Gabriel Dos Reis
- Courses1
- Reviews1
- School: Texas A&M University
- Campus: College Station
- Department: Computer Science
- Email address: Join to see
- Phone: Join to see
-
Location:
College Station, TX - Dates at Texas A&M University: May 2011 - May 2011
- Office Hours: Join to see
Biography
Texas A&M University College Station - Computer Science
Experience
Free Software Foundation
GCC contributor and Release Manager
Gabriel worked at Free Software Foundation as a GCC contributor and Release Manager
INRIA
Postdoctoral Research Associate
Gabriel worked at INRIA as a Postdoctoral Research Associate
Microsoft
Principal SDE
Gabriel worked at Microsoft as a Principal SDE
Texas A&M University
Postdoctoral Research Associate
Gabriel worked at Texas A&M University as a Postdoctoral Research Associate
Texas A&M University
Assistant Professor
Gabriel worked at Texas A&M University as a Assistant Professor
ISO C++ Standards Committee
C++ Expert
Gabriel worked at ISO C++ Standards Committee as a C++ Expert
Education
Ecole Normale Superieure de Cachan
PhD
Mathematics
Dissertation titled "Sur les surfaces à courbure moyenne constante" (French), or "On Surfaces with Constant Mean Curvature".
Publications
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
A Mechanized Semantics for C++ Object Construction and Destruction, with Applications to Resource Management
Principles of Programming Languages
We present a formal operational semantics and its Coq mechanization for the C++ object model, featuring object construction and destruction, shared and repeated multiple inheritance, and virtual function call dispatch. These are key C++ language features for high-level system programming, in particular for predictable and reliable resource management. This paper is the first to present a formal mechanized account of the metatheory of construction and destruction in C++, and applications to popular programming tech- niques such as “resource acquisition is initialization.” We also re- port on irregularities and apparent contradictions in the ISO C++03 and C++11 standards.
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
A Mechanized Semantics for C++ Object Construction and Destruction, with Applications to Resource Management
Principles of Programming Languages
We present a formal operational semantics and its Coq mechanization for the C++ object model, featuring object construction and destruction, shared and repeated multiple inheritance, and virtual function call dispatch. These are key C++ language features for high-level system programming, in particular for predictable and reliable resource management. This paper is the first to present a formal mechanized account of the metatheory of construction and destruction in C++, and applications to popular programming tech- niques such as “resource acquisition is initialization.” We also re- port on irregularities and apparent contradictions in the ISO C++03 and C++11 standards.
Eliminating Network Protocol Vulnerabilities Through Abstraction and Systems Language Design
The 3rd International Workshop on Rigorous Protocol Engineering
Incorrect implementations of network protocol mes- sage specifications affect the stability, security, and cost of network system development. Most implementation defects fall into one of three categories of well defined message constraints. However, the general process of constructing network protocol stacks and systems does not capture these categorical con- straints. We introduce a systems programming language with new abstractions that capture these constraints. Safe and efficient implementations of standard message handling operations are synthesized by our compiler, and whole-program analysis is used to ensure constraints are never violated. We present language examples using the OpenFlow protocol.
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
A Mechanized Semantics for C++ Object Construction and Destruction, with Applications to Resource Management
Principles of Programming Languages
We present a formal operational semantics and its Coq mechanization for the C++ object model, featuring object construction and destruction, shared and repeated multiple inheritance, and virtual function call dispatch. These are key C++ language features for high-level system programming, in particular for predictable and reliable resource management. This paper is the first to present a formal mechanized account of the metatheory of construction and destruction in C++, and applications to popular programming tech- niques such as “resource acquisition is initialization.” We also re- port on irregularities and apparent contradictions in the ISO C++03 and C++11 standards.
Eliminating Network Protocol Vulnerabilities Through Abstraction and Systems Language Design
The 3rd International Workshop on Rigorous Protocol Engineering
Incorrect implementations of network protocol mes- sage specifications affect the stability, security, and cost of network system development. Most implementation defects fall into one of three categories of well defined message constraints. However, the general process of constructing network protocol stacks and systems does not capture these categorical con- straints. We introduce a systems programming language with new abstractions that capture these constraints. Safe and efficient implementations of standard message handling operations are synthesized by our compiler, and whole-program analysis is used to ensure constraints are never violated. We present language examples using the OpenFlow protocol.
