Separation Logic for Small-step Cminor

Cminor is a mid-level imperative programming language; there are proved-correct optimizing compilers from C to Cminor and from Cminor to machine language. We have redesigned Cminor so that it is suitable for Hoare Logic reasoning and we have designed a Separation Logic for Cminor. In this paper, we give a small-step semantics (instead of the big-step of the proved-correct compiler) that is motivated by the need to support future concurrent extensions. We detail a machine-checked proof of soundness of our Separation Logic. This is the first large-scale machine-checked proof of a Separation Logic w.r.t. a small-step semantics. The work presented in this paper has been carried out in the Coq proof assistant. It is a first step towards an environment in which concurrent Cminor programs can be verified using Separation Logic and also compiled by a proved-correct compiler with formal end-to-end correctness guarantees.Comment: Version courte du rapport de recherche RR-613

Is Internet Voting Trustworthy? The Science and the Policy Battles

According to clear scientific consensus, no known technology can make internet voting secure. In some applications—such as e-pollbooks (voter sign-in), voter registration, and absentee ballot request—it is appropriate to use the internet, as the inherent insecurity can be mitigated by other means. But the insecurity of paperless transmission of a voted ballot through the internet cannot be mitigated. The law recognizes this in several ways. Courts have enjoined the use of certain paperless or internet-connected voting systems. Federal law requires states to allow voters to use the internet to request absentee ballots but carefully stops short of internet ballot return (i.e., voting). But many U.S. states and a few countries go beyond what is safe: they have adopted internet voting for citizens living abroad and (in some cases) for voters with disabilities. Most internet voting systems have an essentially common architecture, and they are insecure at least at the same key point: after the voter has reviewed the ballot but before it is transmitted. I review six internet voting systems deployed between 2006 and 2021 that were insecure in practice, just as predicted by theory—of which some were also insecure in surprising new ways, “unforced errors”. We cannot get along without the assistance of computers. U.S. ballots are too long to count entirely by hand unless the special circumstances of a recount require it. So computer-counted paper ballots play a critical role in the security and auditability of our elections. But audits cannot be used to secure internet voting systems, which have no paper ballots that form an auditable paper trail. There are policy controversies: trustworthiness versus convenience, and security versus accessibility. From 2019 to 2022 there were lawsuits in Virginia, New Jersey, New York, New Hampshire, and North Carolina; legislation enacted in Rhode Island and withdrawn in California. There is a common pattern to these disputes, which have mostly resolved in a way that provides remote accessible vote by mail (RAVBM) but stops short of permitting electronic ballot return (internet voting). What would it take to thoroughly review a proposed internet voting system to be assured whether it delivers the security it promises? Switzerland provides a case study. In Switzerland, after a few years of internet voting pilot projects, the Federal Chancellery commissioned several extremely thorough expert studies of their deployed system. These reports teach us not only about their internet voting system itself but about how to study those systems before making policy decisions. Accessibility of election systems to voters with disabilities is a genuine problem. Disability-rights groups have been among those lobbying for internet voting (which is not securable) and other forms of remote accessible vote by mail (which can be adequately securable). I review statistics showing that internet voting is probably not the most effective way to serve voters with disabilities

The Utah Wilderness Debate (Or Is That Debacle)

95 pages (includes illustrations and maps)

Reformulation of the Stochastic Potential Switching Algorithm and a Generalized Fourtuin-Kasteleyn Representation

A new formulation of the stochastic potential switching algorithm is presented. This reformulation naturally leads us to a generalized Fourtuin-Kasteleyn representation of the partition function Z. A formula for internal energy E and that of heat capacity C are derived from derivatives of the partition function. We also derive a formula for the exchange probability in the replica exchange Monte Carlo method. By combining the formulae with the Stochastic Cutoff method, we can greatly reduce the computational time to perform internal energy and heat capacity measurements and the replica exchange Monte Carlo method in long-range interacting systems. Numerical simulations in three dimensional magnetic dipolar systems show the validity and efficiency of the method.Comment: 11 pages, 6 figures, to appear in PR

