallelism and high-performance solvers (e.g., constraint solving on the GPU). His recent paper at the International Supercomputing Conference won the the PRACE ISC award and his paper at Trends in Functional Programming in 2013 won the best student paper award.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/13952016-04-14T10:17:54-04:002016-04-14T10:24:54-04:00https://talks.cs.umd.edu/talks/1395Improving Android's Reliability and Security<a>Iulian Neamtiu - NJIT</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Tuesday, April 26, 2016, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Android is the dominant mobile platform worldwide. My group has developed a variety of analyses aimed at improving Android's reliability and security. First, we will show how "software repository mining" can reveal common classes of errors in mobile apps. Second, we describe two tools, the A3E Android app explorer, and VALERA, a record-and-replay approach that helps with a variety of tasks, e.g., reproducing executions, finding and fixing concurrency bugs, and app profiling. Third, we present a static analysis that has found a new class of Android app errors we named "resume/restart errors”. Finally, we show how the aforementioned techniques can be combined to find and reduce the security risks posed by Android apps.</p>
<p> </p><br><b>Bio:</b> <p>Iulian Neamtiu is an Associate Professor in the Department of Computer Science at the New Jersey Institute of Technology. He received his Ph.D. from UMD CS in 2008, and between 2008-2015 he was an Assistant, then Associate Professor at the University of California, Riverside. His research areas span programming languages, security, software engineering, and smartphones, with an overarching goal of making software and smartphones more secure, efficient, dependable, as well as easy to maintain and modify. He is a recipient of the NSF CAREER award, the UCR Regents' Fellowship award, as well as two Google Research Awards. He is part of the 10-year Cyber-Security Collaborative Research Alliance (CRA), a joint effort between the Army Research Laboratory and five universities, whose goal is to advance the theoretical foundations of cyber science in the context of Army networks. His research has been funded by NSF, ARL, DARPA, Intel, and Google.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/19">Security Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/13972016-04-14T15:50:49-04:002016-04-14T15:50:49-04:00https://talks.cs.umd.edu/talks/1397Differentially Private Bayesian Programming<a href="http://www.acsu.buffalo.edu/~gaboardi/">Marco Gaboardi - University at Buffalo, SUNY</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Monday, April 25, 2016, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>We present an expressive framework, called PrivInfer, for writing and verifying differentially private machine learning algorithms. Programs in PrivInfer are written in a rich functional probabilistic language with constructs for performing Bayesian inference. Then, differential privacy of programs is established using a relational refinement type system, in which refinements on probability types are indexed by a metric on distributions. Our framework leverages recent developments in Bayesian inference, probabilistic program- ming languages, and in relational refinement types. We demonstrate the expressiveness of PrivInfer by verifying privacy for several examples of private Bayesian inference.</p><br><b>Bio:</b> <p>Marco Gaboardi is an assistant professor in the Department of Computer Science and Engineering at the University at Buffalo, SUNY. Previously, he was a faculty at the University of Dundee, Scotland. He received his PhD from the University of Torino, Italy, and the Institute National Polytechnique de Lorraine, France. He was a visitor scholar at the University of Pennsylvania and at Harvard’s CRCS center. He has been the recipient of a EU Marie Curie Fellowship. His research is in programming language design and implementation, and in differential privacy.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/15612016-09-27T10:17:20-04:002016-09-27T10:19:29-04:00https://talks.cs.umd.edu/talks/1561Defense in Depth: A Synthesis of Prospective and Retrospective Security<a href="http://www.cs.uvm.edu/~ceskalka/">Christian Skalka - University of Vermont</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Thursday, September 29, 2016, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <div>Retrospective security has become increasingly important to the theory and practice of cyber security, with auditing a crucial component of it. However, in systems where auditing is used, programs are typically instrumented to generate audit logs using manual, ad-hoc techniques. We propose a foundational semantics for auditing, intended to support provable correctness of program rewriting algorithms that instrument formal logging specifications. Correctness guarantees that the execution of an instrumented program produces sound and complete audit logs, properties defined by an information containment relation between logs and the program's logging semantics.</div>
<div> </div>
<div>We study two applications of our theory that support a defense in depth approach to security, in particular the combination of retrospective audit logging with prospective access control mechanisms in a single uniform policy specification. As a first application, we consider break-the-glass policies, which are common in healthcare informatics when the need to access information in emergency situations overrides "normal" security concerns. As a second application, we consider an in depth approach to a dynamic taint analysis defense against injection attacks, in the presence of partially trusted sanitization. A program rewriting implementation of these mechanisms for the OpenMRS medical records software system is current work in progress.</div><br><b>Bio:</b> <p>Christian Skalka is an Associate Professor in the Department of Computer Science and the Associate Dean for the College of Engineering and Mathematical Sciences at University of Vermont.</p>
<p>Chris's research lies in the intersection of computer science theory and practice. His work focuses on the design of programming languages, especially type disciplines, to support security and safety in programs.</p>
<p>Recently Chris's research has focused on information systems which combine embedded and mobile devices with machine learning data analysis, as well as diverse applications including snow hydrology and psychological sciences.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/19">Security Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/15812016-10-17T09:25:23-04:002016-11-18T09:51:48-05:00https://talks.cs.umd.edu/talks/1581Monitoring and Blame Assignment for Higher-Order Session Types<a href="http://anyag.net/">Anna Gommerstadt - CMU</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Friday, November 18, 2016, 1:30-2:30 pm<br><br><b>Abstract:</b> <p>Session types provide a means to prescribe the communication behavior between concurrent message-passing processes. However, in a distributed setting, some processes may be written in languages that do not support static typing of sessions or may be compromised by a malicious intruder, violating invariants of the session types. In such a setting, dynamically monitoring communication between processes becomes a necessity for identifying undesirable actions. In this talk, we discuss how to dynamically monitor communication to enforce adherence to session types in a higher-order setting. We present a system of blame assignment in the case when the monitor detects an undesirable action and an alarm is raised. We will also discuss ongoing research about improving the precision of the blame assignment.</p><br><b>Bio:</b> <p>Anna is a PhD student at Carnegie Mellon, working with Frank Pfenning. She earned her undergraduate degree at Harvard, and worked with Steve Chong.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/14722016-08-04T13:51:32-04:002016-10-02T14:32:17-04:00https://talks.cs.umd.edu/talks/1472Programming with Numerical Uncertainties<a href="http://www.mpi-sws.org/~eva/">Eva Darulova - Max Planck Institute for Software Systems</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=CSI">2117 Computer Science Instructional Center (CSI)</a><br>Friday, October 14, 2016, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Numerical software, common in scientific computing or embedded systems, inevitably uses an approximation of the real arithmetic in which most algorithms are designed. Finite-precision arithmetic, such as fixed-point or floating-point, is a common and efficient choice, but introduces an uncertainty on the computed result that is often very hard to quantify. We need adequate tools to estimate the errors introduced in order to choose suitable approximations which satisfy the accuracy requirements. I will present a programming model where the scientist writes his or her numerical program in a real-valued specification language with explicit error annotations. It is then the task of our verifying compiler to select a suitable floating-point or fixed-point data type which guarantees the needed accuracy. I will show how a combination of SMT theorem proving, interval and affine arithmetic and function derivatives yields an accurate, sound and automated error estimation which can handle nonlinearity, discontinuities and certain classes of loops. Additionally, finite-precision arithmetic is not associative so that different, but mathematically equivalent, orders of computation often result in different magnitudes of errors. We have used this fact to not only verify but actively improve the accuracy by combining genetic programming with our error computation with encouraging results.</p><br><b>Bio:</b> <p>Eva Darulova is a tenure-track faculty at the Max Planck Institute for Software Systems. Her research interests include programming languages, software verification and approximate computing and her recent research focused on automated verification and synthesis for numerical programs. She received a PhD from EPFL in 2014 and a BSc degree from University College Dublin in 2009 with a joint major in computer science and mathematical physics.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/17">CS Research Seminar</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/15102016-09-06T15:15:16-04:002016-09-07T16:26:04-04:00https://talks.cs.umd.edu/talks/1510Allocation Characterizes Polyvariance (ICFP practice talk)<a href="http://thomas.gilray.org/pdf/allocation-polyvariance.pdf">Thomas Gilray</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Thursday, September 15, 2016, 2:00-2:30 pm<br><br><b>Abstract:</b> <div style="left: 109.925px; top: 562.59px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.904387);"><strong>Allocation Characterizes Polyvariance: A Unififed Methodology for Polyvariant Control-Flow Analysis</strong></div>
<div style="left: 109.925px; top: 562.59px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.904387);"> </div>
<div style="left: 109.925px; top: 562.59px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.904387);">The polyvariance of a static analysis is the degree to which it structurally differentiates approximations of program values. Polyvariant techniques come in a number of different flavors that represent alternative heuristics for managing the trade-off an analysis strikes between precision and complexity. For example, call sensitivity supposes that values will tend to correlate with recent call sites, object sensitivity supposes that values will correlate with the allocation points of related objects, the Cartesian product algorithm supposes correlations between the values of arguments to the same function, and so forth.</div>
<div style="left: 109.925px; top: 562.59px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.904387);"> </div>
<div style="left: 90px; top: 795.051px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.90604);">In this paper, we describe a unified methodology for implementing and understanding polyvariance in a higher-order setting (i.e., for control-flow analyses). We do this by extending the method of abstracting abstract machines (AAM), a systematic approach to producing an abstract interpretation of abstract-machine semantics. AAM eliminates recursion within a language’s semantics by passing around an explicit store, and thus places importance on the strategy an analysis uses for allocating abstract addresses within the abstract heap or store. We build on AAM by showing that the design space of possible abstract allocators exactly and uniquely corresponds to the design space of polyvariant strategies. This allows us to both unify and generalize polyvariance as tunings of a single function. Changes to the behavior of this function easily recapitulate classic styles of analysis and produce novel variations, combinations of techniques, and fundamentally new techniques.</div>
<div style="left: 90px; top: 795.051px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.90604);"> </div>
<div style="left: 90px; top: 795.051px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.90604);"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/15112016-09-07T11:21:18-04:002016-09-07T11:21:18-04:00https://talks.cs.umd.edu/talks/1511Constructive Galois Connections: Taming the Galois Connection Framework for Mechanized Metatheory. <a href="david.darais.com">David Darais - University of Maryland</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Tuesday, September 13, 2016, 1:00-2:00 pm<br><br><b>Abstract:</b> <pre style="word-wrap: break-word; white-space: pre-wrap;">Galois connections are a foundational tool for structuring abstraction in
semantics and their use lies at the heart of the theory of abstract
interpretation. Yet, mechanization of Galois connections remains limited to
restricted modes of use, preventing their general application in mechanized
metatheory and certified programming.
This paper presents constructive Galois connections, a variant of Galois
connections that is effective both on paper and in proof assistants; is
complete with respect to a large subset of classical Galois connections; and
enables more general reasoning principles, including the "calculational" style
advocated by Cousot.
To design constructive Galois connection we identify a restricted mode of use
of classical ones which is both general and amenable to mechanization in
dependently-typed functional programming languages. Crucial to our metatheory
is the addition of monadic structure to Galois connections to control a
"specification effect". Effectful calculations may reason classically, while
pure calculations have extractable computational content. Explicitly moving
between the worlds of specification and implementation is enabled by our
metatheory.
To validate our approach, we provide two case studies in mechanizing existing
proofs from the literature: one uses calculational abstract interpretation to
design a static analyzer, the other forms a semantic basis for gradual typing.
Both mechanized proofs closely follow their original paper-and-pencil
counterparts, employ reasoning principles not captured by previous
mechanization approaches, support the extraction of verified algorithms, and
are novel.<br><br>(This is a practice talk for ICFP.)</pre><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/15032016-08-30T09:59:12-04:002016-09-29T08:49:03-04:00https://talks.cs.umd.edu/talks/1503Qwire: A Core Language for Quantum CircuitsJennifer Paykin - U. Penn<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=CSS">3100A Computer and Space Sciences Building (CSS)</a><br>Friday, October 7, 2016, 3:00-4:00 pm<br><br><b>Abstract:</b> <p class="MsoNormal">The QRAM model of quantum computing describes how a (hypothetical) quantum computer and a classical computer work together to produce sophisticated quantum algorithms. The classical computer handles the bulk of the computation and sends circuits to the quantum computer for execution. In this talk I will introduce the Qwire circuit language, which encodes circuits in a classical programming language of our choice and facilitates communication with an attached quantum computer. Qwire uses linear types to ensure that circuits are well-formed and has a sound operational semantics that reduces circuits to a small set of normal forms. In addition, the language is highly modular as it can be embedded into an arbitrary host language that treats circuits as first-class data.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/22">QuICS Seminar</a><br>tag:talks.cs.umd.edu,2005:Talk/15802016-10-14T08:09:56-04:002016-10-14T08:09:56-04:00https://talks.cs.umd.edu/talks/1580Starling: Simpler proofs of concurrent algorithms<a href="https://www-users.cs.york.ac.uk/~miked/">Mike Dodds - Lecturer, Department of Computer Science, University of York</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Monday, October 17, 2016, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Logics derived from separation logic have made it feasible to reason about the most complex concurrent algorithms. However, these modern logics are enormously complex, and many lack automated tool support. </p>
<p>We propose an antidote in Starling, a prototype tool for automated verification of concurrent algorithms. Starling takes a proof outline written in an intuitive predicate-based style, and converts it into proof obligations that can be discharged by Z3 or inferred by a Horn clause solver. </p>
<p>Starling's underlying theory is derived from the Views framework (and ultimately from separation logic) which means it can be applied to many kinds of reasoning system. Starling can automatically challenging concurrent algorithms including the ticketed lock, atomic reference counter, reader-writer lock, and others. </p>
<p>Starling is hosted on github: http://github.com/septract/starling-tool</p><br><b>Bio:</b> <p>Mike Dodds is an anniversary lecturer in the Department of Computer Science at the University of York. He is also a Royal Society industry fellow with Microsoft Research.</p>
<p>Mike's research is about using rigorous mathematics to solve tricky engineering problems. At the moment, he's mostly interested building and verifying multicore data-structures.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/15932016-10-31T10:32:17-04:002016-10-31T10:32:36-04:00https://talks.cs.umd.edu/talks/1593Liquid Types for Haskell<a href="http://goto.ucsd.edu/~nvazou/">Niki Vazou - UCSD</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Thursday, November 3, 2016, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Haskell's type system allows developers to specify and verify a variety of program properties at compile time. However, many properties are impossible, or at the very least, cumbersome to encode within Haskell’s type system. Liquid types enable the specification and verification of value-dependent properties by extending Haskell’s type system with logical predicates drawn from efficiently decidable logics.</p>
<div>In this talk, we present an overview of LiquidHaskell, a liquid type checker for Haskell. In particular, we will describe the kinds of properties that can be checked, ranging from generic requirements like totality and termination, to application specific concerns like memory safety and correctness invariants.</div><br><b>Bio:</b> <p>Niki Vazou is currently finishing her PhD at UCSD and will be starting at Maryland as a Basili Postdoctoral Scholar in the Spring.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/16472017-01-17T08:30:00-05:002017-01-17T08:30:00-05:00https://talks.cs.umd.edu/talks/1647Information Flow Security in Practical Systems<a href="http://www.andrew.cmu.edu/user/liminjia/">Limin Jia - Carnegie Mellon University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Friday, March 3, 2017, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Users routinely type sensitive data such as passwords, credit card numbers, and even SSN into their mobile phone apps and browsers. Rich functionality combined with weak security mechanisms makes protecting users’ data a challenging. In this talk, I will present a few case studies of applying information flow security to protecting users’ data in Android, the Chromium browser, and the IFTTT framework. For these systems, we show that dynamic coarse-grained taint tracking, even though it allows implicit flows, can be retrofitted into existing systems to defend users’ data from common attacks. I will explain the challenges in striking a balance between preserving key functionality of legacy systems and ensuring formally provable security guarantees and discuss how different modeling techniques affect noninterference proofs. </p><br><b>Bio:</b> <p>Dr. Jia is an Assistant Research Professor in the ECE Department at Carnegie Mellon University. Dr. Jia received her PhD in Computer Science from Princeton University. She received her BE in Computer Science and Engineering from the University of Science and Technology in China. Dr. Jia's research interests are in formal aspects of software security, in particular, applying formal approaches to constructing software systems with known security guarantees.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/19">Security Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/16702017-01-27T20:38:37-05:002017-02-15T17:41:37-05:00https://talks.cs.umd.edu/talks/1670Type-Driven Program Synthesis<a href="http://people.csail.mit.edu/polikarn/">Nadia Polikarpova - MIT</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Monday, February 27, 2017, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Modern programming languages safeguard developers from many typical errors, yet more subtle errors—such as violations of security policies—still plague software. Program synthesis has the potential to eliminate such errors, by generating executable code from concise and intuitive high-level specifications. Traditionally, program synthesis failed to scale to specifications that encode complex behavioral properties of software: these properties are notoriously hard to check even for a given program, and so it’s not surprising that finding the right program within a large space of candidates has been considered very challenging. My work tackles this challenge through the design of synthesis-friendly program verification mechanisms, which are able to check a large set of candidate programs against a complex specification at once, whereby efficiently pruning the search space.</p>
<p>Based on this principle, I developed Synquid, a program synthesizer that accepts specifications in the form of expressive types and uses a specialized type checker as its underlying verification mechanism. Synquid is the first synthesizer powerful enough to automatically discover provably correct implementations of complex data structure manipulations, such as insertion into Red-Black Trees and AVL Trees, and normal-form transformations on propositional formulas. Each of these programs is synthesized in under a minute. Going beyond textbook algorithms, I created a language called Lifty, which uses type-driven synthesis to automatically rewrite programs that violate information flow policies. In our case study, Lifty was able to enforce all required policies in a prototype conference management system.</p><br><b>Bio:</b> <p>Nadia Polikarpova is a postdoctoral researcher at the MIT Computer Science and Artificial Intelligence Lab, interested in helping programmers build secure and reliable software. She completed her PhD at ETH Zurich. For her dissertation she developed tools and techniques for automated formal verification of object-oriented libraries, and created the first fully verified general-purpose container library, receiving the Best Paper Award at the International Symposium on Formal Methods. During her doctoral studies, Nadia was an intern at MSR Redmond, where she worked on verifying real-world implementations of security protocols. At MIT, Nadia has been applying formal verification to automate various critical and error-prone programming tasks.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/16802017-02-02T14:54:47-05:002017-02-02T14:54:47-05:00https://talks.cs.umd.edu/talks/1680Direct Manipulation Programming Systems<a href="http://people.cs.uchicago.edu/~rchugh/">Ravi Chugh - University of Chicago</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Monday, February 20, 2017, 2:00-3:00 pm<br><br><b>Abstract:</b> <div style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">Imagine that you want to create a complex digital artifact, such as a document, spreadsheet, illustration, visualization, or Web application. As an expert, you know that programming is the way to go. But you also know that, by choosing this route, you will forgo the joys of direct manipulation, graphical user interfaces.</div>
<div style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;"> </div>
<div style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">In this talk, I will describe a vision for programming systems with less keyboard-based text editing and more mouse-based manipulation. As a first step, I will present the Sketch-n-Sketch programming system for creating vector graphic illustrations, where semi-automated direct manipulation tools help prototype, repair, and refactor programs. I will also describe plans to extend these ideas to create and manipulate other kinds of digital artifacts, including even programs themselves.</div><br><b>Bio:</b> <div>Ravi Chugh is an Assistant Professor of Computer Science at the University of Chicago, where he aims to develop and deploy programming language technology for applications in software engineering and human-computer interaction.</div>
<div> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/17392017-03-17T16:40:09-04:002017-03-20T14:55:13-04:00https://talks.cs.umd.edu/talks/1739A semantic account of metric preservation<a href="https://www.cis.upenn.edu/~aarthur/">Arthur Azevedo de Amorim - University of Pennsylvania</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, March 27, 2017, 10:00-11:00 am<br><br><b>Abstract:</b> <p>Program sensitivity measures how robust a program is to small changes in its input, and is a fundamental notion in domains ranging from differential privacy to cyber-physical systems. A natural way to formalize program sensitivity is in terms of metrics on the input and output spaces, requiring that an r-sensitive function map inputs that are at distance d to outputs that are at distance at most r * d. Program sensitivity is thus an analogue of Lipschitz continuity for programs.</p>
<p>Reed and Pierce introduced Fuzz, a functional language with a linear type system that can express program sensitivity. They show soundness operationally, in the form of a metric preservation property. Inspired by their work, we study program sensitivity and metric preservation from a denotational point of view. In particular, we introduce metric CPOs, a novel semantic structure for reasoning about computation on metric spaces, by endowing CPOs with a compatible notion of distance. This structure is useful for reasoning about metric properties of programs, and specifically about program sensitivity. We demonstrate metric CPOs by giving a model for the deterministic fragment of Fuzz.</p><br><b>Bio:</b> <p>Arthur Azevedo de Amorim is a graduate student in the Computer and Information Science department at the University of Pennsylvania since 2011. His main research area is programming languages and verification. He was involved in the project SAFE, a clean-slate computer environment aimed at security and correctness, helping with its design and specification. He is currently working on bringing some of the hardware tagging infrastructure that was developed for SAFE to more conventional processor designs, formally verifying that the mechanism can be used for enforcing interesting security policies.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/17642017-04-11T07:16:37-04:002017-04-13T09:50:24-04:00https://talks.cs.umd.edu/talks/1764Learning to Write Code, Automatically<a href="https://www.cs.rice.edu/~sc40/">Swarat Chaudhuri - Rice University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=CSI">2117 Computer Science Instructional Center (CSI)</a><br>Friday, April 21, 2017, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Automating computer programming is a long-standing goal in computer science. In spite of significant progress in automated program synthesis in recent times, we remain very far from achieving this goal. Indeed, on almost all everyday programming tasks, a freshman CS major would perform vastly better than today's best program synthesizers.</p>
<p>Two critical components of the gap between human programmers and program synthesizers are that humans learn from experience, i.e., data, and can easily generalize from incomplete problem definitions. In this talk, I will present a new framework for program synthesis, based on Bayesian statistical learning, that aims to eliminate these differences. In our framework, the description of a programming task is seen to consist of a set of "clues" towards a hidden (probabilistic) specification that fully defines the task. Large corpora of real-world programs are used to construct a statistical model that correlates specifications with the form and function of their implementations. The framework can be implemented in a variety of ways, but in particular, through a neural architecture called variational Bayesian encoder-decoders. Inferences made using the framework can be used to guide algorithms for synthesis that search a combinatorial space of programs.</p>
<p>I will show that this data-driven approach can lead to giant leaps in the scope and performance of automated program synthesis. Specifically, I will give a demo of Bayou, a system for Bayesian synthesis of Java programs that goes significantly beyond the state of the art in program synthesis. I will also show that our framework has applications beyond synthesis -- in particular, that it can be used to find bugs in programs without any kind of formal correctness specification.</p>
<p>(Joint work with Vijay Murali and Chris Jermaine.)</p><br><b>Bio:</b> <p>Swarat Chaudhuri is an Associate Professor of Computer Science at Rice University. His research interests span formal methods, programming systems, and increasingly, the interface of these areas with artificial intelligence.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/17662017-04-11T18:45:18-04:002017-04-12T10:50:35-04:00https://talks.cs.umd.edu/talks/1766Phosphor: a dynamic taint analysis tool for Java<a href="http://www.jonbell.net/">Jonathan Bell - GMU</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Friday, April 14, 2017, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="color: #454545; font-family: 'Helvetica Neue'; font-size: 12.8px;">Dynamic taint tracking is a form of information flow analysis that identifies relationships between data during program execution. Inputs to the program are labeled with a marker (“tainted”), and these markers are propagated through data flow. While dynamic taint tracking is traditionally used for information flow control, or detection of code-injection attacks, it also has many software engineering applications. However, prior to my work, Phosphor (OOOPSLA ’14), there was no practical dynamic taint tracking system for Java. In this talk, I will describe the applications and implementation of Phosphor. I will also discuss one particular application of taint tracking that I’ve explored, which allows end-users to monitor the usage of their data at a unique level abstraction in unmodified mobile apps (Pebbles - OSDI ’14). Finally, I will discuss a recent and very exciting development, CROCHET, which provides incredibly efficient, on-demand checkpoint and rollback at the granularity of individual variables in off-the-shelf JVMs, with only marginal steady-state overhead.</span></p><br><b>Bio:</b> <p>Jon is an Assistant Professor directing research in Software Engineering and Software Systems at George Mason University. His research makes it easier for developers to create reliable software. Jon’s recent work in accelerating software testing has been recognized with an ACM SIGSOFT Distinguished Paper Award (ICSE ’14 – Unit Test Virtualization with VMVM), and has been the basis for an industrial collaboration with Electric Cloud. His research interests bring him to publish at venues such as ICSE, FSE, ISSTA, OOPSLA, OSDI and EuroSys. Jon actively participates in the artifact evaluation program committees of ISSTA and OOPSLA, and has served several years as the Student Volunteer chair for OOPSLA. His most recent publications are Efficient Dependency Detection for Safe Java Test Acceleration (FSE ’15), Pebbles: Fine-Grained Data Management Abstractions for Modern Operating Systems (OSDI ’14) and Phosphor: Illuminating Dynamic Data Flow in Off-The Shelf JVMs (OOPSLA ’14).</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/17902017-05-16T18:56:36-04:002017-05-16T18:56:36-04:00https://talks.cs.umd.edu/talks/1790Building Provably Secure Computer Systems against Timing Channels<a href="http://www.cse.psu.edu/~dbz5017/">Danfeng Zhang - Penn State University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Friday, May 26, 2017, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Timing channels have long been a difficult and important problem for computer security. The difficulty has been recognized since the 70's, but their importance has been reinforced by recent work that shows timing information can quickly leak sensitive information, such as private keys of RSA and AES. Such threats greatly harm the security of many emerging applications, including cloud computing.</p>
<p>In this talk, I will introduce novel programming languages for full-system control of timing channels. First, I will introduce a light-weight software-hardware contract which enables precise reasoning about timing channels in programming languages. Second, I will show that with such a contract, a novel type system is sufficient to provably control all timing leakage, assuming the hardware obeys the contract. Third, I will introduce a new hardware description language, SecVerilog, which enables formal verification of an efficient MIPS processor that obeys the contract. Evaluation on real-world security-sensitive applications suggest that the proposed approach has reasonable performance.</p><br><b>Bio:</b> <p>Danfeng Zhang is an Assistant Professor in Computer Science and Engineering at Penn State University. He received his BS and MS degrees from Peking University, and his PhD degree from Cornell University.</p>
<p>Dr. Zhang's research interests include computer security and programming languages. His research focuses on designing programming models with rigorous security guarantees and minimal burden on programmers. His recent projects include sound and practical methods for full-system timing channel mitigation, language-based differential privacy proofs, as well as general methods of error localization. </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/19">Security Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/18012017-06-12T13:25:19-04:002017-06-12T13:25:19-04:00https://talks.cs.umd.edu/talks/1801Decomposition Instead of Self-Composition for Proving the Absence of Timing Channels<a href="https://paulgazzillo.com">Paul Gazzillo - Yale University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Thursday, June 15, 2017, 2:30-3:30 pm<br><br><b>Abstract:</b> <p style="color: #222222; margin: 0px; font-size: 12px; line-height: normal; font-family: Helvetica;"><span style="font-size: 12pt;">We present a novel approach to proving the absence of timing channels. The idea is to partition the program's execution traces in such a way that each partition component is checked for timing attack resilience by a time complexity analysis and that per-component resilience implies the resilience of the whole program. We construct a partition by splitting the program traces at secret-independent branches. This ensures that any pair of traces with the same public input has a component containing both traces. Crucially, the per-component checks can be normal safety properties expressed in terms of a single execution. Our approach is thus in contrast to prior approaches, such as self-composition, that aim to reason about multiple (k greater than or equal to 2) executions at once.</span></p>
<p style="color: #222222; margin: 0px; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 13.8px;"> </p>
