Workshop PEPM 2018 – Author Index 
Contents 
Abstracts 
Authors

Asai, Kenichi 
PEPM '18: "Selective CPS Transformation ..."
Selective CPS Transformation for Shift and Reset
Kenichi Asai and Chihiro Uehara (Ochanomizu University, Japan)
This paper presents a selective CPS transformation for a program that
uses control operators, shift and reset, introduced by
Danvy and Filinski.
By selectively CPStransforming a program, we can execute a program
with shift and reset in a standard functional language without
support for control operators.
We introduce a constraintbased type inference system that annotates
the parts that are captured by shift and thus require CPS
transformation.
We show that the best annotation does not exist in general, and
present a constraint solving algorithm that is reasonably efficient.
The selective CPS transformation is defined over annotated terms
and its correctness is proven.
Finally, experimental results show that selective CPS transformation
does improve performance compared to the standard CPS
transformation.
@InProceedings{PEPM18p40,
author = {Kenichi Asai and Chihiro Uehara},
title = {Selective CPS Transformation for Shift and Reset},
booktitle = {Proc.\ PEPM},
publisher = {ACM},
pages = {4052},
doi = {10.1145/3162069},
year = {2018},
}
Publisher's Version
Article Search


Broman, David 
PEPM '18: "Gradually Typed Symbolic Expressions ..."
Gradually Typed Symbolic Expressions
David Broman and Jeremy G. Siek (KTH, Sweden; Indiana University, USA) Embedding a domainspecific language (DSL) in a general purpose host language is an efficient way to develop a new DSL. Various kinds of languages and paradigms can be used as host languages, including objectoriented, functional, statically typed, and dynamically typed variants, all having their pros and cons. For deep embedding, statically typed languages enable early checking and potentially good DSL error messages, instead of reporting runtime errors. Dynamically typed languages, on the other hand, enable flexible transformations, thus avoiding extensive boilerplate code. In this paper, we introduce the concept of gradually typed symbolic expressions that mix static and dynamic typing for symbolic data. The key idea is to combine the strengths of dynamic and static typing in the context of deep embedding of DSLs. We define a gradually typed calculus λ^{<⋆>}, formalize its type system and dynamic semantics, and prove type safety. We introduce a host language called Modelyze that is based on λ^{<⋆>}, and evaluate the approach by embedding a series of equationbased domainspecific modeling languages, all within the domain of physical modeling and simulation. 

Greenman, Ben 
PEPM '18: "On the Cost of TypeTag Soundness ..."
On the Cost of TypeTag Soundness
Ben Greenman and Zeina Migeed (Northeastern University, USA)
Gradual typing systems ensure type soundness by transforming static type annotations into runtime checks.
These checks provide semantic guarantees, but may come at a large cost in performance.
In particular, recent work by Takikawa et al. suggests that enforcing a conventional form of type soundness may slow a program by two orders of magnitude.
Since different gradual typing systems satisfy different notions of soundness, the question then arises: what is the cost of such varying notions of soundness?
This paper answers an instance of this question by applying Takikawa et al.'s evaluation method to Reticulated Python, which satisfies a notion of typetag soundness.
We find that the cost of soundness in Reticulated is at most one order of magnitude, and increases linearly with the number of type annotations.
@InProceedings{PEPM18p30,
author = {Ben Greenman and Zeina Migeed},
title = {On the Cost of TypeTag Soundness},
booktitle = {Proc.\ PEPM},
publisher = {ACM},
pages = {3039},
doi = {10.1145/3162066},
year = {2018},
}
Publisher's Version
Article Search
Info


