80 research outputs found
CommCSL: Proving Information Flow Security for Concurrent Programs using Abstract Commutativity
Information flow security ensures that the secret data manipulated by a
program does not influence its observable output. Proving information flow
security is especially challenging for concurrent programs, where operations on
secret data may influence the execution time of a thread and, thereby, the
interleaving between different threads. Such internal timing channels may
affect the observable outcome of a program even if an attacker does not observe
execution times. Existing verification techniques for information flow security
in concurrent programs attempt to prove that secret data does not influence the
relative timing of threads. However, these techniques are often restrictive
(for instance because they disallow branching on secret data) and make strong
assumptions about the execution platform (ignoring caching, processor
instructions with data-dependent runtime, and other common features that affect
execution time). In this paper, we present a novel verification technique for
secure information flow in concurrent programs that lifts these restrictions
and does not make any assumptions about timing behavior. The key idea is to
prove that all mutating operations performed on shared data commute, such that
different thread interleavings do not influence its final value. Crucially,
commutativity is required only for an abstraction of the shared data that
contains the information that will be leaked to a public output. Abstract
commutativity is satisfied by many more operations than standard commutativity,
which makes our technique widely applicable. We formalize our technique in
CommCSL, a relational concurrent separation logic with support for
commutativity-based reasoning, and prove its soundness in Isabelle/HOL. We
implemented CommCSL in HyperViper, an automated verifier based on the Viper
verification infrastructure, and demonstrate its ability to verify challenging
examples
Structured parallelism discovery with hybrid static-dynamic analysis and evaluation technique
Parallel computer architectures have dominated the computing landscape for the
past two decades; a trend that is only expected to continue and intensify, with increasing specialization and heterogeneity. This creates huge pressure across the software
stack to produce programming languages, libraries, frameworks and tools which will
efficiently exploit the capabilities of parallel computers, not only for new software, but
also revitalizing existing sequential code. Automatic parallelization, despite decades of
research, has had limited success in transforming sequential software to take advantage
of efficient parallel execution. This thesis investigates three approaches that use commutativity analysis as the enabler for parallelization. This has the potential to overcome
limitations of traditional techniques.
We introduce the concept of liveness-based commutativity for sequential loops.
We examine the use of a practical analysis utilizing liveness-based commutativity in a
symbolic execution framework. Symbolic execution represents input values as groups
of constraints, consequently deriving the output as a function of the input and enabling
the identification of further program properties. We employ this feature to develop an
analysis and discern commutativity properties between loop iterations. We study the
application of this approach on loops taken from real-world programs in the OLDEN
and NAS Parallel Benchmark (NPB) suites, and identify its limitations and related
overheads.
Informed by these findings, we develop Dynamic Commutativity Analysis (DCA), a
new technique that leverages profiling information from program execution with specific
input sets. Using profiling information, we track liveness information and detect loop
commutativity by examining the code’s live-out values. We evaluate DCA against almost
1400 loops of the NPB suite, discovering 86% of them as parallelizable. Comparing
our results against dependence-based methods, we match the detection efficacy of two
dynamic and outperform three static approaches, respectively. Additionally, DCA is
able to automatically detect parallelism in loops which iterate over Pointer-Linked
Data Structures (PLDSs), taken from wide range of benchmarks used in the literature,
where all other techniques we considered failed. Parallelizing the discovered loops, our
methodology achieves an average speedup of 3.6× across NPB (and up to 55×) and up
to 36.9× for the PLDS-based loops on a 72-core host. We also demonstrate that our
methodology, despite relying on specific input values for profiling each program, is able
to correctly identify parallelism that is valid for all potential input sets.
Lastly, we develop a methodology to utilize liveness-based commutativity, as implemented in DCA, to detect latent loop parallelism in the shape of patterns. Our approach
applies a series of transformations which subsequently enable multiple applications
of DCA over the generated multi-loop code section and match its loop commutativity
outcomes against the expected criteria for each pattern. Applying our methodology on
sets of sequential loops, we are able to identify well-known parallel patterns (i.e., maps,
reduction and scans). This extends the scope of parallelism detection to loops, such
as those performing scan operations, which cannot be determined as parallelizable by
simply evaluating liveness-based commutativity conditions on their original form
Formal Methods for Trustworthy Voting Systems : From Trusted Components to Reliable Software
Voting is prominently an important part of democratic societies, and its outcome may have a dramatic and broad impact on societal progress. Therefore, it is paramount that such a society has extensive trust in the electoral process, such that the system’s functioning is reliable and stable with respect to the expectations within society. Yet, with or without the use of modern technology, voting is full of algorithmic and security challenges, and the failure to address these challenges in a controlled manner may produce fundamental flaws in the voting system and potentially undermine critical societal aspects.