<p style="color: #222222; margin: 0px; font-size: 12px; line-height: normal; font-family: Helvetica;"><span style="font-size: 12pt;">We formalize the above as an approach called quotient partitioning, generalized to any k-safety property, and prove it to be sound. A key feature of our approach is a demand-driven partitioning strategy that uses a regex-like notion called trails to identify sets of execution traces, particularly those influenced by tainted (or secret) data. We have applied our technique in a prototype implementation tool called Blazer, based on WALA, PPL, and the brics automaton library. We have proved timing-channel freedom of (or synthesized an attack specification for) 24 programs written in Java bytecode, including 6 classic examples from the literature and 6 examples extracted from the DARPA STAC challenge problems.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/18002017-06-07T20:13:22-04:002017-06-07T20:13:22-04:00https://talks.cs.umd.edu/talks/1800A DSL Approach to Reconcile Equivalent Divergent Program Executions<a href="http://www.luispina.me">Luís Pina - Imperial College London</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, June 26, 2017, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Multi-Version Execution (MVE) deploys multiple versions of the same program,</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">typically synchronizing their execution at the level of system calls. By</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">default, MVE requires all deployed versions to issue the same sequence of system</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">calls, which limits the types of versions which can be deployed. In this paper,</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">we propose a Domain-Specific Language (DSL) to reconcile expected divergences</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">between different program versions deployed through MVE. We evaluate the DSL by</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">adding it to an existing MVE system (Varan) and testing it via three scenarios:</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">(1) deploying the same program under different configurations, (2) deploying</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">different releases of the same program, and (3) deploying dynamic analyses in</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">parallel with the native execution. We also present an algorithm to</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">automatically extract DSL rules from pairs of system call traces. Our results</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">show that each scenario requires a small number of simple rules (at most 14</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">rules in each case) and that writing DSL rules can be partially automated.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/18072017-06-21T19:49:50-04:002017-06-21T19:49:50-04:00https://talks.cs.umd.edu/talks/1807A Scalable and Tunable Adaptive Resolution Parallel I/O FrameworkSidharth Kumar - University of Utah<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Tuesday, June 27, 2017, 1:30-2:30 pm<br><br><b>Abstract:</b> <div style="font-size: 12.8px;">In recent times, we have seen data creation consistently outpacing the infrastructure for its <span style="font-size: 12.8px;">storage and utilization. With the growing size of scientific simulations, increasing resolution of </span><span style="font-size: 12.8px;">sensors, and advent of big data, this chasm between production and utilization is wider than </span><span style="font-size: 12.8px;">ever. The ability to represent large amounts of data has led to major bottlenecks when it </span><span style="font-size: 12.8px;">comes to its movement, be it across memory, or network or to the storage system. As a result, </span><span style="font-size: 12.8px;">both writes (data generation: from device to storage) and reads (data exploration: storage </span><span style="font-size: 12.8px;">to analysis) start to suffer, ultimately resulting in underutilization of resources and stalling of </span><span style="font-size: 12.8px;">performance. This trend has created a pressing need for a unified data management solution </span><span style="font-size: 12.8px;">targeting large-scale datasets that provides capabilities such as fast scalable writes, interactive </span><span style="font-size: 12.8px;">visualization and analysis, out-of-core processing, data streaming, and remote visualization. </span><span style="font-size: 12.8px;">Unfortunately, most of the existing solutions have not adapted well to the onslaught of large </span><span style="font-size: 12.8px;">data and are in need of significant algorithmic upgrades. My research bridges this widening</span></div>
<div style="font-size: 12.8px;">gap and provides a comprehensive framework for large-scale data management.</div>
<div style="font-size: 12.8px;"> </div>
<div style="font-size: 12.8px;">
<div style="font-size: 12.8px;">In my work I introduce an end-to-end highly scalable and <span style="font-size: 12.8px;">tunable adaptive-resolution data movement framework. Unlike other existing techniques, the </span><span style="font-size: 12.8px;">work makes it possible to perform parallel writes for both traditional data formats, as well as </span><span style="font-size: 12.8px;">for analysis and visualization-appropriate, multiresolution, cache-oblivious data formats. This </span><span style="font-size: 12.8px;">approach makes the write side of the data movement framework scalable while also enabling </span><span style="font-size: 12.8px;">fast interactive reads required for future analysis and visualization tasks. </span><span style="font-size: 12.8px;">The framework also </span><span style="font-size: 12.8px;">provides a set of parameters that controls the storage format and the nature of data move</span><span style="font-size: 12.8px;">ment across the network; further, a machine learning-based model is constructed that tunes </span><span style="font-size: 12.8px;">these parameters for the maximum throughput. </span><span style="font-size: 12.8px;">Empirical efficacy is demonstrated through</span></div>
<div style="font-size: 12.8px;">
<div style="font-size: 12.8px;">the I/O framework of PIDX, which has shown scalability to 768K cores and has been de<span style="font-size: 12.8px;">ployed on some of the fastest supercomputers in the world (such as Mira</span><span style="font-size: 12.8px;">, Titan, Quartz</span><span style="font-size: 12.8px;">, Shaheen and Edison).</span></div>
</div>
</div><br><b>Bio:</b> <p><span id="docs-internal-guid-c3418644-cd0f-057d-b89f-f920b314b897" style="font-size: 11pt; font-family: Arial; color: #222222; background-color: #ffffff; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Sidharth Kumar is a postdoctoral fellow at the Scientific Computing and Imaging Institute (SCI), University of Utah. His research interest lies in the field of High Performance data management. He leads the Parallel IDX (PIDX) project. PIDX is a high performance I/O library that enables HPC applications to write distributed multi-dimensional data directly into a hierarchical multi-resolution visualization appropriate data format with minimal overhead. PIDX tackles the scalability problems of parallel I/O while also bridging the gap between large-scale writes and analytics-appropriate reads. The I/O framework has shown scalability to 768K cores and has been deployed on some of the fastest supercomputers (Mira, Titan, Shaheen, Edison, Hopper) of the world. Sidharth finished his PhD under the supervision of Dr. Valerio Pascucci from University of Utah in 2015. </span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/18082017-06-23T20:12:26-04:002017-06-23T20:12:26-04:00https://talks.cs.umd.edu/talks/1808Flexible Information-Flow Control<a href="https://schoepe.org/~daniel/">Daniel Schoepe - Chalmers University of Technology</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, July 10, 2017, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Due to the pervasiveness of untrusted code handling sensitive</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">information, information leaks in programs pose a high risk of unwanted</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">data disclosure. While information-flow control techniques provide</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">strong guarantees, they are not widely used in practice. Conversely more</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">light-weight techniques such as taint tracking lack formal guarantees</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">and analysis.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">To address this, we investigate more permissive techniques with weaker</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">guarantees: Taint tracking is widely used, but hard to capture formally.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">We present a formal security definition of the security property it</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">enforces and explore a new enforcement method based on the faceted</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">values technique. Additionally, we establish a connection between the</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">security notions of opacity and noninterference. To make fully-fledged</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">information-flow control easier to use, we present and approach to</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">secure database-backed applications using homogeneous meta-programming</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">to secure applications combining server-side code, client-side code, and</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">database interactions.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/3">MC2 Seminar</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/18142017-07-03T09:02:30-04:002017-07-03T09:02:30-04:00https://talks.cs.umd.edu/talks/1814Combining Logical and Probabilistic Reasoning in Program Analysis<a href="http://www.cis.upenn.edu/~mhnaik/">Mayur Naik - University of Pennsylvania</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, July 17, 2017, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p class="m_4137754329937848273m_8351430460601119420gmail-p1" style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">As software becomes increasingly pervasive and complex, masses of users are exposed to unintended software failures and deliberate cyber-attacks. Program analysis is a widely adopted technology to enforce software quality. Existing program analyses are expressed in the form of logical rules that are handcrafted by experts. While this logic-based approach has many benefits, however, it cannot handle uncertainty and lacks the ability to learn and adapt. This in turn hinders the accuracy, scalability, and usability of program analysis tools in practice.</p>
<p class="m_4137754329937848273m_8351430460601119420gmail-p1" style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">I will present a methodology and framework to incorporate probabilistic reasoning into existing program analyses that are based on logical reasoning. The framework comprises a front-end, which automatically integrates probabilities into a logical analysis by synthesizing a system of weighted constraints, and a back-end, which is a learning and inference engine for such constraints. I will demonstrate how this approach advances three important applications of program analysis: automated verification, interactive verification, and bug detection. I will also describe new algorithmic techniques to solve very large instances of weighted constraints that arise not only in our domain but also in other domains such as Big Data analytics and statistical AI.</p><br><b>Bio:</b> <p><span class="il" style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Mayur</span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"> Naik is an Associate Professor of Computer Science at the University of Pennsylvania. His research spans all aspects of programming systems with the goal of improving software quality and programmer productivity. His current work seeks to develop advanced programming systems that effectively combine the power of humans, computers, and data. He holds a Ph.D. in Computer Science from Stanford University (2008). He was a researcher at Intel Labs, Berkeley from 2008 to 2011, and on the faculty at Georgia Tech from 2011 to 2016.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/18452017-08-25T18:46:15-04:002017-08-25T18:46:15-04:00https://talks.cs.umd.edu/talks/1845Securing Databases from Probabilistic InferenceMarco Guarnieri - ETH Zurich<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Thursday, August 31, 2017, 10:00-11:00 am<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">Databases can leak confidential information when users combine query results with probabilistic data dependencies and prior knowledge. Current research efforts offer mechanisms that either handle a limited class of dependencies or lack tractable enforcement algorithms necessary for scaling.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; background-color: #ffffff; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">We propose a foundation for Database Inference Control based on PROBLOG, a probabilistic logic programming language. We leverage this foundation to develop ANGERONA, a provably secure enforcement mechanism that prevents information leakage in the presence of probabilistic dependencies. We then provide a tractable inference algorithm for a practically relevant fragment of PROBLOG. We empirically evaluate ANGERONA's performance showing that it scales to relevant problems of interest.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/20">Crypto Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/3">MC2 Seminar</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/19">Security Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/18702017-09-20T12:58:58-04:002017-09-20T12:58:58-04:00https://talks.cs.umd.edu/talks/1870QWIRE: A Core Language for Quantum CircuitsKesha<br><br>Wednesday, September 27, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>Speaker: Kesha Hietala</p>
<p><strong>Title: QWIRE: A Core Language for Quantum Circuits</strong></p>
<p><strong>Authors: Jennifer Paykin, Robert Rand, and Steve Zdancewic</strong></p>
<p><strong>Abstract:</strong></p>
<p>This paper introduces QWIRE (“choir”), a language for defining quantum circuits and an interface for manipulating them inside of an arbitrary classical host language. QWIRE is minimal—it contains only a few primitives—and sound with respect to the physical properties entailed by quantum mechanics. At the same time, QWIRE is expressive and highly modular due to its relationship with the host language, mirroring the QRAM model of computation that places a quantum computer (controlled by circuits) alongside a classical computer (controlled by the host language). We present QWIRE along with its type system and operational semantics, which we prove is safe and strongly normalizing whenever the host language is. We give circuits a denotational semantics in terms of density matrices. Throughout, we investigate examples that demonstrate the expressive power of QWIRE, including extensions to the host language that (1) expose a general analysis framework for circuits, and (2) provide dependent types</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/18732017-09-20T13:45:04-04:002017-09-20T13:45:04-04:00https://talks.cs.umd.edu/talks/1873Toward Full Elasticity in Distributed Static Analysis: The Case of Callgraph AnalysisMike<br><br>Wednesday, October 4, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p><strong>Speaker: Michael Hicks</strong></p>
<p><strong>Title: <span style="font-family: arial, sans, sans-serif; font-size: 13px; white-space: pre-wrap;">Toward Full Elasticity in Distributed Static Analysis: The Case of Callgraph Analysis</span></strong></p>
<p><strong><span style="font-family: arial, sans, sans-serif; font-size: 13px; white-space: pre-wrap;">Abstract:</span></strong></p>
<p><span style="font-family: LinLibertineT; font-size: 9pt;">In this paper we present the design and implementation of a dis- tributed, whole-program static analysis framework that is designed to scale with the size of the input. Our approach is based on the actor programming model and is deployed in the cloud. Our re- liance on a cloud cluster provides a degree of elasticity for CPU, memory, and storage resources. To demonstrate the potential of our technique, we show how a typical call graph analysis can be implemented in a distributed setting. The vision that motivates this work is that every large-scale software repository such as GitHub, BitBucket or Visual Studio Online will be able to perform static analysis on a large scale.</span></p>
<div class="page" title="Page 1">
<div class="layoutArea">
<div class="column">
<p><span style="font-size: 9.000000pt; font-family: 'LinLibertineT';">We experimentally validate our implementation of the dis- tributed call graph analysis using a combination of both synthetic and real benchmarks. To show scalability, we demonstrate how the analysis presented in this paper is able to handle inputs that are almost 10 million lines of code (LOC) in size, without running out of memory. Our results show that the analysis scales well in terms of memory pressure independently of the input size, as we add more virtual machines (VMs). As the number of worker VMs increases, we observe that the analysis time generally improves as well. Lastly, we demonstrate that querying the results can be performed with a median latency of 15 ms. </span></p>
</div>
</div>
</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19002017-10-09T08:31:45-04:002017-10-09T08:31:45-04:00https://talks.cs.umd.edu/talks/1900Under-Constrained Symbolic Execution Willem Wyndham<br><br>Wednesday, October 11, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>Willem will be presenting </p>
<p><strong>Title: Under-Constrained Symbolic Execution: Correctness Checking for Real Code</strong></p>
<p><strong>URL:</strong> https://drive.google.com/file/d/0ByYD92-SunTDLWZiaFdDeUxtS1U/view</p>
<p><strong>Authors:</strong> David A. Ramos and Dawson Engle, <span style="font-family: NimbusRomNo9L; font-size: 10pt;">Stanford University</span></p>
<div class="page" title="Page 2">
<div class="layoutArea">
<div class="column">
<p><strong>Abstract: </strong></p>
</div>
</div>
</div>
<div class="page" title="Page 2">
<div class="layoutArea">
<div class="column">
<p><span style="font-size: 14pt; font-family: NimbusRomNo9L;"><span style="font-size: 10pt;">Software bugs are a well-known source of security vul- nerabilities. One technique for finding bugs, symbolic execution, considers all possible inputs to a program but suffers from scalability limitations. This paper uses a variant, </span><span style="font-size: 10pt; font-style: italic;">under-constrained </span><span style="font-size: 10pt;">symbolic execution, that im- proves scalability by directly checking individual func- tions, rather than whole programs. We present </span><span style="font-size: 8pt;">UC</span><span style="font-size: 10pt;">-</span><span style="font-size: 8pt;">KLEE</span><span style="font-size: 10pt;">, a novel, scalable framework for checking C/C++ systems code, along with two use cases. First, we use </span><span style="font-size: 8pt;">UC</span><span style="font-size: 10pt;">-</span><span style="font-size: 8pt;">KLEE </span><span style="font-size: 10pt;">to check whether patches introduce crashes. We check over 800 patches from BIND and OpenSSL and find 12 bugs, including two OpenSSL denial-of-service vulner- abilities. We also verify (with caveats) that 115 patches do not introduce crashes. Second, we use </span><span style="font-size: 8pt;">UC</span><span style="font-size: 10pt;">-</span><span style="font-size: 8pt;">KLEE </span><span style="font-size: 10pt;">as a generalized checking framework and implement check- ers to find memory leaks, uninitialized data, and unsafe user input. We evaluate the checkers on over 20,000 functions from BIND, OpenSSL, and the Linux kernel, find 67 bugs, and verify that hundreds of functions are leak free and that thousands of functions do not access uninitialized data.</span> <br></span></p>
</div>
</div>
</div>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19012017-10-09T12:10:26-04:002017-10-09T12:10:26-04:00https://talks.cs.umd.edu/talks/1901Dynamic Lifestate Verification of Event-Driven Applications<a href="http://www.sergiomover.eu/">Sergio Mover - University of Colorado Boulder</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">MC2 A.V. Williams Building (AVW)</a><br>Tuesday, October 17, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Event-driven programming is widely used in mobile (e.g. Android and iOS) and embedded (e.g. TinyOS) systems, since the application code must respond to events generated by the external environment (e.g. the user clicks the screen of the phone, a new data is read is received from a network connection...).</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">A developer programs an event-driven application by implementing its code in event handlers methods, called callbacks, invoking the application-programming interface (API) methods provided by the system's framework, called callins, while the framework invokes callback methods when events happen.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">In order to develop reliable event-driven applications, the developer must not violate the application-programming protocol imposed by the framework. A violation happens when the application code invokes an API method, but the underlying framework is in a state that prohibits it, resulting in an unexpected behaviors (e.g. the application crashes).</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Reasoning about protocol violations is notoriously difficulty for a developer, since the possible execution of callbacks and callins is determined by the whole sequence of callbacks and callins previously executed by application, which in turn determines the internal state of the framework.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">In this talk we will focus on an approach that enables to reasons about protocol violations in event-driven applications.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">We first identify the key aspects of an event-driven framework that are relevant to capture the application-programming protocol, and we formalize a core abstract machine model that captures them. Based on this formalization, we introduce a specification language (lifestate specification) that is adequate to describe the protocol. We present a dynamic verification technique that, given a specification of the protocol and an existing, non-crashing, trace of execution, can either predict the existence of protocol violations or prove their absence.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">We instantiate the approach for the Android framework, and we show an experimental evaluation on real Android applications.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19162017-10-24T11:38:56-04:002017-10-24T11:38:56-04:00https://talks.cs.umd.edu/talks/1916Fast and Precise Type Checking for JavaScriptThomas Gilray - University of Maryland<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">MC2 conference room A.V. Williams Building (AVW)</a><br>Wednesday, October 25, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p><em>Title:</em> Fast and Precise Type Checking for JavaScript</p>
<p> </p>
<p><em>Authors: </em></p>
<p><span style="font-size: 11pt; font-family: LinBiolinumT;">AVIK CHAUDHURI, </span><span style="font-size: 9pt; font-family: LinLibertineT;">Facebook Inc., USA</span></p>
<p><span style="font-size: 11.000000pt; font-family: 'LinBiolinumT';">PANAGIOTIS VEKRIS, </span><span style="font-size: 9.000000pt; font-family: 'LinLibertineT';">University of California, San Diego, USA</span></p>
<p><span style="font-size: 11.000000pt; font-family: 'LinBiolinumT';">SAM GOLDMAN, </span><span style="font-size: 9.000000pt; font-family: 'LinLibertineT';">Facebook Inc., USA</span></p>
<div class="page" title="Page 1">
<div class="section">
<div class="layoutArea">
<div class="column">
<p><span style="font-size: 11.000000pt; font-family: 'LinBiolinumT';">MARSHALL ROCH, </span><span style="font-size: 9.000000pt; font-family: 'LinLibertineT';">Facebook Inc., USA<br> </span></p>
<p><span style="font-size: 11.000000pt; font-family: 'LinBiolinumT';">GABRIEL LEVI, </span><span style="font-size: 9.000000pt; font-family: 'LinLibertineT';">Facebook Inc., USA </span></p>
</div>
</div>
</div>
</div>
<p> </p>
<p><em><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Abstract:</span></em></p>
<p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">It discusses Facebook's "Flow" tool, a type-inference analysis for JavaScript. The tool performs a modular analysis that scales to large repos of internal code; the analysis is incremental, and they say "a lightweight form of type refinement [is] a crucial feature", so it should be of general interest. It's being presented at OOPSLA '17 this week. </span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19222017-10-30T12:03:47-04:002017-10-30T12:03:47-04:00https://talks.cs.umd.edu/talks/1922Inference and Evolution of TypeScript Declaration FilesBrianna Ren<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">MC2 conference room A.V. Williams Building (AVW)</a><br>Wednesday, November 1, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p><em>Title: </em>Inference and Evolution of TypeScript Declaration Files</p>
<p><em>Authors: </em><span style="font-family: SFRM1000; font-size: 10pt;">Erik Krogh Kristensen and Anders Møller</span></p>
<p><em>Abstract: </em></p>
<p> </p>
<div class="page" title="Page 1">
<div class="layoutArea">
<div class="column">
<p><span style="font-size: 9.000000pt; font-family: 'SFRM0900';">TypeScript is a typed extension of JavaScript that has be- come widely used. More than </span><span style="font-size: 9.000000pt; font-family: 'CMR9';">2 000 </span><span style="font-size: 9.000000pt; font-family: 'SFRM0900';">JavaScript libraries now have pub- licly available TypeScript declaration files, which allows the libraries to be used when programming TypeScript applications. Such declaration files are written manually, however, and they are often lagging behind the continuous development of the libraries, thereby hindering their us- ability. The existing tool </span><span style="font-size: 9.000000pt; font-family: 'SFCC0900';">tscheck </span><span style="font-size: 9.000000pt; font-family: 'SFRM0900';">is capable of detecting mismatches between the libraries and their declaration files, but it is less suitable when creating and evolving declaration files. </span></p>
<p><span style="font-size: 9.000000pt; font-family: 'SFRM0900';">In this work we present the tools </span><span style="font-size: 9.000000pt; font-family: 'SFCC0900';">tsinfer </span><span style="font-size: 9.000000pt; font-family: 'SFRM0900';">and </span><span style="font-size: 9.000000pt; font-family: 'SFCC0900';">tsevolve </span><span style="font-size: 9.000000pt; font-family: 'SFRM0900';">that are de- signed to assist the construction of new TypeScript declaration files and support the co-evolution of the declaration files as the underly- ing JavaScript libraries evolve. Our experimental results involving ma- jor libraries demonstrate that </span><span style="font-size: 9.000000pt; font-family: 'SFCC0900';">tsinfer </span><span style="font-size: 9.000000pt; font-family: 'SFRM0900';">and </span><span style="font-size: 9.000000pt; font-family: 'SFCC0900';">tsevolve </span><span style="font-size: 9.000000pt; font-family: 'SFRM0900';">are superior to </span><span style="font-size: 9.000000pt; font-family: 'SFCC0900';">tscheck </span><span style="font-size: 9.000000pt; font-family: 'SFRM0900';">regarding these tasks and that the tools are sufficiently fast and precise for practical use. </span></p>
</div>
</div>
</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19242017-10-30T13:34:13-04:002017-11-13T14:09:40-05:00https://talks.cs.umd.edu/talks/1924Beyond correct and fast: Inspection Testing<a href="joachim-breitner.de">Joachim Breitner - UPenn</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Friday, November 17, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Conventional testing is all about ensuring that your code behaves as it</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">should, and benchmarks allow you to ensure that it does so efficiently.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"> But programmers, especially authors of carefully crafted libraries,</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">care about more than just correctness and performance:</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">When using generic programming, they care about what happens at</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">compile-time and what happens at run-time. When creating a stream</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">fusion (deforestation) library, they care about whether the compiler is</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">indeed eliminating all intermediate data structures. Programmers might</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">care about whether their code is allocation-free, using efficient</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">calling-conventions, or is free of branches. Often, a library makes</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">explicit promises of this kind to its users.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">So far, the modus operandi in all these cases is that the programmer</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">manually inspects the (intermediate or final) code produced by the</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">compiler. This is not only tedious, but makes it very likely that some</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">change, either in the library itself or the surrounding eco-system,</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">breaks the library’s promised without anyone noticing.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">The solution is – once the problem has been recognized – obvious: For</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">any such property, the programmer needs to be able to *declare* his</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">intent in a way that allows the compiler to *automatic* check it. This</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">insight gives rise to a new testing paradigm, which we call “Inspecting</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Testing”.</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">In this talk I will discuss real-world examples (in the context of</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Haskell) that demonstrate that there is a problem to be solved, clearly</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">define “Inspection Testing” and show how it can help to solve the</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">problems in our examples.</span></p><br><b>Bio:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Joachim Breitner has received his PhD in computer science from the</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Karlsruhe Institute of Technology for his work of not only devising and</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">implementing the “Call Arity” analysis and transformation in the</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">Haskell compiler GHC, but also proving it to actually be an</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">optimization in the theorem prover Isabelle. This shows his main areas</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">of interest: Design and implementation of functional programming</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">languages, and interactive theorem proving. He is currently a post-doc</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">at the University of Pennsylvania, where he joined the DeepSpec</span><br style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;"><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.800000190734863px;">project.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19262017-10-31T13:38:41-04:002017-10-31T13:39:20-04:00https://talks.cs.umd.edu/talks/1926Query Checking for Linear Temporal Logic.Samuel Huang<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">MC2 conference room A.V. Williams Building (AVW)</a><br>Wednesday, November 8, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>Paper link: https://link.springer.com/chapter/10.1007/978-3-319-67113-0_3</p>
<p> </p>
<p>The query-checking problem for temporal logic may be formulated as follows. Given a Kripke structure M and a temporal-logic query of form φ [var], which may be thought of as a temporal formula with a missing propositional subformula var, find the most precise propositional formula f that, when substituted for var in φ [var], ensures M satisfies the resulting temporal property. Query checking has been used for system comprehension, specification reconstruction, and other related applications in the formal analysis of systems.</p>
<p>In this paper we present an automaton-based methodology for query checking over linear temporal logic (LTL). While this problem is known to be hard in the general case, we show that by exploiting several key observations about the interplay between the input model M and the query φ [var], we can produce results for many problems of interest. In support of this claim, we report on preliminary experimental data for an implementation of our technique.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19482017-11-27T15:04:29-05:002017-11-27T15:04:29-05:00https://talks.cs.umd.edu/talks/1948Gradual Liquid Types <a href="nikivazou.github.io">Niki Vazou - University of Maryland</a><br><br>Wednesday, November 29, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p style="text-align: justify;">We present gradual liquid type inference, a novel combination of refinement types with gradual refinements that range over a finite set of SMT-decidable predicates. This finiteness restriction allows for an algorithmic inference procedure where all possibly valid interpretations of a gradual refinement are exhaustively checked. Thanks to exhaustive searching we can detect the safe concretizations, i.e. the concrete refinements that justify why a program with gradual refinements is well-typed. We make the novel observation that gradual liquid type inference can be used for static liquid type error explanation, since the safe concretizations exhibit all the potential inconsistencies that lead to type errors. Based on Liquid Haskell, we implement gradual liquid type inference in GuiLT, a tool that interactively presents all the safe concretizations of gradual liquid types and demonstrate its utility for user-guided migration of three commonly-used Haskell list manipulation libraries.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19572017-12-04T09:24:38-05:002017-12-04T09:24:38-05:00https://talks.cs.umd.edu/talks/1957Bringing the Web up to Speed with WebAssemblyWillem Wyndham - University of Maryland<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">MC2 conference room A.V. Williams Building (AVW)</a><br>Wednesday, December 6, 2017, 12:00-1:00 pm<br><br><b>Abstract:</b> <p> </p>
<div title="Page 1">
<div>
<p><strong>Title: Bringing the Web up to Speed with WebAssembly</strong></p>
<div title="Page 1">
<div>
<p>Abstract: The maturation of the Web platform has given rise to sophis- ticated and demanding Web applications such as interactive 3D visualization, audio and video software, and games. With that, efficiency and security of code on the Web has become more important than ever. Yet JavaScript as the only built- in language of the Web is not well-equipped to meet these requirements, especially as a compilation target.</p>
</div>
</div>
<p>Engineers from the four major browser vendors have risen to the challenge and collaboratively designed a portable low-level bytecode called WebAssembly. It offers compact representation, efficient validation and compilation, and safe low to no-overhead execution. Rather than committing to a specific programming model, WebAssembly is an abstrac- tion over modern hardware, making it language-, hardware-, and platform-independent, with use cases beyond just the Web. WebAssembly has been designed with a formal se- mantics from the start. We describe the motivation, design and formal semantics of WebAssembly and provide some preliminary experience with implementations. </p>
<p> </p>
<p>Link https://drive.google.com/file/d/0ByYD92-SunTDNFJIT1RvT0NIZ0E/view</p>
</div>
</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19742018-01-22T10:11:40-05:002018-01-22T10:13:32-05:00https://talks.cs.umd.edu/talks/1974Guy Steele: It's Time for a New Old LanguageVideo of Guy Steele<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, January 22, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <h4 class="title style-scope ytd-video-primary-info-renderer" style="margin: 0px; padding: 0px; border: 0px; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; max-height: 4.8rem; overflow: hidden; font-weight: 400; line-height: 2.4rem; color: var(--ytd-video-primary-info-renderer-title-color, var(--yt-primary-text-color)); font-family: Roboto, Arial, sans-serif; font-size: var(--ytd-video-primary-info-renderer-title-font-size, 1.8rem); transform: var(--ytd-video-primary-info-renderer-title-transform, none); text-shadow: var(--ytd-video-primary-info-renderer-title-text-shadow, none);">It's Time for a New Old Language</h4>
<p> </p>
<p>Join us to watch the PPoPP '17 keynote and have lunch: https://www.youtube.com/watch?v=7HKbjYqqPPQ</p>
<p> </p>
