Tech Talk: Visualizing Information Flow through C Programs

Galois is pleased to host the following tech talk. These talks are open to the interested public. Please join us!The talk will be held atGalois Inc.421 SW 6th Ave. Suite 300, Portland, OR, USA(3rd floor of the Commonwealth building)


Visualizing Information Flow through C Programs (slides)

Details:

  • Presenter: Joe Hurd
  • Date: Tuesday April 27, 2010
  • Time: 10:30am

Abstract: The aim of the Automated Security Analysis project is to determine whether the information flows in a realistically-sized C codebase can be automatically deduced and communicated in an understandable way to someone unfamiliar with the code. To test this, a new information flow static analysis and visualization technique were developed, and implemented in a research prototype tool. This talk will present the novel features of the static analysis and demonstrate how the results are shown in the visualization tool: information flow between program storage locations is decomposed into two compositional properties, which can be computed using sound abstract interpretation techniques. For each deduced information flow, the static analysis keeps track of a set of source code locations which demonstrate the information flow, and this is used by the visualization component to communicate the information flow to a user browsing the source code.

Bio: Joe Hurd, Ph.D. is a Formal Methods Engineer at Galois, Inc. For the past ten years Dr. Hurd has been applying theorem proving techniques to formally verify the correctness of complex software, including probabilistic programs, elliptic curve cryptography and game tree analysis algorithms. He is also the developer of Metis, an automatic theorem prover for first order logic, and coordinates the OpenTheory project, a package management system for higher order logic theories. Dr. Hurd is an active member of the theorem proving research community, having organized conferences in 2005 and 2008, given invited talks, and regularly appears on program committees and reviews papers for conferences and journals. Prior to joining Galois in 2007, Dr. Hurd was a research fellow at Magdalen College, University of Oxford. He studied at the University of Cambridge, receiving a Masters level degree in Mathematics in 1997, and a Ph.D. in Computer Science in 2002.

Read More

Solving n-Queens in Cryptol

The eight queens puzzle asks how to place eight queens on a chess board such that none of them attacks any other. The problem easily generalizes to n queens, using an nxn board. In this post, we’ll see how to solve the n-Queens puzzle in Cryptol, without lifting a finger!

Representing the board

It is easy to see that any solution to the n-Queens puzzle will have precisely one queen on each row and column of the board. Therefore, we can represent the solution as a sequence of n row numbers, corresponding to subsequent columns. For instance, the board pictured below (taken from the wikipedia page), can be represented by the sequence3  7  0  2  5  1  6  4
recording the row of the queen appearing in each consecutive column, starting from the top-left position. (And yes, we always count from 0!)

Read More

Tech Talk: Building Refactoring Tools for Functional Languages

Please note the non-standard time and day for this talk.Galois is pleased to host the following tech talk.  These talks are open to the interested public.  Please join us!Talks will be held atGalois Inc.421 SW 6th Ave. Suite 300, Portland, OR, USA(3rd floor of the Commonwealth building)


Building Refactoring Tools for Functional Languages

Details:

  • Presenter: Prof. Simon Thompson
  • Date: Thursday, April 1, 2010
  • Time: 10:30am

Abstract: Refactoring is the process of changing the design of a program without changing what it does. Typical refactorings, such as function extraction and generalisation, are intended to make a program more amenable to extension, more comprehensible and so on. Refactorings differ from other sorts of program transformation in being applied to source code (rather than within the bowels of a compiler), and in having an effect across a code base. Because of this, there is a need to give (semi-)automated support to the process. This talk will reflect on our experience of building tools to refactor functional programs written in Haskell and Erlang (Wrangler). In doing this we will address system design, the pragmatics of system take-up, as well as contrasting the style of refactoring and tooling for Haskell and Erlang.Bio: Simon Thompson is a Professor of Logic and Computation at the University of Kent.

Read More

Tech Talk: Two Talks! One Week!

