DOCSLIB.ORG

Modular Refinement Using Cogent's Principled Foreign Function Interface

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Modular Refinement Using Cogent's Principled Foreign Function Interface Overcoming Restraint: Modular Refinement using Cogent’s Principled Foreign Function Interface Louis Cheung ! UNSW Sydney, Australia Liam O’Connor ! Ï University of Edinburgh, United Kingdom Christine Rizkallah ! Ï UNSW Sydney, Australia Abstract Cogent is a restricted functional language designed to reduce the cost of developing verified systems code. However, Cogent does not support recursion nor iteration, and its type system imposes restrictions that are sometimes too strong for low-level system programming. To overcome these restrictions, Cogent provides a foreign function interface (FFI) between Cogent and C which allows for implementing those parts of the system which cannot be expressed in Cogent, such as data structures and iterators over these data structures, to be implemented in C and called from Cogent. The Cogent framework automatically guarantees correctness of the overall Cogent-C system when provided proofs that the C components are functionally correct and satisfy Cogent’s FFI constraints. We previously implemented file systems in Cogent and verified key file system operations. However, the C components and the FFI constraints that define the Cogent-C interoperability were axiomatized. In this paper, we verify the correctness and FFI constraints of the C implementation of word arrays used in the file systems. We demonstrate how these proofs modularly compose with existing Cogent theorems and result in a functional correctness theorem of the overall Cogent-C system. This demonstrates that Cogent’s FFI constraints ensure correct and safe inter-language interoperability. Keywords and phrases compilers, verification, type-systems, language interoperability, data-structures Acknowledgements We thank Abdallah Saffidine, Amos Robinson, Jashank Jeremy, and Vincent Jackson for their feedback on the paper. Special thanks to Jashank for the heavy editing. We highly appreciate Vincent’s proof engineering work, over the past couple of years, on maintaining the compiler proof chain and the BilbyFs proofs on ever-changing versions Cogent and Isabelle/HOL. 1 Introduction Cogent [14] is a restricted pure functional language and a certifying compiler [17, 14] designed to ease creating high-assurance systems [3]. It has a foreign function interface (FFI) that enables implementing parts of a system in C. Cogent’s main restrictions are the purposeful lack of recursion and iteration, which ensures totality, and its uniqueness type arXiv:2102.09920v2 [cs.PL] 18 Mar 2021 system, which enforces a uniqueness invariant that guarantees memory safety. Even in the restricted target domains of Cogent, real programs contain some amount of iteration, primarily over specific data structures. This is achieved through Cogent’s integrated FFI: engineers provide data structures and functions to operate on these data structures, including iterators, in a special dialect of C, and imports them into Cogent, including in formal reasoning. The special C code, called anti-quoted C, is C code that can refer to Cogent data types and functions, translated into standard C along with the Cogent program by the Cogent compiler. As long as the C components respect Cogent’s foreign function interface — i.e., are correct and respect the uniqueness invariant — the Cogent framework guarantees soundness for overall Cogent-C system. 2 Modular Refinement using Cogent’s Principled Foreign Function Interface We previously implemented two real-world Linux file systems in Cogent— ext2 and BilbyFs — and verified key operations of BilbyFs3 [ ]. This demonstrated Cogent’s suitability for implementing systems code, and significantly reducing the cost of verification. The implementations of ext2 and BilbyFs rely on an external C library of data structures. This library includes fixed-length word arrays along with iterators for implementing loops, and Cogent stubs for accessing a range of the Linux kernel’s internal APIs. This library was carefully designed to ensure compatibility with Cogent’s FFI constraints. We had previously only verified the Cogent parts of these file system operations, and axiomatized statements of the underlying C correctness and FFI constraints defining Cogent-C interoperability. To fully verify a system written in Cogent and C, one needs to provide manually-written abstractions of the C parts, and manually prove refinement through