<p>Further PLunches (PLUM lunches) will take place on Mondays at 1pm.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19752018-01-22T16:55:52-05:002018-01-22T16:55:52-05:00https://talks.cs.umd.edu/talks/1975Testing before Proving in the Coq Proof Assistant<a href="http://www.cis.upenn.edu/~llamp/">Leonidas Lampropoulos</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, January 29, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <div style="margin-top: 0; margin-bottom: 0;">Formal verification provides strong guarantees about the absence of bugs in software artifacts; however, the verification process is still long and expensive, and requires a lot of manual effort from the prover. Random testing can facilitate this process by revealing bugs early on, before the prover has wasted time attempting to prove a false theorem.</div>
<div style="margin-top: 0; margin-bottom: 0;">In this talk, we present QuickChick<span id="m_-75739503687643438070.8872808667421624" class="m_-7573950368764343807currentHitHighlight"></span>, a QuickCheck-inspired random testing tool for the Coq proof assistant. We give a high level overview of testing and proving in Coq using a simple example. Finally, we sketch our ongoing research efforts to automatically produce <em>correct</em><em> </em>generators for random data satisfying complex inductive propositions, as well as decidability procedures for such propositions.</div><br><b>Bio:</b> <p><span class="_5yl5"><a href="https://l.facebook.com/l.php?u=http%3A%2F%2Fwww.cis.upenn.edu%2F~llamp%2F&h=ATNPQJxvMFmeHN9NF0L-iXdrzWEhbjFI00URXQR_DwVdE0dOK8BTuZoGpdXNqydDbvnXXBgutntm5gq6dz_EMh4MtRBIDnaxFSTn407e6uZW6CfiW48V3ap2e2-NquKe65Ph" rel="nofollow">http://www.cis.upenn.edu/~llamp/</a></span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19822018-01-25T16:38:39-05:002018-01-25T16:38:39-05:00https://talks.cs.umd.edu/talks/1982Mechanical Systems as a Programming LanguageMark Fuge - UMD<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Monday, February 5, 2018, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>We unpack and explore a simple, but perhaps surprising, conjecture: that one can view, design, and analyze physical, mechanical systems—from airplanes and nuclear power plants to iPhones and micro-fluidic chips—via functional programming. For example, many concepts central to understanding programming languages, such as program flow analysis, program synthesis, security, modeling of side effects, and category theory have analogs in how we study and design real-world mechanical systems. We will interactively discuss various examples and connections as a group and highlight the strengths, weaknesses, and research opportunities brought about by this seemly strange marriage of fields. Of particular interest is how the notions of side-effects (both in the digital and physical worlds) might come together and provide insights into problems that neither would be able to solve independently.</p><br><b>Bio:</b> <p>Dr. Fuge's research focuses on developing machine learning algorithms that learn from and subsequently aid human design and creativity; a mixture of topics that he calls <strong>Design Informatics</strong>. This involves using a combination of artificial intelligence, machine learning, computational linguistics, ethnography, human-computer interaction, social science, and crowdsourcing techniques to analyze and build web-based software tools for designers on top of scalable machine learning systems.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/19802018-01-25T08:12:20-05:002018-01-25T08:12:20-05:00https://talks.cs.umd.edu/talks/1980Liquid Haskell: Usable Type-Driven Program Verification<a href="https://nikivazou.github.io/">Niki Vazou - University of Maryland, College Park</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">4172 A.V. Williams Building (AVW)</a><br>Friday, February 2, 2018, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Formal verification has been gaining the attention and resources of both the academic and the industrial world since it prevents critical software bugs that cost money, energy, time, and even lives. Yet, software development and formal verification are decoupled, requiring verification experts to prove properties of a template – instead of the actual – implementation ported into verification specific languages. My goal is to bridge formal verification and software development for the programming language Haskell. Haskell is a unique programming language in that it is a general purpose, functional language used for industrial development, but simultaneously it stands at the leading edge of research and teaching welcoming new, experimental, yet useful features. </p>
<p>In this talk I am presenting Liquid Haskell, a refinement type checker in which formal specifications are expressed as a combination of Haskell’s types and expressions and are automatically checked against real Haskell code. This natural integration of specifications in the language, combined with automatic checking, established Liquid Haskell as a usable verifier, enthusiastically accepted by both industrial and academic Haskell users. Recently, I turned Liquid Haskell into a theorem prover, in which arbitrary theorems about Haskell functions would be proved within the language. As a consequence, Liquid Haskell can be used in Haskell courses to teach the principles of mechanized theorem proving. </p>
<p>Turning a general purpose language into a theorem prover opens up new research questions --- e.g., can theorems be used for runtime optimizations of existing real-world applications? --- that I plan to explore in the future. </p>
<p> </p><br><b>Bio:</b> <p dir="ltr" style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;">Niki Vazou is a Basili Postdoctoral Fellow at the Programming Languages Group at University of Maryland. She completed her Ph.D at UC San Diego, where together with her supervisor Ranjit Jhala, she developed Liquid Haskell, a formal verifier integrated into the Haskell programming language. During her Ph.D she was an intern at MSR Cambridge, MSR Redmond, and Awake Security, where she collaborated with top Haskell researchers and industrial developers on further expanding the applications and foundations of Liquid Haskell. Niki received the MSR Graduate Fellowship and is a member of the HaskellOrg committee.</p>
<p dir="ltr" style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px; line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;"> </p>
<p dir="ltr" style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px; line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;"> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20042018-01-29T20:44:25-05:002018-01-29T20:44:25-05:00https://talks.cs.umd.edu/talks/2004Program Analysis for Security<a href="https://www.paulgazzillo.com/">Paul Gazzillo - Stevens Institute of Technology</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Tuesday, January 30, 2018, 3:00-4:00 pm<br><br><b>Abstract:</b> <p>As computing technology becomes further integrated with our daily lives, we are subjected to increasingly severe security and privacy risks. How can we protect software systems from these risks? A complete solution requires developing far more secure software from the start. To do so, developers need automated software tools for security analysis, bug finding, verification, and more. Automating these tasks makes development of secure software easier, cheaper, and less error-prone.</p>
<p>In this talk I will present work that tackles new challenges in creating program analyses for security. First, I will show recent work on finding side-channel attacks. Programs contain secrets, such as passwords and encryption keys. Software bugs can cause them to leak secrets directly. But more insidiously, side channels can leak secrets indirectly, even when software is bug-free. For example, an attacker can use running time or memory usage measurements to discover a secret value. Such attacks are challenging to find automatically, because they require new algorithms that integrate disparate properties of a program, including information flow and performance. I discuss a new static analysis technique for discovering side channel due to running time.</p>
<p>Second, I will reveal the existing limitations of program analysis for highly-configurable systems software. Such systems, including the Linux kernel, Apache webserver, and the BusyBox toolkit for Internet-of-things devices, form much of our computing infrastructure. Configurability means this software can run in data centers and IoT devices alike, but it poses a new challenge for program analysis techniques, which typically consider one configuration at a time. With systems that have more configurations than atoms in the universe, checking each one for security vulnerabilities is infeasible. I will show how an analysis infrastructure based on new programming language techniques makes it feasible to analyze all configurations simultaneously.</p>
<p>Finally, I will show plans for developing security analyses and bug-finders that are configuration-sensitive. The challenge is that configurations affect all parts of the program, including types, function definitions, statements, etc, necessitating careful modifications to analysis algorithms. Worse, supporting all configurations introduces a new source of state explosion, requiring new tradeoffs in scalability and precision. These challenges are supported by efficient language representations and configuration-sensitive analyses that manage the configuration explosion problem. Additionally, I will discuss language design proposals to tackle the problem of configurable systems. Providing first-class language constructs will enable developers to express configurability safely and software tools to reason about programs more precisely.</p><br><b>Bio:</b> <p>Paul Gazzillo is a research scholar at Stevens Institute of Technology. His research aims to make it easier to develop safe and secure software and spans programming languages, security, software engineering and systems. Projects include program analyses to find side-channels, concurrent smart contracts, parsing C and the preprocessor, and Makefile analysis. His worked has been recognized with a SIGPLAN research highlight. He received his PhD from NYU and has previously worked as a post-doc at Yale.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20092018-01-31T14:08:37-05:002018-01-31T15:38:16-05:00https://talks.cs.umd.edu/talks/2009Formal reasoning for AWS cloud security<a href="http://www0.cs.ucl.ac.uk/staff/b.cook/">Byron Cook - Director, Automated Reasoning Group, Amazon Web Services</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Friday, February 9, 2018, 1:30-2:30 pm<br><br><b>Abstract:</b> <p>I describe the use of formal verification tools within Amazon Web Services to further ensure the security of its customers. We discuss some accomplishments, describe some of the challenges of operationalizing proof, muse on lessons learned, and outline some ideas for future research.</p><br><b>Bio:</b> <p>Byron Cook leads AWS Security’s Automated Reasoning Group which develops and applies constraint/logic based automated tools for proving the correctness of software, network configurations, and policies. Prior to joining AWS, Byron was for 10 years a researcher at Microsoft Research, where he worked in the areas of functional programming, hardware modeling and design, SAT-solving, symbolic model checking for finite-state systems, decision procedures, automatic program verification and analysis, and the analysis of biological systems. Byron’s research in automatic program verification has gained significant recognition (e.g. a substantial publication record, numerous keynote speaker invitations, and press hits in Scientific American, Science, Vogue, Financial Times, Economist, and Wired). Byron is particularly well known for his work on automatic methods for proving program termination, notably as part of the Terminator termination prover. This work represented a breakthrough, challenging the prevailing opinion in computer science that automatic termination proving is impossible. Byron is also well known for his contributions to Microsoft's SLAM project, which is often credited as a catalyst for the revival of automatic program verification research.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/19">Security Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20402018-04-06T23:55:27-04:002018-04-06T23:55:27-04:00https://talks.cs.umd.edu/talks/2040PLunch: Ian Sweet practice talk for POST.Ian Sweet - PLUM<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Monday, April 9, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <div style="color: #212121; font-family: sans-serif; font-size: 13px;">Quantitative information flow (QIF) is concerned with measuring how much of a secret is leaked to an adversary who observes the result of a computation that uses it. Prior work has shown that QIF techniques based on abstract interpretation with <wbr></wbr>probabilistic polyhedra can be used to analyze the worst-case leakage of a query, on-line, to determine whether that query can be safely answered. While this approach can provide precise estimates, it does not scale well. In this talk I will discuss how to solve the scalability problem by augmenting the baseline technique with sampling and symbolic execution.</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20462018-04-15T14:22:28-04:002018-04-15T14:22:28-04:00https://talks.cs.umd.edu/talks/2046PLunch: Verifying quantitative reliability for programs that execute on unreliable hardware (paper)Kesha Hietala - PLUM lab<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Monday, April 16, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Reading group: Verifying quantitative reliability for programs that execute on unreliable hardware (paper).</p>
<p> </p>
<p>We're talking about this paper: https://dl.acm.org/citation.cfm?id=2509546</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20502018-04-18T12:14:54-04:002018-04-18T12:14:54-04:00https://talks.cs.umd.edu/talks/2050PLunch: The Sovrin Public Permissioned ledgerWillem Wyndham - PLUM lab<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Monday, April 23, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <div style="color: #212121; font-family: sans-serif; font-size: 13px;">The Sovrin Public Permissioned ledger: A new public utility for managing self-sovereign identities. Using Decentralized Ids (DIDs), signed claims, and zero-knowldge proofs to create trusted anonymous credentials for establishing secure connections.</div>
<div style="color: #212121; font-family: sans-serif; font-size: 13px;"> </div>
<div style="color: #212121; font-family: sans-serif; font-size: 13px;">Original white paper: <a style="color: #7e57c2; z-index: 0; position: relative;" href="https://sovrin.org/wp-content/uploads/AnonCred-RWC.pdf" rel="noopener">https://sovrin.org/wp-<wbr></wbr>content/uploads/AnonCred-RWC.<wbr></wbr>pdf</a></div>
<div style="color: #212121; font-family: sans-serif; font-size: 13px;">Technical White Paper: <a style="color: #7e57c2; z-index: 0; position: relative;" href="https://sovrin.org/wp-content/uploads/2018/03/The-Technical-Foundations-of-Sovrin.pdf" rel="noopener">https://sovrin.org/wp-<wbr></wbr>content/uploads/2018/03/The-<wbr></wbr>Technical-Foundations-of-<wbr></wbr>Sovrin.pdf</a></div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20592018-04-27T13:19:30-04:002018-04-27T13:19:30-04:00https://talks.cs.umd.edu/talks/2059PLunch: Combining Numerical Optimization with SAT SolvingSankha Guria - PLUM lab<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Monday, April 30, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p><span style="font-family: Arial; font-size: 13px; white-space: pre-wrap;">PL reading group talks about "REAS: Combining Numerical Optimization with SAT Solving", lead by </span><span style="font-family: Arial;"><span style="font-size: 13px; white-space: pre-wrap;">Sankha Guria.</span></span></p>
<p>Monday 4/30 @ 1:00pm in AVW 3450</p>
<p><span style="font-family: Arial; font-size: 13px; white-space: pre-wrap;">Paper: https://arxiv.org/abs/1802.04408</span></p>
<p><span style="font-family: Arial; font-size: 13px; white-space: pre-wrap;">Sign up: </span><span style="font-family: Arial;"><span style="font-size: 13px; white-space: pre-wrap;">https://docs.google.com/spreadsheets/d/11MDPn0r6U0q-xtPsRRirWX4Bj60f0-eSepJPH69CCuk/edit#gid=0</span></span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20732018-05-04T18:04:37-04:002018-05-04T18:04:37-04:00https://talks.cs.umd.edu/talks/2073SMC: Satisfiability Modulo Convex ProgrammingProf Yasser Shoukry - ECE at UMD<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3450 A.V. Williams Building (AVW)</a><br>Monday, May 7, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <div style="color: #212121; font-family: sans-serif; font-size: 13px;">The design of cyber-physical systems (CPSs) requires methods and tools that can efficiently reason about the interaction between discrete models, e.g., representing the</div>
<div style="color: #212121; font-family: sans-serif; font-size: 13px;">behaviors of “cyber” components, and continuous models of physical processes. Boolean methods such as satisfiability (SAT) solving are successful in tackling large combinatorial search problems for the design and verification of hardware and software components. On the other hand, problems in control, communications, signal processing, and machine learning often rely on convex programming as a powerful solution engine. However, despite their strengths, neither approach would work in isolation for CPSs. In this talk, I will present a new satisfiability modulo convex programming (SMC) framework that integrates SAT solving and convex optimization to efficiently reason about Boolean and convex constraints at the same time. A key step in the proposed coordination scheme is the efficient generation of succinct infeasibility proofs for inconsistent constraints that can support conflict-driven learning and accelerate the search. I will demonstrate our</div>
<div style="color: #212121; font-family: sans-serif; font-size: 13px;">approach using different CPS design problems. I will show that SMC can handle more complex problem instances than state-of-the-art alternative techniques based on SMT solving and mixed integer convex programming. </div><br><b>Bio:</b> <p style="color: #212121; font-family: sans-serif; font-size: 13px;">Yasser is in his first year as an ECE asst. prof. and has interests that significantly overlap those from the PL/SE group, especially in formal methods, albeit with a cyber-physical systems twist.</p>
<p style="color: #212121; font-family: sans-serif; font-size: 13px;">He obtained his PhD from UCLA under the guidance of Paulo Tabuada, then spent two years doing a combined postdoc at Berkeley, UCLA and UPenn under the guidance of Sanjit Seshia, George Pappas (well-known control theorist at UPenn) and Tabuada.</p>
<p style="color: #212121; font-family: sans-serif; font-size: 13px;">(Written by Rance Cleaveland.)</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20842018-06-23T07:22:20-04:002018-06-23T07:22:20-04:00https://talks.cs.umd.edu/talks/2084Quantitative information-flow tracking using symbolic execution and statistically-guided model counting<a href="https://www-users.cs.umn.edu/~smccaman/">Stephen McCamant - University of Minnesota</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, August 13, 2018, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">Quantitative information-flow (QIF) analysis provides a measure of the </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">amount of information revealed when a program runs. For instance, if a </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">program operates on secret (private, confidential, etc.) data, QIF </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">measures in bits of the amount of information about that secret that </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">can be inferred from the program's outputs or other observable </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">behaviors. One class of powerful techniques for this analysis starts </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">by symbolically executing software to characterize its input-output </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">relation as a formula, and then uses model counting applied to such a </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">formula to provide an information-flow estimate. Model counting is </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">the problem of counting the number of solutions to a logical </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">formula. Even approximate model counting can be quite expensive; I'll </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">describe a technique we've developed to speed up hashing-based </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">approximate model counting by using a statistical model to choose </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">queries (TACAS 2018). Then I'll put this in a broader context using </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">binary symbolic execution to perform QIF analysis of complete </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">programs. To improve the scalability of this measurement to larger </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">programs, I'll describe our ongoing work on a hybrid approach that </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">uses precise-but-expensive model counting to improve the precision of </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">a scalable-but-conservative approach based on network flow capacity </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">(PLDI 2008).</span></p>
<p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">(research joint with Seonmo Kim and Navid Emamdoost, UMN)</span></p><br><b>Bio:</b> <p><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">Stephen McCamant has been an Assistant Professor of Computer Science </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">and Engineering at the University of Minnesota since the fall of 2012, </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">where his main research area is program analysis for software security </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">and correctness. He is especially interested in binary code analysis </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">and transformation, hybrid dynamic/static techniques and symbolic </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">execution, information flow/taint analysis, and applications of </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">decision procedures. His research on software-based fault isolation </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">was a key foundation for the Google Native Client system, and he is </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">the primary author of the FuzzBALL binary symbolic execution system </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">which participated in the DARPA Cyber Grand Challenge and is available </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">open-source. He received his Ph.D from MIT in 2008, and from </span><span style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">2008-2012 he was a postdoc at UC Berkeley.</span></p>
<div class="yj6qo" style="color: #222222; font-family: arial, sans-serif; font-size: 12.8px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/19">Security Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20952018-07-26T15:16:32-04:002018-07-26T17:53:43-04:00https://talks.cs.umd.edu/talks/2095RustBelt: Logical Foundations for the Future of Safe Systems Programming<a href="https://people.mpi-sws.org/~dreyer/">Derek Dreyer - Max Planck Institute for Software Systems (MPI-SWS)</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=CSI">2117 Computer Science Instructional Center (CSI)</a><br>Friday, September 28, 2018, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">Rust is a new systems programming language, sponsored by Mozilla, that promises to overcome the seemingly fundamental tradeoff in language design between high-level safety guarantees and low-level control over resource management. Unfortunately, none of Rust's safety claims have been formally proven, and there is good reason to question whether they actually hold. Specifically, Rust employs a strong, ownership-based type system, but then extends the expressive power of this core type system through libraries that internally use unsafe features.</span></span></p>
<p><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">In this talk, I will present RustBelt (http://plv.mpi-sws.org/rustbelt), the first formal (and machine-checked) safety proof for a language representing a realistic subset of Rust. Our proof is extensible in the sense that, for each new Rust library that uses unsafe features, we can say what verification condition it must satisfy in order for it to be deemed a safe extension to the language. We have carried out this verification for some of the most important libraries that are used throughout the Rust ecosystem.</span></span></p>
<p><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">After reviewing some essential features of the Rust language, I will describe the high-level structure of the RustBelt verification and then delve into detail about the secret weapon that makes RustBelt possible: the Iris framework for higher-order concurrent separation logic in Coq (http://iris-project.org). I will explain by example how Iris generalizes the expressive power of O'Hearn's original concurrent separation logic in ways that are essential for verifying the safety of Rust libraries. I will not assume any prior familiarity with concurrent separation logic or Rust.</span></span></p>
<p><span style="color: #222222; font-family: arial, sans-serif;"><span style="font-size: 12.8px;">This is joint work with Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, Hoang-Hai Dang, Jan-Oliver Kaiser, and the rest of the Iris team.</span></span></p><br><b>Bio:</b> <p>Derek Dreyer is a professor of computer science at the Max Planck Institute for Software Systems (MPI-SWS) in Saarbruecken, Germany, and recipient of the 2017 ACM SIGPLAN Robin Milner Young Researcher Award. His research runs the gamut from the type theory of high-level functional languages, down to the verification of compilers and low-level concurrent programs under relaxed memory models. He is currently leading the RustBelt project, which focuses on building the first formal foundations for the Rust programming language.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20982018-08-04T14:36:21-04:002018-08-04T14:36:21-04:00https://talks.cs.umd.edu/talks/2098DeepBugs: A Learning Approach to Name-based Bug Detection<a href="http://software-lab.org/people/Michael_Pradel.html">Michael Pradel - TU Darmstadt</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Tuesday, August 14, 2018, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Natural language elements in source code, e.g., the names of variables and functions, convey useful information. However, most existing bug detection tools ignore this information and therefore miss some classes of bugs. The few existing name-based bug detection approaches reason about names on a syntactic level and rely on manually designed and tuned algorithms to detect bugs. This talk presents DeepBugs, a learning approach to name-based bug detection, which reasons about names based on a semantic representation and which automatically learns bug detectors instead of manually writing them. We formulate bug detection as a binary classification problem and train a classifier that distinguishes correct from incorrect code. To address the challenge that effectively learning a bug detector requires examples of both correct and incorrect code, we create likely incorrect code examples from an existing corpus of code through simple code transformations. A novel insight learned from our work is that learning from artificially seeded bugs yields bug detectors that are effective at finding bugs in real-world code. We implement our idea into a framework for learning-based and name-based bug detection. Three bug detectors built on top of the framework detect accidentally swapped function arguments, incorrect binary operators, and incorrect operands in binary operations. Applying the approach to a corpus of 150,000 JavaScript files yields bug detectors that have a high accuracy (between 89% and 95%), are very efficient (less than 20 milliseconds per analyzed file), and reveal 102 programming mistakes (with 68% true positive rate) in real-world code.</p><br><b>Bio:</b> <p>Michael Pradel is an assistant professor at TU Darmstadt, which he joined after a PhD at ETH Zurich and a post-doc at UC Berkeley. His research interests span software engineering, programming languages, security, and machine learning, with a focus on tools and techniques for building reliable, efficient, and secure software. In particular, he is interested in dynamic program analysis, test generation, concurrency, performance profiling, JavaScript-based web applications, and machine learning-based program analysis.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/19">Security Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/20992018-08-05T11:06:29-04:002018-08-05T11:06:29-04:00https://talks.cs.umd.edu/talks/2099Ballerina: A Modern Programming Language Focused on Integration<a href="https://wso2.com/about/team/sanjiva-weerawarana/">Sanjiva Weerawarana - WSO2</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">2120 A.V. Williams Building (AVW)</a><br>Thursday, September 6, 2018, 10:00-11:00 am<br><br><b>Abstract:</b> <p>Ballerina is a concurrent, transactional, statically typed programming language. It is a general purpose programming language that has been designed to support integration. It combines fundamental concepts and tools of distributed systems with direct support for network services, distributed transactions, reliable messaging, stream processing, security and workflows. It is intended for commercial adoption and provides familiarity for users of Java, C# and JavaScript. This talk will discuss the core principles behind Ballerina including the semantics of combining aspects of networking, security, transactions, concurrency and events within a single architecture.</p><br><b>Bio:</b> <p>Sanjiva Weerawarana is the Founder / Chief Architect of WSO2, where he leads the Ballerina project. Sanjiva founded WSO2 in 2005 and served as CEO for 12 years, overseeing the creation of a complete set of middleware products. Ballerina represents the next generation of tools and languages with a focus on data integration. Prior to WSO2, Sanjiva was at IBM Research where he led the development of Web services standards and technologies. He has also been a long time open source developer and advocate and he is a Member of the Apache Software Foundation, an Emeritus Board Member of the Open Source Initiative and Founder and Chief Scientist of the Lanka Software Foundation. He volunteers as the IT Advisor to the Sri Lanka Army. He received a Ph.D. in Computer Science from Purdue University in 1994.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/2">CS Department</a> ⋅ <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21172018-09-04T12:51:11-04:002018-09-04T12:58:50-04:00https://talks.cs.umd.edu/talks/2117PLunch: Deriving a probability density calculator (functional pearl)Mike Hicks<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, September 5, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "Deriving a probability density calculator (functional pearl)." Discussion will be led by Mike Hicks.</p>
<p>Paper available here: https://dl.acm.org/citation.cfm?id=2951922</p>
<p>Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21182018-09-04T12:56:43-04:002018-09-04T12:59:36-04:00https://talks.cs.umd.edu/talks/2118PLunch: Linear Haskell: Practical Linearity in a Higher-Order Polymorphic LanguageJames Parker<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, September 12, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "Linear Haskell: Practical Linearity in a Higher-Order Polymorphic Language." Discussion will be led by James Parker.</p>
<p>Paper available here: https://arxiv.org/pdf/1710.09756.pdf</p>
<p>Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21192018-09-04T13:05:05-04:002018-09-04T13:05:05-04:00https://talks.cs.umd.edu/talks/2119PLunch: Haskell Symposium practice talk: Theorem Proving for AllNiki Vazou<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, September 19, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>This week in PL lunch, Niki will be practicing her talk for the Haskell Symposium. This title of her paper is "Functional Pearl: Theorem Proving for All: Equational Reasoning in Liquid Haskell."</p>
<p>Paper available here: http://goto.ucsd.edu/~nvazou/theorem-proving-for-all/main.pdf</p>
<p>Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p>
<p></p>
<p></p>
<p> </p>
<p> </p>
<p></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21202018-09-04T13:07:34-04:002018-09-04T13:07:34-04:00https://talks.cs.umd.edu/talks/2120PLunch: Repairing Decision-Making Programs Under UncertaintyKesha Hietala<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, September 26, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "Repairing Decision-Making Programs Under Uncertainty." Discussion will be led by Kesha Hietala.</p>
<p>Paper available here: http://pages.cs.wisc.edu/~aws/papers/cav17</p>
<p>Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p>
<p> </p>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21212018-09-04T13:10:36-04:002018-09-04T13:10:36-04:00https://talks.cs.umd.edu/talks/2121PLunch: Program Synthesis using Conflict-Driven LearningSankha Guria<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, October 3, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p class="p1">Weekly PL lunch discussing the paper "Program Synthesis using Conflict-Driven Learning.” Discussion will be led by Sankha Guria.</p>
<p class="p1">Paper available here: https://www.cs.utexas.edu/~isil/pldi18-neo.pdf</p>
<p class="p1">Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21232018-09-06T11:29:16-04:002018-09-06T11:29:16-04:00https://talks.cs.umd.edu/talks/2123PLunch: A data-driven CHC solverBen Mariano<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, October 10, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p class="p1">Weekly PL lunch discussing the paper "A data-driven CHC solver" from this year's PLDI. Discussion will be led by Ben Mariano.</p>
<p class="p1">Paper available here: https://dl.acm.org/citation.cfm?id=3192416</p>
<p class="p1">Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p>
<p> </p>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21352018-09-11T16:45:49-04:002018-09-11T16:45:49-04:00https://talks.cs.umd.edu/talks/2135Synthesizing Proofs for Program Verification<a href="http://www.cs.princeton.edu/~grigoryf/">Grigory Fedyukovich - Princeton University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Monday, October 8, 2018, 1:30-2:30 pm<br><br><b>Abstract:</b> <p>State-of-the-art techniques for automated program verification are required to certify each decision with a formal proof. When verifying program safety, a proof is an inductive invariant, when proving program termination, a proof is a ranking function, and when proving program non-termination, a proof is a recurrence set. Synthesis of these proofs necessitates exploring a usually large search space and relies on off-the-shelf constraint solvers. In this talk, I will present new methods that bias the search space with an extensive use of the program's source code. We build on an intuition that the source code often gives useful information, e.g., of occurrences of variables, constants, arithmetic and comparison operators. Thus, we use the source code to automatically construct a formal grammar and iteratively sample the desired proofs from it. We have designed and implemented an extensible verification framework and applied it for proving safety, termination, and non-termination of programs. The experimental evaluation has shown that although the formal grammar is limited to the syntax of the program, in the majority of cases our algorithms are effective and fast.</p><br><b>Bio:</b> <p>Grigory Fedyukovich is a postdoc at <a href="http://www.cs.princeton.edu/">Princeton University</a>, working with <a href="http://www.cs.princeton.edu/~aartig">Prof. Aarti Gupta</a>. He completed his PhD at <a href="http://verify.inf.usi.ch/">University of Lugano</a>, Switzerland, under supervision of <a href="http://www.inf.usi.ch/faculty/sharygina/">Prof. Natasha Sharygina</a>, and then was a postdoc at <a href="https://www.cs.washington.edu">University of Washington</a>, Seattle, with <a href="https://www.cs.washington.edu/people/faculty/bodik">Prof. Rastislav Bodik</a>.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21652018-10-09T09:52:24-04:002018-10-09T09:52:43-04:00https://talks.cs.umd.edu/talks/2165PLunch: RacerD: Compositional Static Race DetectionIan Sweet<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, October 24, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p> </p>
<p class="p1">Weekly PL lunch discussing the paper "RacerD: Compositional Static Race Detection.” Discussion will be led by Ian Sweet.</p>
<p class="p1">Paper available here: http://ilyasergey.net/papers/racerd-oopsla18-preprint.pdf</p>
<p class="p1">Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p>