Igarashi, Atsushi 
PEPM '18: "A GuessandAssume Approach ..."
A GuessandAssume Approach to Loop Fusion for Program Verification
Akifumi Imanishi, Kohei Suenaga, and Atsushi Igarashi (Kyoto University, Japan) Loop fusion—a program transformation to merge multiple consecutive loops into a single one—has been studied mainly for compiler optimization. In this paper, we propose a new loop fusion strategy, which can fuse any loops—even loops with data dependence—and show that it is useful for program verification because it can simplify loop invariants. The crux of our loop fusion is the following observation: if the state after the first loop were known, the two loop bodies could be computed at the same time without suffering from data dependence by renaming program variables. Our loop fusion produces a program that guesses the unknown state after the first loop nondeterministically, executes the fused loop where variables are renamed, compares the guessed state and the state actually computed by the fused loop, and, if they do not match, diverges. The last two steps of comparison and divergence are crucial to preserve partial correctness. We call our approach “guessandassume” because, in addition to the first step to guess, the last two steps can be expressed by the pseudoinstruction assume, used in program verification. We formalize our loop fusion for a simple imperative language and prove that it preserves partial correctness. We further extend the “guessandassume” technique to reversing loop execution, which is useful to verify a certain type of consecutive loops. Finally, we confirm by experiments that our transformation techniques are indeed effective for stateoftheart model checkers to verify a few small programs that they could not. 

Imanishi, Akifumi 
PEPM '18: "A GuessandAssume Approach ..."
A GuessandAssume Approach to Loop Fusion for Program Verification
Akifumi Imanishi, Kohei Suenaga, and Atsushi Igarashi (Kyoto University, Japan) Loop fusion—a program transformation to merge multiple consecutive loops into a single one—has been studied mainly for compiler optimization. In this paper, we propose a new loop fusion strategy, which can fuse any loops—even loops with data dependence—and show that it is useful for program verification because it can simplify loop invariants. The crux of our loop fusion is the following observation: if the state after the first loop were known, the two loop bodies could be computed at the same time without suffering from data dependence by renaming program variables. Our loop fusion produces a program that guesses the unknown state after the first loop nondeterministically, executes the fused loop where variables are renamed, compares the guessed state and the state actually computed by the fused loop, and, if they do not match, diverges. The last two steps of comparison and divergence are crucial to preserve partial correctness. We call our approach “guessandassume” because, in addition to the first step to guess, the last two steps can be expressed by the pseudoinstruction assume, used in program verification. We formalize our loop fusion for a simple imperative language and prove that it preserves partial correctness. We further extend the “guessandassume” technique to reversing loop execution, which is useful to verify a certain type of consecutive loops. Finally, we confirm by experiments that our transformation techniques are indeed effective for stateoftheart model checkers to verify a few small programs that they could not. 

Jay, Barry 
PEPM '18: "Recursive Programs in Normal ..."
Recursive Programs in Normal Form (Short Paper)
Barry Jay (University of Technology Sydney, Australia)
Recursive programs can now be expressed as normal forms within some
rewriting systems, including traditional combinatory logic, a new
variant of lambdacalculus called closure calculus, and recent
variants of combinatory logic that support queries of internal
program structure. In all these settings, partial evaluation of
primitive recursive functions, such as addition, can reduce open
terms to normal form without fear of nontermination. In those
calculi where queries of program structure are supported, program
optimisations that are expressed as nonstandard rewriting rules can
be represented as functions in the calculus, without any need for
quotation or other metatheory.
@InProceedings{PEPM18p67,
author = {Barry Jay},
title = {Recursive Programs in Normal Form (Short Paper)},
booktitle = {Proc.\ PEPM},
publisher = {ACM},
pages = {6773},
doi = {10.1145/3162067},
year = {2018},
}
Publisher's Version
Article Search


