William Lawrence Harrison

High-level synthesis (HLS) seeks to make hardware development more like software development by adapting ideas from programming languages to hardware description and HLS from functional languages is usually motivated as a means of bringing software-like productivity to hardware development. Formalized semantics support a range of important capabili...

Termination checking is a classic static analysis, and, within this focus, there are type-based approaches that formalize termination analysis as type systems (i.e., so that all well-typed programs terminate). But there are situations where a stronger termination property (which we call strongly-bounded termination) must be determined and, accordin...

High-level synthesis (HLS) research generally fo-cuses on transferring "software engineering virtues" (e.g., modu-larity, abstraction, extensibility, etc.) to hardware development with the ultimate goal of making hardware development as agile as software development. And recent HLS research has focused on transferring ideas and techniques from high...

Simulation and bisimulation are used in many areas of security in Computing Science, however the methods used do not come with a supporting logic giving the regularities of information flow. We have developed Distributed Logic to represent regularities governing information flow between localities of a distributed system, each locality can be outfi...

Control-Flow Integrity (CFI) is a software protection mechanism that detects a class of code reuse attacks by identifying anomalous control-flows within an executing program. Hardware-based CFI has the promise of the security benefits of CFI without the performance overhead and complexity of software-based CFI: generally speaking, hardware-based mo...

Constructing high assurance, secure hardware remains a challenge, because to do so relies on both a verifiable means of hardware description and implementation. However, production hardware description languages (HDL) lack the formal underpinnings required by formal methods in security. Still, there is no such thing as high assurance systems withou...

Building memory protection mechanisms into embedded hardware is attractive because it has the potential to neutralize a host of software-based attacks with relatively small performance overhead. A hardware monitor, being at the lowest level of the system stack, is more difficult to bypass than a software monitor and hardware-based protections are a...

Constructing high assurance, secure hardware remains a challenge, because to do so relies on both a verifiable means of hardware description and implementation. However, production hardware description languages (HDL) lack the formal underpinnings required by formal methods in security. Still, there is no such thing as high assurance systems withou...

There is no such thing as high assurance without high assurance hardware. High assurance hardware is essential because any and all high assurance systems ultimately depend on hardware that conforms to, and does not undermine, critical system properties and invariants. And yet, high assurance hardware development is stymied by the conceptual gap bet...

There are many algorithms whose implementations can benefit both from hardware acceleration and formal verification and we would like to develop high assurance implementations as rapidly as possible. Critical computing infrastructure like cryptographic algorithms are prime candidates both for such acceleration and for formal verification. We show h...

We extend the relational algebra of Chin and Tarski so that it is multisorted or, as we prefer, typed. Each type supports a local Boolean algebra outfitted with a converse operator. From Lyndon, we know that relation algebras cannot be represented as proper relation algebras where a proper relation algebra has binary relations as elements and the a...

FPGA programmability remains a concern with respect to the broad adoption of the technology. One reason for this is simple: FPGA applications are frequently implementations of concurrent algorithms that could be most directly rendered in concurrent languages, but there is little or no first-class support for concurrent applications in conventional...

Modal logics typically have only one domain of discourse—i.e., the collection of worlds or states. For distributed computing systems, however, it makes sense to have several collections of worlds and to relate one domain’s local worlds to another’s using either relations or special maps. To this end, we introduce distributed modal logics. Distribut...

There is a semantic gap between the hardware definition languages used to design and implement hardware and the languages and logics used to formally specify and verify them. Bridging this gap—i.e., constructing formal models from existing hardware artifacts—can be costly, time-consuming, and error prone—and yet utterly necessary if formal verifica...

There is no such thing as high assurance without high assurance hardware. High assurance hardware is essential, because any and all high assurance systems ultimately depend on hardware that conforms to, and does not undermine, critical system properties and invariants. And yet, high assurance hardware development is stymied by the conceptual gap be...

There is no such thing as high assurance without high assurance hardware. High assurance hardware is essential, because any and all high assurance systems ultimately depend on hardware that conforms to, and does not undermine, critical system properties and in-variants. And yet, high assurance hardware development is stymied by the conceptual gap b...

Although FPGAs have the potential to bring software-like flexibility and agility to the hardware world, designing for FPGAs re-mains a difficult task divorced from standard software engineering norms. A better programming flow would go far towards realizing the potential of widely deployed, programmable hardware. We propose a general method-ology b...

Distributed systems are ubiquitous in computing and engineering, yet they have been somewhat obscured in the philosophical world. A distributed logic is a collection of local modal logics linked together by distributed modal connectives each of which takes formulas in one logic and returns formulas in a different logic. Semantically, each local log...

The functional programming community has developed a number of powerful abstractions for dealing with diverse programming models in a modular way. Beginning with a core of pure, side effect free computation, modular monadic semantics (MMS) allows designers to construct domain-specific languages by adding layers of semantic features, such as mutable...

Simulation relations have been discovered in many areas: Computer Science, philosophical and modal logic, and set theory. However, the simulation condition is strictly a first-order logic statement. We extend modal logic with modalities and axioms, the latter’s modeling conditions are the simulation conditions. The modalities are normal, i.e., comm...

