Jean-Pierre Talpin


We consider distributed timed systems that implement leader election
protocols which are at the heart of clock synchronization protocols. We
develop abstraction techniques for parameterized model checking of such
protocols under arbitrary network topologies, where nodes have independently
evolving clocks. We apply our technique for model checking the root election
part of the flooding time synchronisation protocol (FTSP), and obtain
improved results compared to previous work. We model check the protocol for
all topologies in which the distance to the node to be elected leader is
bounded by a given parameter.

Zvonimir Rakamaric

Tool prototyping is an essential step in developing novel software verification algorithms and techniques. However, implementing a verifier prototype that can handle real-world programs is a huge endeavor, which hinders researchers by forcing them to spend more time engineering tools, and less time innovating. In this talk, I will present the SMACK software verification toolchain. The toolchain provides a modular and extensible software verification ecosystem that decouples the front-end source language details from back-end verification algorithms. It achieves that by translating from the LLVM compiler intermediate representation into the Boogie intermediate verification language. SMACK benefits the software verification community in several ways: (i) it can be used as an off-the-shelf software verifier in an applied software verification project, (ii) it enables researchers to rapidly develop and release new verification algorithms, (iii) it allows for adding support for new languages in its front-end. We have used SMACK to verify numerous C/C++ programs, including industry examples, showing it is mature and competitive. Likewise, SMACK is already being used in several existing verification research prototypes.

Andrei Voronkov


It is known that one can extract Craig interpolants from so-called local derivations. An interpolant extracted from such a derivation is a boolean combination of formulas occurring in the derivation. However, standard complete proof systems, such as superposition, for theories having the interpolation property are not necessarily complete for local proofs.
In this paper we investigate interpolant extraction from non-local proofs in the superposition calculus and prove a number of general results about interpolant extraction and complexity of extracted interpolants. In particular, we prove that the number of quantifier alternations in first-order interpolants of formulas without quantifier alternations is unbounded. This result has far-reaching consequences for using local proofs as a foundation for interpolating proof systems – any such proof system should deal with formulas of arbitrary quantifier complexity.
To search for alternatives for interpolating proof systems, we consider several variations on interpolation and local proofs. Namely, we give an algorithm for building interpolants from resolution refutations in logic without equality and discuss additional constraints when this approach can be also used for logic with equality. We finally propose a new direction related to interpolation via local proofs in first-order theories.

Maximilian Jaroschek


Analyzing and reasoning about safety properties of software systems
becomes an especially challenging task for programs with complex flow
and, in particular, with loops or recursion. For such programs one needs
additional information, for example in the form of loop invariants,
expressing properties to hold at intermediate program points. We study
program loops with non-trivial arithmetic, implementing addition and
multiplication among numeric program variables. In this talk, we present
a new approach for automatically generating all polynomial invariants of
a class of such programs, based on techniques from computer algebra,
which will be explained thoroughly and intuitively.

Ondřej Kunčar

In our project we are working on a framework that provides holistic security guarantees for web-based systems in which information flows heavily but not all flows should be allowed. As a case study we developed CoCon, a conference management system with verified document confidentiality. In my talk, I will start with a demo of CoCon, show which properties of the system we verified in the interactive theorem prover Isabelle and explain how we technically capture the intuitive idea that an attacker cannot learn any secrets of the system. A discussion of limitations of our approach will follow together with a summary of our experience with deployment of CoCon for real-life conferences. At the end, I will shortly mention future work.

Filippo Bonchi


We introduce a graphical syntax for signal flow diagrams based on the language of symmetric monoidal categories. Using universal categorical constructions, we provide a stream semantics and a sound and complete axiomatisation. A certain class of diagrams captures the orthodox notion of signal flow graph used in control theory; we show that any diagram of our syntax can be realised, via rewriting in the equational theory, as a signal flow graph.

Mitra Tabaei

Communication and synchronization are two main challenges in
designing and implementing concurrent programs, and consequently the main sources of
concurrency bugs. Concurrency bugs may lead to unintended program behavior as the
result of a particular ordering of actions in different threads at runtime.
Communication mechanisms for concurrent programs are generally based on either shared
memory or message passing. In the shared memory mechanism, concurrency bugs may manifest
at runtime as unexpected order in accessing shared data. Similarly, in
the message passing mechanism, unexpected order in sending and receiving messages
may result in a failure such as a deadlock.
We present a general framework for understanding the cause of
failure in concurrent programs by isolating from concurrent traces the
problematic or unexpected order of events which may cause a failure.
In devising our dynamic techniques for bug explanation,
we follow two different approaches, namely anomaly detection and slicing.
Our anomaly detection approach is based on statistical analysis and pattern mining.
In a completely different approach, we use a proof-based technique to construct
semantics-aware slices from failing traces.
We evaluate the efficiency and effectiveness of our proposed techniques
on benchmarks covering a broad range of real-world concurrency bugs. Moreover, we
compare the strengths and limitations of the anomaly detection technique with
the proof-based slicing technique.

Tomáš Vojnar


We consider data automata in the form of finite automata equipped with variables (counters or registers) ranging over infinite data domains. A trace of such a data automaton is an alternating sequence of alphabet symbols and values taken by the counters during an execution of the automaton. We address the problem of checking the inclusion between the sets of traces (data languages) recognized by such automata. Since the problem is undecidable in general, we give a semi-algorithm based on abstraction refinement, which is proved to be sound and complete modulo termination. Due to the undecidability of the trace inclusion problem, our procedure is not guaranteed to terminate. We have implemented our technique in a prototype tool and show promising results on several non-trivial examples.

Adrian Rebola Pardo


Unsatisfiability proofs in the DRAT format became the de
facto standard to increase the reliability of contemporary SAT solvers.
We consider the problem of generating proofs for the XOR reasoning
component in SAT solvers and propose two methods: direct translation
transforms every XOR constraint addition inference into a DRAT proof,
whereas T-translation avoids the exponential blow-up in direct transla-
tions by using fresh variables. T-translation produces DRAT proofs from
Gaussian elimination records that are polynomial in the size of the input
CNF formula. Experiments show that a combination of both approaches
with a simple prediction method outperforms the BDD-based method.

Johannes Kinder


Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy; these checks guard critical operations, like memory accesses. Alas, the induced slowdown usually exceeds by a wide margin what system users are willing to tolerate in production, so these tools are hardly ever used. As a result, the insecurity of real-world systems persists. We present an approach in which developers/operators can specify what level of overhead they find acceptable for a given workload (e.g., 5%); our proposed tool ASAP then automatically instruments the program to maximize its security while staying within the specified “overhead budget.” Two insights make this approach effective: most overhead in existing tools is due to only a few “hot” checks, whereas the checks most useful to security are typically “cold”and cheap. We evaluate ASAP on programs from the Phoronix and SPEC benchmark suites. It can precisely select the best points in the security-performance spectrum. Moreover, we analyzed existing bugs and security vulnerabilities in RIPE, OpenSSL, and the Python interpreter, and found that the protection level offered by the ASAP approach is sufficient to protect against all of them. Joint work with Jonas Wagner, Volodymyr Kuznetsov and George Candea (EPFL), presented at IEEE S&P (Oakland) 2015.