Specifying C++ Concepts
POPL 2006
C++ templates are key to the design of current successful mainstream libraries and systems. They are the basis of programming techniques in diverse areas ranging from conventional general-purpose programming to software for safety-critical embedded systems. Current work on improving templates focuses on the notion of concepts (a type system for templates), which promises significantly improved error diagnostics and increased expressive power such as concept-based overloading and function template partial specialization. This paper presents C++ templates with an emphasis on problems related to separate compilation. We consider the problem of how to express concepts in a precise way that is simple enough to be usable by ordinary programmers. In doing so, we expose a few weakness of the current specification of the C++ standard library and suggest a far more precise and complete specification. We also present a systematic way of translating our proposed concept definitions, based on use-patterns rather than function signatures, into constraint sets that can serve as convenient basis for concept checking in a compiler.
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
A Mechanized Semantics for C++ Object Construction and Destruction, with Applications to Resource Management
Principles of Programming Languages
We present a formal operational semantics and its Coq mechanization for the C++ object model, featuring object construction and destruction, shared and repeated multiple inheritance, and virtual function call dispatch. These are key C++ language features for high-level system programming, in particular for predictable and reliable resource management. This paper is the first to present a formal mechanized account of the metatheory of construction and destruction in C++, and applications to popular programming tech- niques such as “resource acquisition is initialization.” We also re- port on irregularities and apparent contradictions in the ISO C++03 and C++11 standards.
Eliminating Network Protocol Vulnerabilities Through Abstraction and Systems Language Design
The 3rd International Workshop on Rigorous Protocol Engineering
Incorrect implementations of network protocol mes- sage specifications affect the stability, security, and cost of network system development. Most implementation defects fall into one of three categories of well defined message constraints. However, the general process of constructing network protocol stacks and systems does not capture these categorical con- straints. We introduce a systems programming language with new abstractions that capture these constraints. Safe and efficient implementations of standard message handling operations are synthesized by our compiler, and whole-program analysis is used to ensure constraints are never violated. We present language examples using the OpenFlow protocol.
Specifying C++ Concepts
POPL 2006
C++ templates are key to the design of current successful mainstream libraries and systems. They are the basis of programming techniques in diverse areas ranging from conventional general-purpose programming to software for safety-critical embedded systems. Current work on improving templates focuses on the notion of concepts (a type system for templates), which promises significantly improved error diagnostics and increased expressive power such as concept-based overloading and function template partial specialization. This paper presents C++ templates with an emphasis on problems related to separate compilation. We consider the problem of how to express concepts in a precise way that is simple enough to be usable by ordinary programmers. In doing so, we expose a few weakness of the current specification of the C++ standard library and suggest a far more precise and complete specification. We also present a systematic way of translating our proposed concept definitions, based on use-patterns rather than function signatures, into constraint sets that can serve as convenient basis for concept checking in a compiler.
General Constant Expressions for System Programming Languages
Symposium on Applied Computing
Most mainstream system programming languages provide support for builtin types, and extension mechanisms through user-defined types. They also come with a notion of constant expressions whereby some expressions (such as array bounds) can be evaluated at compile time. However, they require constant expressions to be written in an impoverished language with minimal support from the type system; this is tedious and error-prone. This paper presents a framework for generalizing the notion of constant expressions in modern system programming languages. It extends compile time evaluation to functions and variables of user-defined types, thereby including formerly ad hoc notions of Read Only Memory (ROM) objects into a general and type safe framework. It allows a programmer to specify that an operation must be evaluated at compile time. Furthermore, it provides more direct support for key meta programming and generative programming techniques. The framework is formalized as an extension of underlying type system with a binding time analysis. It was designed to meet real-world requirements. In particular, key design decisions relate to balancing expressive power to implementability in industrial compilers and teachability. It has been implemented for C++ in the GNU Compiler Collection, and is part of the next ISO C++ standard.