LATE NOTICE: The Simon Thompson talk has been moved to Thurs. April 1, at 10:30am.Please note the non-standard times for these talks.Galois is pleased to host two tech talks during the week of March 22, 2010.  The two talks are short (20-30 minutes each) talks back-to-back at 10:30am on March 24th. Details are below.Talks will be held atGalois Inc.421 SW 6th Ave. Suite 300, Portland, OR, USA(3rd floor of the Commonwealth building)These talks are open to the interested public.  Please join us!


Visualization and Diversity Information

Details:

  • Presenter: Prof. Ron Metoyer
  • Date: Wednesday, March 24, 2010
  • Time: 10:30am

Abstract: The term “diversity’’ is used in many ways in many domains.  People are concerned about the diversity of their work force, stock portfolios, student body, and forest insects, just to name a few.  In this talk, I will discuss a work-in-progress visualization technique specifically designed to communicate diversity information.  I will present the design concerns, resulting visualizations, and a study design for evaluating the method.  I will conclude with a discussion of a case-study application to moth species data.Bio: Ronald Metoyer is an Associate Professor in the School of Electrical Engineering and Computer Science at Oregon State University.  He earned a Ph.D. from the Georgia Institute of Technology where he worked in the Graphics, Visualization and Usability Center with a focus on modeling and visualizing the motion of pedestrians in urban and architectural scenes.  Dr. Metoyer currently co-directs the NVIDIA Graphics and Imaging Technologies Lab (GAIT) with his colleagues at OSU. His past research efforts have involved the investigation of techniques for manipulating motion capture data and for facilitating the creation of 3D content by end users with the goal of empowering domain experts to create compelling and interactive content for their domain specific needs.  In 2002, he received an NSF CAREER Award for his work in “Understanding the Complexities of Animated Content”.  Dr. Metoyer’s most recent research interests fall under the domain of information visualization.


TITLE: Scientific Data Visualization in a GPU World

Details:

  • Presenter: Prof. Mike Bailey
  • Date: Wednesday, March 24, 2010
  • Time: 11:00am

Abstract: One of the fun aspects of scientific data visualization is that there are no rules — anything that adds insight to the data display is fair game.  Add that to the fun of custom-programming the GPU, and you’ve really got something!This talk will discuss some of the uses of custom GPU programming to create better and more interactive visualization displays.  We will look at techniques in the realm of scalar visualization, vector visualization, volume visualization, and terrain mapping.Bio: Mike Bailey is a Professor in Computer Science at Oregon State University. He specializes in scientific visualization, 3D interactive computer graphics, GPU programming, stereographics, and computer aided geometric design.

Read More

Tech Talk: An Introduction to Communicating Haskell Processes

Please note the unusual time-slot for this talk!Details:

  • Title: An Introduction to Communicating Haskell Processes
  • Presenter: Neil Brown
  • Date: Monday, 15 March 2010
  • Time: 10:30am
  • Location: Galois Inc.421 SW 6th Ave. Suite 300, Portland, OR, USA(3rd floor of the Commonwealth building)

Abstract: Haskell is an excellent language for combining the power of functional programming with imperative constructs. This characteristic led to the development of the Communicating Haskell Processes (CHP) libraries, which support imperative synchronous message-passing in Haskell. The core ‘chp’ library provides basic message-passing, concurrency and choice, as well as integrated support for tracing. The ‘chp-plus’ library provides higher-level features such as process composition operators and behaviour combinators. This talk provides an introduction to the two libraries and the programming style they engender — as well as a brief look at the formal semantics underlying the libraries.Bio: Neil Brown is a software researcher from the University of Kent in the UK. After graduating he worked for several years as a machine learning researcher in industry at QinetiQ, before returning to university to undertake his PhD. He started out writing a Haskell-based compiler for synchronous message-passing languages, and ended up programming some synchronous message-passing libraries for Haskell itself. As well as these CHP libraries, he also developed the Progression benchmark-graphing library for Haskell. More detail on both projects can be found on his blog.