Kameyama, Yukiyoshi 
PEPM '18: "Program Generation for ML ..."
Program Generation for ML Modules (Short Paper)
Takahisa Watanabe and Yukiyoshi Kameyama (University of Tsukuba, Japan)
Program generation has been successful in various domains which need high performance and high productivity.
Yet, programminglanguage supports for program generation need further improvement.
An important omission is the functionality of generating modules in a type safe way.
Inoue et al. have addressed this issue in 2016, but investigated only a few examples.
We propose a language as an extension of (a small subset of) MetaOCaml in which one can manipulate and generate code of a module, and implement it based on a simple translation to MetaOCaml.
We show that our language solves the performance problem in functor applications pointed out by Inoue et al.,
and that it provides a suitable basis for writing code generators for modules.
@InProceedings{PEPM18p60,
author = {Takahisa Watanabe and Yukiyoshi Kameyama},
title = {Program Generation for ML Modules (Short Paper)},
booktitle = {Proc.\ PEPM},
publisher = {ACM},
pages = {6066},
doi = {10.1145/3162072},
year = {2018},
}
Publisher's Version
Article Search


Kinder, Johannes 
PEPM '18: "Checking Cryptographic API ..."
Checking Cryptographic API Usage with Composable Annotations (Short Paper)
Duncan Mitchell, L. Thomas van Binsbergen, Blake Loring, and Johannes Kinder (Royal Holloway University of London, UK) Developers of applications relying on cryptographic libraries can easily make mistakes in their use. Popular dynamic languages such as JavaScript make testing or verifying such applications particularly challenging. In this paper, we present our ongoing work toward a methodology for automatically checking security properties in JavaScript code. Our main idea is to attach security annotations to values that encode properties of interest. We illustrate our idea using examples and, as an initial step in our line of work, we present a formalization of security annotations in a statically typed lambda calculus. As next steps, we will translate our annotations to a dynamically typed formalization of JavaScript such as λ_{JS} and implement a runtime checked type extension using code instrumentation for full JavaScript. 

Loring, Blake 
PEPM '18: "Checking Cryptographic API ..."
Checking Cryptographic API Usage with Composable Annotations (Short Paper)
Duncan Mitchell, L. Thomas van Binsbergen, Blake Loring, and Johannes Kinder (Royal Holloway University of London, UK) Developers of applications relying on cryptographic libraries can easily make mistakes in their use. Popular dynamic languages such as JavaScript make testing or verifying such applications particularly challenging. In this paper, we present our ongoing work toward a methodology for automatically checking security properties in JavaScript code. Our main idea is to attach security annotations to values that encode properties of interest. We illustrate our idea using examples and, as an initial step in our line of work, we present a formalization of security annotations in a statically typed lambda calculus. As next steps, we will translate our annotations to a dynamically typed formalization of JavaScript such as λ_{JS} and implement a runtime checked type extension using code instrumentation for full JavaScript. 

Midtgaard, Jan 
PEPM '18: "Developments in PropertyBased ..."
Developments in PropertyBased Testing (Invited Talk)
Jan Midtgaard (University of Southern Denmark, Denmark)
Propertybased testing (aka. QuickCheck) is a successful au
tomated testing approach originating in the programming
language community (ClaessenHughes:ICFP00). It unites
the wellknown idea of randomized testing with that of en
suring programspecific properties akin to those encoun
tered within verification and theorem proving. Starting as a
Haskell library the approach has grown to become language
independent with ports to over 30 different programming
languages. Over the years propertybased testing has been
used to pinpoint an impressive amount of software errors in
a multitude of settings, initially within academia but more
and more so also in the software industry.
In this talk I will first recall the basic concepts of property
based testing and then cover a couple of recent applications,
while sharing some of the folklore and community know
how. This includes quite a bit of symbolic program manipu
lation at the heart of the PEPM community. I will then offer
a personal perspective on the approach, both in terms of
programming language theory and software engineering.
@InProceedings{PEPM18p1,
author = {Jan Midtgaard},
title = {Developments in PropertyBased Testing (Invited Talk)},
booktitle = {Proc.\ PEPM},
publisher = {ACM},
pages = {11},
doi = {10.1145/3168896},
year = {2018},
}
Publisher's Version
Article Search