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
A Mechanized Semantics for C++ Object Construction and Destruction, with Applications to Resource Management
Principles of Programming Languages
We present a formal operational semantics and its Coq mechanization for the C++ object model, featuring object construction and destruction, shared and repeated multiple inheritance, and virtual function call dispatch. These are key C++ language features for high-level system programming, in particular for predictable and reliable resource management. This paper is the first to present a formal mechanized account of the metatheory of construction and destruction in C++, and applications to popular programming tech- niques such as “resource acquisition is initialization.” We also re- port on irregularities and apparent contradictions in the ISO C++03 and C++11 standards.
Eliminating Network Protocol Vulnerabilities Through Abstraction and Systems Language Design
The 3rd International Workshop on Rigorous Protocol Engineering
Incorrect implementations of network protocol mes- sage specifications affect the stability, security, and cost of network system development. Most implementation defects fall into one of three categories of well defined message constraints. However, the general process of constructing network protocol stacks and systems does not capture these categorical con- straints. We introduce a systems programming language with new abstractions that capture these constraints. Safe and efficient implementations of standard message handling operations are synthesized by our compiler, and whole-program analysis is used to ensure constraints are never violated. We present language examples using the OpenFlow protocol.
Specifying C++ Concepts
POPL 2006
C++ templates are key to the design of current successful mainstream libraries and systems. They are the basis of programming techniques in diverse areas ranging from conventional general-purpose programming to software for safety-critical embedded systems. Current work on improving templates focuses on the notion of concepts (a type system for templates), which promises significantly improved error diagnostics and increased expressive power such as concept-based overloading and function template partial specialization. This paper presents C++ templates with an emphasis on problems related to separate compilation. We consider the problem of how to express concepts in a precise way that is simple enough to be usable by ordinary programmers. In doing so, we expose a few weakness of the current specification of the C++ standard library and suggest a far more precise and complete specification. We also present a systematic way of translating our proposed concept definitions, based on use-patterns rather than function signatures, into constraint sets that can serve as convenient basis for concept checking in a compiler.
General Constant Expressions for System Programming Languages
Symposium on Applied Computing
Most mainstream system programming languages provide support for builtin types, and extension mechanisms through user-defined types. They also come with a notion of constant expressions whereby some expressions (such as array bounds) can be evaluated at compile time. However, they require constant expressions to be written in an impoverished language with minimal support from the type system; this is tedious and error-prone. This paper presents a framework for generalizing the notion of constant expressions in modern system programming languages. It extends compile time evaluation to functions and variables of user-defined types, thereby including formerly ad hoc notions of Read Only Memory (ROM) objects into a general and type safe framework. It allows a programmer to specify that an operation must be evaluated at compile time. Furthermore, it provides more direct support for key meta programming and generative programming techniques. The framework is formalized as an extension of underlying type system with a binding time analysis. It was designed to meet real-world requirements. In particular, key design decisions relate to balancing expressive power to implementability in industrial compilers and teachability. It has been implemented for C++ in the GNU Compiler Collection, and is part of the next ISO C++ standard.
A System for Axiomatic Programming
Intelligent Computer Mathermatics 2012
We present the design and implementation of a system for axiomatic programming, and its application to mathematical software construction. Key novelties include a direct support for user-defined axioms establishing local equalities between types, and overload resolution based on equational theories and user-defined local axioms. We illustrate uses of axioms, and their organization into concepts, in structured generic programming as practiced in computational mathematical systems.
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
A Mechanized Semantics for C++ Object Construction and Destruction, with Applications to Resource Management
Principles of Programming Languages
We present a formal operational semantics and its Coq mechanization for the C++ object model, featuring object construction and destruction, shared and repeated multiple inheritance, and virtual function call dispatch. These are key C++ language features for high-level system programming, in particular for predictable and reliable resource management. This paper is the first to present a formal mechanized account of the metatheory of construction and destruction in C++, and applications to popular programming tech- niques such as “resource acquisition is initialization.” We also re- port on irregularities and apparent contradictions in the ISO C++03 and C++11 standards.