Read More

Tech Talk: Modern Benchmarking in Haskell

Details:

  • Title: Modern Benchmarking in Haskell (slides)
  • Presenter: Don Stewart
  • Date: Tuesday, 23 February 2010
  • Time: 10:30am
  • Location: Galois Inc.421 SW 6th Ave. Suite 300, Portland, OR, USA(3rd floor of the Commonwealth building)

Abstract: Thanks to work by Bryan O’Sullivan, there has been a renaissance in performance benchmarking tools for Haskell, built upon Criterion.“Compared to most other benchmarking frameworks (for any programming language, not just Haskell), criterion focuses on being easy to use, informative, and robust.”Criterion uses statistically robust mechanisms for sampling and computing sound microbenchmark results, and is more stable in the presence of noise on the system than naive timings.Criterion has in turn spawned some extensions:

  • Progrssion: compare different criterion graphs
  • NoSlow: a new array benchmark suite based on Criterion

In this talk I will present these tools, how to use them, and how to make your performance benchmarks in Haskell, or languages Haskell can talk to, more reliable.Bio: Don is an Australian open source hacker, and engineer at Galois, Inc, in Portland, Oregon, where he works on creating trustworthiness and assurance in critical systems with an emphasis on language design and compiler techniques. Don is co-author of the book, Real World Haskell, published by O’Reilly, and the XMonad window manager.


Galois has been holding weekly technical seminars for several years on topics from functional programming, formal methods, compiler and language design, to cryptography, and operating system construction, with talks by many figures from the programming language and formal methods communities. The talks are open and free. An RSVP is not required, but feel free to contact the organizer with questions and comments.

Read More

Tech Talk: Introduction to Aarne Ranta’s GF, the Grammatical Framework

The talk will be presented by Iavor Diatchki on Tuesday, February 16th, at 10:30am.(slides)Abstract: The Grammatical Framework (created by Aarne Ranta) is a programming language for multilingual grammar applications. It may be seen in a number of different ways:

  • as a special-purpose language for grammars, like YACC or Happy, but not restricted to programming languages;
  • as a functional language, like Haskell or SML, but specialized to grammar writing;
  • as a logical framework, like Agda or Coq, but equipped with concrete syntax in addition to logic;
  • as a natural language processing framework, like LKB, or Regulus, but based on functional programming and type theory.

This talk is an introduction to GF’s basic concepts by example. We will look at how to define the meaning and syntax of a language, perform simple translations, define semantic properties, and how to use GF together with another language such as Haskell.Bio: Iavor Diatchki is a R&D Engineer at Galois, Inc. with a Ph.D. from the Oregon Graduate Institute.Details:

  • Date: February 16th, 2010, Tuesday
  • Time: 10:30am
  • Location: Galois Inc., 421 SW 6th Ave. Suite 300 (3rd floor of the Commonwealth building)

Galois has been holding weekly technical seminars for several years on topics from functional programming, formal methods, compiler and language design, to cryptography, and operating system construction, with talks by many figures from the programming language and formal methods communities. The talks are open and free. An RSVP is not required, but feel free to contact the organizer with questions and comments.

Read More

Tech Talk: An Introduction to the Maude Formal Tool Environment

The talk will be presented by Joe Hendrix on Tuesday, February 2nd, at 10:30am. (slides)Abstract: There is a great deal of interest today in developing multi-purpose environments that combine declarative programming, with specification languages and useful automated analysis techniques. In this talk, I will survey one such an environment: the Maude system. I will start by describing how to program in Maude with a focus on its support for rewriting modulo axioms. After some examples, I will also survey some of the different analysis tools developed on top of the Maude system —- including the model checker, inductive theorem prover, and an extension to the core language for modeling systems that operate in real-time.Details:

  • Date: February 2nd, 2010, Tuesday
  • Time: 10:30am
  • Location: Galois Inc.,  421 SW 6th Ave. Suite 300 (3rd floor of the Commonwealth building)

Galois has been holding weekly technical seminars for several years on topics from functional programming, formal methods, compiler and language design, to cryptography, and operating system construction, with talks by many figures from the programming language and formal methods communities. The talks are open and free. An RSVP is not required, but feel free to contact the organizer with questions and comments.