Cogent’s FFI. The effort required for this manual verification remains substantial, but the reusability ofthese libraries allows for the amortisation this verification cost across different systems. In this paper, we verify the correctness and uniqueness invariants of the word array imple- mentation used in the BilbyFs file system. This demonstrates that is it possible for theC components of a real-world Cogent-C system to satisfy Cogent’s FFI conditions. We demonstrate that the compiler-generated refinement proofs guaranteeing semantic preser- vation and memory safety compose with manual C proofs at each intermediate level up to Cogent’s generated shallow embedding. Our specification of word arrays as Isabelle/HOL lists and verification of array operations against abstract Isabelle/HOL functions on lists, including an array iterator specified as a map-accumulate function over a fragment of a list, are reusable beyond the context of Cogent. Moreover, our proofs are reusable in the verification of any future Cogent-C system that uses word arrays. Our results show that Cogent’s two-language approach is not only suitable for developing real-world systems but also for verification. We show how to modularly compose compiler generated theorems with external theorems. This demonstrates how language interoperability can help guarantee correctness of an overall system. More generally, this work provides our community with a case-study demonstrating how a principled foreign function interface between a high-level functional language with a safe type-system and a low-level imperative language with an unsafe type system can be structured in order to modularly achieve refinement guarantees of the overall system. In particular, our work supports, and is well-described by, Ahmed’s claim that: “compositional compiler correctness is, in essence, a language interoperability problem: for viable solutions in the long term, high-level languages must be equipped with principled foreign-function interfaces that specify safe interoperability between high-level and low-level components, and between more precisely and less precisely typed code.” [1] Our code and proofs are available online [4]. 2 Cogent The Cogent programming language [14] is intended for the implementation of operating system components such as file systems. It is a purely functional language, but itcanbe compiled into efficient C code suitable for systems programming. The Cogent compiler produces three artefacts: C code, a shallow embedding of the Cogent code in Isabelle/HOL [13], and a formal refinement theorem relating the two [14, 17] (arrow (1) in Figure 1). The refinement theorem and proof rely on several intermediate embeddings also generated by the Cogent compiler, some related through language level L. Cheung, L. O’Connor, and C. Rizkallah 3 Overview Verification Correctness Framework legend Correctness ⊑ refines manual Cogent Cogent generated Shallow Embedding Shallow Embedding manual proofs (6) generated proofs (3) Memory Safety ⊑ ⊑ interface refines refines Polymorphic Cogent Polymorphic Cogent (2) (5) (value semantics) (value semantics ) Isabelle/HOL ξv Systems Data-structures ⊑ ⊑ refines refines Monomorphic Cogent Monomorphic Cogent (1) (4) (value semantics) (value semantics ξv) ⊑ ⊑ C code Systems Data-structures refines refines + safe + safe Monomorphic Cogent Monomorphic Cogent Cogent compiler (update semantics) (update semantics ξu ) ⊑ ⊑ Cogent Template C refines refines Program Data-structures C System C Data-structure (imported to Isabelle) (imported to Isabelle) Figure 1 An overview of the Cogent framework (left) and the verification phases (right). proofs, and others through translation validation phases (Section 2.3). The compiler certificate guarantees that correctness theorems proven on top of the shallow embedding also hold for the generated C, which eases verification, and serves as the basis for further functional correctness proofs (Figure 1, arrow (3)). A key part of the compiler certificate describes Cogent’s uniqueness type system, which enforces that each mutable heap object has exactly one active pointer in scope at any point in time. This uniqueness invariant allows modelling imperative computations as pure functions: the allocations and repeated copying commonly found in functional programming can be replaced with destructive updates, and the need for garbage collection is eliminated, resulting in predictable and efficient code. Well-typed Cogent programs have two interpretations: a pure-functional value semantics, which has no notion of a heap and treats all objects as immutable values, and an imperative update semantics, describing the destructive mutation of heap objects. These two semantic interpretations correspond (Section 2.3), meaning that any reasoning about the functional semantics also applies to the imperative semantics. This correspondence further guarantees that well-typed Cogent programs are memory safe (Figure 1, arrow (2)). As mentioned, the underlying C data structures of our two file systems were carefully designed to ensure compatibility with Cogent’s FFI constraints (Section 2.2). But the verification of the file systems previously