Eliminating Network Protocol Vulnerabilities Through Abstraction and Systems Language Design
The 3rd International Workshop on Rigorous Protocol Engineering
Incorrect implementations of network protocol mes- sage specifications affect the stability, security, and cost of network system development. Most implementation defects fall into one of three categories of well defined message constraints. However, the general process of constructing network protocol stacks and systems does not capture these categorical con- straints. We introduce a systems programming language with new abstractions that capture these constraints. Safe and efficient implementations of standard message handling operations are synthesized by our compiler, and whole-program analysis is used to ensure constraints are never violated. We present language examples using the OpenFlow protocol.
Specifying C++ Concepts
POPL 2006
C++ templates are key to the design of current successful mainstream libraries and systems. They are the basis of programming techniques in diverse areas ranging from conventional general-purpose programming to software for safety-critical embedded systems. Current work on improving templates focuses on the notion of concepts (a type system for templates), which promises significantly improved error diagnostics and increased expressive power such as concept-based overloading and function template partial specialization. This paper presents C++ templates with an emphasis on problems related to separate compilation. We consider the problem of how to express concepts in a precise way that is simple enough to be usable by ordinary programmers. In doing so, we expose a few weakness of the current specification of the C++ standard library and suggest a far more precise and complete specification. We also present a systematic way of translating our proposed concept definitions, based on use-patterns rather than function signatures, into constraint sets that can serve as convenient basis for concept checking in a compiler.
General Constant Expressions for System Programming Languages
Symposium on Applied Computing
Most mainstream system programming languages provide support for builtin types, and extension mechanisms through user-defined types. They also come with a notion of constant expressions whereby some expressions (such as array bounds) can be evaluated at compile time. However, they require constant expressions to be written in an impoverished language with minimal support from the type system; this is tedious and error-prone. This paper presents a framework for generalizing the notion of constant expressions in modern system programming languages. It extends compile time evaluation to functions and variables of user-defined types, thereby including formerly ad hoc notions of Read Only Memory (ROM) objects into a general and type safe framework. It allows a programmer to specify that an operation must be evaluated at compile time. Furthermore, it provides more direct support for key meta programming and generative programming techniques. The framework is formalized as an extension of underlying type system with a binding time analysis. It was designed to meet real-world requirements. In particular, key design decisions relate to balancing expressive power to implementability in industrial compilers and teachability. It has been implemented for C++ in the GNU Compiler Collection, and is part of the next ISO C++ standard.
A System for Axiomatic Programming
Intelligent Computer Mathermatics 2012
We present the design and implementation of a system for axiomatic programming, and its application to mathematical software construction. Key novelties include a direct support for user-defined axioms establishing local equalities between types, and overload resolution based on equational theories and user-defined local axioms. We illustrate uses of axioms, and their organization into concepts, in structured generic programming as practiced in computational mathematical systems.
Safer SDN Programming through Arbiter
GPCE 2015
Software Defined Networking (SDN) programs are written with respect to assumptions on software and hardware facilities and protocol definitions. Silent mismatches between the expected feature set and implemented feature set of SDN artifacts can easily lead to hard to debug network configurations, decreased network performance, outages, or worse, security vulnerabilities. We show how the paradigm of axiomatic programming, supported by practical dependent types, provides effective support for SDN executable specification and verification.
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
A Mechanized Semantics for C++ Object Construction and Destruction, with Applications to Resource Management
Principles of Programming Languages
We present a formal operational semantics and its Coq mechanization for the C++ object model, featuring object construction and destruction, shared and repeated multiple inheritance, and virtual function call dispatch. These are key C++ language features for high-level system programming, in particular for predictable and reliable resource management. This paper is the first to present a formal mechanized account of the metatheory of construction and destruction in C++, and applications to popular programming tech- niques such as “resource acquisition is initialization.” We also re- port on irregularities and apparent contradictions in the ISO C++03 and C++11 standards.