<p> </p>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21662018-10-09T09:54:46-04:002018-10-09T09:54:46-04:00https://talks.cs.umd.edu/talks/2166PLunch: A Spectrum of Type Soundness and PerformanceCameron Moy<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, November 7, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p></p>
<p class="p1">Weekly PL lunch discussing the paper "A Spectrum of Type Soundness and Performance.” Discussion will be led by Cameron Moy.</p>
<p class="p1">Paper available here: http://www.ccs.neu.edu/home/types/publications/apples-to-apples/gf-icfp-2018.pdf</p>
<p class="p1">Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p>
<p> </p>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21682018-10-09T09:59:37-04:002018-10-09T09:59:37-04:00https://talks.cs.umd.edu/talks/2168PLunch: Collapsing Towers of InterpretersPhil Nguyen<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, December 5, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p></p>
<p class="p1">Weekly PL lunch discussing the paper "Collapsing Towers of Interpreters.” Discussion will be led by Phil Nguyen.</p>
<p class="p1">Paper available here: https://www.cs.purdue.edu/homes/rompf/papers/amin-popl18.pdf</p>
<p class="p1">Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p>
<p> </p>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21772018-10-16T11:13:46-04:002018-10-16T11:13:59-04:00https://talks.cs.umd.edu/talks/2177PLunch: TrustChain: A Sybil-resistant scalable blockchainWillem Wyndham<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, October 17, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p class="p1">Weekly PL lunch discussing the paper "TrustChain: A Sybil-resistant scalable blockchain.” Discussion will be led by Willem Wyndham.</p>
<p class="p1">Paper available here: https://drive.google.com/file/d/1GVK82OX3kuDUf-k07YVauhNgLvjORTXI/view</p>
<p class="p1">Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p>
<p> </p>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/21922018-10-30T13:27:32-04:002018-10-30T13:27:32-04:00https://talks.cs.umd.edu/talks/2192PLunch: Quantum Relational Hoare LogicRobert Rand<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, October 31, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch. Robert Rand will be leading the discussion on Dominique Unruh's "Quantum Relational Hoare Logic." The paper is available here: https://arxiv.org/pdf/1802.03188.pdf</p>
<p>Sign up to present here: https://docs.google.com/spreadsheets/d/1qOSdfrRyT7D3VyLtp992x0F5vVmaFpLIOh0Nh91DRWk?usp=sharing</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22012018-11-07T11:11:11-05:002018-11-07T11:12:09-05:00https://talks.cs.umd.edu/talks/2201PLunch: Algorithmic Improvisation<a href="https://math.berkeley.edu/~dfremont/">Daniel Fremont - UC Berkeley</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, November 14, 2018, 1:00-2:00 pm<br><br><b>Abstract:</b> <p><span style=" font-family: Helvetica; font-size: 12px; text-size-adjust: auto;">This week at PL lunch, Daniel Fremont will be presenting on Algorithmic Improvisation (abstract below).</span></p>
<p><span style=" font-family: Helvetica; font-size: 12px; text-size-adjust: auto;">Algorithmic Improvisation is a framework for automatically synthesizing systems with random but controllable behavior. It can be used in a wide variety of applications where randomness can provide variety, robustness, or unpredictability but safety guarantees or other properties must be ensured. These include software fuzz testing, robotic surveillance, machine music improvisation, randomized control of systems mimicking human behavior, and generation of synthetic data sets to train and test machine learning algorithms. In this talk, I will discuss both the theory of algorithmic improvisation and its practical applications. I will define the underlying formal language-theoretic problem, “control improvisation”, analyze its complexity and give efficient algorithms to solve it. I will describe in detail two applications: planning randomized patrol routes for surveillance robots, and generating random scenes of traffic to improve the reliability of neural networks used for autonomous driving. The latter application involves the design of a domain-specific probabilistic programming language to specify traffic and other scenarios.</span></p><br><b>Bio:</b> <p><span style=" font-family: Helvetica; font-size: 12px; text-size-adjust: auto;">Daniel Fremont is a PhD student in the Group in Logic and the Methodology of Science at UC Berkeley, working with Sanjit Seshia. He received a B.S. degree in Mathematics and Physics from MIT in 2013. His research is generally in the area of formal methods, focusing on the problems of counting and uniform generation of solutions to Boolean formulas. This includes developing practical algorithms to solve these problems, as well as finding new applications to the construction, verification, and testing of software, hardware, and cyber-physical systems.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22382019-01-23T15:39:08-05:002019-01-23T15:39:39-05:00https://talks.cs.umd.edu/talks/2238Bridging the Update Gap<a href="https://www.luispina.me/">Luis Pina - George Mason University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Friday, January 25, 2019, 4:00-5:00 pm<br><br><b>Abstract:</b> <p>Software updates are unavoidable, as software evolves with new features, improved performance, and error fixes. Important as they may be, software updates are also disruptive. In their simplest form, they require stopping and restarting the updated program; which disrupt users and results in loss of non-persistent state (e.g., contents of memory and active network connections). Furthermore, updates may fail and leave the updated software unable to run again, as happened recently to a Windows 10 update. Unfortunately, ignoring updates is not an acceptable alternative. If not fixed in a timely manner, known software errors may result in exploitable vulnerabilities, as happened recently in to Equifax.</p>
<p>Operators are thus left with a hard decision: To update now, disrupting users and risking not being able to resume service after the update; or to update later, and risk a potential attack. Developers, on the other hand, treat each version in isolation. They use sophisticated tools and techniques to ensure the quality of the resulting software, testing and validating each feature of each version. However, developers lack tools and techniques to reason about more than one version, and to treat software updates as any other first-class program feature. This leads to an update gap that separates operators from developers with regards to software updates.</p>
<p>In this talk, I describe how to bridge the update gap, focusing on my previous work on Dynamic Software Updating (DSU) as the building block to this ambitious goal. I also present recent work on making DSU reliable, even in the presence of update errors; and my vision to use a similar approach to improve the reliability of existing systems built with unreliable tools and languages. </p><br><b>Bio:</b> <p>Luis Pina is a post-doctoral researcher at George Mason University, working with Professor Jonathan Bell. Previously, he worked as a post-doc with Cristian Cadar, at Imperial College, London. He received his PhD from IST Lisbon under the supervision of Luis Veiga, and Michael Hicks, of the University of Maryland. His research interests fall in the intersection of programming languages, systems, and security.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22532019-02-04T10:27:17-05:002019-02-04T10:27:17-05:00https://talks.cs.umd.edu/talks/2253PLunch: Vale: Verifying High-Performance Cryptographic Assembly CodeKesha Hietala<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, February 6, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "Vale: Verifying High-Performance Cryptographic Assembly Code.” Discussion will be led by Kesha Hietala.</p>
<p>Paper available here: <a href="https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-bond.pdf">https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-bond.pdf</a></p>
<p>Sign up to present here: <a href="https://docs.google.com/spreadsheets/d/1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoVvQT4TGmb82e4g0/edit?usp=sharing" rel="noopener">https://docs.google.com/<wbr></wbr>spreadsheets/d/<wbr></wbr>1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoV<wbr></wbr>vQT4TGmb82e4g0/edit?usp=<wbr></wbr>sharing</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22682019-02-12T14:09:27-05:002019-02-12T14:09:27-05:00https://talks.cs.umd.edu/talks/2268PLunch: FrAngel: Component-Based Synthesis with Control StructuresBen Mariano<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, February 13, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "FrAngel: Component-Based Synthesis with Control Structures.” Discussion will be led by Ben Mariano.</p>
<p>Paper available here: <a href="https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-bond.pdf">https://arxiv.org/pdf/1811.05175.pdf</a></p>
<p>Sign up to present here: <a href="https://docs.google.com/spreadsheets/d/1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoVvQT4TGmb82e4g0/edit?usp=sharing" rel="noopener">https://docs.google.com/<wbr></wbr>spreadsheets/d/<wbr></wbr>1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoV<wbr></wbr>vQT4TGmb82e4g0/edit?usp=<wbr></wbr>sharing</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22752019-02-19T08:44:21-05:002019-03-05T11:05:32-05:00https://talks.cs.umd.edu/talks/2275PLunch: Collapsible Contracts: Fixing a Pathology of Gradual TypingCameron Moy<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, March 6, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "Collapsible Contracts: Fixing a Pathology of Gradual Typing.” Discussion will be led by Cameron Moy.</p>
<p>Paper available here: https://dl.acm.org/citation.cfm?id=3276503</p>
<p>Sign up to present here: <a href="https://docs.google.com/spreadsheets/d/1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoVvQT4TGmb82e4g0/edit?usp=sharing" rel="noopener">https://docs.google.com/<wbr></wbr>spreadsheets/d/<wbr></wbr>1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoV<wbr></wbr>vQT4TGmb82e4g0/edit?usp=<wbr></wbr>sharing</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22762019-02-19T08:45:59-05:002019-03-19T08:31:21-04:00https://talks.cs.umd.edu/talks/2276PLunch: The Meaning of Memory SafetyMike Hicks - University of Maryland, College Park<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, March 27, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "The Meaning of Memory Safety.” Discussion will be led by Mike Hicks.</p>
<p>Paper available here: https://arxiv.org/pdf/1705.07354.pdf</p>
<p>Sign up to present here: <a href="https://docs.google.com/spreadsheets/d/1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoVvQT4TGmb82e4g0/edit?usp=sharing" rel="noopener">https://docs.google.com/<wbr></wbr>spreadsheets/d/<wbr></wbr>1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoV<wbr></wbr>vQT4TGmb82e4g0/edit?usp=<wbr></wbr>sharing</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22772019-02-19T08:47:43-05:002019-04-09T13:59:17-04:00https://talks.cs.umd.edu/talks/2277PLunch: An Abstract Domain for Certifying Neural NetworksSankha Guria - University of Maryland, College Park<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Wednesday, April 10, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch. This week we will be discusssing "An Abstract Domain for Certifying Neural Networks". Discussion will be led by Sankha Guria.</p>
<p>Link to paper: <a href="https://eth-sri.github.io/publications/singh2019domain">https://eth-sri.github.io/publications/singh2019domain</a></p>
<p>Sign up to present here: <a href="https://docs.google.com/spreadsheets/d/1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoVvQT4TGmb82e4g0/edit?usp=sharing" rel="noopener">https://docs.google.com/<wbr></wbr>spreadsheets/d/<wbr></wbr>1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoV<wbr></wbr>vQT4TGmb82e4g0/edit?usp=<wbr></wbr>sharing</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22792019-02-19T14:05:19-05:002019-02-27T12:41:39-05:00https://talks.cs.umd.edu/talks/2279PLunch: Mind the Gap: Analyzing the Performance of WebAssembly vs. Native CodeWillem Wyndham<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, February 27, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "Mind the Gap: Analyzing the Performance of WebAssembly vs. Native Code". Discussion will be led by Willem Wyndham.</p>
<p>Paper available here: https://arxiv.org/abs/1901.09056</p>
<p>Sign up to present here: <a href="https://docs.google.com/spreadsheets/d/1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoVvQT4TGmb82e4g0/edit?usp=sharing" rel="noopener">https://docs.google.com/<wbr></wbr>spreadsheets/d/<wbr></wbr>1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoV<wbr></wbr>vQT4TGmb82e4g0/edit?usp=<wbr></wbr>sharing</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22802019-02-19T14:06:54-05:002019-04-16T14:17:28-04:00https://talks.cs.umd.edu/talks/2280PLunch: The Derivative of a Regular Type is its Type of One-Hole ContextsLeo Lampropoulos - University of Maryland, College Park<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Wednesday, April 17, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the papers "The Zipper" and "The Derivative of a Regular Type is its Type of One-Hole Contexts". Discussion will be led by Leo Lampropoulos.</p>
<p>Papers available here: <a href="http://gallium.inria.fr/~huet/PUBLIC/zip.pdf">http://gallium.inria.fr/~huet/PUBLIC/zip.pdf</a></p>
<p>And here: <a href="http://strictlypositive.org/diff.pdf">http://strictlypositive.org/diff.pdf</a></p>
<p>Sign up to present here: <a href="https://docs.google.com/spreadsheets/d/1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoVvQT4TGmb82e4g0/edit?usp=sharing" rel="noopener">https://docs.google.com/<wbr></wbr>spreadsheets/d/<wbr></wbr>1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoV<wbr></wbr>vQT4TGmb82e4g0/edit?usp=<wbr></wbr>sharing</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22812019-02-19T14:08:49-05:002019-03-12T10:38:41-04:00https://talks.cs.umd.edu/talks/2281PLunch: Trace Abstraction Modulo ProbabilityKesha Hietala - University of Maryland, College Park<br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, March 13, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "Trace Abstraction Modulo Probability.” Discussion will be led by Kesha Hietala.</p>
<p>Paper available here: https://dl.acm.org/citation.cfm?doid=3302515.3290352</p>
<p>Sign up to present here: <a href="https://docs.google.com/spreadsheets/d/1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoVvQT4TGmb82e4g0/edit?usp=sharing" rel="noopener">https://docs.google.com/<wbr></wbr>spreadsheets/d/<wbr></wbr>1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoV<wbr></wbr>vQT4TGmb82e4g0/edit?usp=<wbr></wbr>sharing</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22822019-02-19T14:11:50-05:002019-04-22T12:10:00-04:00https://talks.cs.umd.edu/talks/2282PLunch: Type Systems as MacrosCameron Moy - University of Maryland, College Park<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Wednesday, April 24, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "Type Systems as Macros.” Discussion will be led by Cameron Moy.</p>
<p>Paper available here: <a href="https://www.cs.tufts.edu/~nr/cs257/archive/stephen-chang/type-systems-as-macros.pdf">https://www.cs.tufts.edu/~nr/cs257/archive/stephen-chang/type-systems-as-macros.pdf</a></p>
<p>Sign up to present here: <a href="https://docs.google.com/spreadsheets/d/1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoVvQT4TGmb82e4g0/edit?usp=sharing" rel="noopener">https://docs.google.com/<wbr></wbr>spreadsheets/d/<wbr></wbr>1y3Ok0jvMCgwVzy7ETGK14Y2tp5JoV<wbr></wbr>vQT4TGmb82e4g0/edit?usp=<wbr></wbr>sharing</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/22902019-02-26T11:36:34-05:002019-04-30T11:40:21-04:00https://talks.cs.umd.edu/talks/2290PLunch: Verified Quantum ComputingRobert Rand - University of Maryland, College Park<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Wednesday, May 1, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch. Robert Rand will be discussing his work on verifying quantum programs in Coq. Notes can be found on his course webpage: <a href="http://www.cs.umd.edu/class/spring2019/cmsc631/Schedule.html">http://www.cs.umd.edu/class/spring2019/cmsc631/Schedule.html</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/23032019-03-12T10:42:34-04:002019-05-07T10:03:50-04:00https://talks.cs.umd.edu/talks/2303PLunch: Type-and-example-directed program synthesisPhil Nguyen - University of Maryland, College Park<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Wednesday, May 8, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL lunch discussing the paper "Type-and-example-directed program synthesis". Discussion will be led by Phil Nguyen.</p>
<p>Link to paper: <a href="https://dl.acm.org/citation.cfm?id=2738007">https://dl.acm.org/citation.cfm?id=2738007</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/23142019-04-01T13:50:02-04:002019-04-02T16:07:49-04:00https://talks.cs.umd.edu/talks/2314PLunch: MVEDSUa: Higher Availability Dynamic Software Updates via Multi-Version Execution<a href="https://www.luispina.me/">Luis Pina - George Mason University</a><br><a href="http://www.umd.edu/CampusMaps/bld_detail.cfm?bld_code=AVW">3460 A.V. Williams Building (AVW)</a><br>Wednesday, April 3, 2019, 2:00-3:00 pm<br><br><b>Abstract:</b> <p>Weekly PL reading group. This week Luis Pina will be giving a practice talk for ASPLOS. Abstract Below.</p>
<p> </p>
<p><span style="color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; white-space: pre-wrap;">Dynamic Software Updating (DSU) is a general-purpose technique for patching stateful software without shutting it down, which enables both timely updates and non-stop service. However, applying an update could induce a long delay in service, and bugs in the update - both in the changed code and in the specification for effecting that change dynamically - may cause the updated software to crash or misbehave. This paper proposes MVEDSUa, a system that solves these problems by augmenting a DSU system with support for Multi-Version Execution (MVE). To start, MVEDSUa performs an update in parallel with the original system, thereby avoiding any service delay. Then, it monitors that the updated and original systems' responses agree when given the same inputs. Expected differences are specified by the programmer, so remaining differences signal likely errors. If the new version shows no problems, it can be installed permanently. We implemented MVEDSUa on top of Kitsune and Varan state-of-the-art DSU and MVE systems respectively, and used it to update several high-performance servers: Redis, Memcached, and VSFTPD. Our results show that MVEDSUa significantly reduces the update-time delay, imposes little overhead in steady state, and easily recovers from a variety of update-related errors. </span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/23272019-04-09T10:52:04-04:002019-05-14T10:57:40-04:00https://talks.cs.umd.edu/talks/2327PLunch: Who Tests the Testers?Hasan Touma - University of Maryland, College Park<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Wednesday, May 15, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Weekly PL reading group discussing the paper "Who Tests the Testers?: Avoiding the Perils of Automated Testing". Discussion will be led by Hasan Touma.</p>
<p>Paper available here: <a href="https://cs.brown.edu/~sk/Publications/Papers/Published/wkf-who-tests-testers/paper.pdf">https://cs.brown.edu/~sk/Publications/Papers/Published/wkf-who-tests-testers/paper.pdf</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/23572019-05-09T12:02:42-04:002019-05-09T12:04:35-04:00https://talks.cs.umd.edu/talks/2357SNAPL Practice Talk: Formal Verification vs. Quantum UncertaintyMike Hicks - University of Maryland, College Park<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">4237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, May 13, 2019, 1:00-2:00 pm<br><br><b>Abstract:</b> <p>Practice talk for SNAPL 2019. Abstract below.</p>
<p>Quantum programming is hard: Quantum programs are necessarily probabilistic and impossible to examine without disrupting the execution of a program. In response to this challenge, we and a number of other researchers have written tools to verify quantum programs against their intended semantics. This is not enough. Verifying an idealized semantics against a real world quantum program doesn't allow you to confidently predict the program's output. In order to have verification that works, you need both an error semantics related to the hardware at hand (this is necessarily low level) and certified compilation to the that same hardware. Once we have these two things, we can talk about an approach to quantum programming where we start by writing and verifying programs at a high level, attempt to verify properties of the compiled code, and repeat as necessary.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/23892019-09-03T12:53:14-04:002019-09-03T12:53:14-04:00https://talks.cs.umd.edu/talks/2389PLunch: Tait's Method: Termination for STLCIan Sweet<br>IRB 5237<br>Tuesday, September 17, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <div class="abstract-body">
<p>Weekly PL reading group discussing the paper "PLunch: Tait's Method: Termination for STLC". Discussion will be led by Ian Sweet.</p>
<p>Paper available here: <span class="formula-content" style="font-size: 14px;"><span class=" string " dir="auto">http://www.cs.cmu.edu/~rwh/pfpl/supplements/tait.pdf</span></span></p>
</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/23932019-09-06T12:23:23-04:002019-09-06T12:23:23-04:00https://talks.cs.umd.edu/talks/2393PLunch: vZ - An Optimizing SMT SolverJames Parker<br>IRB 5237<br>Tuesday, September 10, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <div class="abstract-body">
<p>Weekly PL lunch discussing the paper "v<span class="formula-content" style="font-size: 14px;"><span class=" string " dir="auto">Z - An Optimizing SMT Solver.</span></span>" Discussion will be led by James Parker.</p>
<p>Paper available here: <span class="formula-content" style="font-size: 14px;"><span class=" string " dir="auto">https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/nbjorner-nuz.pdf</span></span></p>
<p>Sign up to present here: https://docs.google.com/spreadsheets/d/1esCJhCvZibodZvHjnUlqrP71F9Vdo-UkpoGO3QwWRqE/edit?usp=sharing</p>
</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24192019-09-22T09:08:48-04:002019-09-22T09:08:48-04:00https://talks.cs.umd.edu/talks/2419PLunch: Towards a Compiler for RealsKesha Hietala<br>IRB 5237<br>Tuesday, September 24, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><em>Weekly PL reading group discussing the paper "Towards a Compiler for Reals". Discussion will be led by Kesha Hietala. Paper available at https://dl.acm.org/citation.cfm?id=3014426.</em></p>
<p>Numerical software, common in scientific computing or embedded systems, inevitably uses a finite-precision approximation of the real arithmetic in which most algorithms are designed. In many applications, the roundoff errors introduced by finite-precision arithmetic are not the only source of inaccuracy, and measurement and other input errors further increase the uncertainty of the computed results. Adequate tools are needed to help users select suitable data types and evaluate the provided accuracy, especially for safety-critical applications.<br><br>We present a source-to-source compiler called Rosa that takes as input a real-valued program with error specifications and synthesizes code over an appropriate floating-point or fixed-point data type. The main challenge of such a compiler is a fully automated, sound, and yet accurate-enough numerical error estimation. We introduce a unified technique for bounding roundoff errors from floating-point and fixed-point arithmetic of various precisions. The technique can handle nonlinear arithmetic, determine closed-form symbolic invariants for unbounded loops, and quantify the effects of discontinuities on numerical errors. We evaluate Rosa on a number of benchmarks from scientific computing and embedded systems and, comparing it to the state of the art in automated error estimation, show that it presents an interesting tradeoff between accuracy and performance.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24272019-09-30T09:00:17-04:002019-09-30T09:00:17-04:00https://talks.cs.umd.edu/talks/2427PLunch: What You Needa Know about YonedaYiyun Liu<br>IRB 5237<br>Tuesday, October 1, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><em>Weekly PL reading group discussing the paper "What You Needa Know about Yoneda". Discussion will be led by Yiyun Liu. Paper available at https://www.cs.ox.ac.uk/jeremy.gibbons/publications/proyo.pdf.</em><br><br>Profunctor optics are a neat and composable representation of bidirectional data accessors, including lenses, and their dual, prisms. The profunctor representation exploits higher-order functions and higher-kinded type constructor classes, but the relationship between this and the familiar representation in terms of ‘getter’ and ‘setter’ functions is not at all obvious. We derive the profunctor representation from the concrete representation, making the relationship clear. It turns out to be a fairly direct application of the Yoneda Lemma, arguably the most important result in category theory. We hope this derivation aids understanding of the profunctor representation. Conversely, it might also serve to provide some insight into the Yoneda Lemma.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24302019-10-02T15:49:07-04:002019-10-02T15:49:07-04:00https://talks.cs.umd.edu/talks/2430Privacy and Automated Verification<a href="http://pages.cs.wisc.edu/~aws/">Aws Albarghouthi - University of Wisconsin</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">3137 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 7, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span id="docs-internal-guid-4652cf36-7fff-6cd5-414b-e006e869638e" style="font-size: 11pt; font-family: Arial; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Algorithms consume our personal data and make decisions that affect our lives. How can we make sure that these algorithms do not leak our private data? How do we make sure they are fair? Over the past few years, we have been exploring this question through the lens of automated verification and synthesis. In this talk, I will discuss automated techniques for proving the correctness of randomized algorithms and apply them to differentially private mechanisms, which have seen numerous applications in privacy-preserving data analysis as well as ensuring forms of fairness in decision-making. Technically, I will demonstrate how powerful SMT solvers, which revolutionized automated verification of traditional programs, can be applied to reasoning about randomized algorithms.</span></p><br><b>Bio:</b> <p id="docs-internal-guid-a6240c49-7fff-acea-5382-e31e3152f45f" dir="ltr" style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;"><span style="font-size: 11pt; font-family: Arial; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Aws Albarghouthi is an assistant professor at the University of Wisconsin-Madison. He studies automated synthesis and verification of programs, recently with an eye on socially sensitive programs and properties, including fair decision-making, private data analysis, and socially aware robots. He received his PhD from the University of Toronto. He has received a number of best-paper awards for his work (at FSE, UIST, and FAST), an NSF CAREER award, a Google Faculty Research Award, and a Facebook Research Award.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24322019-10-07T14:20:36-04:002019-10-07T14:20:36-04:00https://talks.cs.umd.edu/talks/2432Curry Howard in CoqRobert Rand<br>IRB 5237<br>Tuesday, October 8, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Weekly PL reading group discussing the topic Curry Howard proofs in Coq. Discussion will be led by Robert Rand.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24372019-10-12T20:43:21-04:002019-10-12T20:43:21-04:00https://talks.cs.umd.edu/talks/2437Coverage Guided, Property Based TestingLeonidas Lampropoulos<br>IRB 5237<br>Tuesday, October 15, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><em>Leo's practice talk for OOPSLA "Coverage Guided, Property Based Testing". Paper available at https://www.cs.umd.edu/~mwh/papers/fuzzchick-draft.pdf.</em></p>
<p>Property-based random testing, exemplified by frameworks such as Haskell's QuickCheck, works by testing an executable predicate (a property) on a stream of randomly generated inputs. Property testing works very well in many cases, but not always. Some properties are conditioned on the input satisfying demanding semantic invariants that are not consequences of its syntactic structure---e.g., that an input list must be sorted or have no duplicates. Most randomly generated inputs fail to satisfy properties with such sparse preconditions, and so are simply discarded. As a result, much of the target system may go untested.<br><br>We address this issue with a novel technique called coverage guided, property based testing (CGPT). Our approach is inspired by the related area of coverage guided fuzzing, exemplified by tools like AFL. Rather than just generating a fresh random input at each iteration, CGPT can also produce new inputs by mutating previous ones using type-aware, generic mutator operators. The target program is instrumented to track which control flow branches are executed during a run and inputs whose runs expand control-flow coverage are retained for future mutations. This means that, when sparse conditions in the target are satisfied and new coverage is observed, the input that triggered them will be retained and used as a springboard to go further.<br><br>We have implemented CGPT as an extension to the QuickChick property testing tool for Coq programs; we call our implementation FuzzChick. We evaluate FuzzChick on two Coq developments for abstract machines that aim to enforce flavors of noninterference, which has a (very) sparse precondition. We systematically inject bugs in the machines' checking rules and use FuzzChick to look for counterexamples to the claim that they satisfy a standard noninterference property. We find that vanilla QuickChick almost always fails to find any bugs after a long period of time, as does an earlier proposal for combining property testing and fuzzing. In contrast, FuzzChick often finds them within seconds to minutes. Moreover, FuzzChick is almost fully automatic; although highly tuned, hand-written generators can find the bugs faster, they require substantial amounts of insight and manual effort.<br><br></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24422019-10-21T13:50:20-04:002019-10-21T13:50:20-04:00https://talks.cs.umd.edu/talks/2442PLunch: Binders UnboundIan Sweet<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Tuesday, October 22, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><em>Weekly PL reading group discussing the paper "Binders Unbound". Discussion will be led by Ian Sweet. Paper available at https://www.seas.upenn.edu/~sweirich/papers/icfp11.pdf.</em><br><br>Implementors of compilers, program refactorers, theorem provers, proof checkers, and other systems that manipulate syntax know that dealing with name binding is difficult to do well. Operations such as α-equivalence and capture-avoiding substitution seem simple, yet subtle bugs often go undetected. Furthermore, their implementations are tedious, requiring "boilerplate" code that must be updated whenever the object language definition changes.<br><br>Many researchers have therefore sought to specify binding syntax declaratively, so that tools can correctly handle the details behind the scenes. This idea has been the inspiration for many new systems (such as Beluga, Delphin, FreshML, FreshOCaml, Cαml, FreshLib, and Ott) but there is still room for improvement in expressivity, simplicity and convenience.<br><br>In this paper, we present a new domain-specific language, Unbound, for specifying binding structure. Our language is particularly expressive - it supports multiple atom types, pattern binders, type annotations, recursive binders, and nested binding (necessary for telescopes, a feature found in dependently-typed languages). However, our specification language is also simple, consisting of just five basic combinators. We provide a formal semantics for this language derived from a locally nameless representation and prove that it satisfies a number of desirable properties.<br><br>We also present an implementation of our binding specification language as a GHC Haskell library implementing an embedded domain specific language (EDSL). By using Haskell type constructors to represent binding combinators, we implement the EDSL succinctly using datatype-generic programming. Our implementation supports a number of features necessary for practical programming, including flexibility in the treatment of user-defined types, best-effort name preservation (for error messages), and integration with Haskell's monad transformer library.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24462019-10-27T21:18:17-04:002019-10-27T21:18:17-04:00https://talks.cs.umd.edu/talks/2446PLunch: Verified Lifting of Stencil ComputationsSankha Narayan Guria<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Tuesday, October 29, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><em>Weekly PL reading group discussing the paper "Verified Lifting of Stencil Computations". Discussion will be led by Sankha Narayan Guria. Paper available at https://homes.cs.washington.edu/~akcheung/papers/pldi16.pdf</em><br><br>This paper demonstrates a novel combination of program synthesis and verification to lift stencil computations from low-level Fortran code to a high-level summary expressed using a predicate language. The technique is sound and mostly automated, and leverages counter-example guided inductive synthesis (CEGIS) to find provably correct translations. Lifting existing code to a high-performance description language has a number of benefits, including maintainability and performance portability. Our experiments show that the lifted summaries allow domain specific compilers to do a better job of parallelization as compared to an off-the-shelf compiler working on the original code, and can even support fully automatic migration to hardware accelerators such as GPUs. We have implemented verified lifting in a system called STNG and have evaluated it using microbenchmarks, mini-apps, and real-world applications. We demonstrate the benefits of verified lifting by first automatically summarizing Fortran source code into a high-level predicate language, and subsequently translating the lifted summaries into Halide, with the translated code achieving median performance speedups of 4.1x and up to 24x as compared to the original implementation.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24522019-11-04T10:50:06-05:002019-11-04T10:50:26-05:00https://talks.cs.umd.edu/talks/2452PLunch: A unified approach to solving seven programming problems (functional pearl)Phil Nguyen<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Tuesday, November 5, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><em>Weekly PL reading group discussing the paper "A unified approach to solving seven programming problems (functional pearl)". Discussion will be led by Phil Nguyen. Paper available at https://dl.acm.org/citation.cfm?id=3110252</em><br><br>We present seven programming challenges in Racket, and an elegant, unified approach to solving them using constraint logic programming in miniKanren.</p>
<p> </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24592019-11-06T12:27:16-05:002019-11-06T12:27:16-05:00https://talks.cs.umd.edu/talks/2459Data-Driven Software Maintenance<a href="http://people.cs.vt.edu/nm8247/">Na Meng - Virginia Tech</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">3137 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, November 25, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Nowadays software is widely used in almost every domain. When software applications contain defects or errors, these errors or software bugs can trigger security problems, cause financial loss, or even jeopardize human health. However, maintaining software to remove all those errors is usually challenging. This is because to resolve a software issue, developers usually spend lots of time and effort in order to comprehend programs, so that they can apply program changes consistently, completely, and correctly. When developers have insufficient domain knowledge or misunderstand the program logic, they may fail to fix the bug or their bug fixes can actually introduce new bugs.</p>