Load more

Recommended publications
  • Type-Driven Development of Concurrent Communicating Systems
    Edwin Brady TYPE-DRIVEN DEVELOPMENT OF CONCURRENT COMMUNICATING SYSTEMS Abstract Modern software systems rely on communication, for example mobile appli- cations communicating with a central server, distributed systems coordinat- ing a telecommunications network, or concurrent systems handling events and processes in a desktop application. However, reasoning about concurrent pro- grams is hard, since we must reason about each process and the order in which communication might happen between processes. In this paper, I describe a type-driven approach to implementing communicating concurrent programs, using the dependently typed programming language Idris. I show how the type system can be used to describe resource access protocols (such as controlling access to a file handle) and verify that programs correctly follow those pro- tools. Finally, I show how to use the type system to reason about the order of communication between concurrent processes, ensuring that each end of a communication channel follows a defined protocol. Keywords Dependent Types, Domain Specific Languages, Verification, Concurrency 2015/02/24; 00:02 str. 1/21 1. Introduction Implementing communicating concurrent systems is hard, and reasoning about them even more so. Nevertheless, the majority of modern software systems rely to some extent on communication, whether over a network to a server such as a web or mail server, between peers in a networked distributed system, or between processes in a concurrent desktop system. Reasoning about concurrent systems is particularly difficult; the order of processing is not known in advance, since processes are running independently. In this paper, I describe a type-driven approach to reasoning about message passing concurrent programs, using a technique similar to Honda's Session Types [14].
    [Show full text]
  • Input and Output in Fuctional Languages
    Input/Output in Functional Languages Using Algebraic Union Types Name R.J. Rorije Address Beneluxlaan 28 7543 XT Enschede E-mail [email protected] Study Computer Science Track Software Engineering Chair Formal Methods and Tools Input/Output in Functional Languages Using Algebraic Union Types By R.J. Rorije Under the supervision of: dr. ir. Jan Kuper ir. Philip H¨olzenspies dr. ir. Arend Rensink University of Twente Enschede, The Netherlands June, 2006 CONTENTS Contents 1 Introduction 1 2 Input/Output in Functional Languages 3 2.1 Programming Languages in General ............... 3 2.2 Functional Programming Languages ............... 3 2.2.1 Evaluation Order ...................... 6 2.2.2 Referential Transparency ................. 7 2.3 What is Input and Output ..................... 8 2.4 Current Approaches to I/O in Functional Languages . 9 2.4.1 Side-effecting I/O ..................... 9 2.4.2 Continuation Passing Style . 10 2.4.3 Uniqueness Typing ..................... 12 2.4.4 Streams ........................... 14 2.4.5 Monads ........................... 15 2.5 Current Implementations of I/O Models . 18 2.5.1 Clean ............................ 18 2.5.2 Amanda ........................... 21 2.5.3 Haskell ........................... 23 2.6 Conclusion ............................. 25 3 Extending Algebraic Types with Unions 27 3.1 Algebraic Types .......................... 27 3.2 Union Types ............................ 28 3.3 Why Union Types ......................... 29 3.4 Subtyping .............................. 32 3.4.1 Subtyping Rules ...................... 33 3.4.2 Type Checking ....................... 34 3.5 Union Properties .......................... 36 3.6 Union Types and Functions .................... 37 3.7 Equivalence ............................. 39 4 Na¨ıve Implementation of Unions 41 4.1 Introduction ............................. 41 4.2 Outline ............................... 41 4.3 The Algebraic Union .......................