Eliminating Network Protocol Vulnerabilities Through Abstraction and Systems Language Design
The 3rd International Workshop on Rigorous Protocol Engineering
Incorrect implementations of network protocol mes- sage specifications affect the stability, security, and cost of network system development. Most implementation defects fall into one of three categories of well defined message constraints. However, the general process of constructing network protocol stacks and systems does not capture these categorical con- straints. We introduce a systems programming language with new abstractions that capture these constraints. Safe and efficient implementations of standard message handling operations are synthesized by our compiler, and whole-program analysis is used to ensure constraints are never violated. We present language examples using the OpenFlow protocol.
Specifying C++ Concepts
POPL 2006
C++ templates are key to the design of current successful mainstream libraries and systems. They are the basis of programming techniques in diverse areas ranging from conventional general-purpose programming to software for safety-critical embedded systems. Current work on improving templates focuses on the notion of concepts (a type system for templates), which promises significantly improved error diagnostics and increased expressive power such as concept-based overloading and function template partial specialization. This paper presents C++ templates with an emphasis on problems related to separate compilation. We consider the problem of how to express concepts in a precise way that is simple enough to be usable by ordinary programmers. In doing so, we expose a few weakness of the current specification of the C++ standard library and suggest a far more precise and complete specification. We also present a systematic way of translating our proposed concept definitions, based on use-patterns rather than function signatures, into constraint sets that can serve as convenient basis for concept checking in a compiler.
General Constant Expressions for System Programming Languages
Symposium on Applied Computing
Most mainstream system programming languages provide support for builtin types, and extension mechanisms through user-defined types. They also come with a notion of constant expressions whereby some expressions (such as array bounds) can be evaluated at compile time. However, they require constant expressions to be written in an impoverished language with minimal support from the type system; this is tedious and error-prone. This paper presents a framework for generalizing the notion of constant expressions in modern system programming languages. It extends compile time evaluation to functions and variables of user-defined types, thereby including formerly ad hoc notions of Read Only Memory (ROM) objects into a general and type safe framework. It allows a programmer to specify that an operation must be evaluated at compile time. Furthermore, it provides more direct support for key meta programming and generative programming techniques. The framework is formalized as an extension of underlying type system with a binding time analysis. It was designed to meet real-world requirements. In particular, key design decisions relate to balancing expressive power to implementability in industrial compilers and teachability. It has been implemented for C++ in the GNU Compiler Collection, and is part of the next ISO C++ standard.
A System for Axiomatic Programming
Intelligent Computer Mathermatics 2012
We present the design and implementation of a system for axiomatic programming, and its application to mathematical software construction. Key novelties include a direct support for user-defined axioms establishing local equalities between types, and overload resolution based on equational theories and user-defined local axioms. We illustrate uses of axioms, and their organization into concepts, in structured generic programming as practiced in computational mathematical systems.
Safer SDN Programming through Arbiter
GPCE 2015
Software Defined Networking (SDN) programs are written with respect to assumptions on software and hardware facilities and protocol definitions. Silent mismatches between the expected feature set and implemented feature set of SDN artifacts can easily lead to hard to debug network configurations, decreased network performance, outages, or worse, security vulnerabilities. We show how the paradigm of axiomatic programming, supported by practical dependent types, provides effective support for SDN executable specification and verification.
Algorithmic Differentiation in Axiom
ISSAC 2007
This paper describes the design and implementation of an algorithmic differentiation framework in the Axiom computer algebra system. Our implementation works by transformations on Spad programs at the level of the typed abstract syntax tree — Spad is the language for extending Axiom with libraries. The framework illustrates an algebraic theory of algorithmic differentiation, here only for Spad programs, but we suggest that the theory is general. In particular, if it is possible to define a compositional semantics for programs, we define the exact requirements for when a program can be algorithmically differentiated. This leads to a general algorithmic differentiation system, and is not confined to functions which compute with basic data types, such as floating point numbers.
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
A Mechanized Semantics for C++ Object Construction and Destruction, with Applications to Resource Management
Principles of Programming Languages
We present a formal operational semantics and its Coq mechanization for the C++ object model, featuring object construction and destruction, shared and repeated multiple inheritance, and virtual function call dispatch. These are key C++ language features for high-level system programming, in particular for predictable and reliable resource management. This paper is the first to present a formal mechanized account of the metatheory of construction and destruction in C++, and applications to popular programming tech- niques such as “resource acquisition is initialization.” We also re- port on irregularities and apparent contradictions in the ISO C++03 and C++11 standards.