Migeed, Zeina 
PEPM '18: "On the Cost of TypeTag Soundness ..."
On the Cost of TypeTag Soundness
Ben Greenman and Zeina Migeed (Northeastern University, USA)
Gradual typing systems ensure type soundness by transforming static type annotations into runtime checks.
These checks provide semantic guarantees, but may come at a large cost in performance.
In particular, recent work by Takikawa et al. suggests that enforcing a conventional form of type soundness may slow a program by two orders of magnitude.
Since different gradual typing systems satisfy different notions of soundness, the question then arises: what is the cost of such varying notions of soundness?
This paper answers an instance of this question by applying Takikawa et al.'s evaluation method to Reticulated Python, which satisfies a notion of typetag soundness.
We find that the cost of soundness in Reticulated is at most one order of magnitude, and increases linearly with the number of type annotations.
@InProceedings{PEPM18p30,
author = {Ben Greenman and Zeina Migeed},
title = {On the Cost of TypeTag Soundness},
booktitle = {Proc.\ PEPM},
publisher = {ACM},
pages = {3039},
doi = {10.1145/3162066},
year = {2018},
}
Publisher's Version
Article Search
Info


Mitchell, Duncan 
PEPM '18: "Checking Cryptographic API ..."
Checking Cryptographic API Usage with Composable Annotations (Short Paper)
Duncan Mitchell, L. Thomas van Binsbergen, Blake Loring, and Johannes Kinder (Royal Holloway University of London, UK) Developers of applications relying on cryptographic libraries can easily make mistakes in their use. Popular dynamic languages such as JavaScript make testing or verifying such applications particularly challenging. In this paper, we present our ongoing work toward a methodology for automatically checking security properties in JavaScript code. Our main idea is to attach security annotations to values that encode properties of interest. We illustrate our idea using examples and, as an initial step in our line of work, we present a formalization of security annotations in a statically typed lambda calculus. As next steps, we will translate our annotations to a dynamically typed formalization of JavaScript such as λ_{JS} and implement a runtime checked type extension using code instrumentation for full JavaScript. 

Siek, Jeremy G. 
PEPM '18: "Gradually Typed Symbolic Expressions ..."
Gradually Typed Symbolic Expressions
David Broman and Jeremy G. Siek (KTH, Sweden; Indiana University, USA) Embedding a domainspecific language (DSL) in a general purpose host language is an efficient way to develop a new DSL. Various kinds of languages and paradigms can be used as host languages, including objectoriented, functional, statically typed, and dynamically typed variants, all having their pros and cons. For deep embedding, statically typed languages enable early checking and potentially good DSL error messages, instead of reporting runtime errors. Dynamically typed languages, on the other hand, enable flexible transformations, thus avoiding extensive boilerplate code. In this paper, we introduce the concept of gradually typed symbolic expressions that mix static and dynamic typing for symbolic data. The key idea is to combine the strengths of dynamic and static typing in the context of deep embedding of DSLs. We define a gradually typed calculus λ^{<⋆>}, formalize its type system and dynamic semantics, and prove type safety. We introduce a host language called Modelyze that is based on λ^{<⋆>}, and evaluate the approach by embedding a series of equationbased domainspecific modeling languages, all within the domain of physical modeling and simulation. 

Suenaga, Kohei 
PEPM '18: "A GuessandAssume Approach ..."
A GuessandAssume Approach to Loop Fusion for Program Verification
Akifumi Imanishi, Kohei Suenaga, and Atsushi Igarashi (Kyoto University, Japan) Loop fusion—a program transformation to merge multiple consecutive loops into a single one—has been studied mainly for compiler optimization. In this paper, we propose a new loop fusion strategy, which can fuse any loops—even loops with data dependence—and show that it is useful for program verification because it can simplify loop invariants. The crux of our loop fusion is the following observation: if the state after the first loop were known, the two loop bodies could be computed at the same time without suffering from data dependence by renaming program variables. Our loop fusion produces a program that guesses the unknown state after the first loop nondeterministically, executes the fused loop where variables are renamed, compares the guessed state and the state actually computed by the fused loop, and, if they do not match, diverges. The last two steps of comparison and divergence are crucial to preserve partial correctness. We call our approach “guessandassume” because, in addition to the first step to guess, the last two steps can be expressed by the pseudoinstruction assume, used in program verification. We formalize our loop fusion for a simple imperative language and prove that it preserves partial correctness. We further extend the “guessandassume” technique to reversing loop execution, which is useful to verify a certain type of consecutive loops. Finally, we confirm by experiments that our transformation techniques are indeed effective for stateoftheart model checkers to verify a few small programs that they could not. 

