These abstracts are for talks at this event.

NEPLS is a venue for ongoing research, so the abstract and supplemental material associated with each talk is necessarily temporal. The work presented here may be in a state of flux. In all cases, please consult the authors' Web pages for up-to-date information. Please don't refer to these pages as a definitive source.

Nominal Typing for Data Languages in QCert

Jerome Simeon (IBM Research)

Most data languages (e.g., SQL) are small functional languages with
rich record operations and structural types. Using those in an
object-oriented context can result in complex typing issues. We
describe an approach to support nominal typing in data languages
through a notion of brands. The resulting type system is simple enough
for reasoning and flexible enough to capture many object- oriented
idioms including classes and methods, object creation, casting,
multiple inheritance and interfaces. We illustrate its use on miniOQL,
a SQL- like language for objects and on NRA, a database algebra
suitable for optimization. The type system has been formalized in Coq
as part of QCert, a certified query compiler.

Joint work with Joshua Auerbach, Martin Hirzel, Louis Mandel, and Avraham Shinnar.

Accepting Blame for Safe Tunneled Exceptions

Yizhou Zhang (Cornell University)

Unhandled exceptions crash programs, so a compile-time check that
exceptions are handled should in principle make software more
reliable. But designers of some recent languages have argued that the
benefits of statically checked exceptions are not worth the costs. We
introduce a new statically checked exception mechanism that addresses
the problems with existing checked-exception mechanisms. In
particular, it interacts well with higher-order functions and other
design patterns. The key insight is that whether an exception should
be treated as exception is not a property of its type but rather of
the context in which the exception propagates. Statically checked
exceptions through code that is oblivious to their presence, but the
type system nevertheless checks that these exceptions are
handled. Further, exceptions can be tunneled without being
accidentally caught, by expanding the space of exception identifiers
to identify the exception-handling context. The resulting mechanism is
expressive and syntactically light, and can be implemented
efficiently. We demonstrate the expressiveness of the mechanism using
significant codebases and evaluate its performance. We have
implemented this new exception mechanism as part of the new Genus
programming language, but the mechanism could equally well be applied
to other programming languages.

Joint work with Guido Salvaneschi, Quinn Beightol, Barbara Liskov, and Andrew C. Myers.

Garbology: A Study of How Java Objects Die

Raoul L. Veroy (Tufts University)

How do objects die? In this paper, we present an analysis framework
that can precisely characterize the ways in which Java programs
dispose of objects. Our goal is to provide data that complements the
existing object demographics literature, which is mostly focused on
object allocation and lifetime characteristics. A more complete
picture of object lifecycles is crucial to developing new garbage
collection algorithms that can take advantage of application-specific

We present a novel technique that uses trace-based simulation
augmented with reference counting. Our analysis is able to identify
groups of objects that die simultaneously and can compute the precise
program point where these events occur. Furthermore, it can determine
the specific program actions that cause objects to become
unreachable. We classify object deaths in several different ways, and
we present empirical results from running our analysis on the Dacapo,
SPECjbb2005, and SPECjvm98 benchmarks using traces from the Elephant
Tracks tracing tool.

Joint work with Samuel Z. Guyer.

Assessing the Limits of Program-Specific Garbage Collection Performance

Eliot Moss (University of Massachusetts Amherst)

We consider the ultimate limits of program-specific garbage collector
performance for real programs.  We first characterize the GC schedule
optimization problem using Markov Decision Processes (MDPs).  Based on
this characterization, we develop a method of determining, for a given
program run and heap size, an *optimal* schedule of collections for a
non-generational collector.  We further explore the limits of
performance of a *generational* collector, where it is not feasible to
search the space of schedules to prove optimality.  Still, we show
significant improvements with Least Squares Policy Iteration, a
reinforcement learning technique for solving MDPs.  We demonstrate
that there is considerable promise to reduce garbage collection costs
by developing program-specific collection policies.

Foundations of type-directed code inference: which types have a unique inhabitant?

Gabriel Scherer (Northeastern University)

Type information can be useful to guess some parts of the program that
the users does not wish to write explicitly. This is the basic idea
supporting coercions, Haskell's type classes, and Scala's implicits.

I study a foundational question underlying this problem: when is it
the case that a type has a unique inhabitant? In other words, when is
the program fragment to guess *fully determined* from the type

To answer this question, we take ideas from proof search and logic (in
particular the notion of 'focusing'), and combine them with ideas
about program equivalence in (pure) functional programming.

In this talk, I would like to explain the motivation, and give an
accessible introduction to 'focusing', a technique from logic used to
answer questions from programming.

Multirole Logic as a Foundation for Global Coordination

Hanwen Wu (Boston University)

Session types are protocols describing valid communications among
parties. Two- party sessions enjoy duality, in which one party's
action is always the dual of the other party (e.g. send/receive,
choose/offer). Correspondence to logics is being actively studied in
which cut reduction is communication and the duality in classical
linear logic captures duality in two-party sessions. However in
multiparty sessions, duality no longer holds, and the two-premiss cut
rule is insufficient to express multiparty communication. Several
prior studies proposed multi-cut/coherent-cut as a generalization,
with coherence as a side condition guarding cuts. Instead of resorting
to classical logic, we propose a new form of logic, Multirole Logic,
where propositions are not limited to only two interpretations (itself
and its negation), but multiple interpretations annotated by a set of
roles. Such generalization naturally gives rise to a (complete) cut
rule for multiple propositions and a (partial) cut rule that leaves a
residual proposition. And we proved the admissibility of cut rule,
thus generalizing the celebrated results of Gentzen. We report that
our Multirole Logic is much more general and it provides a foundation
for global coordination, including but not limited to multiparty
session types.

