From MinX to MinC: Semantics-Driven Decompilation of Recursive Datatypes

Reconstructing the meaning of a program from its binary executable is known as reverse engineering; it has a wide range of applications in software security, exposing piracy, legacy systems, etc. Since reversing is ultimately a search for meaning, there is much interest in inferring a type (a meaning) for the elements of a binary in a consistent way. Unfortunately existing approaches do not guarantee any semantic relevance for their reconstructed types. This paper presents a new and semantically-founded approach that provides strong guarantees for the reconstructed types. Key to our approach is the derivation of a witness program in a high-level language alongside the reconstructed types. This witness has the same semantics as the binary, is type correct by construction, and it induces a (justifiable) type assignment on the binary. Moreover, the approach effectively yields a type-directed decompiler. We formalise and implement the approach for reversing Minx, an abstraction of x86, to MinC, a type-safe dialect of C with recursive datatypes. Our evaluation compiles a range of textbook C algorithms to MinX and then recovers the original structures

A formally verified compiler back-end

This article describes the development and formal verification (proof of semantic preservation) of a compiler back-end from Cminor (a simple imperative intermediate language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a verified compiler is useful in the context of formal methods applied to the certification of critical software: the verification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well

Geometry of abstraction in quantum computation

Quantum algorithms are sequences of abstract operations, performed on non-existent computers. They are in obvious need of categorical semantics. We present some steps in this direction, following earlier contributions of Abramsky, Coecke and Selinger. In particular, we analyze function abstraction in quantum computation, which turns out to characterize its classical interfaces. Some quantum algorithms provide feasible solutions of important hard problems, such as factoring and discrete log (which are the building blocks of modern cryptography). It is of a great practical interest to precisely characterize the computational resources needed to execute such quantum algorithms. There are many ideas how to build a quantum computer. Can we prove some necessary conditions? Categorical semantics help with such questions. We show how to implement an important family of quantum algorithms using just abelian groups and relations.Comment: 29 pages, 42 figures; Clifford Lectures 2008 (main speaker Samson Abramsky); this version fixes a pstricks problem in a diagra

06341 Abstracts Collection -- Computational Structures for Modelling Space, Time and Causality

From 20.08.06 to 25.08.06, the Dagstuhl Seminar 06341 ``Computational Structures for Modelling Space, Time and Causality\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Definiteness and determinacy

This paper distinguishes between definiteness and determinacy. Definiteness is seen as a morphological category which, in English, marks a (weak) uniqueness presupposition, while determinacy consists in denoting an individual. Definite descriptions are argued to be fundamentally predicative, presupposing uniqueness but not existence, and to acquire existential import through general type-shifting operations that apply not only to definites, but also indefinites and possessives. Through these shifts, argumental definite descriptions may become either determinate (and thus denote an individual) or indeterminate (functioning as an existential quantifier). The latter option is observed in examples like ‘Anna didn’t give the only invited talk at the conference’, which, on its indeterminate reading, implies that there is nothing in the extension of ‘only invited talk at the conference’. The paper also offers a resolution of the issue of whether possessives are inherently indefinite or definite, suggesting that, like indefinites, they do not mark definiteness lexically, but like definites, they typically yield determinate readings due to a general preference for the shifting operation that produces them.We thank Dag Haug, Reinhard Muskens, Luca Crnic, Cleo Condoravdi, Lucas Champollion, Stanley Peters, Roger Levy, Craige Roberts, Bert LeBruyn, Robin Cooper, Hans Kamp, Sebastian Lobner, Francois Recanati, Dan Giberman, Benjamin Schnieder, Rajka Smiljanic, Ede Zimmerman, as well as audiences at SALT 22 in Chicago, IATL 29 in Jerusalem, Going Heim in Connecticut, the Workshop on Bare Nominals and Non-Standard Definites in Utrecht, the University of Cambridge, the University of Gothenburg, the University of Konstanz, New York University, the University of Oxford, Rutgers University, the University of Southern California, Stanford University, and the University of Texas at Austin. Beaver was supported by NSF grants BCS-0952862 and BCS-1452663. Coppock was supported by Swedish Research Council project 2009-1569 and Riksbankens Jubileumsfond's Pro Futura Scientia program, administered through the Swedish Collegium for Advanced Study. (BCS-0952862 - NSF; BCS-1452663 - NSF; 2009-1569 - Swedish Research Council; Riksbankens Jubileumsfond's Pro Futura Scientia program

Representing scope in intuitionistic deductions

AbstractIntuitionistic proofs can be segmented into scopes which describe when assumptions can be used. In standard descriptions of intuitionistic logic, these scopes occupy contiguous regions of proofs. This leads to an explosion in the search space for automated deduction, because of the difficulty of planning to apply a rule inside a particular scoped region of the proof. This paper investigates an alternative representation which assigns scope explicitly to formulas, and which is inspired in part by semantics-based translation methods for modal deduction. This calculus is simple and is justified by direct proof-theoretic arguments that transform proofs in the calculus so that scopes match standard descriptions. A Herbrand theorem, established straightforwardly, lifts this calculus to incorporate unification. The resulting system has no impermutabilities whatsoever — rules of inference may be used equivalently anywhere in the proof. Nevertheless, a natural specification describes how λ-terms are to be extracted from its deductions

On Extensibility of Software Systems

This report contains the progress report written as part of the author's PhD qualifying exam. It describes initial work carried out in analyzing and improving the extensibility of software systems, including a detailed case study analyzing the extensibility of the Proof Obligation Generator (POG) of the Overture tool. Additional extension work includes improving the output format of the POG and support for additional logic systems. Future work for the remaining half of the PhD is also discussed, including ways to combine formal modelling and extensibility analysis and also techniques for multi-paradigm extensibility