    [Show full text]
  • LINEAR/NON-LINEAR TYPES for EMBEDDED DOMAIN-SPECIFIC LANGUAGES Jennifer Paykin
    LINEAR/NON-LINEAR TYPES FOR EMBEDDED DOMAIN-SPECIFIC LANGUAGES Jennifer Paykin A DISSERTATION in Computer and Information Science Presented to the Faculties of the University of Pennsylvania in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy 2018 Supervisor of Dissertation Steve Zdancewic Professor of Computer and Information Science Graduate Group Chairperson Lyle Ungar Professor of Computer and Information Science Dissertation Committee Stephanie Weirich, Professor of Computer and Information Science, University of Pennsylvania Benjamin Pierce, Professor of Computer and Information Science, University of Pennsylvania Andre Scedrov, Professor of Mathematics, University of Pennsylvania Peter Selinger, Professor of Mathematics, Dalhousie University LINEAR/NON-LINEAR TYPES FOR EMBEDDED DOMAIN-SPECIFIC LANGUAGES COPYRIGHT 2018 Jennifer Paykin This work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons:org/licenses/by/4:0/ Acknowledgment I have so many people to thank for helping me along the journey of this PhD. I could not have done it without the love and support of my partner and best friend, Jake, who was there for me every single step of the way. I also need to thank my parents Laurie and Lanny for giving me so many opportunities in my life, and my siblings Susan and Adam for helping me grow. I owe so much thanks to advisor Steve Zdancewic, who has been an amazing advisor and who has made me into the researcher I am today. Steve, thank you for teaching me new things, encouraging me to succeed, listening to my ideas, and waiting patiently until I realized you were right all along.
    [Show full text]
  • Type-Driven Development of Concurrent Communicating Systems
    Edwin Brady TYPE-DRIVEN DEVELOPMENT OF CONCURRENT COMMUNICATING SYSTEMS Abstract Modern software systems rely on communication, for example mobile appli- cations communicating with a central server, distributed systems coordinat- ing a telecommunications network, or concurrent systems handling events and processes in a desktop application. However, reasoning about concurrent pro- grams is hard, since we must reason about each process and the order in which communication might happen between processes. In this paper, I describe a type-driven approach to implementing communicating concurrent programs, using the dependently typed programming language Idris. I show how the type system can be used to describe resource access protocols (such as controlling access to a file handle) and verify that programs correctly follow those pro- tools. Finally, I show how to use the type system to reason about the order of communication between concurrent processes, ensuring that each end of a communication channel follows a defined protocol. Keywords Dependent Types, Domain Specific Languages, Verification, Concurrency 2017/05/15; 20:01 str. 1/22 1. Introduction Implementing communicating concurrent systems is hard, and reasoning about them even more so. Nevertheless, the majority of modern software systems rely to some extent on communication, whether over a network to a server such as a web or mail server, between peers in a networked distributed system, or between processes in a concurrent desktop system. Reasoning about concurrent systems is particularly difficult; the order of processing is not known in advance, since processes are running independently. In this paper, I describe a type-driven approach to reasoning about message passing concurrent programs, using a technique similar to Honda's Session Types [13].
    [Show full text]
  • Wandering Through Linear Types, Capabilities, and Regions
    Wandering through linear types, capabilities, and regions Franc¸ois Pottier May 24th, 2007 Abstract Here is a pointer. Which memory blocks can it possibly point to? If I write through it, who will observe this effect? In fact, am I allowed to write through it? Does it point to a valid piece of memory? Who owns this piece of memory? This talk is not about original work of mine. It is an attempt to present a fraction of the many type systems that answer the above questions via notions of linearity, capabilities, or regions. Outline 1 Introduction 2 A tour Wadler’s linear types Uniqueness types Basic insights about regions The calculus of capabilities Alias types Adoption and focus Cyclone 3 Closing 4 References Our starting point: linearity A long time ago, researchers