In this thesis, we argue for a development process of voting systems that is rooted in and assisted by formal methods that produce transparently checkable evidence for the guarantees that the final system should provide so that it can be deemed trustworthy. The goal of this thesis is to advance the state of the art in formal methods that allow to systematically develop trustworthy voting systems that can be provenly verified. In the literature, voting systems are modeled in the following four comparatively separable and distinguishable layers: (1) the physical layer, (2) the computational layer, (3) the election layer, and (4) the human layer. Current research usually either mostly stays within one of those layers or lacks machine-checkable evidence, and consequently, trusted and understandable criteria often lack formally proven and checkable guarantees on software-level and vice versa.
The contributions in this work are formal methods that fill in the trust gap between the principal election layer and the computational layer by a reliable translation of trusted and understandable criteria into trustworthy software. Thereby, we enable that executable procedures can be formally traced back and understood by election experts without the need for inspection on code level, and trust can be preserved to the trustworthy system.
The works in this thesis all contribute to this end and consist in five distinct contributions, which are the following:
(I) a method for the generation of secure card-based communication schemes,
(II) a method for the synthesis of reliable tallying procedures,
(III) a method for the efficient verification of reliable tallying procedures,
(IV) a method for the computation of dependable election margins for reliable audits,
(V) a case study about the security verification of the GI voter-anonymization software.
These contributions span formal methods on illustrative examples for each of the three principal components, (1) voter-ballot box communication, (2) election method, and (3) election management, between the election layer and the computational layer.
Within the first component, the voter-ballot box communication channel, we build a bridge from the communication channel to the cryptography scheme by automatically generating secure card-based schemes from a small formal model with a parameterization of the desired security requirements. For the second component, the election method, we build a bridge from the election method to the tallying procedure by (1) automatically synthesizing a runnable tallying procedure from the desired requirements given as properties that capture the desired intuitions or regulations of fairness considerations, (2) automatically generating either comprehensible arguments or bounded proofs to compare tallying procedures based on user-definable fairness properties, and (3) automatically computing concrete election margins for a given tallying procedure, the collected ballots, and the computed election result, that enable efficient election audits. Finally, for the third and final component, the election management system, we perform a case study and apply state-of-the-art verification technology to a real-world e-voting system that has been used for the annual elections of the German Informatics Society (GI – “Gesellschaft für Informatik”) in 2019. The case study consists in the formal implementation-level security verification that the voter identities are securely anonymized and the voters’ passwords cannot be leaked.
The presented methods assist the systematic development and verification of provenly trustworthy voting systems across traditional layers, i.e., from the election layer to the computational layer. They all pursue the goal of making voting systems trustworthy by reliable and explainable formal requirements. We evaluate the devised methods on minimal card-based protocols that compute a secure AND function for two different decks of cards, a classical knock-out tournament and several Condorcet rules, various plurality, scoring, and Condorcet rules from the literature, the Danish national parliamentary elections in 2015, and a state-of-the-art electronic voting system that is used for the German Informatics Society’s annual elections in 2019 and following
A domain-extensible compiler with controllable automation of optimisations
In high performance domains like image processing, physics simulation or machine learning, program performance is critical. Programmers called performance engineers are responsible for the challenging task of optimising programs. Two major challenges prevent modern compilers targeting heterogeneous architectures from reliably automating optimisation. First, domain specific compilers such as Halide for image processing and TVM for machine learning are difficult to extend with the new optimisations required by new algorithms and hardware. Second, automatic optimisation is often unable to achieve the required performance, and performance engineers often fall back to painstaking manual optimisation.
This thesis shows the potential of the Shine compiler to achieve domain-extensibility, controllable automation, and generate high performance code. Domain-extensibility facilitates adapting compilers to new algorithms and hardware. Controllable automation enables performance engineers to gradually take control of the optimisation process. The first research contribution is to add 3 code generation features to Shine, namely: synchronisation barrier insertion, kernel execution, and storage folding. Adding these features requires making novel design choices in terms of compiler extensibility and controllability. The rest of this thesis builds on these features to generate code with competitive runtime compared to established domain-specific compilers. The second research contribution is to demonstrate how extensibility and controllability are exploited to optimise a standard image processing pipeline for corner detection. Shine achieves 6 well-known image processing optimisations, 2 of them not being supported by Halide. Our results on 4 ARM multi-core CPUs show that the code generated by Shine for corner detection runs up to 1.4× faster than the Halide code. However, we observe that controlling rewriting is tedious, motivating the need for more automation.
