Abstract:The semantics for counterfactuals due to David Lewis has been challenged on
the basis of unlikely, or impossible, events. Such events may skew a given
similarity order in favour of those possible worlds which exhibit them. By
updating the relational structure of a model according to a ceteris paribus
clause one forces out, in a natural manner, those possible worlds which do not
satisfy the requirements of the clause. We develop a ceteris paribus logic for
counterfactual reasoning capable of performing such act… Show more
“…The verifier also enforces structs to be linear by default [7,20,44]. Linearity prevents copying and destruction (e.g., via overwriting the variable that stores the struct or allowing it to go out of scope) outside of the module that declared the struct.…”
A program that maintains key safety properties even when interacting with arbitrary untrusted code is said to enjoy robust safety. Proving that a program written in a mainstream language is robustly safe is typically challenging because it requires static verification tools that work precisely even in the presence of language features like dynamic dispatch and shared mutability. The emerging Move programming language was designed to support strong encapsulation and static verification in the service of secure smart contract programming. However, the language design has not been analysed using a theoretical framework like robust safety.In this paper, we define robust safety for the Move language and introduce a generic framework for static tools that wish to enforce it. Our framework consists of two abstract components: a program verifier that can prove an invariant holds in a closedworld setting (e.g., the Move Prover [16, 47]), and a novel encapsulator that checks if the verifier's result generalizes to an open-world setting. We formalise an escape analysis as an instantiation of the encapsulator and prove that it attains the required security properties.Finally, we implement our encapsulator as an extension to the Move Prover and use the combination to analyse a large representative benchmark set of real-world Move programs. This toolchain certifies >99% of the Move modules we analyse, validating that automatic enforcement of strong security properties like robust safety is practical for Move. Additionally, our results tell that security-centric language design can be effective in attaining strong security properties such as robust safety.
“…The verifier also enforces structs to be linear by default [7,20,44]. Linearity prevents copying and destruction (e.g., via overwriting the variable that stores the struct or allowing it to go out of scope) outside of the module that declared the struct.…”
A program that maintains key safety properties even when interacting with arbitrary untrusted code is said to enjoy robust safety. Proving that a program written in a mainstream language is robustly safe is typically challenging because it requires static verification tools that work precisely even in the presence of language features like dynamic dispatch and shared mutability. The emerging Move programming language was designed to support strong encapsulation and static verification in the service of secure smart contract programming. However, the language design has not been analysed using a theoretical framework like robust safety.In this paper, we define robust safety for the Move language and introduce a generic framework for static tools that wish to enforce it. Our framework consists of two abstract components: a program verifier that can prove an invariant holds in a closedworld setting (e.g., the Move Prover [16, 47]), and a novel encapsulator that checks if the verifier's result generalizes to an open-world setting. We formalise an escape analysis as an instantiation of the encapsulator and prove that it attains the required security properties.Finally, we implement our encapsulator as an extension to the Move Prover and use the combination to analyse a large representative benchmark set of real-world Move programs. This toolchain certifies >99% of the Move modules we analyse, validating that automatic enforcement of strong security properties like robust safety is practical for Move. Additionally, our results tell that security-centric language design can be effective in attaining strong security properties such as robust safety.
“…[51] for a survey. This notion has also been applied to analyse the notion of preference [7,53], counterfactual reasoning [10], agency and games [12,13], Fitch's paradox [50], and the future contingents problem [49], etc.. It may be interesting to combine ceteris paribus and supervenience, since in that case we can naturally express the statements such as "Ceteris paribus, B supervenes on A", or more general, "Ceteris paribus, B supervenes on A 1 , · · · , A n ".…”
Section: Combing the Notions Of Ceteris Paribus And Superveniencementioning
Supervenience is an important philosophical concept. In this paper, inspired by the supervenience-determined consequence relation and the semantics of agreement operator, we introduce a modal logic of supervenience, which has a dyadic operator of supervenience as a sole modality. The semantics of supervenience modality is very natural to correspond to the supervenience-determined consequence relation, in a quite similar way that the strict implication corresponds to the inference-determined consequence relation. We show that this new logic is more expressive than the modal logic of agreement, by proposing a notion of bisimulation for the latter logic. We provide a sound proof system for our new logic. We also lift on to more general logics of supervenience. Related to this, we compare propositional logic of determinacy and non-contingency in expressive powers, and give axiomatizations of propositional logic of determinacy over various classes of frames, thereby resolving an open research direction listed in [11, Sec. 8.2]. As a corollary, we also present an alternative axiomatization for propositional logic of determinacy over universal models. We conclude with a lot of future work.
“…Technically, we build on [22] (a variant of L 3 [1] adapted for usability) by supporting sharing of mutable state through rely-guarantee protocols. As in L 3 , a cell is decomposed in two components: a pure reference (that can be freely copied), and a linear [14] capability used to track the contents of that cell. Unlike L 3 , by extending [22] our language implicitly threads capabilities through the code, reducing syntactic overhead.…”
Abstract. The use of shared mutable state, commonly seen in object-oriented systems, is often problematic due to the potential conflicting interactions between aliases to the same state. We present a substructural type system outfitted with a novel lightweight interference control mechanism, rely-guarantee protocols, that enables controlled aliasing of shared resources. By assigning each alias separate roles, encoded in a novel protocol abstraction in the spirit of rely-guarantee reasoning, our type system ensures that challenging uses of shared state will never interfere in an unsafe fashion. In particular, rely-guarantee protocols ensure that each alias will never observe an unexpected value, or type, when inspecting shared memory regardless of how the changes to that shared state (originating from potentially unknown program contexts) are interleaved at run-time.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.