Embedded control software is often specified as a set of periodic tasks together with a dependency graph describing their communications via shared variables. This talk will describe an ongoing collaboration with Airbus to express such systems in a specialized version of Lustre. This version of Lustre is “rate synchronous” in…
Dans cette présentation, je vous parlerai de mes travaux sur l’analyse de valeurs par interprétation abstraite des langages fonctionnels.Nos premiers résultats, basés sur des domaines abstraits relationnels et des résumés des champs récursifs des types algébriques, permettent d’analyser des fonctions récursives du premier ordre manipulant des types algébriques récursifs et…
Garbage collection greatly simplifies the life of the programmer, removing the need for manually deallocating memory. However, heap space usage of garbage-collected programs can be tricky to understand: to argue that the garbage collector can reclaim the space associated with a heap object, one has to prove that this object…
Digital filters are widely used in control/command programs: a digital filter is a numerical algorithm to smooth variations of sampled values of signal. Digital filters involve linear recursions that can hardly be bound by using linear invariants. We propose an abstract domain using quadratic constraints and formal expansion to bound…
We consider a certain dynamic system, that is, a system with a certain internal state whose evolution is ruled by a known state update function. At regular interval, a measurement is performed. Based on this series of measurements, our objective is obtaining a good estimation of the current state of…
Static analyses aim at inferring semantic properties of programs. We distinguish two important classes of static analyses: state analyses and relational analyses. While state analyses aim at computing an over-approximation of reachable states of programs, relational analyses aim at computing functional properties over the input-output states of programs. Relational analyses…
Modern programming languages often provide functions to manipulate regular expressions in standard libraries.If they offer support for advanced features, the matching algorithm has an exponential worst-case time complexity: for some so-called vulnerable regular expressions, an attacker can craft ad hoc strings to force the matcher to exhibit an exponential behaviour…
In the second part of the talk, we tackle the setting of dynamic networks and present a quite different approach for the distributed computation of functions, which is based on popular algorithms in statistical physics, namely the Metropolis algorithm and the Push-Sum algorithm. When an upper bound on the network…
In this talk, we present several results on distributed function computation in anonymous network with broadcast communications. First, we recall the characterization, given by Boldi and Vigna, of the computable functions when agents have no information on their outgoing neighborhoods. Then we characterize the class of computable functions in networks…
When studying categories in homotopy type theory, it turns out that the well-behaved definition is that of univalent categories, that is, categories such that isomorphisms between objects are equivalent to identities between them. It has been shown that any category is weakly equivalent to a univalent one; this operation is…
Violations of program properties pose significant risks, particularly when they can be triggered by attackers. Multiple approaches has been proposed recently to detect these vulnerabilities. In this seminar, we will present a new abstract interpretation-based static analysis for this problem. By leveraging a static analysis by abstract interpretation for CTL…
For performance and scalability reasons, most cloud providers start using Field-Programmable Gate Arrays (FPGAs) to provide FPGA-based acceleration services. FPGA virtualization becomes then necessary to optimize hardware resources utilization, but raises security and privacy concerns.In this work we consider a temporal multi-tenancy environment, where a single FPGA instance running a…
In this presentation, we are interested in the Computationally Complete Symbolic Attack (CCSA) approach to security protocol verification, and its implementation in the proof assistant SQUIRREL. The proof of a protocol relies on assumptions on the security provided by its primitives (e.g. hash, encryption, etc.), which are generally formulated in…
Conversion to Static Single Assignment (SSA) form is usually viewed as a syntactic transformation algorithm that gives unique names to program variables, and reconciles these names using “phi” functions based on a notion of domination. We instead propose a semantic approach, where SSA translation is performed using a simple dataflow…
I will present the work I did during my M1 internship in Dresden on two-variable logics (especially C², the two variable first-order logic with counting quantifiers), trying to show that every satisfiable sentence admits a model of finite cliquewidth.
One of the most important results in distributed computing was published in April 1985 by Fischer, Lynch and Paterson. Their short paper “Impossibility of Distributed Consensus with One Faulty Process” definitively placed an upper bound on what it is possible to achieve with distributed processes in an asynchronous environment. The problem of…
Probabilistic programming is a method for Bayesian statistics in which statistical models are encoded as programs. In this talk I will introduce probabilistic programming and the problem of inference. I will then present two kinds of semantics for probabilistic programs: one based on measures and probability kernels, and one based…
It is widely known that the precision of a program analyzer is closely related to intensional program properties, namely, properties concerning how the program is written. This explains, for instance, the interest in code obfuscation techniques, namely, tools explicitly designed to degrade the results of program analysis by operating syntactic…
We present an abstract interpretation framework for proving liveness properties of imperative programs, to ensure that some event happens once or infinitely many times during program execution. A further abstraction based on piecewise-defined ranking functions yields a static analysis that automatically infers sufficient conditions for these liveness properties as well as upper…
Fundamental concerns exist on the trustworthiness of deep learning systems, with examples including robustness, fairness, privacy and explainability. Phenomena like adversarial examples prompt the need to train robust networks and to provide formal guarantees on their behaviour. In this talk, we will first introduce the neural network verification problem. Then,…
We present the article “Shape analysis by means of bi-abduction” by Cristiano Calcagno, Dino Distefano, Peter O’Hearn, Hongseok Yang published at POPL in 2009. This article addresses the problem of pre- & post-condition generation and verification for function analysis. In order to resolve this problem, the authors introduce the notion…
Modeling paradigms for Systems Biology plays an important role in investigating the orchestrated function of various biological systems. Additionally, they permit one to study a system in-silico in order to gain mechanistic insights from the trajectories resulting from the model. A common battle to derive an ideal representation for a…
We present an approach to language design aimed at enforcing modular security, where a security architect can define specific object capabilities that enforce custom security properties. Unlike traditional models that assume an uncompromised system (‘clean garden’), this model (‘dark forest’) assumes local machines are already compromised but anchored by a…
Runtime errors that can be triggered by an attacker are sensibly more dangerous than others, as they not only result in program failure, but can also be exploited and lead to security breaches such as Denial-of-Service attacks or remote code execution. Proving the absence of exploitable runtime errors is challenging,…
In this talk, we will present an overview of the abstract domains that drive the Flambda 2 optimizer for In this talk, we will present an overview of the abstract domains that drive the Flambda 2 optimizer for OCaml programs. Like most optimizing compilers, Flambda 2 relies on static analysis…
Probabilistic programming languages aim at designing and implementing algorithms that compute over probability distributions rather than states. They feature dedicated primitives for sampling and conditioning. Moreover, the evaluation of probabilistic programs relies on general purpose inference engines. In the last few years, several languages such as Pyro, Edward or Stan…
I present two impossibility proofs for consensus in the presence of byzantine failures based on graph coverings.
Event structures, trace automata, and Petri nets are fundamental models in concurrency theory. There exist nice interpretations of these structures as combinatorial and geometric objects and both conjectures can be reformulated in this framework. Namely, from a graph theoretical point of view, the domains of prime event structures correspond exactly…
We tackle the problem of testing and verifying “incomplete” programs—that contain components whose source code is either unavailable (like third-party libraries and cloud-based APIs), or too complex to model formally (like large machine learning models). We show how classical techniques like symbolic execution, deductive verification and SMT solving can be…
In this work, we propose a static analysis by abstract interpretation for Robust CTL properties by taking advantage of our static analyzer FuncTion. A CTL property robustly hold if a controlled input imply it whatever the value of the uncontrolled input. Furthermore, we enhance Conflict Driven Analysis (CDA), an extension…
