- Horn-ICE Learning for Synthesizing Invariants and Contracts. Deepak D'Souza, Ezudheen P, Pranav Garg, Daniel Neider, P. Madhusudan.
- Randomized Testing of Distributed Systems with Probabilistic Guarantees. Burcu Kulahcioglu Ozkan, Rupak Majumdar, Filip Niksic, Mitra Tabaei Befrouei, Georg Weissenbacher.
- Reconciling High-level Optimizations and Low-level Code in LLVM. Juneyoung Lee, Chung-Kil Hur, Ralf Jung, Zhengyang Liu, John Regehr, Nuno P. Lopes.
- Persistence Semantics for Weak Memory. Azalea Raad, Viktor Vafeiadis.
- Parametricity versus the Universal Type. Dominique Devriese, Marco Patrignani, Frank Piessens.
- Effective Stateless Model Checking for C/C++ Concurrency. Michalis Kokologiannakis, Ori Lahav, Kostis Sagonas, Viktor Vafeiadis.
- Monadic refinements for relational cost analysis. Ivan Radicek, Gilles Barthe, Marco Gaboardi, Deepak Garg, Florian Zuleger.
- Why is Random Testing Effective for Partition Tolerance Bugs? Rupak Majumdar, Filip Niksic.
- RustBelt: Securing the Foundations of the Rust Programming Language. Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, Derek Dreyer.
Eva Darulova has received a single-PI DFG grant entitled "Automated Rigorous Verification and Synthesis of Approximations." Björn Brandenburg has received a DFG grant entitled "RT-Proofs: Formal proofs for real-time systems." This award is for a collaborative grant, with co-PIs at INRIA (Grenoble), Verimag (Grenoble), ONERA (Toulouse), and TU Braunschweig (Germany).
Both projects are actively recruiting doctoral students. Interested students can apply online.
Automated Rigorous Verification and Synthesis of Approximations
Computing resources are fundamentally limited and sometimes an exact solution may not even exist. Thus, when implementing real-world systems, approximations are inevitable, as are the errors introduced by them. The magnitude of errors is problem-dependent but higher accuracy generally comes at a cost in terms of memory, energy or runtime, effectively creating an accuracy-efficiency tradeoff. To take advantage of this tradeoff, we need to ensure that the computed results are sufficiently accurate, otherwise we risk disastrously incorrect results or system failures. Unfortunately, the current way of programming with approximations is mostly manual, and consequently costly, error prone and often produces suboptimal results.
The goal of this project is to develop an end-to-end system which approximates numerical programs in an automated and trustworthy fashion. The programmer will be able to write exact high-level code and our `approximating compiler' will generate an efficient implementation satisfying a given accuracy specification. In order to achieve this vision, we will develop novel sound techniques for verifying the accuracy of approximate numerical programs, as well as new synthesis approaches to generate such approximations automatically.
RT-Proofs: Formal proofs for real-time systems
Real-time systems, i.e., computer systems subject to stringent timing constraints, are at the heart of most modern safety-critical technologies, including automotive systems, avionics, robotics, and factory automation, to name just a few prominent domains in which incorrect timing can have potentially catastrophic consequences. To assure the always-correct operation of such systems, i.e., to make sure that they always react in a timely fashion even in a worst-case scenario, rigorous validation efforts are required prior to deployment. However, establishing that all timing constraints are met is far from trivial --- and requires sophisticated analysis techniques --- because software timing varies in complex and difficult to predict ways, e.g., due to scheduling delays, shared resources, or communication, even when executing on a dedicated processor. Unfortunately, the theoretical foundations of current analysis methods are not nearly as rock-solid as one might expect.
The key problem is that the state-of-the-art methods are backed by only informal or abbreviated proofs, which are typically difficult to understand, check, adapt, or reuse. As a result, there is a non-trivial risk of subtle, but fatal mistakes, either lingering in the published literature, or arising when combining results with unstated, inconsistent assumptions. And indeed, this is not just a hypothetical concern --- most famously, the timing analysis of the CAN real-time bus (widely deployed in virtually all modern cars) was refuted in 2007, 13 years after initial publication. Similarly, other lesser-known examples of incorrect worst-case analyses abound in the literature, including off-by-one errors, incorrect generalizations, and even claims that are simply wrong. Worse, even if the underlying theory is indeed flawless, there is still no guarantee that it is actually implemented correctly in the toolchains used in practice. In short, the state of the art in the analysis of safety-critical real-time systems leaves a lot to be desired --- informal "pen and paper" proofs are simply inadequate.