Eliminating Network Protocol Vulnerabilities Through Abstraction and Systems Language Design
The 3rd International Workshop on Rigorous Protocol Engineering
Incorrect implementations of network protocol mes- sage specifications affect the stability, security, and cost of network system development. Most implementation defects fall into one of three categories of well defined message constraints. However, the general process of constructing network protocol stacks and systems does not capture these categorical con- straints. We introduce a systems programming language with new abstractions that capture these constraints. Safe and efficient implementations of standard message handling operations are synthesized by our compiler, and whole-program analysis is used to ensure constraints are never violated. We present language examples using the OpenFlow protocol.
Specifying C++ Concepts
POPL 2006
C++ templates are key to the design of current successful mainstream libraries and systems. They are the basis of programming techniques in diverse areas ranging from conventional general-purpose programming to software for safety-critical embedded systems. Current work on improving templates focuses on the notion of concepts (a type system for templates), which promises significantly improved error diagnostics and increased expressive power such as concept-based overloading and function template partial specialization. This paper presents C++ templates with an emphasis on problems related to separate compilation. We consider the problem of how to express concepts in a precise way that is simple enough to be usable by ordinary programmers. In doing so, we expose a few weakness of the current specification of the C++ standard library and suggest a far more precise and complete specification. We also present a systematic way of translating our proposed concept definitions, based on use-patterns rather than function signatures, into constraint sets that can serve as convenient basis for concept checking in a compiler.
General Constant Expressions for System Programming Languages
Symposium on Applied Computing
Most mainstream system programming languages provide support for builtin types, and extension mechanisms through user-defined types. They also come with a notion of constant expressions whereby some expressions (such as array bounds) can be evaluated at compile time. However, they require constant expressions to be written in an impoverished language with minimal support from the type system; this is tedious and error-prone. This paper presents a framework for generalizing the notion of constant expressions in modern system programming languages. It extends compile time evaluation to functions and variables of user-defined types, thereby including formerly ad hoc notions of Read Only Memory (ROM) objects into a general and type safe framework. It allows a programmer to specify that an operation must be evaluated at compile time. Furthermore, it provides more direct support for key meta programming and generative programming techniques. The framework is formalized as an extension of underlying type system with a binding time analysis. It was designed to meet real-world requirements. In particular, key design decisions relate to balancing expressive power to implementability in industrial compilers and teachability. It has been implemented for C++ in the GNU Compiler Collection, and is part of the next ISO C++ standard.
A System for Axiomatic Programming
Intelligent Computer Mathermatics 2012
We present the design and implementation of a system for axiomatic programming, and its application to mathematical software construction. Key novelties include a direct support for user-defined axioms establishing local equalities between types, and overload resolution based on equational theories and user-defined local axioms. We illustrate uses of axioms, and their organization into concepts, in structured generic programming as practiced in computational mathematical systems.
Safer SDN Programming through Arbiter
GPCE 2015
Software Defined Networking (SDN) programs are written with respect to assumptions on software and hardware facilities and protocol definitions. Silent mismatches between the expected feature set and implemented feature set of SDN artifacts can easily lead to hard to debug network configurations, decreased network performance, outages, or worse, security vulnerabilities. We show how the paradigm of axiomatic programming, supported by practical dependent types, provides effective support for SDN executable specification and verification.
Algorithmic Differentiation in Axiom
ISSAC 2007
This paper describes the design and implementation of an algorithmic differentiation framework in the Axiom computer algebra system. Our implementation works by transformations on Spad programs at the level of the typed abstract syntax tree — Spad is the language for extending Axiom with libraries. The framework illustrates an algebraic theory of algorithmic differentiation, here only for Spad programs, but we suggest that the theory is general. In particular, if it is possible to define a compositional semantics for programs, we define the exact requirements for when a program can be algorithmically differentiated. This leads to a general algorithmic differentiation system, and is not confined to functions which compute with basic data types, such as floating point numbers.