We extend an off-the-shelf, executable formal semantics of C (Ellison and Rosu's K Framework semantics) with the core features of CUDA-C. The hybrid CPU/GPU computation model of CUDA-C presents challenges not just for programmers, but also for practitioners of formal methods. Our formal semantics helps expose and clarify these issues. We demonstrat...

In this paper, we establish a semantic foundation for the safe execution of untrusted code. Our approach extends Moggi's computational $lambda$-calculus in two dimensions with operations for asynchronous concurrency, shared state and software faults and with an effect type system $gravea$ la Wadler providing fine-grained control of effects. An equa...

Pure, lazy functional languages like Haskell provide a sound basis for formal reasoning about programs in an equational style. In practice, however, equational reasoning is underutilized. We suggest that part of the reason for this is the lack of accessible tools for developing machine-checked equational reasoning proofs. This paper outlines the de...

Simulation relations have been discovered in many areas: Computer Science, philosophical and modal logic, and set theory. However, the simulation condition is strictly a first-order logic statement. We extend modal logic with modalities and axioms, the latter's modeling conditions are the simulation conditions. The modalities are normal, i.e., comm...

We recast parts of decision theory in terms of channel theory concentrating on qualitative issues. Channel theory allows one to move between model theoretic and language theoretic notions as is necessary for an adequate covering. Doing so clari?es decision theory and presents the opportunity to investigate alternative formulations. As an example, w...

It has long been held that information flow security models should be organized with respect to a theory of information, but typically they are not. The appeal of a information-theoretic foundation for information flow security seems natural, compelling and, indeed, almost tautological. This article illustrates how channel theory---a theory of info...

High assurance systems have been defined as systems "you would bet your life on." This article discusses the application of a form of functional programming---what we call "monadic programming"---to the generation of high assurance and secure systems. Monadic programming languages leverage algebraic structures from denotational semantics and functi...

Modal logic is extended by partially ordering the modalities. The modalities are normal, i.e., commute with either conjunctions or disjunctions and preserve either Truth or Falsity (respectively). The partial order does not conict with type of modality (K, S4, etc.) although this paper will concentrate on S4 since partially ordered S4 systems appea...

This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure software systems. We illus- trate this approach by constr...

Recent research has shown how the formal modeling of concurrent systems can benefit from monadic structuring. With this approach, a formal system model is really a program in a domain specific language defined by a monad for shared-state concurrency. Can these models be compiled into efficient implementations? This paper addresses this question and...

Asynchronous interrupts abound in computing systems, yet they remain a thorny concept for both programming and verification practice. The ubiquity of in- terrupts underscores the importance of developing programming models to aid the development and verification of interrupt-driven programs. The research re- ported here recognizes asynchronous inte...

RNA plays a critical role in mediating every step of cellular information transfer from genes to functional proteins. Pseudoknots are functionally important and widely occurring structural motifs found in all types of RNA. Therefore predicting their structures is an important problem. In this paper, we present a new RNA pseudoknot structure predict...

Monads as an organizing principle for programming and semantics are notoriously difficult to grasp, yet they are a central and powerful abstraction in Haskell. This paper introduces a domain-specific language, MonadLab, that simplifies the construction of monads, and describes its implementation in Template Haskell. MonadLab makes monad constructio...

Modularity in programming language semantics derives from abstracting over the structure of underlying denotations, yielding semantic descriptions that are more abstract and reusable. One such semantic framework is Liang’s modular monadic semantics in which the underlying semantic structure is encapsulated with a monad. Such abstraction can be at o...

This article demonstrates how a powerful and expressive abstraction from concurrency theory—monads of resumptions—plays a dual role as a programming tool for concurrent applications. The article demonstrates how a wide variety of typical OS behaviors may be speci- fied in terms of resumption monads known heretofore exclusively in the literature of...

Polymorphic recursion is a useful extension of Hindley- Milner typing and has been incorporated in the functional program- ming language Haskell. It allows the expression of efficient algorithms that take advantage of non-uniform data structures and provides key support for generic programming. However, polymorphic recursion is, perhaps, not as bro...

Haskell is a functional programming language whose evaluation is lazy by default. However, Haskell also provides pattern matching facilities which add a modicum of eagerness to its otherwise lazy default evaluation. This mixed or "non-strict" semantics can be quite difficult to reason with. This paper introduces a programming logic, P-logic, which...

This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure software systems. We illustrate this approach by construc...

RNA plays a critical role in mediating every step of cellular information transfer from genes to functional proteins. Pseudoknots are widely occurring structural motifs found in all types of RNA and are also functionally important. Therefore predicting their structures is an important problem. In this paper, we present a new RNA pseudoknot predicti...

Haskell is a functional programming language whose evaluation is lazy by default. However, Haskell also provides pattern matching facilities which add a modicum of eagerness to its otherwise lazy default evaluation. This mixed or on-strict" semantics can be quite dicult to reason with. This paper introduces a programming logic, P-logic, which neatl...

This note reports a foundation for the denotational semantics of polymorphic recursion in Haskell98. The intention is to present sufficient detail so that members of the Progra-matica team get an up-to-date view of our approach to overloading and so that we can get useful feedback.