Proof-Carrying Code with Correct Compilers

In the late 1990s, proof-carrying code was able to produce machine-checkable safety proofs for machine-language programs even though (1) it was impractical to prove correctness properties of source programs and (2) it was impractical to prove correctness of compilers. But now it is practical to prove some correctness properties of source programs, and it is practical to prove correctness of optimizing compilers. We can produce more expressive proof-carrying code, that can guarantee correctness properties for machine code and not just safety. We will construct program logics for source languages, prove them sound w.r.t. the operational semantics of the input language for a proved-correct compiler, and then use these logics as a basis for proving the soundness of static analyses

Continuous loading of 1^{1}S0_{0} calcium atoms into an optical dipole trap

We demonstrate an efficient scheme for continuous trap loading based upon spatially selective optical pumping. We discuss the case of $^{1}$S$_{0}$ calcium atoms in an optical dipole trap (ODT), however, similar strategies should be applicable to a wide range of atomic species. Our starting point is a reservoir of moderately cold ($\approx 300 \mu$K) metastable $^{3}$P$_{2}$-atoms prepared by means of a magneto-optic trap (triplet-MOT). A focused 532 nm laser beam produces a strongly elongated optical potential for $^{1}$S$_{0}$-atoms with up to 350 $\mu$K well depth. A weak focused laser beam at 430 nm, carefully superimposed upon the ODT beam, selectively pumps the $^{3}$P$_{2}$-atoms inside the capture volume to the singlet state, where they are confined by the ODT. The triplet-MOT perpetually refills the capture volume with $^{3}$P$_{2}$-atoms thus providing a continuous stream of cold atoms into the ODT at a rate of $10^7$s$^{-1}$. Limited by evaporation loss, in 200 ms we typically load $5 \times 10^5$ atoms with an initial radial temperature of 85 $\mu$K. After terminating the loading we observe evaporation during 50 ms leaving us with $10^5$ atoms at radial temperatures close to 40 $\mu$K and a peak phase space density of $6.8 \times 10^{-5}$. We point out that a comparable scheme could be employed to load a dipole trap with $^{3}$P$_{0}$-atoms.Comment: 4 pages, 4 figure

Bose-Einstein condensation of alkaline earth atoms: 40^{40}{Ca}

We have achieved Bose-Einstein condensation of $^{40}$Ca, the first for an alkaline earth element. The influence of elastic and inelastic collisions associated with the large ground state s-wave scattering length of $^{40}$Ca was measured. From these findings, an optimized loading and cooling scheme was developed that allowed us to condense about $2 \cdot 10^4$ atoms after laser cooling in a two-stage magneto-optical trap and subsequent forced evaporation in a crossed dipole trap within less than 3 s. The condensation of an alkaline earth element opens novel opportunities for precision measurements on the narrow intercombination lines as well as investigations of molecular states at the $^1$S--$^3$P asymptotes

Effect of buffer on heparin binding and sensing in competitive aqueous media

Although buffer-specific effects on molecular recognition are known in biological science, they remain rare in supramolecular chemistry. The binding between a cationic dye, Mallard Blue (MalB), and polyanionic heparin in aqueous NaCl (150 mM) is studied in three commonly-used buffers (Tris-HCl, HEPES, Phosphate, each 10 mM). Although MalB has a very similar UV-Vis spectrum in each buffer, the sensory response towards heparin was different in each case. This can be ascribed to differences in the complex formed. In Tris-HCl which has the least competitive chloride counter-anions, MalB exhibits a hypsochromic shift of 25 nm, assigned to strong binding and aggregation of the dye on heparin. In more competitive HEPES, containing a sulfonate anion, there is weaker binding and less aggregation of MalB along the heparin; the hypsochromic shift is only 15 nm. In phosphate buffer, MalB can interact quite strongly with buffer phosphate anions; although heparin binding is still observed, the hypsochromic shift associated with dye aggregation is only 5 nm. As such, specific buffer interactions with the MalB-heparin complex mediate host-guest binding and sensing. Buffer choice must be made carefully in studies of molecular recognition – we would caution against using phosphate and sulfonate containing buffers when studying electrostatic binding