in the programming languages community realised that linearity could help: • model the physical world (input/output, ...), • control when memory can be freed or re-used, • reason about imperative programs. For instance, Reynolds’ “syntactic control of interference” [1978] was an affine λ-calculus [O’Hearn, 2003]. Wadler’s linear type system [1990] was inspired by Girard’s linear logic [1987]. But exactly how does one design a type system that helps reap these benefits? The historic path is tortuous... A (very partial) history FX 1987 linear types (Gifford & Lucassen) regions 1990 (Wadler) (Baker) monads uniqueness types regions 1993 (Peyton Jones & Wadler) (Clean) (Tofte & Talpin) calculus of capabilities 1999 (Crary et al.) alias types 2000 (Smith, Walker, Morrise") Cyclone
    [Show full text]
  • Uniqueness Typing for Resource Management in Message-Passing Concurrency
    Copyedited by: ES MANUSCRIPT CATEGORY: Original Article Journal of Logic and Computation Advance Access published June 6, 2012 Uniqueness typing for resource management in message-passing concurrency EDSKO DEVRIES, Computer Science, Department of Trinity College Dublin, College Green, Dublin 2 Ireland. E-mail: [email protected] Downloaded from ADRIAN FRANCALANZA, Information and Communication Technology, University of Malta, MSD 2080, Malta. E-mail: [email protected] MATTHEW HENNESSY, Department of Computer Science, Trinity College http://logcom.oxfordjournals.org/ Dublin, College Green, Dublin 2, Ireland. E-mail: [email protected] Abstract We view channels as the main form of resources in a message-passing programming paradigm. These channels need to be carefully managed in settings where resources are scarce. To study this problem, we extend the pi-calculus with primitives for channel allocation and deallocation and allow channels to be reused to communicate values of different types. Inevitably, the at Trinity College Dublin on January 23, 2013 added expressiveness increases the possibilities for runtime errors. We define a substructural type system, which combines uniqueness typing and affine typing to reject these ill-behaved programs. Keywords: Message-passing concurrency, type systems, resource management 1 Introduction Message-passing concurrency is a programming paradigm whereby shared memory is prohibited and process interaction is limited to explicit message communication. This concurrency paradigm forms the basis for a number of process calculi such as the pi-calculus [22] and has been adopted by programming languages such as the actor-based language Erlang [3]. Message-passing concurrency often abstracts away from resource management and programs written at this abstraction level exhibit poor resource awareness.
    [Show full text]
  • Making Uniqueness Typing Less Unique Thesis Submitted for the Degree of Doctor in Philosophy
    Making Uniqueness Typing Less Unique Thesis submitted for the degree of Doctor in Philosophy December 14, 2008 Edsko Jacob Jelle de Vries Declaration This thesis has not been submitted as an exercise for a degree at this or any other university. It is entirely the candidate’s own work. The candidate agrees that the Library may lend or copy the thesis upon request. This permission covers only single copies made for study purposes, subject to normal conditions of acknowledgement. Edsko de Vries i ii Voor mijn ouders Voor het helpen met de GW-Basic programma’s uit de Weet-Ik!, en het herstellen van autoexec.bat. iii iv Summary Computer science distinguishes between two major programming paradigms: imperative and Chapter 1, p. 11 functional programming. Central to imperative programming is the notion of some form of state (or memory) together with a list of instructions that inspect and modify that state. The canonical example of this paradigm is the Turing machine. Functional programming on the other hand is centred around a mathematical language with a notion of evaluation of expressions in this language. The notion of state—the core concept in imperative programming—is completely absent. The canonical example of the functional paradigm is the lambda calculus. Although neither Turing machines nor the lambda calculus support a notion of interaction, it is not difficult to see how interaction can be added to a Turing machine: it suffices to allow external entities to modify the machine state. Adding interaction to the lambda calculus is a much more difficult problem, and there are many solutions proposed in the literature.