Bioinformatics is the application of computer science techniques to problems in biology, and this paper explores one such application with great potential: the modeling of life cycles of autonomous, intercommunicating cellular systems using domain-specific programming languages (DSLs). We illustrate this approach for the simple photo-synthetic bact...

Language-based approaches to security typically use static type systems to control information flow, relying on type inference to distinguish secure programs from insecure ones. This paper advocates a novel approach to language-based security: by structuring software with monads (a form of abstract data type for eects), we are able to maintain sepa...

Functional languages have the λ-calculus at their core, but then depart from this firm foundation by including features that alter their default evaluation order. The resulting mixed evaluation – partly lazy and partly strict – complicates the formal semantics of these languages. The functional language Haskell is such a language, with features suc...

Haskell is a functional programming language with nominally non-strict semantics, implying that evaluation of a Haskell expression proceeds by demand-driven reduction. However, Haskell also provides pattern matching on arguments of functions, in let expressions and in the match clauses of case expressions. Pattern-matching requires data-driven redu...

Functional languages have the -calculus at their core, but then depart from this firm foundation by including features that alter their default evaluation order. The resulting mixed evaluation—partly lazy and partly strict—complicates the formal semantics of these lan- guages. The functional language Haskell is such a language, with features such a...

Profile-driven compiler optimizations take advantage of information gathered at runtime to re-compile programs into more efficient code. Such optimizations appear to be more easily incorporated within a semantics-directed compiler structure than within traditional compiler structure.We present a case study in which a metacomputationbased reference...

The lazy functional language Haskell can be viewed at many levels. At the highest level it can be manipulated as if it were the call-by-name lambda calculus. Slightly below this level is the model of the call-by-need lambda calculus, where control over duplication of computation becomes explicit. Underneath this level is a more detailed model that...

This paper presents a modular and extensible style of language specification based on metacomputations. This style uses two monads to factor the static and dynamic parts of the specification, thereby staging the specification and achieving strong binding-time separation. Because metacomputations are defined in terms of monads, they can be construct...

This paper presents a modular and extensible style of language speciication based on meta-computations. This style uses two monads to factor the static and dynamic parts of the speci-cation, thereby staging the speciication and achieving strong binding-time separation. Because metacomputations are deened in terms of monads, they can be constructed...

The monadic style of language specification has the advantages of modularity and extensibility: it is simple to add or change features in an interpreter to reflect modifications in the source language. It has proven difficult to extend the method to compilation. We demonstrate that by introducing machine-like stores (code and data) into the monadic...

syntax of the expression language In general, program execution can be divided into two distinct phases: static (or compile-time) and dynamic (or run-time). The static phase consists of those reductions in the execution which can be made by inspection of the program text alone (hence at compile-time). The dynamic phase consists of those reductions...

Our goal is to produce the same compiler as Reynolds [12] via partial evaluation. We develop a continuation semantics for a higher-order, imperative, call-by-name Algol-like language which is based on the functor category semantics of Reynolds and Oles [11], and compile programs via the first Futumura projection. Our "compilation semantics" is non-...

The monadic style of language specification [6, 16, 15, 26] has the advantages of modularity and extensibility: it is simple to add or change features in an interpreter to reflect modifications in the source language. It has proven difficult to extend the method to compilation, because there is considerable interaction between different features. W...

The research reported here was funded in part by contract DOD-MDA 904-91-C-7053 with the National Security Agency's University Program.

This paper presents the axiomatic semantics for a simple distributed language, and its mechanization in HOL. The constructs of this language include those basic to a very simple sequential programming language in addition to asynchronous send and synchronous receive statements. The language has the appearance of a system programming language that s...

This thesis presents the axiomatic semantics for a simple distributed language and its mechanization in HOL. The constructs of this language include asynchronous send and synchronous receive statements as well as those basic to a sequential programming language. The language has the appearance of a system programming language that supports sequenti...

Not Available

This article demonstrates how a powerful and expressive abstraction from concurrency theory plays a dual r?ole as a programming tool for concurrent applications and as a foun-dation for their verification. This abstraction, monads of resumptions expressed using monad transformers, is cheap: it is easy to understand, easy to implement, and easy to r...

Haskell is a functional programming language whose evaluation is lazy by default. However, Haskell also provides pattern matching facilities which add a modicum of eagerness to its otherwise lazy default evaluation. This mixed or "non-strict" semantics can be quite dicult to reason with. This paper introduces a programming logic, P-logic, which nea...

This paper advocates a novel approach to language-based security: by structuring software with monads, we are able to maintain separation of effects by construction. The thesis of this work is that well-understood properties of monads and monad transformers aid in the construction and verification of secure software. We introduce a formula-tion of...

Printout. Thesis (Ph. D.)--University of Illinois at Urbana-Champaign, 2001. Vita. Includes bibliographical references (leaves 277-281).

SPEC. COLL. HAS ARCHIVAL COPY; MICRO. ROOM HAS MICROFICHE COPY (2 SHEETS). Thesis (M.S.)--U. of Calif., Davis. Typescript. Degree granted in Computer Science.