<p>In this talk, I will present our recent research that intends to bridge the gap between program complexity and developers’ programming capabilities. Thus, there are three parts in my talk. For the first part, I will introduce our empirical study on developers’ secure coding practices. By crawling and analyzing developers’ technical discussions on the StackOverflow website, we identified various programming challenges that developers encounter when they build security functionalities. We also showed security vulnerabilities due to developers’ security API misuses. For the second part, I’ll introduce our related empirical study to examine the reliability of security suggestions on StackOverflow, which study reveals a worrisome reality in the software development industry. For the third part, I will present our recent tool that recommends code refactorings for developers. All our empirical studies and techniques have the potential to help developers (1) better understand program complexity and the complexity of software maintenance, and (2) improve program maintenance as well as software quality. </p><br><b>Bio:</b> <p>Dr. Na Meng is an assistant professor in the Department of Computer Science at Virginia Tech, U.S. (since 2015). She received her PhD in Computer Science at The University of Texas at Austin, U.S. (2014). Her research interests include Software Engineering and Programming Languages. She focuses on conducting empirical studies on software bugs and fixes, and investigating new approaches to help developers comprehend programs and changes, to detect and fix bugs, and to modify code automatically. Nowadays, Dr. Meng also explores to fix security bugs automatically. Dr. Meng received the NSF CAREER Award in 2019. </p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a> ⋅ <a href="https://talks.cs.umd.edu/lists/19">Security Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24642019-11-11T14:50:00-05:002019-11-11T14:50:18-05:00https://talks.cs.umd.edu/talks/2464PLunch: When Good Components Go Bad: Formally Secure Compilation Despite Dynamic CompromiseMichael Hicks<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Tuesday, November 12, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><em>Weekly PL reading group discussing the paper "When Good Components Go Bad: Formally Secure Compilation Despite Dynamic Compromise". Discussion will be led by Mike Hicks. Paper available at https://arxiv.org/pdf/1802.00588.pdf</em><br><br>We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for example, by accessing an array out of bounds. <br>Our criterion is the first to model dynamic compromise in a system of mutually distrustful components with clearly specified privileges. It articulates how each component should be protected from all the others---in particular, from components that have encountered undefined behavior and become compromised. Each component receives secure compilation guarantees---in particular, its internal invariants are protected from compromised components---up to the point when this component itself becomes compromised, after which we assume an attacker can take complete control and use this component's privileges to attack other components. More precisely, a secure compilation chain must ensure that a dynamically compromised component cannot break the safety properties of the system at the target level any more than an arbitrary attacker-controlled component (with the same interface and privileges, but without undefined behaviors) already could at the source level. <br>To illustrate the model, we construct a secure compilation chain for a small unsafe language with buffers, procedures, and components, targeting a simple abstract machine with built-in compartmentalization. We give a careful proof (mostly machine-checked in Coq) that this compiler satisfies our secure compilation criterion. Finally, we show that the protection guarantees offered by the compartmentalized abstract machine can be achieved at the machine-code level using either software fault isolation or a tag-based reference monitor.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24722019-11-25T15:32:13-05:002019-11-25T15:32:13-05:00https://talks.cs.umd.edu/talks/2472PLunch: Let Arguments Go FirstYiyun Liu<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Tuesday, November 26, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><em>Weekly PL reading group discussing the paper "</em><em><span class="formula-content" style="font-size: 14px;"><span class=" string " dir="auto">Let Arguments Go First</span></span>". Discussion will be led by Yiyun Liu. Paper available at https://link.springer.com/chapter/10.1007/978-3-319-89884-1_10</em></p>
<p id="Par1" class="Para">Bi-directional type checking has proved to be an extremely useful and versatile tool for type checking and type inference. The conventional presentation of bi-directional type checking consists of two modes: <em class="EmphasisTypeItalic ">inference</em> mode and <em class="EmphasisTypeItalic ">checked</em> mode. In traditional bi-directional type-checking, type annotations are used to guide (via the checked mode) the type inference/checking procedure to determine the type of an expression, and <em class="EmphasisTypeItalic ">type information flows from functions to arguments</em>.</p>
<p id="Par2" class="Para">This paper presents a variant of bi-directional type checking where the <em class="EmphasisTypeItalic ">type information flows from arguments to functions</em>. This variant retains the inference mode, but adds a so-called <em class="EmphasisTypeItalic ">application</em> mode. Such design can remove annotations that basic bi-directional type checking cannot, and is useful when type information from arguments is required to type-check the functions being applied. We present two applications and develop the meta-theory (mostly verified in Coq) of the application mode.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24812019-12-02T14:21:41-05:002019-12-02T17:56:06-05:00https://talks.cs.umd.edu/talks/2481PLunch: Sound and Robust Solid Modeling via Exact Real Arithmetic and ContinuityKesha Hietala<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Tuesday, December 3, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><em>Weekly PL reading group discussing the paper "</em><em><span class="formula-content" style="font-size: 14px;"><span class=" string " dir="auto">Sound and Robust Solid Modeling via Exact Real Arithmetic and Continuity</span></span>". Discussion will be led by Kesha Hietala. Paper available at http://people.csail.mit.edu/sherman/papers/icfp19.pdf</em></p>
<p>Algorithms for solid modeling, i.e., Computer-Aided Design (CAD) and computer graphics, are often specified on real numbers and then implemented with finite-precision arithmetic, such as floating-point. The result is that these implementations do not soundly compute the results that are expected from their specifications.<br><br>We present a new library, StoneWorks, that provides sound and robust solid modeling primitives. We implement StoneWorks in MarshallB, a pure functional programming language for exact real arithmetic in which types denote topological spaces and functions denote continuous maps, ensuring that all programs are sound and robust. We developed MarshallB as an extension of the Marshall language.<br><br>We also define a new shape representation, compact representation (K-rep), that enables constructions such as Minkowski sum and analyses such as Hausdorff distance that are not possible with traditional representations. K-rep is a nondeterminism monad for describing all the points in a shape.<br><br>With our library, language, and representation together, we show that short StoneWorks programs can specify and execute sound and robust solid modeling algorithms and tasks.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24862019-12-03T17:57:26-05:002019-12-03T17:57:26-05:00https://talks.cs.umd.edu/talks/2486PLunch: Testing and Verification - A Match Made in HeavenLeonidas Lampropoulos<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Tuesday, December 10, 2019, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Software correctness is becoming an increasingly important concern as our society grows more and more reliant on computer systems. Even the simplest of software errors can have devastating financial or security implications. How can we find errors in real-world applications? How can we guarantee that such errors don't exist? To even begin to answer these questions we need a <em>specification</em>: a description of what it means for a piece of code to be correct, stated either explicitly (e.g. my private data are never leaked to third parties) or implicitly (e.g. this code will not terminate with an uncaught exception).</p>
<div>In this talk, I will discuss efficient ways to debug and reason about software and specifications, focusing on two techniques and their interplay: <em>property-based testing</em> and <em>mechanized formal verification</em>. Testing can quickly uncover errors in complex software, but it cannot guarantee their absence. Formal verification provides strong correctness guarantees, but is still very expensive in time and effort.</div>
<div> </div>
<div>Together, they are a match made in heaven.</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/24952019-12-15T07:37:12-05:002020-01-15T13:26:26-05:00https://talks.cs.umd.edu/talks/2495Grow your own language: The YAFL story<a href="https://www.dariusblasband.com/">Darius Blasband - Raincode</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">4105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Wednesday, February 19, 2020, 2:00-3:00 pm<br><br><b>Abstract:</b> <p>This talk tells the rather uncommon story of the co-evolution of my company, Raincode, with a home-grown programming language, YAFL.</p>
<p>The two are intimately intertwined: Raincode would crumble if YAFL was to disappear, and YAFL would have no reason to exist if Raincode was to stop its activities.</p>
<p>YAFL is a strongly-typed object-oriented language originally designed and implemented a quarter of century ago. Our story starts with YAFL’s inception, its design, our motivations (including the usual fantasies of world domination) and the technical underpinnings and some key implementation decisions.</p>
<p>Our story is rooted in the real world where pragmatics reign. I will argue that our design choices and implementation decisions have converged to give YAFL its true value, and, that the fruits of growing our own language are well worth the maintenance burden.</p>
<p>The talk will argue that YAFL is a non-DSL, and touch on the good ideas as well as the lousy ones. I will discuss how to evolve a language over time by judiciously adding, as well as removing, features.</p>
<p>Above all, it is story about people. The language designer, its implementors, its first users, even its customers are the main characters of this comedy. Their interplay sheds a light on how languages are created and maintained.</p><br><b>Bio:</b> <p>Darius Blasband was born in 1965 and has a PhD from the Université Libre de Bruxelles. His focus is legacy code modernization, articulated around compilers for legacy languages. He founded Raincode (http://www.raincode.com), and designed its core technology. Above all, Darius is a geek. Building software systems is what he likes best—after his family, chocolate, and on par with music.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/25132020-02-03T09:58:03-05:002020-02-03T09:58:03-05:00https://talks.cs.umd.edu/talks/2513Practice job talkRobert Rand<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, February 3, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>Robert is practicing his job talk.</p>
<p>Sign up to present here: https://docs.google.com/spreadsheets/d/1RQXmk9hdDtBK-YfS3GFd1iinu5q2mD_cR_0NFBIPb6o/edit#gid=0</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/25152020-02-06T10:30:05-05:002020-02-14T14:23:58-05:00https://talks.cs.umd.edu/talks/2515Linear dependent types for quantum circuit programming<a href="https://fermat.github.io/">Frank Fu - Dalhousie University</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, February 17, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>It is sometimes said that 99% of a quantum programmer's task is constructing and manipulating circuits and only 1% is actually running them. In this talk, I will introduce and demonstrate Proto-Quipper-D, an experimental quantum circuit programming language. Like previous versions of Proto-Quipper, it uses linear types to enforce the no-cloning property. In addition, Proto-Quipper-D features the use of dependent types for describing families of circuits and for type-safe garbage qubit management.</p><br><b>Bio:</b> <p>Frank Fu is a postdoctoral researcher in the Department of Mathematics and Statistics at Dalhousie University. Broadly speaking, he is interested in type theories and their applications in programming languages. In the past, he worked on supporting the verification of lambda-encoded programs in a type system and in a higher-order logic, and has explored topics relating to Haskell-style type classes, term rewriting, nested data types, and dependent types. Currently, he is working on the design and implementation of a linear dependently typed programming language for circuit design.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/25222020-02-09T18:36:10-05:002020-02-09T18:36:10-05:00https://talks.cs.umd.edu/talks/2522A Probabilistic Separation LogicMichael Hicks<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, February 10, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <div class="col-sm-10">
<p>Probabilistic independence is a fundamental tool for reasoning about randomized programs. Independence describes the result of drawing a fresh random sample—a basic operation in all probabilistic languages—and greatly simplifies formal reasoning about collections of random samples. Nevertheless, existing verification methods handle independence poorly, if at all.</p>
<p>In this paper, we propose a probabilistic separation logic where separation models probabilistic independence. We first give a new, probabilistic model of the logic of bunched implications (BI), the logic of assertions in separation logic. Then, we introduce a program logic based on these assertions and prove soundness of the proof system. We demonstrate our logic by verifying security properties of several cryptographic constructions, including simple ORAM, secure multi-party addition, oblivious transfer, and private information retrieval. Our logic is able to state and verify two different forms of the standard cryptographic security property, while proofs work in terms of high-level properties like independence and uniformity.</p>
<p>Paper available at: https://dl.acm.org/doi/10.1145/3371123</p>
</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/25422020-02-24T08:37:17-05:002020-02-24T08:37:17-05:00https://talks.cs.umd.edu/talks/2542PLunch: Interaction Trees: Representing Recursive and Impure Programs in CoqKesha Hietala<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, February 24, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>"Interaction trees" (ITrees) are a general-purpose data structure for representing the behaviors of recursive programs that interact with their environments. A coinductive variant of "free monads," ITrees are built out of uninterpreted events and their continuations. They support compositional construction of interpreters from "event handlers", which give meaning to events by defining their semantics as monadic actions. ITrees are expressive enough to represent impure and potentially nonterminating, mutually recursive computations, while admitting a rich equational theory of equivalence up to weak bisimulation. In contrast to other approaches such as relationally specified operational semantics, ITrees are executable via code extraction, making them suitable for debugging, testing, and implementing software artifacts that are amenable to formal verification. <br>We have implemented ITrees and their associated theory as a Coq library, mechanizing classic domain- and category-theoretic results about program semantics, iteration, monadic structures, and equational reasoning. Although the internals of the library rely heavily on coinductive proofs, the interface hides these details so that clients can use and reason about ITrees without explicit use of Coq's coinduction tactics. <br>To showcase the utility of our theory, we prove the termination-sensitive correctness of a compiler from a simple imperative source language to an assembly-like target whose meanings are given in an ITree-based denotational semantics. Unlike previous results using operational techniques, our bisimulation proof follows straightforwardly by structural induction and elementary rewriting via an equational theory of combinators for control-flow graphs.</p>
<p><em>Paper available at https://arxiv.org/abs/1906.00046</em></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/25462020-02-27T07:30:09-05:002020-02-28T06:41:54-05:00https://talks.cs.umd.edu/talks/2546Building near-term quantum computers: A computer science perspectiveOmar Shehab - IonQ, Inc.<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5107 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Thursday, March 5, 2020, 10:30-11:30 am<br><br><b>Abstract:</b> <p>Noisy-intermediate quantum computers have started appearing beyond the walls of the academic research labs in the commercial market. While it is still not obvious what applications they will be commercially important for, researchers from all disciplines are playing their roles to develop a deeper understanding of the field. In this talk, I would like to share what it is like to be a computer scientist in the near-term quantum computing industry. I will give examples of how computer science can help solve challenges in every layer of full stack quantum computing, from hardware design to software tool chain development, to build better quantum computers or make the best use of them. This talk will cover three areas I work on: a) development and optimization of near-term quantum algorithms, b) development of quantum programming languages, and c) optimization of atomic physics processes.</p><br><b>Bio:</b> <p>Omar Shehab received his PhD in computer science from UMBC in 2016. He joined IonQ, Inc., a University of Maryland based quantum computing startup, in 2017. His research focus is noisy-intermediate scale quantum algorithms, quantum programming language, and near-term hybrid quantum algorithm. He has been named co-inventor in eight patent applications covering different aspects of quantum computing. He has also given a number of invited talks on building quantum computers.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/25482020-03-01T21:19:57-05:002020-03-01T21:19:57-05:00https://talks.cs.umd.edu/talks/2548PLunch: Proving Data-Poisoning Robustness in Decision TreesSankha Narayan Guria<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, March 2, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>Machine learning models are brittle, and small changes in the training data can result in different predictions. We study the problem of proving that a prediction is robust to data poisoning, where an attacker can inject a number of malicious elements into the training set to influence the learned model. We target decision-tree models, a popular and simple class of machine learning models that underlies many complex learning techniques. We present a sound verification technique based on abstract interpretation and implement it in a tool called Antidote. Antidote abstractly trains decision trees for an intractably large space of possible poisoned datasets. Due to the soundness of our abstraction, Antidote can produce proofs that, for a given input, the corresponding prediction would not have changed had the training set been tampered with or not. We demonstrate the effectiveness of Antidote on a number of popular datasets</p>
<p><em>Paper available at: https://arxiv.org/abs/1912.00981</em></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/25952020-04-12T20:16:20-04:002020-04-13T12:04:54-04:00https://talks.cs.umd.edu/talks/2595PLunch: On the Expressive Power of Programming LanguagesIan Sweet<br><br>Monday, April 13, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>The literature on programming languages contains an abundance of informal claims on the relative expressive power of programming languages, but there is no framework for formalizing such statements nor for deriving interesting consequences. As a first step in this direction, we develop a formal notion of expressiveness and investigate its properties. To demonstrate the theory's closeness to published intuitions on expressiveness, we analyze the expressive power of several extensions of functional languages. Based on these results, we believe that our system correctly captures many of the informal ideas on expressiveness, and that it constitutes a good basis for further research in this direction.</p>
<p><em>Paper link: https://link.springer.com/content/pdf/10.1007%2F3-540-52592-0_60.pdf</em></p>
<p><em>Watch Shriram Krishnamurthi's talk: https://www.youtube.com/watch?v=43XaZEn2aLc</em></p>
<p><em>Zoom meeting URL will be shared via email on the mailing list, or email me to get the URL.</em></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/25962020-04-12T20:21:56-04:002020-04-12T20:21:56-04:00https://talks.cs.umd.edu/talks/2596Morpheus+ - A Compiler Verification FrameworkLiyi Li - University of Illinois, Urbana-Champaign<br><br>Tuesday, April 14, 2020, 10:00-11:00 am<br><br><b>Abstract:</b> <p>Note: Talk will be at https://umd.zoom.us/my/mhicks2</p>
<p>Previously, researchers established some frameworks, such as Morpheus, to specify a compiler translation in a small language and prove the semantic preservation property of the translation in the language under the assumption of sequential consistency. Based on the Morpheus specification language, we extend the verification framework to prove the compiler translation semantic preservation property in a large real-world programming language with a real-world weak concurrency model. We named the framework as Morpheus+.</p>
<p>In this talk, we focus on a special part of the framework: K-LLVM, which is the complete semantics of LLVM IR. To the best of our knowledge, K-LLVM is the most complete formal LLVM IR semantics to date, including all LLVM IR instructions, intrinsic functions in the LLVM documentation and Standard-C library functions that are necessary to execute many LLVM IR programs. Additionally, K-LLVM formulates an abstract machine that executes all LLVM IR instructions. The machine allows to describe our formal semantics in terms of simulating a conceptual virtual machine that runs LLVM IR programs, including non-deterministic programs.</p>
<p>Besides, we will see how a compiler verification step can be done on top of K-LLVM by our Per-Location Simulation (PLS) framework. PLS is simple and suitable for proving that a compiled program semantically preserves its original program under a CFG-based language with a real-world, C/C++ like, weak memory model. To the best of our knowledge, PLS is the first simulation framework weaker than the CompCert/CompCertTSO one that is used for proving compiler correctness. With a combination of PLS, the compiler proof-framework Morpheus, and a language semantics with a weak memory model, we are able to prove that programs are semantically preserved through a transformation.</p><br><b>Bio:</b> <p>Liyi is a PhD candidate in the Department of Computer Science at UIUC, working with Dr. Elsa Gunter.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/25992020-04-18T09:08:23-04:002020-04-18T09:08:23-04:00https://talks.cs.umd.edu/talks/2599PLunch: Guarded Kleene Algebra with TestsRobert Rand<br>Zoom<br>Monday, April 20, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>Guarded Kleene Algebra with Tests (GKAT) is a variation on Kleene Algebra with Tests (KAT) that arises by restricting the union (+) and iteration (*) operations from KAT to predicate-guarded versions. We develop the (co)algebraic theory of GKAT and show how it can be efficiently used to reason about imperative programs. In contrast to KAT, whose equational theory is PSPACE-complete, we show that the equational theory of GKAT is (almost) linear time. We also provide a full Kleene theorem and prove completeness for an analogue of Salomaa’s axiomatization of Kleene Algebra.</p>
<p><em>Paper link: https://dl.acm.org/doi/10.1145/3371129</em></p>
<p><em>Here's an introduction to Kleene Algebra: https://dl.acm.org/doi/pdf/10.1145/256167.256195 </em></p>
<p><em>Zoom meeting URL will be shared via email on the mailing list, or email me to get the URL.</em></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26042020-04-26T22:04:58-04:002020-04-26T22:05:29-04:00https://talks.cs.umd.edu/talks/2604PLunch: A tour-de-force in Coq AutomationLeonidas Lampropoulos<br>Zoom<br>Monday, April 27, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <div style="font-size: 12pt; font-family: Calibri, Helvetica, sans-serif;">
<div style="font-size: 12pt;">I'll talk about different ways of automating Coq proofs, with an emphasis on the "repeat match goal with" paradigm that Adam Chlipala has popularized. Most of the material will be based on Adam's first lecture in the 2017 DeepSpec Summer School, and we'll go over creating our own "tauto" and (more ambitiously) dealing with quantifiers in a principled style.</div>
<p><em>Zoom link will sent via PL Reading mailing list.</em></p>
</div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26072020-05-04T10:10:08-04:002020-05-04T10:10:08-04:00https://talks.cs.umd.edu/talks/2607Comprehensive formal verification of an OS microkernelDavid Miller<br>Zoom<br>Monday, May 4, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p style="box-sizing: border-box; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); margin: 0px 0px 1.2rem; padding: 0px 0px 0px 10px; border: 0px; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; font-size: 15px; line-height: inherit; font-family: 'Open sans', sans-serif; vertical-align: baseline; max-width: 46.6667em; color: #1d2021;">We present an in-depth coverage of the comprehensive machine-checked formal verification of seL4, a general-purpose operating system microkernel.</p>
<p style="box-sizing: border-box; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); margin: 0px 0px 1.2rem; padding: 0px 0px 0px 10px; border: 0px; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; font-size: 15px; line-height: inherit; font-family: 'Open sans', sans-serif; vertical-align: baseline; max-width: 46.6667em; color: #1d2021;">We discuss the kernel design we used to make its verification tractable. We then describe the functional correctness proof of the kernel’s C implementation and we cover further steps that transform this result into a comprehensive formal verification of the kernel: a formally verified IPC fast path, a proof that the binary code of the kernel correctly implements the C semantics, a proof of correct access-control enforcement, a proof of information-flow noninterference, a sound worst-case execution time analysis of the binary, and an automatic initialiser for user-level systems that connects kernel-level access control enforcement with reasoning about system behaviour. We summarise these results and show how they integrate to form a coherent overall analysis, backed by machine-checked, end-to-end theorems.</p>
<p style="box-sizing: border-box; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); margin: 0px 0px 1.2rem; padding: 0px 0px 0px 10px; border: 0px; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; font-size: 15px; line-height: inherit; font-family: 'Open sans', sans-serif; vertical-align: baseline; max-width: 46.6667em; color: #1d2021;">The seL4 microkernel is currently not just the only general-purpose operating system kernel that is fully formally verified to this degree. It is also the only example of formal proof of this scale that is kept current as the requirements, design and implementation of the system evolve over almost a decade. We report on our experience in maintaining this evolving formally verified code base.</p>
<p style="box-sizing: border-box; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); margin: 0px 0px 1.2rem; padding: 0px 0px 0px 10px; border: 0px; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; font-size: 15px; line-height: inherit; font-family: 'Open sans', sans-serif; vertical-align: baseline; max-width: 46.6667em; color: #1d2021;">Paper link: <a style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 14px;" href="http://ts.data61.csiro.au/publications/nictaabstracts/Klein_AEMSKH_14.abstract.pml">http://ts.data61.csiro.au/publications/nictaabstracts/Klein_AEMSKH_14.abstract.pml</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26082020-05-05T09:16:01-04:002020-05-29T15:08:46-04:00https://talks.cs.umd.edu/talks/2608Automatic Commutativity Verification with Differencing Abstractions<a href="https://www.cs.stevens.edu/~ejk/">Eric Koskinen - Stevens Institute of Technology</a><br>Zoom<br>Monday, June 8, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p><span style=" color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small; text-size-adjust: auto;">Commutativity of data structure methods is of ongoing interest, with roots in the database community. In recent years commutativity has been shown to be a key ingredient to enabling multicore concurrency in contexts such as parallelizing compilers, transactional memory, speculative execution and, more broadly, software scalability. Despite this interest, it remains an open question as to how a data structure's commutativity specification can be verified automatically from its implementation.</span><br style=" color: #222222; font-family: Arial, Helvetica, sans-serif; text-size-adjust: auto;"><br style=" color: #222222; font-family: Arial, Helvetica, sans-serif; text-size-adjust: auto;"><span style=" color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small; text-size-adjust: auto;">I will describe our recent work on techniques to automatically prove the correctness of method commutativity conditions from data structure implementations. We introduce a new kind of abstraction that characterizes the ways in which the effects of two methods differ depending on the order in which the methods are applied, and abstracts away effects of methods that would be the same regardless of the order. I’ll then discuss a novel algorithm that reduces the problem to reachability, so that off-the-shelf program analysis tools can perform the reasoning necessary for proving commutativity. Finally, I’ll describe CityProver: a proof-of-concept commutativity verifier and some experimental results on ADTs such as a memory cell, counter, two-place Set, array-based stack, queue, and a rudimentary hash table. I’ll conclude with a discussion of what makes a data structure's commutativity provable with today's tools and what needs to be done to prove more in the future.</span><br style=" color: #222222; font-family: Arial, Helvetica, sans-serif; text-size-adjust: auto;"><br style=" color: #222222; font-family: Arial, Helvetica, sans-serif; text-size-adjust: auto;"><span style=" color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small; text-size-adjust: auto;">Arxiv: </span><a style="color: #1155cc; font-family: Arial, Helvetica, sans-serif; text-size-adjust: auto;" href="https://arxiv.org/abs/2004.08450" rel="noopener">https://arxiv.org/abs/<wbr></wbr>2004.08450</a><br style=" color: #222222; font-family: Arial, Helvetica, sans-serif; text-size-adjust: auto;"><br style=" color: #222222; font-family: Arial, Helvetica, sans-serif; text-size-adjust: auto;"><span style=" color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small; text-size-adjust: auto;">Joint work with Kshitij Bansal</span></p>
<p><span style=" color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small; text-size-adjust: auto;">Zoom: </span><a style="color: #1155cc; font-family: Arial, Helvetica, sans-serif; text-size-adjust: auto;" href="https://umd.zoom.us/j/4819166581" rel="noopener">https://umd.zoom.us/j/<wbr></wbr>4819166581</a></p><br><b>Bio:</b> <p><span style=" color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small; text-size-adjust: auto;">Eric Koskinen is an Assistant Professor at Stevens Institute of Technology. Previously, he was a Lecturer/Researcher at Yale University and a Visiting Professor at New York University. Eric received a Ph.D in Computer Science from the University of Cambridge, where he was a Gates Cambridge Scholar. He also spent time at IBM Watson, Microsoft, and from 2002-2005, Eric was a Software Engineer at<span class="Apple-converted-space"> </span></span><a style="color: #1155cc; font-family: Arial, Helvetica, sans-serif; text-size-adjust: auto;" href="http://amazon.com/" rel="noopener">Amazon.com</a><span style=" color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small; text-size-adjust: auto;">. Eric’s research is at the intersection of automatic software verification and concurrency and yields techniques that improve the way programmers develop reliable and efficient concurrent software for multi-core and distributed systems.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26102020-05-10T11:30:40-04:002020-05-10T11:30:40-04:00https://talks.cs.umd.edu/talks/2610PLunch: A Simple Differentiable Programming LanguageIan Sweet<br>Zoom<br>Monday, May 11, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p><span style="font-family: 'Lucida Grande', Helvetica, Arial, sans-serif; font-size: 13.607999801635742px;">Automatic differentiation plays a prominent role in scientific computing and in modern machine learning, often in the context of powerful programming systems. The relation of the various embodiments of automatic differentiation to the mathematical notion of derivative is not always entirely clear---discrepancies can arise, sometimes inadvertently. In order to study automatic differentiation in such programming contexts, we define a small but expressive programming language that includes a construct for reverse-mode differentiation. We give operational and denotational semantics for this language. The operational semantics employs popular implementation techniques, while the denotational semantics employs notions of differentiation familiar from real analysis. We establish that these semantics coincide.</span></p>
<p>Paper URL: https://arxiv.org/abs/1911.04523</p>
<p>You can email me to get the Zoom link.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26162020-06-07T19:25:39-04:002020-06-07T19:31:42-04:00https://talks.cs.umd.edu/talks/2616Contesting Secure Software Development<a href="https://www.cs.umd.edu/~mwh/">Michael Hicks - University of Maryland</a><br><br>Thursday, June 11, 2020, 12:00-1:00 pm<br><br><b>Abstract:</b> <p>With the ongoing, frequent disclosure of the existence and exploitation of security vulnerabilities, one might wonder: How can we can build software that is more secure? In an attempt to focus educational attention on this question, and gather empirical evidence at the same time, we developed the Build it, Break it, Fix it (BIBIFI) security-oriented programming contest. In BIBIFI, teams aim to build specified software that should be correct, efficient, and secure. These goals mimic those of the real world. Security is tested when teams attempt to break other teams’ submissions. Winners are chosen from among the best builders and the best breakers. BIBIFI was designed to be open-ended — teams can use any language, tool, process, etc. that they like.</p>
<p>We ran three 6-week contests involving a total of 156 teams from across the world, and three different programming problems. Most participants had previous development experience and security education. Quantitative analysis from these contests found several interesting trends. For example, the most efficient build-it submissions used C/C++, but submissions coded in a statically-type safe language were 11× less likely to have a security flaw than C/C++ submissions. A manual, in-depth qualitative analysis (using iterative open coding) of the vulnerabilities in 76 of these projects also revealed interesting trends. For example, the analysis found that simple mistakes were least common: only 26% of projects introduced such an error. Conversely, vulnerabilities arising from a misunderstanding of security concepts were significantly more common: 84% of projects introduced at least one such error. Overall, our results have implications for improving secure-programming language choices, API designs, API documentation, vulnerability-finding tools, and security education.</p>
<p>This is joint work with James Parker, Andrew Ruef, Dan Votipka, Kelsey Fulton, Matthew Hou, Michelle Mazurek, and Dave Levin, all at the University of Maryland.</p>
<p>Zoom: https://umd.zoom.us/my/mhicks2</p><br><b>Bio:</b> <p>Michael Hicks is a professor at the University of Maryland. He had a mustache for a while, but he's shaved it.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26302020-08-30T21:15:14-04:002020-08-30T21:19:14-04:00https://talks.cs.umd.edu/talks/2630PLUM: "What are you working on?" (Part 1)PLUM Lab - University of Maryland, College Park<br>Zoom<br>Tuesday, September 1, 2020, 4:15-5:15 pm<br><br><b>Abstract:</b> <p>The PLUM Lab is holding a series of short 10-minute talks in which each lab member updates the group about what they are working on. This is a great way to get to know the members of the PLUM lab and see what we are working on!</p>
<p>Please connect via Zoom: https://umd.zoom.us/my/mhicks2</p>
<p>The speakers for part 1 are:</p>
<p><strong>4:15pm — Mike Hicks</strong></p>
<p><strong>4:25pm — Liyi Li</strong></p>
<p><strong>4:35pm — Michael Coblenz</strong></p>
<p><strong>4:45pm — Ian Sweet</strong></p>
<p><strong>4:55pm — Kesha Hietala</strong></p>