    [Show full text]
  • The Yampa Arcade∗
    The Yampa Arcade∗ Antony Courtney Henrik Nilsson John Peterson Department of Computer Department of Computer Department of Computer Science Science Science Yale University Yale University Yale University New Haven, CT 06520-8285 New Haven, CT 06520-8285 New Haven, CT 06520-8285 [email protected] [email protected] peterson- [email protected] ABSTRACT Functional Reactive Programming (FRP) integrates the Simulated worlds are a common (and highly lucrative) ap- idea of time flow into the purely functional programming plication domain that stretches from detailed simulation of style. By handling time flow in a uniform and pervasive physical systems to elaborate video game fantasies. We be- manner an application gains clarity and reliability. Just as lieve that Functional Reactive Programming (FRP) provides lazy evaluation can eliminate the need for complex control just the right level of functionality to develop simulated structures, a uniform notion of time flow supports a more worlds in a concise, clear and modular way. We demonstrate declarative programming style that hides a complex under- the use of FRP in this domain by presenting an implemen- lying mechanism. tation of the classic “Space Invaders” game in Yampa, our This paper was inspired by some gentle taunting on the most recent Haskell-embedded incarnation of FRP. Haskell GUI list by George Russell [15]: I have to say I’m very sceptical about things 1 Categories and Subject Descriptors like Fruit which rely on reactive animation, ever since I set our students an exercise implementing D.3.2 [Programming Languages]: Language Classifica- a simple space-invaders game in such a system, tions—functional languages, dataflow languages; I.6.2 [Sim- and had no end of a job producing an example ulation And Modeling]: Simulation Languages; I.6.8 [Sim- solution.
    [Show full text]
  • Exploiting Functional Invariants to Optimise Parallelism: a Dataflow Approach
    FACULTY OF SCIENCE UNIVERSITY OF COPENHAGEN Master’s Thesis Troels Henriksen – [email protected] Exploiting functional invariants to optimise parallelism: a dataflow approach Supervisors: Cosmin Eugen Oancea and Fritz Henglein February 2014 Abstract We present L0, a purely functional programing language supporting nested regular data parallelism and targeting massively parallel SIMD hardware such as modern graphics processing units (GPUs). L0 incorporates the following novel features: • A type system for in-place modification and aliasing of arrays and array slices that ensures referential transparency, which in turn supports equational reasoning. • An assertion language for expressing bounds checks on dynamically allocated arrays, which can often be checked statically to eliminate dynamic bounds checks. • Compiler optimisations for hoisting bounds checks out of inner loops and performing loop fusion based on structural transformations. We show that: • The type system is simpler than existing linear and unique typing systems such Clean [4], and more expressive than libraries such as DPH, Repa and Accelerate [12, 24, 13], for efficient array processing. • Our fusion transformation is capable of fusing loops whose output is used in multiple places, when possible without duplicating compu- tation, a feature not found in other implementations of fusion [23]. • The effectiveness of our optimisations is demonstrated on three real-world benchmark problems from quantitative finance, based on empirical run-time measurements and manual inspection of the optimised programs. In particular, hoisting and fusion yield a sequential speed-up of up to 71% compared to the unoptimised source code, even without any parallel execution. The results suggest that the language design, expressiveness and optimisation techniques of L0 can be realized across a range of SIMD- architectures, notably existing GPUs and manycore-chips, to simultane- ously achieve portability and eventually performance competitive with hand-coding.
    [Show full text]
  • Linear Haskell Practical Linearity in a Higher-Order Polymorphic Language
    Linear Haskell Practical Linearity in a Higher-Order Polymorphic Language JEAN-PHILIPPE BERNARDY, University of Gothenburg, Sweden MATHIEU BOESPFLUG, Tweag I/O, France RYAN R. NEWTON, Indiana University, USA SIMON PEYTON JONES, Microsoft Research, UK ARNAUD SPIWACK, Tweag I/O, France Linear type systems have a long and storied history, but not a clear path forward to integrate with existing languages such as OCaml or Haskell. In this paper, we study a linear type system designed with two crucial properties in mind: backwards-compatibility and code reuse across linear and non-linear users of a library. Only then can the benefits of linear types permeate conventional functional programming. Rather than bifurcate types into linear and non-linear counterparts, we instead attach linearity to function arrows. Linear functions can receive inputs from linearly-bound values, but can also operate over unrestricted, regular values. To demonstrate the efficacy of our linear type system — both how easy it can be integrated inanexisting language implementation and how streamlined it makes it to write programs with linear types — we imple- mented our type system in ghc, the leading Haskell compiler, and demonstrate two kinds of applications of linear types: mutable data with pure interfaces; and enforcing protocols in I/O-performing functions. CCS Concepts: • Software and its engineering → Language features; Functional languages; Formal lan- guage definitions; Additional Key Words and Phrases: GHC, Haskell, laziness, linear logic, linear types, polymorphism, typestate ACM Reference Format: Jean-Philippe Bernardy, Mathieu Boespflug, Ryan R. Newton, Simon Peyton Jones, and Arnaud Spiwack. 2018. Linear Haskell: Practical Linearity in a Higher-Order Polymorphic Language.
