Enforcing trace properties by program transformation

We propose an automatic method to enforce trace properties on programs. The programmer specifies the property separately from the program; a program transformer takes the program and the property and automatically produces another ``equivalent'' program satisfying the property. This separation of concerns makes the program easier to develop and maintain. Our approach is both static and dynamic. It integrates static analyses in order to avoid useless transformations. On the other hand, it never rejects programs but adds dynamic checks when necessary. An important challenge is to make this dynamic enforcement as inexpensive as possible. The most obvious application domain is the enforcement of security policies. In particular, a potential use of the method is the securization of mobile code upon receipt

Non-perturbative improvement of bilinears in unquenched QCD

We describe how the improvement of quark bilinears generalizes from quenched to unquenched QCD, and discuss which of the additional improvement constants can be determined using Ward Identities.Comment: LATTICE99 (Improvement and Renormalization). 3 pages, no figures. Corrected error (improvement coefficient $g_T$ is not needed

Optimizing Batch Linear Queries under Exact and Approximate Differential Privacy

Differential privacy is a promising privacy-preserving paradigm for statistical query processing over sensitive data. It works by injecting random noise into each query result, such that it is provably hard for the adversary to infer the presence or absence of any individual record from the published noisy results. The main objective in differentially private query processing is to maximize the accuracy of the query results, while satisfying the privacy guarantees. Previous work, notably \cite{LHR+10}, has suggested that with an appropriate strategy, processing a batch of correlated queries as a whole achieves considerably higher accuracy than answering them individually. However, to our knowledge there is currently no practical solution to find such a strategy for an arbitrary query batch; existing methods either return strategies of poor quality (often worse than naive methods) or require prohibitively expensive computations for even moderately large domains. Motivated by this, we propose low-rank mechanism (LRM), the first practical differentially private technique for answering batch linear queries with high accuracy. LRM works for both exact (i.e., $\epsilon$-) and approximate (i.e., ($\epsilon$, $\delta$)-) differential privacy definitions. We derive the utility guarantees of LRM, and provide guidance on how to set the privacy parameters given the user's utility expectation. Extensive experiments using real data demonstrate that our proposed method consistently outperforms state-of-the-art query processing solutions under differential privacy, by large margins.Comment: ACM Transactions on Database Systems (ACM TODS). arXiv admin note: text overlap with arXiv:1212.230

A linear programming approach to general dataflow process network verification and dimensioning

In this paper, we present linear programming-based sufficient conditions, some of them polynomial-time, to establish the liveness and memory boundedness of general dataflow process networks. Furthermore, this approach can be used to obtain safe upper bounds on the size of the channel buffers of such a network.Comment: In Proceedings ICE 2010, arXiv:1010.530

Succinct Representations for Abstract Interpretation

Abstract interpretation techniques can be made more precise by distinguishing paths inside loops, at the expense of possibly exponential complexity. SMT-solving techniques and sparse representations of paths and sets of paths avoid this pitfall. We improve previously proposed techniques for guided static analysis and the generation of disjunctive invariants by combining them with techniques for succinct representations of paths and symbolic representations for transitions based on static single assignment. Because of the non-monotonicity of the results of abstract interpretation with widening operators, it is difficult to conclude that some abstraction is more precise than another based on theoretical local precision results. We thus conducted extensive comparisons between our new techniques and previous ones, on a variety of open-source packages.Comment: Static analysis symposium (SAS), Deauville : France (2012

Recent Results Regarding Affine Quantum Gravity

Recent progress in the quantization of nonrenormalizable scalar fields has found that a suitable non-classical modification of the ground state wave function leads to a result that eliminates term-by-term divergences that arise in a conventional perturbation analysis. After a brief review of both the scalar field story and the affine quantum gravity program, examination of the procedures used in the latter surprisingly shows an analogous formulation which already implies that affine quantum gravity is not plagued by divergences that arise in a standard perturbation study. Additionally, guided by the projection operator method to deal with quantum constraints, trial reproducing kernels are introduced that satisfy the diffeomorphism constraints. Furthermore, it is argued that the trial reproducing kernels for the diffeomorphism constraints may also satisfy the Hamiltonian constraint as well.Comment: 32 pages, new features in this alternative approach to quantize gravity, minor typos plus an improved argument in Sec. 9 suggested by Karel Kucha