<p><strong>5:05pm — Yiyun Liu</strong></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26312020-08-30T21:16:58-04:002020-09-08T11:03:30-04:00https://talks.cs.umd.edu/talks/2631PLUM: "What are you working on?" (Part 2)<a href="https://plum-umd.github.io/people/">PLUM Lab - University of Maryland, College Park</a><br>Zoom<br>Tuesday, September 8, 2020, 4:15-5:15 pm<br><br><b>Abstract:</b> <p style="font-family: Georgia;">The PLUM Lab is holding a series of short 10-minute talks in which each lab member updates the group about what they are working on. This is a great way to get to know the members of the PLUM lab and see what we are working on!</p>
<p style="font-family: Georgia;">Please connect via Zoom: https://umd.zoom.us/my/mhicks2</p>
<p style="font-family: Georgia;">The speakers for part 2 are:<br><br><strong>4:15pm — </strong><strong>Leo Lampropoulos</strong></p>
<p><span style="font-family: Georgia;"><strong>4:25pm — Deena Postol</strong></span></p>
<p><strong style="font-family: Georgia;">4:35pm — </strong><span style="font-family: Georgia;"><strong>Jacob Prinz</strong></span><strong style="font-family: Georgia;"><br></strong></p>
<p><span style="font-family: Georgia;"><strong style="font-family: Georgia;">4:45pm — </strong><span style="font-family: Georgia;"><strong>Sankha Guria</strong></span><br></span><strong style="font-family: Georgia;"><br></strong><strong style="font-family: Georgia;">4:55pm — </strong><span style="font-family: Georgia;"><strong>David Van Horn</strong></span></p>
<p><span style="font-family: Georgia;"><strong>5:05pm — Henry Blanchette</strong></span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26432020-09-14T09:22:08-04:002020-09-14T09:22:08-04:00https://talks.cs.umd.edu/talks/2643PLUM Reading Group: Incorrectness Logic, POPL2020<a href="https://plum-umd.github.io/people/#_people/ins.md">Ian Sweet - University of Maryland, College Park</a><br>Zoom<br>Tuesday, September 15, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>Program correctness and incorrectness are two sides of the same coin. As a programmer, even if you would like to have correctness, you might find yourself spending most of your time reasoning about incorrectness. This includes informal reasoning that people do while looking at or thinking about their code, as well as that supported by automated testing and static analysis tools. This paper describes a simple logic for program incorrectness which is, in a sense, the other side of the coin to Hoare's logic of correctness.<br><br>Come join us via Zoom: https://umd.zoom.us/my/mhicks2</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26452020-09-15T20:29:28-04:002020-09-21T07:33:08-04:00https://talks.cs.umd.edu/talks/2645Finger Trees Explained Anew, and Slightly Simplified (Functional Pearl)<a href="https://lemonidas.github.io/">Leonidas Lampropoulos - University of Maryland, College Park</a><br>Zoom<br>Tuesday, September 22, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>We explicitly motivate the subtle intricacies of Hinze and Paterson's Finger Tree datastructure, by step-wise refining a naive implementation. The result is a new explanation of how Finger Trees work and why they have the particular structure they have, and also a small simplification of the original implementation.<br><br><span style="font-family: Georgia;">Come join us via Zoom: https://umd.zoom.us/my/isweet</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26572020-09-28T11:43:00-04:002020-09-29T10:23:37-04:00https://talks.cs.umd.edu/talks/2657Higher-Order Demand-Driven Symbolic Evaluation<a href="http://blog.tail.moe/">Shiwei Weng - Johns Hopkins University</a><br>Zoom<br>Tuesday, September 29, 2020, 4:15-5:15 pm<br><br><b>Abstract:</b> <p>Developing accurate and efficient program analyses for languages with higher-order functions is known to be difficult. Here we define a new higher-order program analysis, Demand-Driven Program Analysis (DDPA), which extends well-known demand-driven lookup techniques found in first-order program analyses to higher-order programs.</p>
<p>This task presents several unique challenges to obtain good accuracy, including the need for a new method for demand-driven lookup of non-local variable values. DDPA is flow- and context-sensitive and provably polynomial-time. To efficiently implement DDPA we develop a novel pushdown automaton metaprogramming framework, the Pushdown Reachability automaton (PDR). The analysis is formalized and proved sound, and an implementation is described.</p>
<p>Come join us via Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</p>
<p>Password: <span style="background-color: #f8f8f8; color: #1d1c1d; font-family: Slack-Lato, appleLogo, sans-serif; font-size: 15px; font-variant-ligatures: common-ligatures;">5108</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26592020-09-29T17:41:21-04:002020-10-02T16:35:04-04:00https://talks.cs.umd.edu/talks/2659On the Design, Implementation, and Use of Laziness in R<a href="http://aviral.io/">Aviral Goel - Northeastern University</a><br>Zoom<br>Tuesday, October 6, 2020, 4:15-5:15 pm<br><br><b>Abstract:</b> <p><span style="color: #515151; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;">The R programming language has been lazy for over twenty-five years. This paper presents a review of the design and implementation of call-by-need in R, and a data-driven study of how generations of programmers have put laziness to use in their code. We analyze 16,707 packages and observe the creation of 270.9 B promises. Our data suggests that there is little supporting evidence to assert that programmers use laziness to avoid unnecessary computation or to operate over infinite data structures. For the most part R code appears to have been written without reliance on, and in many cases even knowledge of, delayed argument evaluation. The only significant exception is a small number of packages which leverage call-by-need for meta-programming.</span><br><br></p>
<p style="font-family: Georgia;">Come join us via Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</p>
<p style="font-family: Georgia;">Password: <span style="background-color: #f8f8f8; color: #1d1c1d; font-family: Slack-Lato, appleLogo, sans-serif; font-size: 15px; font-variant-ligatures: common-ligatures;">5108</span></p><br><b>Bio:</b> <p><span style="color: #515151; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;">I am a third year </span><a style="box-sizing: border-box; text-decoration-line: none; border-bottom: 0.3em solid rgba(136, 136, 136, 0.3); cursor: pointer; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;" href="https://www.khoury.northeastern.edu/">Computer Science</a><span style="color: #515151; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;"> Ph.D. student at </span><a style="box-sizing: border-box; text-decoration-line: none; border-bottom: 0.3em solid rgba(136, 136, 136, 0.3); cursor: pointer; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;" href="http://www.northeastern.edu/">Northeastern University</a><span style="color: #515151; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;">. I am a member of the </span><a style="box-sizing: border-box; text-decoration-line: none; border-bottom: 0.3em solid rgba(136, 136, 136, 0.3); cursor: pointer; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;" href="http://prl.ccs.neu.edu/">Programming Research Laboratory</a><span style="color: #515151; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;">. I am interested in all aspects related to the design and implementation of programming languages. Currently, I am studying laziness (call-by-need) in </span><a style="box-sizing: border-box; text-decoration-line: none; border-bottom: 0.3em solid rgba(136, 136, 136, 0.3); cursor: pointer; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;" href="https://www.r-project.org/">R</a><span style="color: #515151; font-family: Interrobang, 'Libre Baskerville', 'Palatino Linotype', 'Book Antiqua', Palatino, Georgia, serif; font-size: 18.4px; text-align: justify;">.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26722020-10-13T07:53:18-04:002020-10-13T08:26:40-04:00https://talks.cs.umd.edu/talks/2672POPLMark Reloaded: Mechanizing Proofs by Logical Relations<a href="https://www.cs.umd.edu/~kesha/">Ian Sweet - University of Maryland, College Park</a><br>Zoom<br>Tuesday, October 13, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>We propose a new collection of challenge problems in mechanizing metatheory of programming languages for comparing and pushing the state of the art of proof assistants. In particular, we focus on proofs using logical relations and propose establishing strong normalization of a simply-typed lambda-calculus with a proof by Kripke-style logical relations as a benchmark. We give a modern view of this well-understood problem by formulating our logical relation on well-typed terms. Using this case study, we share some of the lessons learned tackling this challenge problem in different dependently-typed proof environments. In particular, we consider the mechanization in Beluga, a proof environment that supports higher-order abstract syntax encodings and contrast it to the development and strategies used in general purpose proof assistants such as Coq and Agda. We hope others will be motivated to submit solutions! The goal of this paper is to engage the community in discussions on what support in proof environments is needed to truly bring mechanized metatheory to the masses.<br><br><span style="font-family: Georgia;">Come join us via Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26732020-10-13T08:34:44-04:002020-10-13T08:34:44-04:00https://talks.cs.umd.edu/talks/2673The Next 700 Compiler Correctness Theorems (Functional Pearl)<a href="https://sankhs.com/">Sankha Narayan Guria - University of Maryland, College Park</a><br>Zoom<br>Tuesday, October 20, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>Compiler correctness is an old problem, with results stretching back beyond the last half-century. Founding the field, John McCarthy and James Painter set out to build a "completely trustworthy compiler". And yet, until quite recently, even despite truly impressive verification efforts, the theorems being proved were only about the compilation of whole programs, a theoretically quite appealing but practically unrealistic simplification. For a compiler correctness theorem to assure complete trust, the theorem must reflect the reality of how the compiler will be used.</p>
<p>There has been much recent work on more realistic "compositional" compiler correctness aimed at proving correct compilation of components while supporting linking with components compiled from different languages using different compilers. However, the variety of theorems, stated in remarkably different ways, raises questions about what researchers even mean by a "compiler is correct." In this pearl, we develop a new framework with which to understand compiler correctness theorems in the presence of linking, and apply it to understanding and comparing this diversity of results. In doing so, not only are we better able to assess their relative strengths and weaknesses, but gain insight into what we as a community should expect from compiler correctness theorems of the future.<br><br>Paper: https://dl.acm.org/doi/pdf/10.1145/3341689<br>Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</p><br><b>Bio:</b> <p>Sankha is a PhD student advised by David Van Horn and Jeff Foster. He is interested in practical tools to aid the development of fast, reliable software. Recently his focus has been on designing program synthesis tools for synthesizing programs from their tests.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26742020-10-13T08:39:01-04:002020-10-13T08:39:01-04:00https://talks.cs.umd.edu/talks/2674Parsing with zippers (functional pearl)Deena Postol - University of Maryland, College Park<br>Zoom<br>Tuesday, October 27, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>Parsing with Derivatives (PwD) is an elegant approach to parsing context-free grammars (CFGs). It takes the equational theory behind Brzozowski’s derivative for regular expressions and augments that theory with laziness, memoization, and fixed points. The result is a simple parser for arbitrary CFGs. Although recent work improved the performance of PwD, it remains inefficient due to the algorithm repeatedly traversing some parts of the grammar.</p>
<p>In this functional pearl, we show how to avoid this inefficiency by suspending the state of the traversal in a zipper. When subsequent derivatives are taken, we can resume the traversal from where we left off without retraversing already traversed parts of the grammar. <br><br>However, the original zipper is designed for use with trees, and we want to parse CFGs. CFGs can include shared regions, cycles, and choices between alternates, which makes them incompatible with the traditional tree model for zippers. This paper develops a generalization of zippers to properly handle these additional features. Just as PwD generalized Brzozowski’s derivatives from regular expressions to CFGs, we generalize Huet’s zippers from trees to CFGs. <br><br>The resulting parsing algorithm is concise and efficient: it takes only 31 lines of OCaml code to implement the derivative function but performs 6,500 times faster than the original PwD and 3.24 times faster than the optimized implementation of PwD.</p>
<p>Paper: https://dl.acm.org/doi/10.1145/3408990<br>Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</p><br><b>Bio:</b> <p>Deena is a PhD student advised by David Van Horn. She is interested broadly in verification and type theory.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26752020-10-13T08:41:35-04:002020-10-13T08:41:35-04:00https://talks.cs.umd.edu/talks/2675Local Type Inference<a href="https://terpconnect.umd.edu/~blancheh/">Henry Blanchette - University of Maryland, College Park</a><br>Zoom<br>Tuesday, November 3, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>We study two partial type inference methods for a language combining subtyping and impredicative polymorphism. Both methods are local in the sense that missing annotations are recovered using only information from adjacent nodes in the syntax tree, without long-distance constraints such as unification variables. One method infers type arguments in polymorphic applications using a local constraint solver. The other infers annotations on bound variables in function abstractions by propagating type constraints downward from enclosing application nodes. We motivate our design choices by a statistical analysis of the uses of type inference in a sizable body of existing ML code.<br><br>Paper: https://www.cis.upenn.edu/~bcpierce/papers/lti-toplas.pdf<br>Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</p><br><b>Bio:</b> <p>Henry is a PhD student advised by <a href="http://www.cs.umd.edu/~dvanhorn/">David Van Horn</a>. Interests: implementation and design of programming languages for formal verification, theoretical foundations, and practical software development.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26762020-10-13T08:44:46-04:002020-10-27T19:41:13-04:00https://talks.cs.umd.edu/talks/2676Dependent Type Systems as MacrosYiyun Liu - University of Maryland, College Park<br>Zoom<br>Tuesday, November 10, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>We present Turnstile+, a high-level, macros-based metaDSL for building dependently typed languages. With it, programmers may rapidly prototype and iterate on the design of new dependently typed features and extensions. Or they may create entirely new DSLs whose dependent type "power" is tailored to a specific domain. Our framework’s support of language-oriented programming also makes it suitable for experimenting with systems of interacting components, e.g., a proof assistant and its companion DSLs. This paper explains the implementation details of Turnstile+, as well as how it may be used to create a wide-variety of dependently typed languages, from a lightweight one with indexed types, to a full spectrum proof assistant, complete with a tactic system and extensions for features like sized types and SMT interaction.<br><br>Paper: https://dl.acm.org/doi/10.1145/3371071<br>Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</p><br><b>Bio:</b> <p><span style="color: #111111; font-family: 'PT Sans'; font-size: 16px; background-color: #fdfdfd;">Yiyun is a Master’s student advised by Mike Hicks, and working closely with Niki Vazou. He is interested in verifying security properties of formal systems and implementing verification tools. Recently his focus has been on adding typeclass refinements to Liquid Haskell.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26782020-10-13T08:51:11-04:002020-11-16T11:46:47-05:00https://talks.cs.umd.edu/talks/2678Abstracting Gradual TypingJacob Prinz - University of Maryland, College Park<br>https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09<br>Tuesday, November 24, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>Language researchers and designers have extended a wide variety of type systems to support gradual typing, which enables languages to seamlessly combine dynamic and static checking. These efforts consistently demonstrate that designing a satisfactory gradual counterpart to a static type system is challenging, and this challenge only increases with the sophistication of the type system. Gradual type system designers need more formal tools to help them conceptualize, structure, and evaluate their designs. <br><br>In this paper, we propose a new formal foundation for gradual typing, drawing on principles from abstract interpretation to give gradual types a semantics in terms of pre-existing static types. Abstracting Gradual Typing (AGT for short) yields a formal account of consistency—one of the cornerstones of the gradual typing approach—that subsumes existing notions of consistency, which were developed through intuition and ad hoc reasoning. <br><br>Given a syntax-directed static typing judgment, the AGT approach induces a corresponding gradual typing judgment. Then the type safety proof for the underlying static discipline induces a dynamic semantics for gradual programs defined over sourcelanguage typing derivations. The AGT approach does not resort to an externally justified cast calculus: instead, run-time checks naturally arise by deducing evidence for consistent judgments during proof reduction. <br><br>To illustrate the approach, we develop a novel gradually-typed counterpart for a language with record subtyping. Gradual languages designed with the AGT approach satisfy by construction the refined criteria for gradual typing set forth by Siek and colleagues.<br><br>Paper: https://pleiad.cl/papers/2016/garciaAl-popl2016.pdf<br>Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26792020-10-13T08:55:22-04:002020-12-01T13:22:44-05:00https://talks.cs.umd.edu/talks/2679RefinedC: An Extensible Refinement Type System for C Based on Separation Logic ProgrammingLiyi Li - University of Maryland, College Park<br>Zoom<br>Tuesday, December 8, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>Although the C and C++ programming languages are by their very nature unsafe, they nevertheless power most of the lower layers of the software stack, including hypervisors and operating systems. As a consequence, many critical systems remain vulnerable to safety and functional correctness issues, which can lead to crashes and security breaches. To improve on this situation, we propose a new approach to verifying the correctness of idiomatic C code, called <strong>RefinedC</strong>—a type system combining ownership types (to ensure memory safety) with refinement types (to ensure functional correctness). RefinedC is built atop a new “separation logic programming” language we call Lithium, which supports automatic proof search by backchaining, but without the need for backtracking. By virtue of its representation as a Lithium program, RefinedC’s type system is fundamentally extensible, meaning that the set of typing rules is not fixed and can be grown over time by adding new clauses to the Lithium program. We show that this extensibility is key to supporting numerous low-level idioms (e.g., involving pointer manipulations) which C programmers employ in practice. RefinedC and Lithium are embedded in the Iris framework for concurrent separation logic in Coq, allowing us to foundationally certify the result of the RefinedC type checker, including user-defined extensions.<br><br>Paper: https://plv.mpi-sws.org/refinedc/paper.pdf<br>Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</p><br><b>Bio:</b> <p>Liyi Li is a Basili Postdoctoral Fellow at UMD.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/26802020-10-13T09:04:46-04:002020-12-01T15:46:05-05:00https://talks.cs.umd.edu/talks/2680Soft TypingTemur Saidkhodjaev - University of Maryland, College Park<br>Zoom<br>Tuesday, December 1, 2020, 4:15-5:00 pm<br><br><b>Abstract:</b> <p>Type systems are designed to prevent the improper use of program operations. They can be classified as either <em>static</em> or <em>dynamic</em>. Static type systems detect "ill-typed" programs at compile-time and prevent their execution. Dynamic type systems detect "ill-typed" programs at run-time.<br><br>Static type systems hace two important advantages over dynamic type systems. First, they provide important feedback to the programmer by detecting a large class of program errors <em>before</em> execution. Second, they extract information that a compiler can exploit to produce more efficient code. The price paid for these advantages, however, is a loss of expressiveness, modularity, and semantic simplicity.<br><br>This paper presents <em>soft</em> type systems that retain the expressiveness of dynamic typing, but offers the early error detection and improved optimization capabilities of static typing. The key idea underlying soft typing is that a type checker need not <em>reject</em> programs containing "ill-typed" phrases. Instead, the type checker can insert explicit run-time checks, transforming "ill-typed" programs into type-correct ones.<br><br>Paper: https://www.cs.rice.edu/~javaplt/papers/sigplan39-4.pdf<br>Zoom: https://umd.zoom.us/j/98723227318?pwd=K0RJZVZZM1Jhd2laMlg1ajgvUjltQT09</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/27482021-02-04T11:33:38-05:002021-02-04T11:33:38-05:00https://talks.cs.umd.edu/talks/2748A Simple Differentiable Programming Language<a href="https://plum-umd.github.io/people/#_people/ins.md">Ian Sweet - PLUM Lab</a><br><br>Monday, February 8, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Arxiv.</em> https://arxiv.org/abs/1911.04523</p>
<p><em>Abstract.</em> <code></code><span style="font-family: 'Lucida Grande', Helvetica, Arial, sans-serif; font-size: 13.607999801635742px;">Automatic differentiation plays a prominent role in scientific computing and in modern machine learning, often in the context of powerful programming systems. The relation of the various embodiments of automatic differentiation to the mathematical notion of derivative is not always entirely clear---discrepancies can arise, sometimes inadvertently. In order to study automatic differentiation in such programming contexts, we define a small but expressive programming language that includes a construct for reverse-mode differentiation. We give operational and denotational semantics for this language. The operational semantics employs popular implementation techniques, while the denotational semantics employs notions of differentiation familiar from real analysis. We establish that these semantics coincide.</span></p>
<div id="accelSnackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br><b>Bio:</b> <p> </p>
<div id="accelSnackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/27542021-02-10T13:35:23-05:002021-02-15T11:10:26-05:00https://talks.cs.umd.edu/talks/2754Putting gradual types to workTemur Saidkhodjaev - PLUM Lab<br>Zoom<br>Monday, February 15, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Zoom. </em>https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>Arxiv.</em> https://arxiv.org/abs/2101.12299</p>
<p><em>Title.</em> Putting gradual types to work</p>
<p><em>Abstract.</em> In this paper, we describe our experience incorporating gradual types in a statically typed functional language with Hindley-Milner style type inference. Where most gradually typed systems aim to improve static checking in a dynamically typed language, we approach it from the opposite perspective and promote dynamic checking in a statically typed language. Our approach provides a glimpse into how languages like SML and OCaml might handle gradual typing. We discuss our implementation and challenges faced -- specifically how gradual typing rules apply to our representation of composite and recursive types. We review the various implementations that add dynamic typing to a statically typed language in order to highlight the different ways of mixing static and dynamic typing and examine possible inspirations while maintaining the gradual nature of our type system. This paper also discusses our motivation for adding gradual types to our language, and the practical benefits of doing so in our industrial setting.</p>
<div id="accelSnackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br><b>Bio:</b> <p> </p>
<div id="accelSnackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/27802021-02-19T20:51:26-05:002021-02-19T20:51:26-05:00https://talks.cs.umd.edu/talks/2780Projection-Based Runtime Assertions for Testing and Debugging Quantum Programs<a href="https://plum-umd.github.io/people/#_people/kesha.md">Kesha Hietala - PLUM Lab</a><br><br>Monday, February 22, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Zoom.</em> https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>DL.</em> https://dl.acm.org/doi/10.1145/3428218</p>
<p><em>Title.</em> Projection-Based Runtime Assertions for Testing and Debugging Quantum Programs</p>
<p><em>Abstract.</em> In this paper, we propose Proq, a runtime assertion scheme for testing and debugging quantum programs on a quantum computer. The predicates in Proq are represented by projections (or equivalently, closed subspaces of the state space), following Birkhoff-von Neumann quantum logic. The satisfaction of a projection by a quantum state can be directly checked upon a small number of projective measurements rather than a large number of repeated executions. On the theory side, we rigorously prove that checking projection-based assertions can help locate bugs or statistically assure that the semantic function of the tested program is close to what we expect, for both exact and approximate quantum programs. On the practice side, we consider hardware constraints and introduce several techniques to transform the assertions, making them directly executable on the measurement-restricted quantum computers. We also propose to achieve simplified assertion implementation using local projection technique with soundness guaranteed. We compare Proq with existing quantum program assertions and demonstrate the effectiveness and efficiency of Proq by its applications to assert two sophisticated quantum algorithms, the Harrow-Hassidim-Lloyd algorithm and Shor’s algorithm.</p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br><b>Bio:</b> <p> </p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/27812021-02-19T20:55:29-05:002021-02-19T20:55:29-05:00https://talks.cs.umd.edu/talks/2781Quantum Lambda Calculus<a href="https://plum-umd.github.io/people/#_people/mwh.md">Mike Hicks - PLUM Lab</a><br>Zoom<br>Monday, March 1, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Zoom.</em> https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>PDF.</em> https://www.monoidal.net/papers/qlambdabook.pdf</p>
<p><em>Title.</em> Quantum Lambda Calculus</p>
<p><em>Abtract.</em> The lambda calculus, developed in the 1930’s by Church and Curry, is a formalism for expressing higher-order functions. In a nutshell, a higher-order function is a function that inputs or outputs a “black box”, which is itself a (possibly higher-order) function. Higher-order functions are a computationally powerful tool. Indeed, the pure untyped lambda calculus has the same computational power as Turing machines [Tur36]. At the same time, higher-order functions are a useful abstraction for programmers. They form the basis of functional programming languages such as LISP, ML, Scheme, and Haskell.</p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br><b>Bio:</b> <p> </p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/28002021-03-04T14:14:56-05:002021-03-04T14:14:56-05:00https://talks.cs.umd.edu/talks/2800egg: Fast and Extensible Equality Saturation<a href="https://plum-umd.github.io/people/#_people/sankha.md">Sankha Narayan Guria - PLUM Lab</a><br><br>Monday, March 8, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Zoom.</em> https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>ArXiv.</em> https://arxiv.org/abs/2004.03082</p>
<p><em>Title.</em> egg: Fast and Extensible Equality Saturation</p>
<p><em>Abstract.</em> An e-graph efficiently represents a congruence relation over many expressions. Although they were originally developed in the late 1970s for use in automated theorem provers, a more recent technique known as equality saturation repurposes e-graphs to implement state-of-the-art, rewrite-driven compiler optimizations and program synthesizers. However, e-graphs remain unspecialized for this newer use case. Equality saturation workloads exhibit distinct characteristics and often require ad-hoc e-graph extensions to incorporate transformations beyond purely syntactic rewrites.</p>
<p>This work contributes two techniques that make e-graphs fast and extensible, specializing them to equality saturation. A new amortized invariant restoration technique called rebuilding takes advantage of equality saturation's distinct workload, providing asymptotic speedups over current techniques in practice. A general mechanism called e-class analyses integrates domain-specific analyses into the e-graph, reducing the need for ad hoc manipulation.</p>
<p>We implemented these techniques in a new open-source library called egg. Our case studies on three previously published applications of equality saturation highlight how egg's performance and flexibility enable state-of-the-art results across diverse domains.</p>
<div id="accel-snackbar"> </div><br><b>Bio:</b> <p> </p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/28082021-03-20T13:26:35-04:002021-03-22T11:46:17-04:00https://talks.cs.umd.edu/talks/2808I am not a Number — I am a Free Variable<a href="https://plum-umd.github.io/people/#_people/deena.md">Deena Postol - PLUM Lab</a><br><br>Monday, March 22, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Zoom.</em> https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>Title.</em> I am not a Number — I am a Free Variable</p>
<p><em>PDF.</em> https://www.cs.ru.nl/~james/RESEARCH/haskell2004.pdf</p>
<p><em>Abstract.</em> In this paper, we show how to manipulate syntax with binding using a mixed representation of names for free variables (with respect to the task in hand) and de Bruijn indices [5] for bound variables. By doing so, we retain the advantages of both representations: naming supports easy, arithmetic-free manipulation of terms; de Bruijn indices eliminate the need for α-conversion. Further, we have ensured that not only the user but also the implementation need never deal with de Bruijn indices, except within key basic operations.</p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br><b>Bio:</b> <p> </p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/28142021-03-25T12:11:36-04:002021-03-25T12:11:36-04:00https://talks.cs.umd.edu/talks/2814Snek: Overloading Python Semantics via Virtualization<a href="https://plum-umd.github.io/people/#_people/yl.md">Yiyun Liu - PLUM Lab</a><br><br>Monday, March 29, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Zoom.</em> https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>Title.</em> Snek: Overloading Python Semantics via Virtualization</p>
<p><em>PDF.</em> https://www.cs.purdue.edu/homes/rompf/papers/decker-preprint201907.pdf</p>
<p><em>Abstract.</em> The Python language enjoys widespread adoption in a wide variety of domains spanning machine learning, scientific and high performance computing, and beyond. While implemented as libraries in Python, many Python frameworks aspire to be a domain-specific language (DSL), and often aim to bypass the Python interpreter. However, because Python’s inherent ability to overload built-in structures such as declarations, conditionals, or loops is limited, these frameworks are often constrained to a suboptimal, API-centric interface that replicates these built-ins with framework-specific semantics. Such an approach ultimately yields productivity losses for programmers, especially when switching between or mixing frameworks, as users must memorize an ever-expanding list of method calls for performing even simple tasks such as constructing control flow. Furthermore, API designers are forced to create new, substituting abstractions for traditional programming constructs, forcing a steep learning curve for users. </p>
<p>In this paper, we propose a structured methodology to allow DSL developers to use the whole of Python as a front-end, rather than creating equivalent APIs or relying on shims. Our methodology provides an extensive operator overloading and virtualization mechanism through the use of source code transformations, and enables powerful mechanisms like type-based multi-stage programming (which is popular in statically typed languages), without requiring explicit type information (e.g., via type annotations).</p>
<p>We implement this methodology in a system called Snek, which represents the first type-driven multi-stage programming framework for a dynamic language which does not require extra-linguistic mechanisms, and demonstrate the ability to quickly and easily provide new semantics for Python constructs.</p>
<div id="accel-snackbar"> </div><br><b>Bio:</b> <p> </p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/28252021-04-11T21:05:13-04:002021-04-11T21:06:02-04:00https://talks.cs.umd.edu/talks/2825Mesh: Compacting Memory Management for C/C++ ApplicationsTemur Saidkhodjaev - PLUM Lab<br><br>Monday, April 12, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Zoom.</em> https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>Title.</em> Mesh: Compacting Memory Management for C/C++ Applications.</p>
<p><em>Arxiv.</em> https://arxiv.org/abs/1902.04738</p>
<p><em>YouTube.</em> https://www.youtube.com/watch?v=c1UBJbfR-H0</p>
<p><em>Abstract.</em> Programs written in C/C++ can suffer from serious memory fragmentation, leading to low utilization of memory, degraded performance, and application failure due to memory exhaustion. This paper introduces Mesh, a plug-in replacement for malloc that, for the first time, eliminates fragmentation in unmodified C/C++ applications. Mesh combines novel randomized algorithms with widely-supported virtual memory operations to provably reduce fragmentation, breaking the classical Robson bounds with high probability. Mesh generally matches the runtime performance of state-of-the-art memory allocators while reducing memory consumption; in particular, it reduces the memory of consumption of Firefox by 16% and Redis by 39%.</p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br><b>Bio:</b> <p> </p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/28342021-04-18T15:13:37-04:002021-04-18T15:13:37-04:00https://talks.cs.umd.edu/talks/2834A Survey of Symbolic Execution Techniques<a href="https://plum-umd.github.io/people/#_people/yl.md">Yiyun Liu - PLUM Lab</a><br><br>Monday, April 19, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Zoom.</em> https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>Title.</em> A Survey of Symbolic Execution Techniques</p>
<p><em>ArXiv.</em> https://arxiv.org/abs/1610.00502</p>
<p><em>Abstract.</em> Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. For instance, a tool for identifying software vulnerabilities may need to rule out the existence of any backdoor to bypass a program's authentication. One approach would be to test the program using different, possibly random inputs. As the backdoor may only be hit for very specific program workloads, automated exploration of the space of possible inputs is of the essence. Symbolic execution provides an elegant solution to the problem, by systematically exploring many possible execution paths at the same time without necessarily requiring concrete inputs. Rather than taking on fully specified input values, the technique abstractly represents them as symbols, resorting to constraint solvers to construct actual instances that would cause property violations. Symbolic execution has been incubated in dozens of tools developed over the last four decades, leading to major practical breakthroughs in a number of prominent software reliability applications. The goal of this survey is to provide an overview of the main ideas, challenges, and solutions developed in the area, distilling them for a broad audience.</p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br><b>Bio:</b> <p> </p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/28392021-04-26T10:26:23-04:002021-04-26T12:03:55-04:00https://talks.cs.umd.edu/talks/2839Programming Languages for Secure Multiparty Computation<a href="https://plum-umd.github.io/people/#_people/ins.md">Ian Sweet - PLUM Lab</a><br><br>Monday, April 26, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Title. Programming Languages for Secure Multiparty Computatio</em>n</p>