A Principled, Complete, and Efficient Representation of C++
Mathematics in Computer Science; Springer
We present a systematic representation of C++, called IPR, for complete semantic analysis and semantics-based program transformations. We describe the ideas and design principles that shaped the IPR. In particular, we describe how general type-based unification is key to minimal compact representation, fast type-safe traversal, and scalability. For example, the representation of a fairly typical non-trivial C++ program in GCC 3.4.2 was 32 times larger than its IPR representation; this led to significant improvements to GCC. IPR is general enough to handle real-world programs involving many translation units, archaic programming styles, and generic programming using C++0x extensions that affect the type system. The difficult issue of how to represent irregular (ad hoc) features in a systematic (non ad hoc) manner is among the key contributions of this paper. The IPR data structure can represent all of C++ with just 157 simple node types; to compare the ISO C++ grammar has over 700 productions. The IPR is used for a variety of program analysis and transformation tasks, such as visualization, loop simplification, and concept extraction. Finally, we report impacts of this work on existing C++ compilers.
Formal Verification of Object Layout for C++ Multiple Inheritance
Principles of Programming Languages
Object layout – the concrete in-memory representation of objects – raises many delicate issues in the case of the C++ language, owing in particular to multiple inheritance, C compatibility and separate compilation. This paper formalizes a family of C++ object layout schemes and mechanically proves their correctness against the operational semantics for multiple inheritance of Wasserrab et al. This formalization is flexible enough to account for space-saving techniques such as empty base class optimization and tail-padding optimization. As an application, we obtain the first formal correctness proofs for realistic, optimized object layout algorithms, including one based on the popular “common vendor” Itanium C++ application binary interface. This work provides semantic foundations to discover and justify new layout optimizations; it is also a first step towards the verification of a C++ compiler front-end.
A Mechanized Semantics for C++ Object Construction and Destruction, with Applications to Resource Management
Principles of Programming Languages
We present a formal operational semantics and its Coq mechanization for the C++ object model, featuring object construction and destruction, shared and repeated multiple inheritance, and virtual function call dispatch. These are key C++ language features for high-level system programming, in particular for predictable and reliable resource management. This paper is the first to present a formal mechanized account of the metatheory of construction and destruction in C++, and applications to popular programming tech- niques such as “resource acquisition is initialization.” We also re- port on irregularities and apparent contradictions in the ISO C++03 and C++11 standards.
Eliminating Network Protocol Vulnerabilities Through Abstraction and Systems Language Design
The 3rd International Workshop on Rigorous Protocol Engineering
Incorrect implementations of network protocol mes- sage specifications affect the stability, security, and cost of network system development. Most implementation defects fall into one of three categories of well defined message constraints. However, the general process of constructing network protocol stacks and systems does not capture these categorical con- straints. We introduce a systems programming language with new abstractions that capture these constraints. Safe and efficient implementations of standard message handling operations are synthesized by our compiler, and whole-program analysis is used to ensure constraints are never violated. We present language examples using the OpenFlow protocol.
Specifying C++ Concepts
POPL 2006
C++ templates are key to the design of current successful mainstream libraries and systems. They are the basis of programming techniques in diverse areas ranging from conventional general-purpose programming to software for safety-critical embedded systems. Current work on improving templates focuses on the notion of concepts (a type system for templates), which promises significantly improved error diagnostics and increased expressive power such as concept-based overloading and function template partial specialization. This paper presents C++ templates with an emphasis on problems related to separate compilation. We consider the problem of how to express concepts in a precise way that is simple enough to be usable by ordinary programmers. In doing so, we expose a few weakness of the current specification of the C++ standard library and suggest a far more precise and complete specification. We also present a systematic way of translating our proposed concept definitions, based on use-patterns rather than function signatures, into constraint sets that can serve as convenient basis for concept checking in a compiler.