The final research contribution is to introduce sketch-guided equality saturation, a semiautomated technique that allows performance engineers to guide program rewriting by specifying rewrite goals as sketches: program patterns that leave details unspecified. We evaluate this approach by applying 7 realistic optimisations of matrix multiplication. Without guidance, the compiler fails to apply the 5 most complex optimisations even given an hour and 60GB of RAM. With the guidance of at most 3 sketch guides, each 10 times smaller than the complete program, the compiler applies the optimisations in seconds using less than 1GB
33èmes Journées Francophones des Langages Applicatifs
International audienceLes 33èmes Journées Francophones des Langages Applicatifs (JFLA) se sont tenues à Saint-Médard-d'Excideuil, plus précisément Domaine d'Essendiéras (Périgord), du mardi 28 juin 2022 au vendredi 1er juillet 2022.Les JFLA réunissent concepteurs, utilisateurs et théoriciens ; elles ont pour ambition de couvrir les domaines des langages applicatifs, de la preuve formelle, de la vérification de programmes, et des objets mathématiques qui sous-tendent ces outils. Ces domaines doivent être pris au sens large : nous souhaitons promouvoir les ponts entre les différentes thématiques.- Langages fonctionnels et applicatifs : sémantique, compilation, optimisation, typage, mesures, extensions par d'autres paradigmes.- Assistants de preuve : implémentation, nouvelles tactiques, développements présentant un intérêt technique ou méthodologique.- Logique, correspondance de Curry-Howard, réalisabilité, extraction de programmes, modèles.- Spécification, prototypage, développements formels d'algorithmes.- Vérification de programmes ou de modèles, méthode déductive, interprétation abstraite, raffinement.- Utilisation industrielle des langages fonctionnels et applicatifs, ou des méthodes issues des preuves formelles, outils pour le web.Les articles soumis aux JFLA sont relus par au moins deux personnes s'ils sont acceptés, trois personnes s'ils sont rejetés. Les critiques des relecteurs sont toujours bienveillantes et la plupart du temps encourageantes et constructives, même en cas de rejet
Task-related models for teaching and assessing iteration learning in high school
A number of studies report about students’ difficulties with basic flow-control constructs,
and specifically with iteration. Although such issues are less explored in the
context of pre-tertiary education, this seems to be especially the case for high-school
programming learning, where the difficulties concern both the “mechanical” features
of the notional machine as well as the logical aspects connected with the constructs,
ranging from the implications of loop conditions to a more abstract grasp of the
underlying algorithms.
For these reasons, the aim of this work is to: i) identifying methodological tools
to enhance a comprehensive understanding of the iteration constructs, ii) suggest
strategies to teach iterations.
We interviewed 20 experienced upper secondary teachers of introductory programming
in different kinds of schools. The interviews were mainly aimed at ascertaining
teachers’ beliefs about major sources of issues for basic programming
concepts and their approach to the teaching and learning of iteration constructs.
Once teachers’ perception of students’ difficulties have been identified, we have
submitted, to a sample of 164 students, a survey which included both questions on
their subjective perception of difficulty and simple tasks probing their understanding
of iteration. Data collected from teachers and students confirm that iteration is a
central programming concept and indicate that the treatment of conditions and
nested constructs are major sources of students’ difficulties with iteration.
The interviews allowed us to identify a list of problems that are typically presented
by teachers to explain the iterations. Hence, a catalogue of significant program
examples has been built to support students’ learning, tasks with characteristics
different from those typically presented in class.
Based on the outcome of previous steps, a survey to collect related information
and good practices from a larger sample of teachers has been designed. Data
collected have been analysed distinguishing an orientation towards more conceptual
objectives, and one towards more practical objectives. Furthermore, regarding
evaluation, a orientation focused on process-based assessment and another on
product-based assessment.
Finally, based on the outcome of previous students’ survey and drawing from
the proposed examples catalogue, we have designed and submitted a new students’
survey, composed of a set of small tasks, or tasklets, to investigate in more depth
on high-school students’ understanding of iteration in terms of code reading abilities.