<p><em>Zoom.</em> https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>Abstract.</em> A short talk on programming languages for secure multiparty computation (for non-experts).</p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br><b>Bio:</b> <p> </p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/28442021-05-09T12:04:47-04:002021-05-09T12:07:42-04:00https://talks.cs.umd.edu/talks/2844RbSyn: Type- and Effect-Guided Program Synthesis<a href="https://plum-umd.github.io/people/#_people/sankha.md">Sankha Guria - PLUM Lab</a><br><br>Monday, May 10, 2021, 12:00-12:45 pm<br><br><b>Abstract:</b> <p><em>Zoom.</em> https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p><em>Title.</em> RbSyn: Type- and Effect-Guided Program Synthesis</p>
<p><em>Arxiv.</em> https://arxiv.org/abs/2102.13183</p>
<p><em>Abstract.</em> In recent years, researchers have explored component-based synthesis, which aims to automatically construct programs that operate by composing calls to existing APIs. However, prior work has not considered efficient synthesis of methods with side effects, e.g., web app methods that update a database. In this paper, we introduce RbSyn, a novel type- and effect-guided synthesis tool for Ruby. An RbSyn synthesis goal is specified as the type for the target method and a series of test cases it must pass. RbSyn works by recursively generating well-typed candidate method bodies whose write effects match the read effects of the test case assertions. After finding a set of candidates that separately satisfy each test, RbSyn synthesizes a solution that branches to execute the correct candidate code under the appropriate conditions. We formalize RbSyn on a core, object-oriented language λsyn and describe how the key ideas of the model are scaled-up in our implementation for Ruby. We evaluated RbSyn on 19 benchmarks, 12 of which come from popular, open-source Ruby apps. We found that RbSyn synthesizes correct solutions for all benchmarks, with 15 benchmarks synthesizing in under 9 seconds, while the slowest benchmark takes 83 seconds. Using observed reads to guide synthesize is effective: using type-guidance alone times out on 10 of 12 app benchmarks. We also found that using less precise effect annotations leads to worse synthesis performance. In summary, we believe type- and effect-guided synthesis is an important step forward in synthesis of effectful methods from test cases.</p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br><b>Bio:</b> <p> </p>
<div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); bottom: 50px;"> </div><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29112021-09-12T17:05:39-04:002021-09-12T17:09:06-04:00https://talks.cs.umd.edu/talks/2911Leibniz equality is isomorphic to Martin-Löf identity, parametrically<a href="https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09">Henry Blanchette - UMD</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5237 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, September 13, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p>Consider two widely used definitions of equality. That of Leibniz: one value equals another if any predicate that holds of the first holds of the second. And that of Martin-Löf: the type identifying one value with another is occupied if the two values are identical. The former dates back several centuries, while the latter is widely used in proof systems such as Agda and Coq. Here we show that the two definitions are isomorphic: we can convert any proof of Leibniz equality to one of Martin-Löf identity and <span class="italic">vice versa</span>, and each conversion followed by the other is the identity. One direction of the isomorphism depends crucially on values of the type corresponding to Leibniz equality satisfying functional extensionality and Reynolds’ notion of parametricity. The existence of the conversions is widely known (meaning that if one can prove one equality then one can prove the other), but that the two conversions form an isomorphism (internally) in the presence of parametricity and functional extensionality is, we believe, new. Our result is a special case of a more general relation that holds between inductive families and their Church encodings. Our proofs are given inside type theory, rather than meta-theoretically. Our paper is a literate Agda script.</p>
<p> </p>
<p><a class="c-link" href="https://www.cambridge.org/core/journals/journal-of-functional-programming/article/leibniz-equality-is-isomorphic-to-martinlof-identity-parametrically/50D76A9C314AB24E7CD46DA4A0A766EB" rel="noopener noreferrer">https://www.cambridge.org/core/journals/journal-of-functional-programming/article/lei[…]lof-identity-parametrically/50D76A9C314AB24E7CD46DA4A0A766EB</a></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29152021-09-15T13:08:11-04:002021-09-15T13:08:11-04:00https://talks.cs.umd.edu/talks/2915A functional quantum programming languageFinn Voichick - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, September 20, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p>We introduce the language QML, a functional language for quantum computations on finite types. Its design is guided by its categorical semantics: QML programs are interpreted by morphisms in the category FQC of finite quantum computations, which provides a constructive semantics of irreversible quantum computations realisable as quantum gates. QML integrates reversible and irreversible quantum computations in one language, using first order strict linear logic to make weakenings explicit. Strict programs are free from decoherence and hence preserve superpositions and entanglement -which is essential for quantum parallelism.</p>
<p> </p>
<p>https://ieeexplore.ieee.org/document/1509229</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29452021-10-04T13:42:02-04:002021-10-04T13:42:02-04:00https://talks.cs.umd.edu/talks/2945How to Design Co-ProgramsDeena Postol - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5108 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 11, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p>The observation that <span class="italic">program structure follows data structure</span> is a key lesson in introductory programming: good hints for possible program designs can be found by considering the structure of the data concerned. In particular, this lesson is a core message of the influential textbook “How to Design Programs” by Felleisen, Findler, Flatt, and Krishnamurthi. However, that book discusses using only the structure of <span class="italic">input</span> data for guiding program design, typically leading towards structurally <span class="italic">recursive</span> programs. We argue that novice programmers should also be taught to consider the structure of <span class="italic">output</span> data, leading them also towards structurally <span class="italic">corecursive</span> programs.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29622021-10-20T11:36:29-04:002021-10-20T11:36:29-04:00https://talks.cs.umd.edu/talks/2962A Monad for Deterministic ParallelismJosé Manuel Calderón Trilla - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 25, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p><span dir="ltr" style="left: 90px; top: 365.001px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.881808);">We</span> <span dir="ltr" style="left: 115.255px; top: 365.001px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.865473);">present</span> <span dir="ltr" style="left: 164.122px; top: 365.001px; font-size: 14.944px; font-family: sans-serif;">a</span> <span dir="ltr" style="left: 176.466px; top: 365.001px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.893916);">new</span> <span dir="ltr" style="left: 206.683px; top: 365.001px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.923616);">programming</span> <span dir="ltr" style="left: 293.747px; top: 365.001px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.91756);">model</span> <span dir="ltr" style="left: 336.815px; top: 365.001px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.99855);">for</span> <span dir="ltr" style="left: 359.948px; top: 365.001px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.930311);">deterministic</span> <span dir="ltr" style="left: 443.695px; top: 365.001px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.929814);">parallel</span><br><span dir="ltr" style="left: 90px; top: 381.606px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.922267);">computation in a pure functional language. The model is monadic</span><br><span dir="ltr" style="left: 90px; top: 398.209px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.864895);">and</span> <span dir="ltr" style="left: 117.676px; top: 398.209px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.826571);">has</span> <span dir="ltr" style="left: 143.709px; top: 398.209px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.976814);">explicit</span> <span dir="ltr" style="left: 194.414px; top: 398.209px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.938077);">granularity,</span> <span dir="ltr" style="left: 268.85px; top: 398.209px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.904549);">but</span> <span dir="ltr" style="left: 293.761px; top: 398.209px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.930462);">allows</span> <span dir="ltr" style="left: 338.504px; top: 398.209px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.924836);">dynamic</span> <span dir="ltr" style="left: 396.068px; top: 398.209px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.916854);">construction</span> <span dir="ltr" style="left: 476.063px; top: 398.209px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.998531);">of</span><br><span dir="ltr" style="left: 90px; top: 414.814px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.92767);">dataflow networks that are scheduled at runtime, while remaining</span><br><span dir="ltr" style="left: 90px; top: 431.419px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.930311);">deterministic</span> <span dir="ltr" style="left: 173.178px; top: 431.419px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.864895);">and</span> <span dir="ltr" style="left: 199.898px; top: 431.419px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.888748);">pure.</span> <span dir="ltr" style="left: 235.33px; top: 431.419px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.90186);">The</span> <span dir="ltr" style="left: 263.709px; top: 431.419px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.925535);">implementation</span> <span dir="ltr" style="left: 362.668px; top: 431.419px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.924357);">is</span> <span dir="ltr" style="left: 377.777px; top: 431.419px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.835372);">based</span> <span dir="ltr" style="left: 416.96px; top: 431.419px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.898437);">on</span> <span dir="ltr" style="left: 437.045px; top: 431.419px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.910923);">monadic</span><br><span dir="ltr" style="left: 90px; top: 448.023px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.91943);">concurrency, which has until now only been used to simulate con-</span><br><span dir="ltr" style="left: 90px; top: 464.628px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.896472);">currency in functional languages, rather than to provide parallelism.</span><br><span dir="ltr" style="left: 90px; top: 481.233px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.90386);">We present the API with its semantics, and argue that parallel exe-</span><br><span dir="ltr" style="left: 90px; top: 497.836px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.92074);">cution is deterministic. Furthermore, we present a complete work-</span><br><span dir="ltr" style="left: 90px; top: 514.441px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.915943);">stealing scheduler implemented as a Haskell library, and we show</span><br><span dir="ltr" style="left: 90px; top: 531.046px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.89329);">that it performs at least as well as the existing parallel programming</span><br><span dir="ltr" style="left: 90px; top: 547.649px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.919561);">models in Haskell.</span></p>
<p> </p>
<p><span dir="ltr" style="left: 90px; top: 547.649px; font-size: 14.944px; font-family: sans-serif; transform: scaleX(0.919561);">https://simonmar.github.io/bib/papers/monad-par.pdf</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29542021-10-14T10:09:08-04:002021-10-14T10:09:08-04:00https://talks.cs.umd.edu/talks/2954Semantics-based program verifiers for all languagesLiyi Li - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 18, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p>We present a language-independent verification framework that can be instantiated with an operational semantics to automatically generate a program verifier. The framework treats both the operational semantics and the program correctness specifications as reachability rules between matching logic patterns, and uses the sound and relatively complete reachability logic proof system to prove the specifications using the semantics. We instantiate the framework with the semantics of one academic language, KernelC, as well as with three recent semantics of real-world languages, C, Java, and JavaScript, developed independently of our verification infrastructure. We evaluate our approach empirically and show that the generated program verifiers can check automatically the full functional correctness of challenging heap-manipulating programs implementing operations on list and tree data structures, like AVL trees. This is the first approach that can turn the operational semantics of real-world languages into correct-by-construction automatic verifiers.</p>
<p> </p>
<p>https://dl.acm.org/doi/pdf/10.1145/2983990.2984027</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29722021-10-28T13:25:23-04:002021-10-28T13:25:23-04:00https://talks.cs.umd.edu/talks/2972Normalization by EvaluationJacob Prinz - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, November 1, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p><span dir="ltr" style="left: 96.9916px; top: 541.109px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.04013);">In any model of typed</span> <span dir="ltr" style="left: 304.94px; top: 541.109px; font-size: 19.8823px; font-family: sans-serif;">λ</span><span dir="ltr" style="left: 316.297px; top: 541.109px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.962348);">–calculus contaning</span><br><span dir="ltr" style="left: 96.9916px; top: 565.134px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.977742);">some basic arithmetic, a functional</span> <span dir="ltr" style="left: 401.845px; top: 565.134px; font-size: 19.8823px; font-family: sans-serif;">p</span><span dir="ltr" style="left: 409.347px; top: 565.134px; font-size: 19.8823px; font-family: sans-serif;">→</span><span dir="ltr" style="left: 425.917px; top: 565.134px; font-size: 19.8823px; font-family: sans-serif;">e</span> <span dir="ltr" style="left: 442.232px; top: 565.134px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.00146);">(pro-</span><br><span dir="ltr" style="left: 96.9916px; top: 589.159px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.863366);">cedure</span> <span dir="ltr" style="left: 155.614px; top: 589.159px; font-size: 19.8823px; font-family: sans-serif;">→</span><span dir="ltr" style="left: 181.678px; top: 589.159px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.951162);">expression) will be defined which in-</span><br><span dir="ltr" style="left: 96.9916px; top: 613.184px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.02866);">verts the evaluation functional for typed</span> <span dir="ltr" style="left: 462.937px; top: 613.184px; font-size: 19.8823px; font-family: sans-serif;">λ</span><span dir="ltr" style="left: 474.293px; top: 613.184px; font-size: 19.8823px; font-family: sans-serif;">–</span><br><span dir="ltr" style="left: 96.9916px; top: 637.208px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.968181);">terms.</span> <span dir="ltr" style="left: 169.284px; top: 637.208px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.01473);">Combined with the evaluation func-</span><br><span dir="ltr" style="left: 96.9916px; top: 661.233px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.02193);">tional,</span> <span dir="ltr" style="left: 161.037px; top: 661.233px; font-size: 19.8823px; font-family: sans-serif;">p</span><span dir="ltr" style="left: 168.538px; top: 661.233px; font-size: 19.8823px; font-family: sans-serif;">→</span><span dir="ltr" style="left: 185.107px; top: 661.233px; font-size: 19.8823px; font-family: sans-serif;">e</span> <span dir="ltr" style="left: 203.872px; top: 661.233px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.01543);">yields an efficient normalization</span><br><span dir="ltr" style="left: 96.9916px; top: 685.258px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.988532);">algorithm.</span> <span dir="ltr" style="left: 207.418px; top: 685.258px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.0349);">The method is extended to</span> <span dir="ltr" style="left: 462.937px; top: 685.258px; font-size: 19.8823px; font-family: sans-serif;">λ</span><span dir="ltr" style="left: 474.293px; top: 685.258px; font-size: 19.8823px; font-family: sans-serif;">–</span><br><span dir="ltr" style="left: 96.9916px; top: 709.283px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.950261);">calculi with constants and is used to normalize</span><br><span dir="ltr" style="left: 96.9916px; top: 733.308px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.972819);">(the</span> <span dir="ltr" style="left: 139.934px; top: 733.308px; font-size: 19.8823px; font-family: sans-serif;">λ</span><span dir="ltr" style="left: 151.29px; top: 733.308px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.994917);">–representations of) natural deduction</span><br><span dir="ltr" style="left: 96.9916px; top: 757.332px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.00771);">proofs of (higher order) arithmetic. A conse-</span><br><span dir="ltr" style="left: 96.9916px; top: 781.357px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.963382);">quence of theoretical interest is a strong com-</span><br><span dir="ltr" style="left: 96.9916px; top: 805.382px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.925587);">pleteness theorem for</span> <span dir="ltr" style="left: 281.025px; top: 805.382px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.892658);">βη</span><span dir="ltr" style="left: 303.437px; top: 805.382px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.946213);">–reduction, generaliz-</span><br><span dir="ltr" style="left: 96.9916px; top: 829.407px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.01112);">ing results of Friedman [</span><span dir="ltr" style="left: 312.494px; top: 829.407px; font-size: 19.8823px; font-family: sans-serif;">?</span><span dir="ltr" style="left: 323.056px; top: 829.407px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.02916);">] and Statman [</span><span dir="ltr" style="left: 461.741px; top: 829.407px; font-size: 19.8823px; font-family: sans-serif;">?</span><span dir="ltr" style="left: 472.305px; top: 829.407px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.08121);">]:</span><br><span dir="ltr" style="left: 96.9916px; top: 853.432px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(1.07737);">If two</span> <span dir="ltr" style="left: 156.507px; top: 853.432px; font-size: 19.8823px; font-family: sans-serif;">λ</span><span dir="ltr" style="left: 167.863px; top: 853.432px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.974336);">–terms have the same value in some</span><br><span dir="ltr" style="left: 96.9916px; top: 877.457px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.971275);">model containing representations of the prim-</span><br><span dir="ltr" style="left: 96.9916px; top: 901.48px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.987876);">itive recursive functions (of level 1) then they</span><br><span dir="ltr" style="left: 96.9916px; top: 925.505px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.954898);">are provably equal in the</span> <span dir="ltr" style="left: 311.725px; top: 925.505px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.892658);">βη</span><span dir="ltr" style="left: 334.137px; top: 925.505px; font-size: 19.8823px; font-family: sans-serif; transform: scaleX(0.922664);">–calculus.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29862021-11-04T15:27:23-04:002021-11-04T15:27:23-04:00https://talks.cs.umd.edu/talks/2986Practical Partial Evaluation for High-Performance Dynamic Language RuntimesBenjamin Quiring - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, November 8, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p><span dir="ltr" style="left: 69.7059px; top: 358.989px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.916768);">Most high-performance dynamic language virtual machines</span><br><span dir="ltr" style="left: 69.7059px; top: 374.423px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.915744);">duplicate</span> <span dir="ltr" style="left: 122.51px; top: 374.423px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.87733);">language</span> <span dir="ltr" style="left: 174.594px; top: 374.423px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.876005);">semantics</span> <span dir="ltr" style="left: 230.973px; top: 374.423px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.99886);">in</span> <span dir="ltr" style="left: 246.637px; top: 374.423px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.879581);">the</span> <span dir="ltr" style="left: 268.01px; top: 374.423px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.915349);">interpreter,</span> <span dir="ltr" style="left: 329.932px; top: 374.423px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.940474);">compiler,</span><br><span dir="ltr" style="left: 69.7059px; top: 389.855px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.909162);">and runtime system. This violates the principle to not repeat</span><br><span dir="ltr" style="left: 69.7059px; top: 405.287px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.930636);">yourself. In contrast, we define languages solely by writing</span><br><span dir="ltr" style="left: 69.7059px; top: 420.719px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.905384);">an interpreter. The interpreter performs specializations, e.g.,</span><br><span dir="ltr" style="left: 69.7059px; top: 436.151px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.905384);">augments the interpreted program with type information and</span><br><span dir="ltr" style="left: 69.7059px; top: 451.585px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.983429);">profiling</span> <span dir="ltr" style="left: 118.922px; top: 451.585px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.951739);">information.</span> <span dir="ltr" style="left: 187.776px; top: 451.585px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.93346);">Compiled</span> <span dir="ltr" style="left: 243.422px; top: 451.585px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.870774);">code</span> <span dir="ltr" style="left: 272.602px; top: 451.585px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.92234);">is</span> <span dir="ltr" style="left: 286.092px; top: 451.585px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.902095);">derived</span> <span dir="ltr" style="left: 329.058px; top: 451.585px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.91965);">automati-</span><br><span dir="ltr" style="left: 69.7059px; top: 467.017px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.920551);">cally using partial evaluation while incorporating these spe-</span><br><span dir="ltr" style="left: 69.7059px; top: 482.449px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.929223);">cializations.</span> <span dir="ltr" style="left: 136.566px; top: 482.449px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.940321);">This</span> <span dir="ltr" style="left: 164.499px; top: 482.449px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.863949);">makes</span> <span dir="ltr" style="left: 202.295px; top: 482.449px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.937903);">partial</span> <span dir="ltr" style="left: 240.22px; top: 482.449px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.902774);">evaluation</span> <span dir="ltr" style="left: 298.219px; top: 482.449px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.924379);">practical</span> <span dir="ltr" style="left: 347.564px; top: 482.449px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.99886);">in</span> <span dir="ltr" style="left: 362.636px; top: 482.449px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.879581);">the</span><br><span dir="ltr" style="left: 69.7059px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.908747);">context</span> <span dir="ltr" style="left: 113.122px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.999617);">of</span> <span dir="ltr" style="left: 129.57px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.924647);">dynamic</span> <span dir="ltr" style="left: 179.609px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.874222);">languages:</span> <span dir="ltr" style="left: 240.361px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(1.10153);">It</span> <span dir="ltr" style="left: 253.954px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.858472);">reduces</span> <span dir="ltr" style="left: 298.978px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.879581);">the</span> <span dir="ltr" style="left: 320.442px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.873895);">size</span> <span dir="ltr" style="left: 346.175px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.999617);">of</span> <span dir="ltr" style="left: 362.636px; top: 497.881px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.879581);">the</span><br><span dir="ltr" style="left: 69.7059px; top: 513.313px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.924503);">compiled code while still compiling all parts of an operation</span><br><span dir="ltr" style="left: 69.7059px; top: 528.745px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.924826);">that are relevant for a particular program. When a specula-</span><br><span dir="ltr" style="left: 69.7059px; top: 544.178px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.901681);">tion fails, execution transfers back to the interpreter, the pro-</span><br><span dir="ltr" style="left: 69.7059px; top: 559.611px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.920734);">gram re-specializes in the interpreter, and later partial eval-</span><br><span dir="ltr" style="left: 69.7059px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.917713);">uation</span> <span dir="ltr" style="left: 106.666px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.883186);">again</span> <span dir="ltr" style="left: 139.267px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.90565);">transforms</span> <span dir="ltr" style="left: 199.093px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.879581);">the</span> <span dir="ltr" style="left: 219.617px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.894221);">new</span> <span dir="ltr" style="left: 245.531px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.845913);">state</span> <span dir="ltr" style="left: 273.913px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.999617);">of</span> <span dir="ltr" style="left: 289.448px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.879581);">the</span> <span dir="ltr" style="left: 309.973px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.914041);">interpreter</span> <span dir="ltr" style="left: 368.346px; top: 575.043px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.933616);">to</span><br><span dir="ltr" style="left: 69.7059px; top: 590.475px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.898313);">compiled code. We evaluate our approach by comparing our</span><br><span dir="ltr" style="left: 69.7059px; top: 605.907px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.915527);">implementations</span> <span dir="ltr" style="left: 160.653px; top: 605.907px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.999617);">of</span> <span dir="ltr" style="left: 176.561px; top: 605.907px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.883605);">JavaScript,</span> <span dir="ltr" style="left: 237.982px; top: 605.907px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.925936);">Ruby,</span> <span dir="ltr" style="left: 273.437px; top: 605.907px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.865742);">and</span> <span dir="ltr" style="left: 297.216px; top: 605.907px; font-size: 12.8602px; font-family: sans-serif;">R</span> <span dir="ltr" style="left: 310.989px; top: 605.907px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.999219);">with</span> <span dir="ltr" style="left: 339.063px; top: 605.907px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.916159);">best-in-</span><br><span dir="ltr" style="left: 69.7059px; top: 621.339px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.916723);">class specialized production implementations. Our general-</span><br><span dir="ltr" style="left: 69.7059px; top: 636.772px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.932604);">purpose compilation system is competitive with production</span><br><span dir="ltr" style="left: 69.7059px; top: 652.205px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.890366);">systems even when they have been heavily optimized for the</span><br><span dir="ltr" style="left: 69.7059px; top: 667.637px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.920871);">one language they support. For our set of benchmarks, our</span><br><span dir="ltr" style="left: 69.7059px; top: 683.069px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.928675);">speedup relative to the V8 JavaScript VM is 0.83x, relative</span><br><span dir="ltr" style="left: 69.7059px; top: 698.501px; font-size: 12.8602px; font-family: sans-serif; transform: scaleX(0.918758);">to JRuby is 3.8x, and relative to GNU R is 5x.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/29932021-11-12T12:52:19-05:002021-11-12T12:52:19-05:00https://talks.cs.umd.edu/talks/2993Quantum Abstract InterpretationLe Chang - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, November 15, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p><span dir="ltr" style="left: 69.7059px; top: 263.898px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.06563);">In quantum computing, the basic unit of information is a</span><br><span dir="ltr" style="left: 69.7059px; top: 279.324px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.04862);">qubit. Simulation of a general quantum program takes ex-</span><br><span dir="ltr" style="left: 69.7059px; top: 294.763px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.02763);">ponential time in the number of qubits, which makes simu-</span><br><span dir="ltr" style="left: 69.7059px; top: 310.188px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.02643);">lation infeasible beyond 50 qubits on current supercomput-</span><br><span dir="ltr" style="left: 69.7059px; top: 325.627px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.00345);">ers. So, for the understanding of larger programs, we turn to</span><br><span dir="ltr" style="left: 69.7059px; top: 341.053px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.01697);">static techniques. In this paper, we present an abstract inter-</span><br><span dir="ltr" style="left: 69.7059px; top: 356.491px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.05366);">pretation of quantum programs and we use it to automati-</span><br><span dir="ltr" style="left: 69.7059px; top: 371.917px; font-size: 12.8607px; font-family: serif; transform: scaleX(0.992526);">cally verify assertions in polynomial time. Our key insight is</span><br><span dir="ltr" style="left: 69.7059px; top: 387.355px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.00518);">to let an abstract state be a tuple of projections. For such do-</span><br><span dir="ltr" style="left: 69.7059px; top: 402.781px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.02894);">mains, we present abstraction and concretization functions</span><br><span dir="ltr" style="left: 69.7059px; top: 418.219px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.00734);">that form a Galois connection and we use them to define ab-</span><br><span dir="ltr" style="left: 69.7059px; top: 433.645px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.00737);">stract operations. Our experiments on a laptop have verified</span><br><span dir="ltr" style="left: 69.7059px; top: 449.084px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.03825);">assertions about the Bernstein-Vazirani, GHZ, and Grover</span><br><span dir="ltr" style="left: 69.7059px; top: 464.509px; font-size: 12.8607px; font-family: serif; transform: scaleX(1.01409);">benchmarks with 300 qubits.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/30042021-11-21T12:12:47-05:002021-11-21T12:12:47-05:00https://talks.cs.umd.edu/talks/3004RUDRA: Finding Memory Safety Bugs in Rust at the Ecosystem ScaleAaron Eline - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, November 22, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p><span dir="ltr" style="left: 76.9412px; top: 238.6px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.895673);">Rust is a promising system programming language that guar-</span><br><span dir="ltr" style="left: 76.9412px; top: 255.634px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.941735);">antees memory safety at compile time. To support diverse</span><br><span dir="ltr" style="left: 76.9412px; top: 272.668px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.878815);">requirements for system software such as accessing low-level</span><br><span dir="ltr" style="left: 76.9412px; top: 289.704px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.931645);">hardware, Rust allows programmers to perform operations</span><br><span dir="ltr" style="left: 76.9412px; top: 306.738px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.927712);">that are not protected by the Rust compiler with the</span> <span dir="ltr" style="left: 378.723px; top: 307.778px; font-size: 12.7757px; font-family: sans-serif; transform: scaleX(1.048);">unsafe</span><br><span dir="ltr" style="left: 76.9412px; top: 323.771px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.946441);">keyword.</span> <span dir="ltr" style="left: 136.797px; top: 323.771px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.932591);">However,</span> <span dir="ltr" style="left: 198.058px; top: 323.771px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.92375);">Rust’s</span> <span dir="ltr" style="left: 240.336px; top: 323.771px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.91229);">safety</span> <span dir="ltr" style="left: 280.979px; top: 323.771px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.879601);">guarantee</span> <span dir="ltr" style="left: 343.311px; top: 323.771px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.924208);">relies</span> <span dir="ltr" style="left: 380.739px; top: 323.771px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.916391);">on</span> <span dir="ltr" style="left: 401.27px; top: 323.771px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.895864);">the</span><br><span dir="ltr" style="left: 76.9412px; top: 340.805px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.915709);">soundness of all</span> <span dir="ltr" style="left: 174.902px; top: 341.846px; font-size: 12.7757px; font-family: sans-serif; transform: scaleX(1.048);">unsafe</span> <span dir="ltr" style="left: 219.11px; top: 340.805px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.92375);">code in the program as well as the</span><br><span dir="ltr" style="left: 76.9412px; top: 357.839px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.874993);">standard and external libraries, making it hard to reason about</span><br><span dir="ltr" style="left: 76.9412px; top: 374.873px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.905789);">their correctness. In other words, a single bug in any</span> <span dir="ltr" style="left: 378.723px; top: 375.914px; font-size: 12.7757px; font-family: sans-serif; transform: scaleX(1.048);">unsafe</span><br><span dir="ltr" style="left: 76.9412px; top: 391.909px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.890411);">code breaks the whole program’s safety guarantee.