    [Show full text]
  • Tackling the Awkward Squad: Monadic Input/Output, Concurrency, Exceptions, and Foreign-Language Calls in Haskell
    Tackling the Awkward Squad: monadic input/output, concurrency, exceptions, and foreign-language calls in Haskell Simon PEYTON JONES Microsoft Research, Cambridge [email protected] http://research.microsoft.com/users/simonpj April 7, 2010 Abstract Functional programming may be beautiful, but to write real applications we must grapple with awk- ward real-world issues: input/output, robustness, concurrency, and interfacing to programs written in other languages. These lecture notes give an overview of the techniques that have been developed by the Haskell community to address these problems. I introduce various proposed extensions to Haskell along the way, and I offer an operational semantics that explains what these extensions mean. This tutorial was given at the Marktoberdorf Summer School 2000. It will appears in the book “Engineering theories of software construction, Marktoberdorf Summer School 2000”, ed CAR Hoare, M Broy, and R Steinbrueggen, NATO ASI Series, IOS Press, 2001, pp47-96. This version has a few errors corrected compared with the published version. Change summary: • Jan 2009: Clarify ν and fn () in Section 3.5; reword the one occurrence of fv () in Section 2.7 • Feb 2008: Fix typo in Section 3.5 • May 2005: Section 6: correct the way in which the FFI declares an imported function to be pure (no “unsafe” necessary). • Apr 2005: Section 5.2.2: some examples added to clarify evaluate. • March 2002: substantial revision 1 Introduction There are lots of books about functional programming in Haskell [44, 14, 7]. They tend to concentrate on the beautiful core of functional programming: higher order functions, algebraic data types, polymorphic type systems, and so on.
    [Show full text]
  • SAC — a Functional Array Language for Efficient Multi-Threaded Execution
    International Journal of Parallel Programming, Vol. 34, No. 4, August 2006 (© 2006) DOI: 10.1007/s10766-006-0018-x SAC — A Functional Array Language for Efficient Multi-threaded Execution Clemens Grelck1,3 and Sven-Bodo Scholz2 Received: September 1, 2005 / Accepted: June 1, 2006 We give an in-depth introduction to the design of our functional array programming language SaC, the main aspects of its compilation into host machine code, and its parallelisation based on multi-threading. The language design of SaC aims at combining high-level, compositional array program- ming with fully automatic resource management for highly productive code development and maintenance. We outline the compilation process that maps SaC programs to computing machinery. Here, our focus is on optimisation techniques that aim at restructuring entire applications from nested com- positions of general fine-grained operations into specialised coarse-grained operations. We present our implicit parallelisation technology for shared memory architectures based on multi-threading and discuss further optimi- sation opportunities on this level of code generation. Both optimisation and parallelisation rigorously exploit the absence of side-effects and the explicit data flow characteristic of a functional setting. KEY WORDS: Compiler optimisation; data parallel programming; multi- threading; Single Assignment C. 1. INTRODUCTION Programming concurrent systems is known to be a challenging task. Several organisational problems need to be solved without spending too much computational overhead for organisational measures at runtime. 1Institute of Software Technology and Programming Languages, University of Lubeck,¨ Ratzeburger Allee 160, 23538 Lubeck,¨ Germany. 2Department of Computer Science, University of Hertfordshire, College Lane, Hatfield AL109AB, United Kingdom.
    [Show full text]