There is a better way: timing analysis results should be formally proved, machine-checkable, and independently verifiable. To this end, the RT-proofs project will lay the foundations for the computer-assisted verification of schedulability analysis results by (i) formalizing foundational real-time concepts using the Coq proof assistant and (ii) mechanizing proofs of busy-window-based end-to-end latency analysis, the analysis approach of greatest practical relevance (e.g., used by SymTA/S). Additionally, we will (iii) demonstrate with a practical prototype how trust in a vendor's toolchain can be established by certifying the produced analysis results (rather than the tool itself). Leading by example, RT-proofs will fundamentally raise the level of rigor, to the benefit of the academic community, tool vendors, and real-time systems engineers in practice.
Distinguished Paper awards are given to about 10% of papers at OOPSLA.
PLDI 2017: Repairing Sequential Consistency in C/C++11, by Ori Lahav, Viktor Vafeiadis, Jeehoon Kang, Chung-Kil Hur, and Derek Dreyer.
ECOOP 2017: Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris, by Jan-Oliver Kaiser, Hoang-Hai Dang, Derek Dreyer, Ori Lahav, and Viktor Vafeiadis.
Maria joins MPI-SWS from the University of Kent, England, where she is a Lecturer at the School of Computing. She was previously a postdoctoral researcher at Microsoft Research Redmond. Maria received her Ph.D. from the Department of Computer Science of ETH Zurich and was awarded with the ETH medal and the EAPLS Best PhD Dissertation Award. She completed her Bachelor’s and Master’s degrees at the Department of Electrical and Computer Engineering of the National Technical University of Athens, Greece.
- A promising semantics for relaxed-memory concurrency
- Relational cost analysis
- Thread modularity at many levels: a pearl in compositional verification
CAV 2017 is the 29th in a series dedicated to the advancement of the theory and practice of computer-aided formal analysis and synthesis methods for hardware and software systems. The CAV home page has more information.
The European Research Council (ERC) is a pan-European funding body that supports cutting-edge research. It offers funding for groundbreaking research projects of the highest scientific quality across Europe, across all research areas. Talented researchers from all over the world can receive funding for excellent research in Europe. The ERC Consolidator Grant offers funding for researchers with 7 to 12 years of experience after achieving a PhD.
The RustBelt Project
A longstanding question in the design of programming languages is how to balance safety and control. C-like languages give programmers low-level control over resource management at the expense of safety, whereas Java-like languages give programmers safe high-level abstractions at the expense of control.
Rust is a new language developed at Mozilla Research that marries together the low-level flexibility of modern C++ with a strong "ownership-based" type system guaranteeing type safety, memory safety, and data race freedom. As such, Rust has the potential to revolutionize systems programming, making it possible to build software systems that are safe by construction, without having to give up low-level control over performance.
Unfortunately, none of Rust's safety claims have been formally investigated, and it is not at all clear that they hold. To rule out data races and other common programming errors, Rust's core type system prohibits the aliasing of mutable state, but this is too restrictive for implementing some low-level data structures. Consequently, Rust's standard libraries make widespread internal use of "unsafe" blocks, which enable them to opt out of the type system when necessary. The hope is that such "unsafe" code is properly encapsulated, so that Rust's language-level safety guarantees are preserved. But due to Rust's reliance on a weak memory model of concurrency, along with its bleeding-edge type system, verifying that Rust and its libraries are actually safe will require fundamental advances to the state of the art.
In this project, we aim to equip Rust programmers with the first formal tools for verifying safe encapsulation of "unsafe" code. Any realistic languages targeting this domain in the future will encounter the same problem, so we expect our results to have lasting impact. To achieve this goal, we will build on recent breakthrough developments by the PI and collaborators in concurrent program logics and semantic models of type systems.
In 2015, Joel was awarded an ERC Consolidator Grant, which provides almost 2 million euros of research funding over a period of five years. He is also the recipient of the 2010 Roger Needham Award, given annually "for a distinguished research contribution in Computer Science by a UK-based researcher within ten years of his or her PhD."
Joel will join MPI-SWS from the University of Oxford, where he is a Professor of Computer Science and Fellow of St John's College. Joel holds a BSc and MSc in Mathematics from McGill University, and received his PhD in Computer Science from Oxford in 2001. He subsequently did postdoctoral work at Tulane University and Carnegie Mellon University.
Majumdar won the award for his 2004 paper, Abstractions From Proofs, which was coauthored with Thomas Henzinger, Ranjit Jhala, and Kenneth McMillan. The paper introduced a technique to automatically find program abstractions using logical interpolation and showed the effectiveness of the technique in software verification.
Rupak Majumdar and Zhenyue Long, along with Georgei Calin and Roland Meyer at TuKL, have received the ETAPS 2012 best paper award for their paper "Language-Theoretic Abstraction Refinement".
Rupak Majumdar has also received (along with Jason Cong, Bin Liu, and Zhiru Zhang) the 2012 ACM TODAES Best Paper Award for his 2010 TODAES article "Behavior-Level Observability Analysis for Operation Gating in Low-Power Behavioral Synthesis".
