Separation Logic for Small-step Cminor

Cminor is a mid-level imperative programming language; there are proved-correct optimizing compilers from C to Cminor and from Cminor to machine language. We have redesigned Cminor so that it is suitable for Hoare Logic reasoning and we have designed a Separation Logic for Cminor. In this paper, we give a small-step semantics (instead of the big-step of the proved-correct compiler) that is motivated by the need to support future concurrent extensions. We detail a machine-checked proof of soundness of our Separation Logic. This is the first large-scale machine-checked proof of a Separation Logic w.r.t. a small-step semantics. The work presented in this paper has been carried out in the Coq proof assistant. It is a first step towards an environment in which concurrent Cminor programs can be verified using Separation Logic and also compiled by a proved-correct compiler with formal end-to-end correctness guarantees.Comment: Version courte du rapport de recherche RR-613

Versatile Digital GHz Phase Lock for External Cavity Diode Lasers

We present a versatile, inexpensive and simple optical phase lock for applications in atomic physics experiments. Thanks to all-digital phase detection and implementation of beat frequency pre-scaling, the apparatus requires no microwave-range reference input, and permits phase locking at frequency differences ranging from sub-MHz to 7 GHz (and with minor extension, to 12 GHz). The locking range thus covers ground state hyperfine splittings of all alkali metals, which makes this system a universal tool for many experiments on coherent interaction between light and atoms.Comment: 4.5 pages, 5 figures v3: fixed error in schematic: R10 connects to other end of C

Is Internet Voting Trustworthy? The Science and the Policy Battles

According to clear scientific consensus, no known technology can make internet voting secure. In some applications—such as e-pollbooks (voter sign-in), voter registration, and absentee ballot request—it is appropriate to use the internet, as the inherent insecurity can be mitigated by other means. But the insecurity of paperless transmission of a voted ballot through the internet cannot be mitigated. The law recognizes this in several ways. Courts have enjoined the use of certain paperless or internet-connected voting systems. Federal law requires states to allow voters to use the internet to request absentee ballots but carefully stops short of internet ballot return (i.e., voting). But many U.S. states and a few countries go beyond what is safe: they have adopted internet voting for citizens living abroad and (in some cases) for voters with disabilities. Most internet voting systems have an essentially common architecture, and they are insecure at least at the same key point: after the voter has reviewed the ballot but before it is transmitted. I review six internet voting systems deployed between 2006 and 2021 that were insecure in practice, just as predicted by theory—of which some were also insecure in surprising new ways, “unforced errors”. We cannot get along without the assistance of computers. U.S. ballots are too long to count entirely by hand unless the special circumstances of a recount require it. So computer-counted paper ballots play a critical role in the security and auditability of our elections. But audits cannot be used to secure internet voting systems, which have no paper ballots that form an auditable paper trail. There are policy controversies: trustworthiness versus convenience, and security versus accessibility. From 2019 to 2022 there were lawsuits in Virginia, New Jersey, New York, New Hampshire, and North Carolina; legislation enacted in Rhode Island and withdrawn in California. There is a common pattern to these disputes, which have mostly resolved in a way that provides remote accessible vote by mail (RAVBM) but stops short of permitting electronic ballot return (internet voting). What would it take to thoroughly review a proposed internet voting system to be assured whether it delivers the security it promises? Switzerland provides a case study. In Switzerland, after a few years of internet voting pilot projects, the Federal Chancellery commissioned several extremely thorough expert studies of their deployed system. These reports teach us not only about their internet voting system itself but about how to study those systems before making policy decisions. Accessibility of election systems to voters with disabilities is a genuine problem. Disability-rights groups have been among those lobbying for internet voting (which is not securable) and other forms of remote accessible vote by mail (which can be adequately securable). I review statistics showing that internet voting is probably not the most effective way to serve voters with disabilities

Proof-Carrying Code with Correct Compilers

In the late 1990s, proof-carrying code was able to produce machine-checkable safety proofs for machine-language programs even though (1) it was impractical to prove correctness properties of source programs and (2) it was impractical to prove correctness of compilers. But now it is practical to prove some correctness properties of source programs, and it is practical to prove correctness of optimizing compilers. We can produce more expressive proof-carrying code, that can guarantee correctness properties for machine code and not just safety. We will construct program logics for source languages, prove them sound w.r.t. the operational semantics of the input language for a proved-correct compiler, and then use these logics as a basis for proving the soundness of static analyses

Characterization of the errors of the FMM in particle simulations

The Fast Multipole Method (FMM) offers an acceleration for pairwise interaction calculation, known as $N$-body problems, from $\mathcal{O}(N^2)$ to $\mathcal{O}(N)$ with $N$ particles. This has brought dramatic increase in the capability of particle simulations in many application areas, such as electrostatics, particle formulations of fluid mechanics, and others. Although the literature on the subject provides theoretical error bounds for the FMM approximation, there are not many reports of the measured errors in a suite of computational experiments. We have performed such an experimental investigation, and summarized the results of about 1000 calculations using the FMM algorithm, to characterize the accuracy of the method in relation with the different parameters available to the user. In addition to the more standard diagnostic of the maximum error, we supply illustrations of the spatial distribution of the errors, which offers visual evidence of all the contributing factors to the overall approximation accuracy: multipole expansion, local expansion, hierarchical spatial decomposition (interaction lists, local domain, far domain). This presentation is a contribution to any researcher wishing to incorporate the FMM acceleration to their application code, as it aids in understanding where accuracy is gained or compromised.Comment: 34 pages, 38 image

Inositol Polyphosphates Regulate Zebrafish Left-Right Asymmetry

SummaryVertebrate body plans have a conserved left-right (LR) asymmetry manifested in the position and anatomy of the heart, visceral organs, and brain. Recent studies have suggested that LR asymmetry is established by asymmetric Ca2+ signaling resulting from cilia-driven flow of extracellular fluid across the node. We report here that inositol 1,3,4,5,6-pentakisphosphate 2-kinase (Ipk1), which generates inositol hexakisphosphate, is critical for normal LR axis determination in zebrafish. Zebrafish embryos express ipk1 symmetrically during gastrulation and early segmentation. ipk1 knockdown by antisense morpholino oligonucleotide injection randomized LR-specific gene expression and organ placement, effects that were associated with reduced intracellular Ca2+ flux in cells surrounding the ciliated Kupffer’s vesicle, a structure analogous to the mouse node. Our data suggest that the pathway for inositol hexakisphosphate production is a key regulator of asymmetric Ca2+ flux during LR specification

VST-A: A Foundationally Sound Annotation Verifier

An interactive program verification tool usually requires users to write formal proofs in a theorem prover like Coq and Isabelle, which is an obstacle for most software engineers. In comparison, annotation verifiers can use assertions in source files as hints for program verification but they themselves do not have a formal soundness proof. In this paper, we demonstrate VST-A, a foundationally sound annotation verifier for sequential C programs. On one hand, users can write high order assertion in C programs' comments. On the other hand, separation logic proofs will be generated in the backend whose proof rules are formally proved sound w.r.t. CompCert's Clight semantics. Residue proof goals in Coq may be generated if some assertion entailments cannot be verified automatically