Joint work with Hongwei Xi.

PLANALYZER: Automatic Analysis of Online Field Experiments

Emma Tosch (University of Massachusetts Amherst)

Online experiments are widely used to evaluate changes to Internet
services and inform design and engineering decisions. To manage the
complexity of performing experiments at scale, large companies employ
frameworks for designing, managing, and logging experimental
data. While such systems can help prevent many pitfalls, the design,
analysis, and verification of all but the most basic experiments
require substantial domain expertise.

This paper presents PLANALYZER, a static analysis tool that aids in
the verification and analysis of online experiments. PLANALYZER
incorporates the rules of causal inference to devise proper estimators
for advanced experimental designs. PLANALYZER targets the PlanOut
language, though its techniques would be applicable to similar
experimental design languages. s static analyses identify whether a
PlanOut program implements any valid experimental contrasts, and aids
ana- lysts by enumerating these contrasts.

Probabalistic NetKAT

Steffen Smolka (Cornell University)

NetKAT is a language for modeling, programming, and reasoning about
software-defined networks. It comes with a rich theory and automated
tools including a sound and complete axiomatic system, a compiler, and
a decision procedure for checking qualitative network properties

A recent probabilistic extension of NetKAT holds great promise: it
enables programming randomized routing algorithms, modeling
probabilistc features such as link-failures, and reasoning about
quantiative properties such as expected link congestion, probability
of packet delivery, etc.

While the denotational semantics of probabilistic NetKAT has been
worked out, little is known about how to compute in this model
algorithmically. There is no decision procedure or compiler. This work
aims to develop the theoretic foundations to enable such tools: a
theory of approximation and a coalgebraic (automata) theory for
probabilistc NetKAT.

This is ongoing work with Nate Foster and Dexter Kozen at Cornell and with Alexandra Silva at University College London.

Toward Compositional Verification of Interruptible OS Kernels and Device Drivers

Newman Wu (Yale University)

An operating system (OS) kernel forms the lowest level of any system
software stack. The correctness of the OS kernel is the basis for the
correctness of the entire system. Recent efforts have demonstrated the
feasibility of building formally verified general-purpose kernels, but
it is unclear how to extend their work to verify the functional
correctness of device drivers, due to the non-local effects of
interrupts. In this paper, we present a novel compositional framework
for building certified interruptible OS kernels with device drivers.
We provide a general device model that can be instantiated with
various hardware devices, and a realistic formal model of interrupts,
which can be used to reason about interruptible code. We have realized
this framework in the Coq proof assistant. To demonstrate the
effectiveness of our new approach, we have successfully extended an
existing verified non-interruptible kernel with our framework and
turned it into an interruptible kernel with verified device
drivers. To the best of our knowledge, this is the first verified
interruptible operating system with device drivers.

Joint work with Hao Chen, Zhong Shao, Joshua Lockerman, and Ronghui Gu.

Using Anomaly Detection to Find Bugs in Control Software

Hu Huang (Tufts University)

Modern commercial aircraft are heavily dependent on large software
systems for many of their essential functions. However, bugs may cause
software failure and endanger the lives of passengers and
crew. Software development processes in aviation emphasize near
exhaustive testing but not all bugs can be found.  Additionally,
current bug detection methods are not suitable for bugs that appear
during run-time as there exist complex relationships between program
variables that are not detectable by assertions or simple invariants.

In our work, we make use of a machine learning approach for detecting
bugs at run-time. However, we depart from previous work by leveraging
program slicing to obtain a set of variables for monitoring. This talk
will be on preliminary work that we have done so far on this idea.

Adel: A New Way to Program Microcontrollers

Sam Guyer (Tufts University)

Cheap microcontrollers, such as the Arduino, have become wildly
popular for embedded applications ranging from "smart homes" to
wearable devices to electronic art. Unfortunately, programming these
tiny microprocessors is surprisingly difficult. The central problem is
that the applications often consist of logically asynchronous tasks --
for example, blink a light until a button is pushed -- but there is no
support for concurrency (e.g., threads).  Many of these
microprocessors do not have the resources necessary to support an
operating system of any kind, so composing multiple tasks requires
programmers to implement a kind of ad hoc scheduler that greatly
complicates the code.

In this talk I will present a new "programming language", called Adel,
for programming microcontrollers. Adel provides a limited form of
concurrency based on coroutines and is cheap enough for use in even
the most bare-bones systems.  Adel is not a full programming language
-- it is implemented entirely as a set of C macros and requires no
changes to the existing Arduino tool chain. Most importantly, it
provides compositionality: asynchronous tasks can be composed in a
simple and intuitive way without compromising modularity and clarity.

Last modified Friday, May 27th, 2016 7:37:53am