David J. Pearce (Blog)

Whiley gets Rusty!

Tuesday, May 31st, 2022

I’ve been learning Rust for a while now but, at the same time, trying to continue developing Whiley. Since Whiley was written entirely in Java, these activities were mutually exclusive and it was frustrating trying to balance things!

Verifying an Auction Contract in Whiley

Tuesday, May 17th, 2022

Since Whiley is a general purpose verification system, I thought it might be interesting to try and verify a smart contract. Smart contracts are well suited to formal verification tools (like Whiley), as they are small and typically self-contained.

Puzzling Strong Updates in Rust

Wednesday, April 27th, 2022

The idea of a strong update comes from earlier work on static analysis and, in particular, pointer analysis. To understand this, let’s imagine a hypothetical non-null analysis for C: int* r = (int*) malloc(sizeof(int)); int** p = &r; At this point, our non-null analysis would conclude that p was nonnull and that r was nullable.

Modelling Borrow Checking in Rust

Monday, December 6th, 2021

Recently, I’ve been working on a formalisation of borrow checking in Rust. The idea is to help people think clearly about how borrow checking works (in someways perhaps similar to the Stacked Borrows work but with a different perspective).

Verifying the Whiley Standard Library

Wednesday, October 27th, 2021

For sometime now, its been possible to use Boogie / Z3 as a backend for verifying Whiley programs. Initially that was pretty sketchy, but it’s really starting to ramp up now.

Test-Driving the Rust Model Checker (RMC)

Tuesday, October 26th, 2021

The Rust Model Checker (RMC) allows Rust programs to be model checked using the C Bounded Model Checker (CBMC). In essence, RMC is an extension to the Rust compiler which converts Rust’s MIR into the input language of CBMC (GOTO).

Fooling the Borrow Checker

Wednesday, September 1st, 2021

An interesting question is how the Rust borrow checker decides when a borrow could still be live. This illustrates a simple example: let mut x = 1234; let z = f(&x); .

Sizing Up Types in Rust

Thursday, July 15th, 2021

When learning Rust, understanding the difference between statically and dynamically sized types seems critical. There are some good discussions out there already (e.g. here and here). Whilst these explain the mechanics, they didn’t tell me why its done like this in Rust.

Understanding Generic Type Variance (in Whiley)

Sunday, March 14th, 2021

For languages which support generic types, an important question is deciding whether or not a type C<T> is a subtype of another related type C<S>. Since Whiley was recently extended to support generic types, its interesting to think about how this was handled.

Dynamic Cycle Detection for Lock Ordering

Saturday, December 19th, 2020

Recently, I discovered that an algorithm of mine from a few years back is being used in both TensorFlow and the Abseil C++ library (see here and here). That is of course pretty exciting since they are both widely used libraries!

1
2
3
4
5