The chosen tasklets covered the different topics: technical program feature,
correlation between tracing effort and abstraction, the role of flow-charts, students’
perception of self-confidence concerning high-level thinking skills.A number of studies report about students’ difficulties with basic flow-control constructs,
and specifically with iteration. Although such issues are less explored in the
context of pre-tertiary education, this seems to be especially the case for high-school
programming learning, where the difficulties concern both the “mechanical” features
of the notional machine as well as the logical aspects connected with the constructs,
ranging from the implications of loop conditions to a more abstract grasp of the
underlying algorithms.
For these reasons, the aim of this work is to: i) identifying methodological tools
to enhance a comprehensive understanding of the iteration constructs, ii) suggest
strategies to teach iterations.
We interviewed 20 experienced upper secondary teachers of introductory programming
in different kinds of schools. The interviews were mainly aimed at ascertaining
teachers’ beliefs about major sources of issues for basic programming
concepts and their approach to the teaching and learning of iteration constructs.
Once teachers’ perception of students’ difficulties have been identified, we have
submitted, to a sample of 164 students, a survey which included both questions on
their subjective perception of difficulty and simple tasks probing their understanding
of iteration. Data collected from teachers and students confirm that iteration is a
central programming concept and indicate that the treatment of conditions and
nested constructs are major sources of students’ difficulties with iteration.
The interviews allowed us to identify a list of problems that are typically presented
by teachers to explain the iterations. Hence, a catalogue of significant program
examples has been built to support students’ learning, tasks with characteristics
different from those typically presented in class.
Based on the outcome of previous steps, a survey to collect related information
and good practices from a larger sample of teachers has been designed. Data
collected have been analysed distinguishing an orientation towards more conceptual
objectives, and one towards more practical objectives. Furthermore, regarding
evaluation, a orientation focused on process-based assessment and another on
product-based assessment.
Finally, based on the outcome of previous students’ survey and drawing from
the proposed examples catalogue, we have designed and submitted a new students’
survey, composed of a set of small tasks, or tasklets, to investigate in more depth
on high-school students’ understanding of iteration in terms of code reading abilities.
The chosen tasklets covered the different topics: technical program feature,
correlation between tracing effort and abstraction, the role of flow-charts, students’
perception of self-confidence concerning high-level thinking skills
Natural Language Processing: Emerging Neural Approaches and Applications
This Special Issue highlights the most recent research being carried out in the NLP field to discuss relative open issues, with a particular focus on both emerging approaches for language learning, understanding, production, and grounding interactively or autonomously from data in cognitive and neural systems, as well as on their potential or real applications in different domains
Programming Languages and Systems
This open access book constitutes the proceedings of the 31st European Symposium on Programming, ESOP 2022, which was held during April 5-7, 2022, in Munich, Germany, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022. The 21 regular papers presented in this volume were carefully reviewed and selected from 64 submissions. They deal with fundamental issues in the specification, design, analysis, and implementation of programming languages and systems
Proyecto Docente e Investigador, Trabajo Original de Investigación y Presentación de la Defensa, preparado por Germán Moltó para concursar a la plaza de Catedrático de Universidad, concurso 082/22, plaza 6708, área de Ciencia de la Computación e Inteligencia Artificial
Este documento contiene el proyecto docente e investigador del candidato Germán Moltó Martínez presentado como requisito para el concurso de acceso a plazas de Cuerpos Docentes Universitarios. Concretamente, el documento se centra en el concurso para la plaza 6708 de Catedrático de Universidad en el área de Ciencia de la Computación en el Departamento de Sistemas Informáticos y Computación de la Universitat Politécnica de València. La plaza está adscrita a la Escola Técnica Superior d'Enginyeria Informàtica y tiene como perfil las asignaturas "Infraestructuras de Cloud Público" y "Estructuras de Datos y Algoritmos".También se incluye el Historial Académico, Docente e Investigador, así como la presentación usada durante la defensa.Germán Moltó Martínez (2022). Proyecto Docente e Investigador, Trabajo Original de Investigación y Presentación de la Defensa, preparado por Germán Moltó para concursar a la plaza de Catedrático de Universidad, concurso 082/22, plaza 6708, área de Ciencia de la Computación e Inteligencia Artificial. http://hdl.handle.net/10251/18903
- …