Uehara, Chihiro 
PEPM '18: "Selective CPS Transformation ..."
Selective CPS Transformation for Shift and Reset
Kenichi Asai and Chihiro Uehara (Ochanomizu University, Japan)
This paper presents a selective CPS transformation for a program that
uses control operators, shift and reset, introduced by
Danvy and Filinski.
By selectively CPStransforming a program, we can execute a program
with shift and reset in a standard functional language without
support for control operators.
We introduce a constraintbased type inference system that annotates
the parts that are captured by shift and thus require CPS
transformation.
We show that the best annotation does not exist in general, and
present a constraint solving algorithm that is reasonably efficient.
The selective CPS transformation is defined over annotated terms
and its correctness is proven.
Finally, experimental results show that selective CPS transformation
does improve performance compared to the standard CPS
transformation.
@InProceedings{PEPM18p40,
author = {Kenichi Asai and Chihiro Uehara},
title = {Selective CPS Transformation for Shift and Reset},
booktitle = {Proc.\ PEPM},
publisher = {ACM},
pages = {4052},
doi = {10.1145/3162069},
year = {2018},
}
Publisher's Version
Article Search


Van Binsbergen, L. Thomas 
PEPM '18: "Checking Cryptographic API ..."
Checking Cryptographic API Usage with Composable Annotations (Short Paper)
Duncan Mitchell, L. Thomas van Binsbergen, Blake Loring, and Johannes Kinder (Royal Holloway University of London, UK) Developers of applications relying on cryptographic libraries can easily make mistakes in their use. Popular dynamic languages such as JavaScript make testing or verifying such applications particularly challenging. In this paper, we present our ongoing work toward a methodology for automatically checking security properties in JavaScript code. Our main idea is to attach security annotations to values that encode properties of interest. We illustrate our idea using examples and, as an initial step in our line of work, we present a formalization of security annotations in a statically typed lambda calculus. As next steps, we will translate our annotations to a dynamically typed formalization of JavaScript such as λ_{JS} and implement a runtime checked type extension using code instrumentation for full JavaScript. 

Watanabe, Takahisa 
PEPM '18: "Program Generation for ML ..."
Program Generation for ML Modules (Short Paper)
Takahisa Watanabe and Yukiyoshi Kameyama (University of Tsukuba, Japan)
Program generation has been successful in various domains which need high performance and high productivity.
Yet, programminglanguage supports for program generation need further improvement.
An important omission is the functionality of generating modules in a type safe way.
Inoue et al. have addressed this issue in 2016, but investigated only a few examples.
We propose a language as an extension of (a small subset of) MetaOCaml in which one can manipulate and generate code of a module, and implement it based on a simple translation to MetaOCaml.
We show that our language solves the performance problem in functor applications pointed out by Inoue et al.,
and that it provides a suitable basis for writing code generators for modules.
@InProceedings{PEPM18p60,
author = {Takahisa Watanabe and Yukiyoshi Kameyama},
title = {Program Generation for ML Modules (Short Paper)},
booktitle = {Proc.\ PEPM},
publisher = {ACM},
pages = {6066},
doi = {10.1145/3162072},
year = {2018},
}
Publisher's Version
Article Search

17 authors
proc time: 0.17