</span><br><span dir="ltr" style="left: 91.1368px; top: 408.942px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.9472);">In this paper, we introduce R</span><span dir="ltr" style="left: 261.848px; top: 411.024px; font-size: 11.3561px; font-family: sans-serif; transform: scaleX(1.06547);">UDRA</span><span dir="ltr" style="left: 296.469px; top: 408.942px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.923192);">, an open source tool</span><br><span dir="ltr" style="left: 76.9412px; top: 425.976px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.939579);">that analyzes and reports potential memory safety bugs in</span><br><span dir="ltr" style="left: 76.9412px; top: 444.051px; font-size: 12.7757px; font-family: sans-serif; transform: scaleX(1.048);">unsafe</span> <span dir="ltr" style="left: 120.728px; top: 443.01px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.905234);">Rust code. Since a bug in</span> <span dir="ltr" style="left: 270.796px; top: 444.051px; font-size: 12.7757px; font-family: sans-serif; transform: scaleX(1.048);">unsafe</span> <span dir="ltr" style="left: 314.581px; top: 443.01px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.886948);">code threatens the</span><br><span dir="ltr" style="left: 76.9412px; top: 460.044px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.893625);">foundation of Rust’s safety guarantee, our primary focus is to</span><br><span dir="ltr" style="left: 76.9412px; top: 477.078px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.906262);">scale our analysis to all the programs and libraries hosted in</span><br><span dir="ltr" style="left: 76.9412px; top: 494.114px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.875959);">the Rust package registry. R</span><span dir="ltr" style="left: 233.206px; top: 496.195px; font-size: 11.3561px; font-family: sans-serif; transform: scaleX(1.06547);">UDRA</span> <span dir="ltr" style="left: 271.158px; top: 494.114px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.869581);">can scan the entire registry</span><br><span dir="ltr" style="left: 76.4724px; top: 511.147px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.960433);">(43k</span> <span dir="ltr" style="left: 107.877px; top: 511.147px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.883321);">packages)</span> <span dir="ltr" style="left: 170.629px; top: 511.147px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(1.01942);">in</span> <span dir="ltr" style="left: 186.759px; top: 511.147px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.916391);">6.5</span> <span dir="ltr" style="left: 209.722px; top: 511.147px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.905412);">hours</span> <span dir="ltr" style="left: 246.76px; top: 511.147px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.882179);">and</span> <span dir="ltr" style="left: 272.532px; top: 511.147px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.962209);">identified</span> <span dir="ltr" style="left: 332.099px; top: 511.147px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.916391);">263</span> <span dir="ltr" style="left: 358.682px; top: 511.147px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.950721);">previously</span><br><span dir="ltr" style="left: 76.9412px; top: 528.181px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.906384);">unknown memory safety bugs—filing 98 RustSec advisories</span><br><span dir="ltr" style="left: 76.9412px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.882179);">and</span> <span dir="ltr" style="left: 103.003px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.916391);">74</span> <span dir="ltr" style="left: 122.622px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.949711);">CVEs,</span> <span dir="ltr" style="left: 165.987px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.906327);">representing</span> <span dir="ltr" style="left: 242.711px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.928404);">41.4%</span> <span dir="ltr" style="left: 285.25px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(1.01781);">of</span> <span dir="ltr" style="left: 302.466px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(1.01965);">all</span> <span dir="ltr" style="left: 322.085px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.879081);">bugs</span> <span dir="ltr" style="left: 354.315px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.911423);">reported</span> <span dir="ltr" style="left: 407.699px; top: 545.215px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.950603);">to</span><br><span dir="ltr" style="left: 76.9412px; top: 562.249px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.915656);">RustSec since 2016. The new bugs</span> <span dir="ltr" style="left: 286.171px; top: 562.249px; font-size: 14.1951px; font-family: sans-serif;">R</span><span dir="ltr" style="left: 295.839px; top: 564.331px; font-size: 11.3561px; font-family: sans-serif; transform: scaleX(1.06547);">UDRA</span> <span dir="ltr" style="left: 334.748px; top: 562.249px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.936734);">found are non-</span><br><span dir="ltr" style="left: 76.9412px; top: 579.285px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.908085);">trivial and subtle and often made by Rust experts: two in the</span><br><span dir="ltr" style="left: 76.9412px; top: 597.359px; font-size: 12.7757px; font-family: sans-serif; transform: scaleX(1.18016);">std</span> <span dir="ltr" style="left: 100.609px; top: 596.319px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.931631);">library, one in the official</span> <span dir="ltr" style="left: 245.867px; top: 597.359px; font-size: 12.7757px; font-family: sans-serif; transform: scaleX(1.20129);">futures</span> <span dir="ltr" style="left: 296.365px; top: 596.319px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.904398);">library, and one in the</span><br><span dir="ltr" style="left: 76.9412px; top: 613.352px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.917641);">Rust compiler,</span> <span dir="ltr" style="left: 163.047px; top: 614.393px; font-size: 12.7757px; font-family: sans-serif; transform: scaleX(1.21142);">rustc</span><span dir="ltr" style="left: 196.583px; top: 613.352px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.911692);">. We will open source R</span><span dir="ltr" style="left: 332.564px; top: 615.434px; font-size: 11.3561px; font-family: sans-serif; transform: scaleX(1.06547);">UDRA</span> <span dir="ltr" style="left: 370.74px; top: 613.352px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.884911);">and plan</span><br><span dir="ltr" style="left: 76.9412px; top: 630.386px; font-size: 14.1951px; font-family: sans-serif; transform: scaleX(0.931271);">to integrate its algorithm into the official Rust linter.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/30052021-11-22T12:21:13-05:002021-11-22T12:21:13-05:00https://talks.cs.umd.edu/talks/3005Squashing Bugs and Empowering Programmers with User-Centered Programming Language DesignMichael Coblenz - UMD<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, November 29, 2021, 11:30 am-12:30 pm<br><br><b>Abstract:</b> <p>Programming languages are simultaneously formal systems and user interfaces with which programmers work. Unfortunately, programmers have a hard time writing safe software: serious bugs and security vulnerabilities are common. In many cases, however, languages with strong safety guarantees have been hard to use, and safer languages have seen slow adoption. In this talk, I’ll discuss user-centered design methods I developed to help language designers create languages that are easier to use. I’ll show how I created and evaluated Glacier, an extension for Java that enforces immutability; Obsidian, a new smart contract language that uses a linear type system; and Bronze, a new garbage collector for Rust. In each case, I found that the resulting language helps programmers write software more effectively than with prior approaches.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/30532022-02-02T10:31:48-05:002022-02-02T10:35:00-05:00https://talks.cs.umd.edu/talks/3053C-Saw: Designing an Embedded Language for Reconfigurable Software ArchitectureHenry Zhu - Amazon<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, February 14, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Zoom: https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</p>
<p>A software’s architecture influences important software characteristics<br>such as its scalability and security and comes tightly coupled over-time<br>with application-specific logic. We introduce C-Saw: an approach to develop<br>reconfigurable architectures for existing software. C-Saw introduces a new<br>domain-specific language (DSL) to separate an application’s architecture<br>description from its programming language and manages the architectural<br>state through distributed key-value tables. C-Saw decouples<br>application-specific logic from its architecture and enables the<br>reconfiguration of that architecture by changing DSL expressions. We built<br>a library-based prototype implementation of C-Saw and have examples of<br>DSL-based rearchitectures of widely-used, third-party software such as<br>Redis, cURL, and Suricata.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/30742022-02-15T16:34:59-05:002022-02-15T16:35:51-05:00https://talks.cs.umd.edu/talks/3074Proof-oriented Programming for High-assurance Systems<a href="https://www.microsoft.com/en-us/research/people/nswamy/">Nikhil Swamy - Microsoft Research</a><br>virtual: https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09<br>Monday, February 21, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p class="m_5532756180973927510xxxmsonormal" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; color: #222222;"><span style="font-size: 12pt; color: black;">Programming critical systems with proofs, a long-standing goal of computer science, is beginning to come within reach of modern programming languages and proof assistants. I provide a brief overview of recent accomplishments in this space, related to work in the </span><a style="color: #1155cc;" title="https://fstar-lang.org" href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffstar-lang.org%2F&data=02%7C01%7Cnswamy%40microsoft.com%7C39f7e1b25356472a5f0908d84b81884f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637342366992754916&sdata=UK9n5BuZN2pPE0%2B6v9uhu1eFl04HItrtpzwwQ2IEfwc%3D&reserved=0" rel="noopener"><span style="font-size: 12pt;">F* proof assistant</span></a><span style="font-size: 12pt; color: black;"> and</span><a style="color: #1155cc;" title="https://project-everest.github.io" href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fproject-everest.github.io%2F&data=02%7C01%7Cnswamy%40microsoft.com%7C39f7e1b25356472a5f0908d84b81884f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637342366992754916&sdata=xwMcpKZHUS%2Bseo%2F0pfq5oVrcgRGsEfU7qKGOEMSIUSU%3D&reserved=0" rel="noopener"><span style="font-size: 12pt;"> Project Everest</span></a><span style="font-size: 12pt; color: black;">, one of its flagship applications. Programs developed in F* with proofs of correctness & security are now deployed in wide variety of settings, ranging from Microsoft Windows and Hyper-V, Microsoft Azure, the Linux kernel, Firefox, mbedTLS, and several other production systems.</span><u></u><u></u></p>
<p class="MsoNormal" style="margin: 0px; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><u></u> <u></u></p>
<p class="MsoNormal" style="margin: 0px; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="font-size: 12pt; color: black;">I’ll also provide a general overview of research in programming languages and software engineering at Microsoft Research and the <a style="color: #1155cc;" href="https://www.microsoft.com/en-us/research/group/research-software-engineering-rise/" rel="noopener">RiSE</a> group, in particular.</span></p><br><b>Bio:</b> <p><span style="font-family: wf_segoe-ui_normal, wf_segoe-ui_semilight, wf_segoe-ui_light, Arial, sans-serif; font-size: 18px;">Nikhil Swamy is a Senior Principal Researcher in the </span><a style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; vertical-align: baseline; font-size: 18px; font-family: wf_segoe-ui_normal, wf_segoe-ui_semilight, wf_segoe-ui_light, Arial, sans-serif; text-decoration-line: none; color: #004d8a;" href="https://www.microsoft.com/en-us/research/group/research-in-software-engineering-rise/">RiSE</a><span style="font-family: wf_segoe-ui_normal, wf_segoe-ui_semilight, wf_segoe-ui_light, Arial, sans-serif; font-size: 18px;"> group at MSR Redmond. His work covers topics including type systems, program logics, functional programming, program verification and interactive theorem proving.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/30982022-03-09T15:01:08-05:002022-03-09T15:01:08-05:00https://talks.cs.umd.edu/talks/3098Formal Support for the POSIX Shell<a href="https://mgree.github.io/">Michael Greenberg - Stevens Institute of Technology</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, March 14, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">The POSIX shell is a widely deployed, powerful tool for managing</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">computer systems. The shell is the expert’s control panel, a necessary</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">tool for configuring, compiling, installing, maintaining, and deploying</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">systems. Even though it is powerful, critical infrastructure, the POSIX</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">shell is maligned and misunderstood. Its power and its subtlety are a</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">dangerous combination.</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">How can we support the POSIX shell? I'll describe two recent lines of</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">work---Smoosh, a formal, mechanized, executable small-step semantics for</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">the POSIX shell---and ffs---a tool for helping users manipulate</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">semi-structured data (like JSON and YAML) in the shell. I'll also</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">discuss ongoing work on PaSh with Konstantinos Kallas, Nikos Vasilakis,</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">and others.</span></p><br><b>Bio:</b> <p><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Michael </span><span class="il" style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Greenberg</span><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"> is an assistant professor at the Stevens</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Institute of Technology, having recently moved from Pomona College. He</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">received BAs in Computer Science and Egyptology from Brown University</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">(2007) and his PhD in Computer Science from the University of</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Pennsylvania (2013). He has made many kinds of jam, but this is his first</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">plum jam.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/31352022-03-28T07:18:57-04:002022-03-28T07:18:57-04:00https://talks.cs.umd.edu/talks/3135Scaling Binary Corpus Analysis: Assemblage and Reversi<a href="https://ecs.syracuse.edu/faculty-staff/kristopher-micinski">Kristopher Micinski - Syracuse University</a><br>virtual: https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09<br>Monday, March 28, 2022, 12:30-1:30 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Binary analysis, decompilation, and reverse engineering are important topics relevant to security. Until we achieve fully-abstract compilation--there will always be a need to employ some level of sophistication to understand binaries as more than their source counterparts. Unfortunately, binary analysis and decompilation feel stuck in the stone age--production tools (IDA Pro, Ghidra) are often huge black boxes that allow little introspection into their workings and inability for a user to control the tool's decisions in a general way.</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">In this talk we will discuss two pieces of work: Assemblage and Reversi. Assemblage is a binary corpus construction, reproduction, and archival system. Assemblages are files containing metadata that can be used by a running Assemblage instance to download, configure, and build large binary corpuses from their source code. We will discuss our current implementation of Assemblage, which is running on 12 (4-8 core) nodes in the Syracuse University Research Computing Cluster. Assemblage currently builds ~30k Windows binaries per day, and performs indexing to relate input (source) and output (binary) code and artifacts. We discuss our imminent work in using Assemblage to generate binary corpuses for training machine learning systems for binary analysis (e.g., malware classifiers, neural variable identification).</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">We will also discuss our in-progress work Reversi--a Datalog-based binary instrumentation system. Reversi uses Datalog to achieve extremely high-fidelity disassembly of arbitrary binaries, and allows writing declarative rules to perform binary instrumentation based on the results of program analyses used to derive the disassembly. We present initial results in using Reversi to replace AFL's (fuzzer) LLVM-based instrumentation. We show equivalent performance to AFL's rewriting, and strongly outperform AFL's QEMU-based binary-only instrumentation.</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/31522022-04-07T10:19:00-04:002022-04-07T10:19:00-04:00https://talks.cs.umd.edu/talks/3152Programming with Trace Contracts<a href="http://www.camoy.name/">Cameron Moy - Northeastern University</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, April 25, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Conventional type systems lack the power to express all of the obligations and promises that an</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">API imposes on, or promises to, client modules. Some language designers cover this expressiveness</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">gap with behavioral contracts. While contracts can express many logical constraints, some aspects</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">of API specifications still pose challenges. The presence of sequence diagrams or protocol-like</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">comments in interface descriptions is a symptom of this problem.</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Trace contracts are a linguistic solution for expressing and enforcing rich temporal properties</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">in higher-order languages. In this talk, I'll present a prototype of trace contracts and discuss</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">open questions with respect to blame assignment, monitor efficiency, and programmer ergonomics.</span></p><br><b>Bio:</b> <p>Cameron is a third-year Ph.D. student and member of the Programming Research Laboratory at Northeastern University, advised by Matthias Felleisen. His research area is programming languages with an emphasis on robust software construction.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/32742022-09-19T11:47:39-04:002022-09-19T11:47:39-04:00https://talks.cs.umd.edu/talks/3274Semantics-Guided Synthesis<a href="https://sankhs.com">Sankha Narayan Guria</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, September 26, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>This paper develops a new framework for program synthesis, called semantics-guided synthesis (SemGuS), that allows a user to provide both the syntax and the semantics for the constructs in the language. SemGuS accepts a recursively defined big-step semantics, which allows it, for example, to be used to specify and solve synthesis problems over an imperative programming language that may contain loops with unbounded behavior. The customizable nature of SemGuS also allows synthesis problems to be defined over a non-standard semantics, such as an abstract semantics. In addition to the SemGuS framework, we develop an algorithm for solving SemGuS problems that is capable of both synthesizing programs and proving unrealizability, by encoding a SemGuS problem as a proof search over Constrained Horn Clauses: in particular, our approach is the first that we are aware of that can prove unrealizabilty for synthesis problems that involve imperative programs with unbounded loops, over an infinite syntactic search space. We implemented the technique in a tool called MESSY, and applied it to SyGuS problems (i.e., over expressions), synthesis problems over an imperative programming language, and synthesis problems over regular expressions.</p>
<p>Paper: https://pages.cs.wisc.edu/~loris/papers/popl21.pdf</p>
<p>SemGuS website: https://www.semgus.org/</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/32832022-09-26T14:02:12-04:002022-09-26T14:02:12-04:00https://talks.cs.umd.edu/talks/3283A Sound Secure Information Flow Type System for LUSTRE<a href="https://www.cse.iitd.ernet.in/~sanjiva/">Sanjiva Prasad - Dept. of Computer Science and Engineering, IIT Delhi</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 3, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Synchronous reactive data flow is a paradigm that provides a high-level abstract programming model for embedded and cyber-physical systems, including the locally synchronous components of IoT systems. Security in such systems is severely compromised due to low-level programming, ill-defined interfaces and inattention to security classification of data. By incorporating a Denning-style lattice-based secure information flow framework into a synchronous reactive data flow language, we provide a framework in which correct-and-secure-by- construction implementations for such systems may be specified and derived. In particular, we propose an extension of the LUSTRE programming framework with a security type inference system. The novelty of our type system lies in a symbolic formulation of constraints over security type variables, in particular the treatment of node calls, which allows us to reason about secure flow with respect to any security class lattice.</p>
<p>The main theorem is the soundness of our type system with respect to the co-inductive operational semantics of LUSTRE, which we prove by showing that well- typed programs exhibit noninterference. Rather than tackle the full language, we first prove the noninterference result for a well-behaved sub-language called “Normalised LUSTRE” (NLUSTRE), for which our type system is far simpler. We then show that Bourke et al.’s semantics-preserving “normalisation” transformations from LUSTRE to NLUSTRE are security-preserving as well. This preservation of security types by the normalisation transformations is a property akin to “subject reduction” but at the level of compiler transformations. The main result that well-security-typed LUSTRE programs are noninterfering follows from a reduction to our earlier result of noninterference for NLUSTRE via the semantics preservation (of Bourke et al.) and type preservation results.</p>
<p><em>Joint work with Rathnakar Madhukar Yerraguntla and Subodh Vishnu Sharma. Parts of this work appeared in MEMOCODE 2020 (best paper), ICTAC 2021, and their integration and extension is on arXiv.</em></p><br><b>Bio:</b> <p>Sanjiva Prasad is a Professor and former Head of the Department of Computer Science and Engineering (2018-2021) and also the Amar Nath and Shashi Khosla School of Information Technology (2011-20015) at the Indian Institute of Technology Delhi. His research interests include formal methods, programming languages and their semantics, security of information flow and networks, and medical applications of computing. He has written several conference and journal papers in these areas, served on the technical programme committees of several international conferences, and delivered seminar talks at leading universities across the world. He is currently Editor-in-Chief of ACM Books (based in New York), and Chair of the executive committee of the Association for Logic in India.</p>
<p>Prof. Prasad is currently Head of IIT Delhi’s School of Public Policy. His research interests in this area concern issues regarding data and computation, and their confidentiality and integrity, in particular health-related data systems. He is also interested in issues of higher education, pedagogical processes and affordable access to educational materials.</p>
<p>Prior to working at IIT Delhi, Prof. Prasad worked on program verification at Odyssey Research Associates in Ithaca, USA from 1990-1992, and then at the European Computer-Industry Research Center (ECRC GmbH) in Munich, Germany from 1992-1994 on the Facile project which was based on his dissertation. He was a visiting Lektor at BRICS, Aarhus University from 1998 to 1999. His PhD is from Stony Brook University, New York, and he earned a BTech in Computer Science and Engineering from the Indian Institute of Technology Kanpur in 1985.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/33012022-10-09T10:34:15-04:002022-10-09T10:34:15-04:00https://talks.cs.umd.edu/talks/3301The Derivative of a Regular Type is its Type of One-Hole Contexts<a href="https://terpconnect.umd.edu/~blancheh/">Henry Blanchette</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 10, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Polymorphic regular types are tree-like datatypes generated by polynomial type expressions over a set of free variables and closed under least fixed point. The `equality types' of Core ML can be expressed in this form. Given such a type expression T with x free, this paper shows a way to represent the one-hole contexts for elements of x within elements of T , together with an operation which will plug an element of x into the hole of such a context. One-hole contexts are given as inhabitants of a regular type @ x T , computed generically from the syntactic structure of T by a mechanism better known as partial differentiation. The relevant notion of containment is shown to be appropriately characterized in terms of derivatives and plugging in. The technology is then exploited to give the one-hole contexts for sub-elements of recursive types in a manner similar to Huet's `zippers'[Hue97].</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/33052022-10-12T12:00:50-04:002022-10-16T15:40:07-04:00https://talks.cs.umd.edu/talks/3305NJPLS PracticeBen Quiring; Henry Blanchette and Jacob Prinz<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 17, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <h2>Generating Well-typed Programs that Use their Arguments</h2>
<p>Random generation of well-typed terms lies at the core of effective random testing of compilers for functional languages. Existing techniques have had success following a top-down type-oriented approach to generation, which suffers from a fundamental flaw: the type of an expression is sometimes generated independently from the expression itself. Such generation often yields functions with argument types that cannot be used to produce a result in a meaningful way, leaving those arguments unused. Such functions can hinder both performance, as the argument generation code is dead but still needs to be compiled, and effectiveness, as a lot of interesting optimizations are tested less frequently.</p>
<p>In this talk, we present a novel method that generates functions that (almost) always use their arguments, by construction. We formalize both the "top-down" and our method as step-relations in an extension of the simply typed lambda calculus with typed and arguments holes, demonstrating how the new method leads to functions that use their arguments by delaying the generation of argument types for a function until they're needed in its body.</p>
<h2>Zypr: A New Approach to Structural Editing</h2>
<p>Existing structure editors often seem to make it difficult to rearrange programs — a problem known as high viscosity. Even though they have advanced actions available to the user for making structure-preserving changes, still, many changes that are straightforward in a text editor are very complicated in many structured editors. In this presentation we present a new generic structured editing system that preserves structure like other structured editors but is as simple and low-viscosity as a text editor. The system handles tree-like grammars by allowing the user to select sub-nodes of the program (exists in other structured editors) and zippers into sub-nodes of the program (our contribution). This style of selection is general enough to encapsulate all actions the user can make in our editor. We argue that this style of selection is analogous to the cursor and span selections respectively in text editing.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/33122022-10-17T08:31:01-04:002022-10-17T08:31:01-04:00https://talks.cs.umd.edu/talks/3312Solver-Based Gradual Type MigrationDeena Postol<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 24, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Gradually typed languages allow programmers to mix statically and dynamically typed code, enabling them to incrementally reap the benefits of static typing as they add type annotations to their code. However, this type migration process is typically a manual effort with limited tool support. This paper examines the problem of automated type migration: given a dynamic program, infer additional or improved type annotations.</p>
<p>Existing type migration algorithms prioritize different goals, such as maximizing type precision, maintaining compatibility with unmigrated code, and preserving the semantics of the original program. We argue that the type migration problem involves fundamental compromises: optimizing for a single goal often comes at the expense of others. Ideally, a type migration tool would flexibly accommodate a range of user priorities.</p>
<p>We present TypeWhich, a new approach to automated type migration for an extension of the gradually-typed lambda calculus. Unlike prior work, which relies on custom solvers, TypeWhich produces constraints that can be solved by an off-the-shelf MaxSMT solver. This allows us to easily express objectives, such as minimizing the number of necessary syntactic coercions, and constraining the type of the migration to be compatible with unmigrated code.</p>
<p>We present the first comprehensive evaluation of GTLC type migration algorithms, and compare TypeWhich to four other tools from the literature. Our evaluation uses prior benchmarks, and a new set of ``challenge problems’’. Moreover, we design a new evaluation methodology that highlights the subtleties of gradual type migration. In addition, we apply TypeWhich to a suite of benchmarks for Grift, a programming language based on the GTLC. TypeWhich is able to reconstruct all human-written annotations on all but one program.</p>
<p>Paper link: https://arxiv.org/abs/2109.05049</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/33342022-11-02T11:10:57-04:002022-11-02T11:10:57-04:00https://talks.cs.umd.edu/talks/3334Deriving with Derivatives: Efficient Implementations of Abstract Abstract MachinesBen Quiring<br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, November 7, 2022, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>Abstract interpretation often involves computing an "abstract state space" that captures all behaviors of a program. Workset algorithms are almost always at the heart of this computation, and in simple cases these resolve to a simple graph traversal. This work inspects more complicated cases (coarser abstractions), and takes advantage of this to derive more efficient workset algorithms by looking at lattice-theoretic derivatives. We apply this to an example abstract machine to show how performance can be improved.</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/33942023-01-26T11:05:17-05:002023-01-26T11:12:02-05:00https://talks.cs.umd.edu/talks/3394Towards expressive, automatic and scalable software verification<a href="https://www.emanueledosualdo.com/">Emanuele D'Osualdo - MPI-SWS</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, February 6, 2023, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">[To attend virtually: </span><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">https://umd.zoom.us/j/93825468763?pwd=UXlYZmVkVndXb1owMkpYb2tOQjZFQT09</span><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">]</span></p>
<p><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">The grand challenge of formal verification research is to build analysis tools that are (1) expressive in the properties they can reason about, (2) automated as much as possible, and (3) scale to the size and complexity of industrial software. In this talk, I will outline my journey so far towards this goal, which I have pursued by advancing two complementary approaches: algorithmic analysis based on infinite-state model checking (for automation); and program-logic-based compositional proofs (for scalability).</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Concretely, I will highlight two projects that illustrate these two branches of my research. </span><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">The first project is </span><strong style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Lemma9</strong><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"> [CONCUR'20] an infinite-state model checking approach to cryptographic protocol verification. The main result is the identification of a class of protocols for which it is possible to decide security-relevant invariants (e.g. a certain key is never revealed) even when considering unboundedly many distinct sessions/keys/nonces and an active attacker.</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">The second project is </span><strong style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">LHC</strong><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"> [OOPSLA'22], a new compositional logic for verifying hypersafety properties. Hypersafety expresses </span><em style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">relational</em><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"> properties of multiple runs of programs, e.g. two runs on inputs differing only on secrets will produce outputs that differ only on secrets (aka non-interference). LHC explores which reasoning principles are needed to build relational proofs that are compositional, i.e. prove a relational property of a program by composing relational properties of its sub-components.</span></p><br><b>Bio:</b> <p><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Emanuele D'Osualdo is a postdoc at MPI-SWS in Derek Dreyer's group. Previously, he was a Marie Curie Fellow at Imperial College London. He received his PhD from the University of Oxford in 2015; his PhD thesis won the CPHC/BCS Distinguished Dissertation award as best CS thesis in the UK.</span><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><br style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;">Emanuele's research is in formal methods for the verification of software, with a focus on concurrency and correctness properties beyond safety (e.g. security and liveness properties). He has worked both on automated techniques (based on static analysis, types and infinite-state model checking) and, more recently, on compositional logic-based methods (concurrent separation logic).</span></p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>tag:talks.cs.umd.edu,2005:Talk/36512023-10-17T11:17:45-04:002023-10-17T11:17:45-04:00https://talks.cs.umd.edu/talks/3651Satisfiability Modulo Finite Fields (with applications to compilers to zero-knowledge proofs)<a href="https://cs.stanford.edu/~aozdemir/">Alex Ozdemir - Stanford in the Center for Automated Reasoning</a><br><a href="https://maps.umd.edu/map/index.html?Nav=Hide&MapView=Detailed&NoWelcome=True&LocationType=Building&LocationName=432">5105 Brendan Iribe Center for Computer Science and Engineering (IRB)</a><br>Monday, October 23, 2023, 11:00 am-12:00 pm<br><br><b>Abstract:</b> <p>We study satisfiability <wbr></wbr>modulo the theory of finite <wbr></wbr>fields and give a decision<br>procedure for this theory. We <wbr></wbr>implement our procedure for <wbr></wbr>prime fields inside<br>the cvc5 SMT solver.<br><br>We apply our solver to two <wbr></wbr>automated verification tasks <wbr></wbr>related to compilers<br>to zero-knowledge proofs (<wbr></wbr>ZKPs). First, we do <wbr></wbr>translation validation for ZKP<br>compilers as applied to <wbr></wbr>boolean input computations. <wbr></wbr>Second, we do bounded<br>verification for a key ZKP <wbr></wbr>compiler pass: the "finite-<wbr></wbr>field blaster". Along<br>the way, we find 4 bugs in an <wbr></wbr>existing ZKP compiler.<br><br>Ultimately, our experiments <wbr></wbr>show that ZKP compilers can <wbr></wbr>have bugs and that<br>those bugs can be eliminated <wbr></wbr>using the theory of finite <wbr></wbr>fields.<br><br>References:<br><br>"Satisfiability Modulo Finite <wbr></wbr>Fields": <a href="https://doi.org/10.1007/978-3-031-37703-7_8" rel="noopener">https://doi.org/10.<wbr></wbr>1007/978-3-031-37703-7_8</a><br>"Bounded Verification for <wbr></wbr>Finite-Field Blasting": <a href="https://doi.org/10.1007/978-3-031-37709-9_8" rel="noopener">https:<wbr></wbr>//doi.org/10.1007/978-3-031-<wbr></wbr>37709-9_8</a></p><br><b>Bio:</b> <p>Alex Ozdemir is a PhD student <wbr></wbr>at Stanford in the Center for <wbr></wbr>Automated<br>Reasoning and the Applied <wbr></wbr>Cryptography group. His <wbr></wbr>research uses ideas from<br>cryptography, compilers, and <wbr></wbr>verification to improve tools <wbr></wbr>for *secure<br>computation* (such as zero-<wbr></wbr>knowledge proofs and multi-<wbr></wbr>party computations).</p><br>This talk is part of the following lists: <a href="https://talks.cs.umd.edu/lists/1">PL Reading Group</a><br>