Read More

POPL 2010, Day 1

Here are some talks that caught my attention on the opening day of POPL 2010.Reconfigurable Asynchronous Logic Automata, Neil GershenfeldIn this invited talk, Neil proposed that we throw out the sequential model of computation from Turing and Von Neumann, and re-imagine computing from the ground up, more along the line of physics as it is manifested in the world. This might be the way forward given the huge power demands that will arise from traditional architectures as they become more and more powerful. Rather than imposing a top-down structure on the machine, Neil propose we consider systems built up from cellular automata. In ALA each cell is able to do a basic logic operation or, in RALA, reconfigure other cells. Built around 2D grids, and computing in parallel without any global clock, the automata are able to compute many basic functions in linear time, including multiplication and sorting (of course, they also take a linear number of cells to do so).What I liked about this talk is that it called on me to think more broadly about the nature of computation. I don’t think I buy the line that how we do computing today is wrong. But I do believe that computing and information theory is going to become more and more important in the development of many other subjects, including physics and biology. I also believe that we will need to harness many more structures to do computing rather than simply relying on gates burned in silicon. Coincidentally, at lunch today Luca Cardelli was telling me about his explorations in computing with DNA. Fascinating stuff!At the lowest levels, the primitive components of computation reflect the computational substrate, so they are very different from one instantiation to another. As primitive computational elements become combined, however, the different descriptions become more abstract, and start to look more and more alike. The same mathematical operations may arise in each form, for example. That makes me wonder what the space of truly computationally-neutral specifications looks like: how might we program in such a way that we really don’t have a preference for what substrate we map the computation onto. We already consider FPGAs, GPUs and CPUs as standard targets for languages like Cryptol. Let’s conceptually add DNA and RALA to the list, and see if that would have us change anything.A Simple, Verified Validator for Software Pipelining, Jean-Baptiste Tristan & Xavier LeroySoftware pipelining is a compiler transformation that reorders loop code to make more efficient use of the CPU and memory accesses. Code from many different iterations of the loop might be drawn together and overlapped to execute out of order, and perhaps in parallel. The question is how to verify that the pipelining has been done correctly.The paper proposes using symbolic evaluation. It describes an equivalence principle which requires proving two separate commutativity properties. These may both be shown by symbolic evaluation of the instruction code, being careful to handle the small differences (such as different temporary variables in the two paths). Overall the process is simple enough that it could be a standard component of any compiler, even if the compiler is non-verifying overall.A Verified Compiler for an Impure Functional Language, Adam ChlipalaHandling object-level variables in proofs is a real pain, one that is hard to eliminate. This paper has an interesting way of dealing with them. It describes a Coq verification of a compiler for Untyped Mini-ML with references and exceptions, compiling to an idealized assembly code.Now, using explicit object variables leads to lots of lemmas about substitution. On the other hand, full higher-order abstract syntax (HOAS) would lead quickly to non-termination, and hence unsoundness. So instead, the paper introduces a closure semantics in which variables are just numbers pointing into a heap. Many operations that would reorder substitutions (and hence require big proofs) don’t affect the closure heap, so the proofs go through easily.The paper also uses a high degree of proof automation: it has a generic proof script that looks at the hypotheses and goals, and decides what approaches to try. The proof script is a bit slow because the evaluation mechanism of Coq wasn’t designed for this particularly (but see my blog post from PADL about accelerating normalization). However, because the proof is highly automatic, it is not hard to evolve the compiler and proof simultaneously. In fact, the compiler and proof were developed incrementally in exactly this way.Verified Just-in-Time Compiler on x86, Magnus MyreenJIT compiling has become standard for accelerating web pages, amongst other things. Good JIT compilers can take into account the input to the program as well as the program itself. But it is hard to get them right, as witnessed apparently by a recent Firefox bug.An aspect that makes verification tricky is that code and data are mixed: a JIT compiler essentially produces self-modifying code. The paper provides a programming logic for self-modifying code by adapting Hoare triples so that there is both “before” and “after” code. Some practical issues also need to be handled: for example, the frame-property has subtleties regarding the instruction cache, and code-updates can sometime happen too recently to show up in the current instruction stream. The x86 documentation is a little vague about how soon code-modifications can be relied on to be present.The end result is a verified JIT compiler from a toy input byte-code language, but mapping to a realistic semantics for x86. The compiler produces comparable code quality to C for a GCD example.

Read More