The ACM SIGPLAN Most Influential PLDI Paper Award is given each year for a paper that is ten years old and has been highly influential in the area of programming languages.
Rupak's 2001 paper, "Automatic Predicate Abstraction of C Programs," was coauthored with Thomas Ball, Todd Millstein, and Sriram Rajamani. The paper presented the predicate abstraction technology underlying the SLAM project. The technology is now part of Microsoft's Static Driver Verifier in the Windows Driver Development Kit. This is one of the earliest examples of automation of software verification on a large scale and the basis for numerous efforts to expand the domains that can be verified.
We are pleased to announce that three new faculty will join MPI-SWS this fall.
Björn Brandenburg is joining us from the University of North Carolina at Chapel Hill (UNC), where he obtained his Ph.D. in computer science. Björn's research interests include multiprocessor real-time system, real-time synchronization protocols, and operating systems. Björn is the lead designer and developer of LITMUSRT, an extension of the Linux kernel for real-time scheduling and synchronization on multicore platforms.
Deepak Garg is joining us from the Cybersecurity Lab (CyLab) at Carnegie Mellon University, where he was a post-doctoral researcher. He obtained his Ph.D. from Carnegie Mellon's Computer Science Department. His research interests are in the areas of computer security and privacy, formal logic and programming languages. He is specifically interested in logic-based models of secure systems and formal analysis of security properties of systems.
Ruzica Piskac is joining us from EPFL, where she has completed her Ph.D. in computer science. The goal of her research is to make software development easier and software more reliable via automated reasoning techniques. She is specifically interested in decision procedures, their combinations and applications in program verification and software synthesis.
Viktor's research contributions include inventing new concurrent program logics (RGSep & deny/guarantee); developing automated verification tools (SmallfootRG & Cave) for proving correctness properties of concurrent algorithms; and verifying some particularly challenging algorithms manually (e.g., mcas), mechanically (e.g., fast congruence closure), or automatically (e.g., lazy set).
Viktor received his B.A. degree in Computer Science in 2004 and his Ph.D. degree in Computer Science in 2008 both from the University of Cambridge. After that, he held post-doctoral research positions at Microsoft Research and at the University of Cambridge.
The external scientific member appointment is a courtesy appointment, which acknowledges the member's scientific excellence, as well as his or her close collaboration and contribution to joint research projects with MPI-SWS faculty and researchers.
Robert Harper has been a professor in the Computer Science Department at Carnegie Mellon University since 1988. He received his Ph.D. in Computer Science from Cornell University in 1985, and was a post-doctoral research fellow at the Laboratory for Foundations of Computer Science at Edinburgh University from 1985-1988. He is best known for his work on the design, definition, and implementation of Standard ML; the design and application of the LF logical framework; the type-theoretic foundations of modularity in programming languages; the use of typed intermediate languages for certified compilation; the co-invention of self-adjusting computation for dynamic algorithms; and the application of fundamental theory to practical software systems. His current interests include mechanization of the metatheory of programming languages, the integration of types and verification, and the application of programming language theory to computer security.
Such systems abound in many areas of computer science. For example, physical simulations often involve objects that move continuously over time, databases host and process data that changes over time (e.g., by introduction of new information records), and connectivity in networks and distributed systems changes as links go down or come alive.
Umut's primary research focus has been self-adjusting computation, where computations respond automatically to modifications to their data. With his collaborators, he designs languages for developing self-adjusting programs, researches techniques for analyzing their complexity, and evaluates the proposed techniques by considering problem domains such as computational geometry, machine learning, and scientific computing. Umut's other interests include parallel computing, databases, and design and implementation of high-level languages.
Umut Acar received his B.S. in Computer Science from Bilkent University-Turkey in 1997, his M.A. from University of Texas at Austin in 1999, and his Ph.D. from Carnegie Mellon University in 2004. Umut joins MPI-SWS from the Toyota Technological Institute of Chicago, where he was an assistant professor from 2005 to 2009.
The EAPLS award goes to the best contribution in the area of programming languages among CC, ESOP, and TACAS—three member conferences of ETAPS, the European Joint Conferences on Theory and Practice of Software.
The award-winning paper describes the design and implementation of an automatic invariant generator that can be used in the verification of imperative programs. The authors' new approach makes constraint solving—and hence invariant generation—more scalable by adding information obtained from static abstract interpretation as well as dynamic execution of the program.
ETAPS, established in 1998, is a confederation of five annual conferences, accompanied by satellite workshops and other events. It is a primary forum for academic and industrial researchers working on topics relating to Software Science. Previous EAPLS best paper award winners are listed at http://www.eapls.org/pages/topic_05_awards/.