General Constant Expressions for System Programming Languages
Symposium on Applied Computing
Most mainstream system programming languages provide support for builtin types, and extension mechanisms through user-defined types. They also come with a notion of constant expressions whereby some expressions (such as array bounds) can be evaluated at compile time. However, they require constant expressions to be written in an impoverished language with minimal support from the type system; this is tedious and error-prone. This paper presents a framework for generalizing the notion of constant expressions in modern system programming languages. It extends compile time evaluation to functions and variables of user-defined types, thereby including formerly ad hoc notions of Read Only Memory (ROM) objects into a general and type safe framework. It allows a programmer to specify that an operation must be evaluated at compile time. Furthermore, it provides more direct support for key meta programming and generative programming techniques. The framework is formalized as an extension of underlying type system with a binding time analysis. It was designed to meet real-world requirements. In particular, key design decisions relate to balancing expressive power to implementability in industrial compilers and teachability. It has been implemented for C++ in the GNU Compiler Collection, and is part of the next ISO C++ standard.
A System for Axiomatic Programming
Intelligent Computer Mathermatics 2012
We present the design and implementation of a system for axiomatic programming, and its application to mathematical software construction. Key novelties include a direct support for user-defined axioms establishing local equalities between types, and overload resolution based on equational theories and user-defined local axioms. We illustrate uses of axioms, and their organization into concepts, in structured generic programming as practiced in computational mathematical systems.
Safer SDN Programming through Arbiter
GPCE 2015
Software Defined Networking (SDN) programs are written with respect to assumptions on software and hardware facilities and protocol definitions. Silent mismatches between the expected feature set and implemented feature set of SDN artifacts can easily lead to hard to debug network configurations, decreased network performance, outages, or worse, security vulnerabilities. We show how the paradigm of axiomatic programming, supported by practical dependent types, provides effective support for SDN executable specification and verification.
Algorithmic Differentiation in Axiom
ISSAC 2007
This paper describes the design and implementation of an algorithmic differentiation framework in the Axiom computer algebra system. Our implementation works by transformations on Spad programs at the level of the typed abstract syntax tree — Spad is the language for extending Axiom with libraries. The framework illustrates an algebraic theory of algorithmic differentiation, here only for Spad programs, but we suggest that the theory is general. In particular, if it is possible to define a compositional semantics for programs, we define the exact requirements for when a program can be algorithmically differentiated. This leads to a general algorithmic differentiation system, and is not confined to functions which compute with basic data types, such as floating point numbers.
A Principled, Complete, and Efficient Representation of C++
Mathematics in Computer Science; Springer
We present a systematic representation of C++, called IPR, for complete semantic analysis and semantics-based program transformations. We describe the ideas and design principles that shaped the IPR. In particular, we describe how general type-based unification is key to minimal compact representation, fast type-safe traversal, and scalability. For example, the representation of a fairly typical non-trivial C++ program in GCC 3.4.2 was 32 times larger than its IPR representation; this led to significant improvements to GCC. IPR is general enough to handle real-world programs involving many translation units, archaic programming styles, and generic programming using C++0x extensions that affect the type system. The difficult issue of how to represent irregular (ad hoc) features in a systematic (non ad hoc) manner is among the key contributions of this paper. The IPR data structure can represent all of C++ with just 157 simple node types; to compare the ISO C++ grammar has over 700 productions. The IPR is used for a variety of program analysis and transformation tasks, such as visualization, loop simplification, and concept extraction. Finally, we report impacts of this work on existing C++ compilers.
Open Pattern Matching for C++
ACM
Pattern matching is an abstraction mechanism that can greatly simplify source code. We present functional-style pattern matching for C++ implemented as a library, called Mach7. All the patterns are user-definable, can be stored in variables, passed among functions, and allow the use of class hierarchies. As an example, we implement common patterns used in functional languages. Our approach to pattern matching is based on compile-time composition of pattern objects through concepts. This is superior (in terms of performance and expressiveness) to approaches based on run-time composition of polymorphic pattern objects. In particular, our solution allows mapping functional code based on pattern matching directly into C++ and produces code that is only a few percent slower than hand-optimized C++ code. The library uses an efficient type switch construct, further extending it to multiple scrutinees and general patterns. We compare the performance of pattern matching to that of double dispatch and open multi-methods in C++.
