29 research outputs found
A syntactic soundness proof for free-variable tableaux with on-the-fly Skolemization
We prove the syntactic soundness of classical tableaux with free variables and on-the-fly Skolemization. Soundness proofs are usually built from semantic arguments, and this is to our knowledge, the first proof that appeals to syntactic means. We actually prove the soundness property with respect to cut-free sequent calculus. This requires great care because of the additional liberty in freshness checking allowed by the use of Skolem terms. In contrast to semantic soundness, we gain the possibility to state a cut elimination theorem for sequent calculus, under the proviso that completeness of the method holds. We believe that such techniques can be applied to tableaux in other logics as well
Format Unraveled
International audiencePretty-printing can be described as finding a good-looking solution to typeset data according to a set of formatting conventions. Oppen [6] pioneered the field with an algorithmic solution to pretty-printing, using the notions of boxes and break hints. The Format module is a direct descendant of this work: it is unfortunately often misunderstood or even misused. The first goal of this article is to enhance the available documentation about Format by explaining its basic and advanced features but also its relationship and differences with Oppen's seminal work. The second goal is to investigate the links that Format has with the document-based pretty-printing tradition fostered by the lazy programming community [3, 4, 9, 10]
Get rid of inline assembly through verification-oriented lifting
Formal methods for software development have made great strides in the last
two decades, to the point that their application in safety-critical embedded
software is an undeniable success. Their extension to non-critical software is
one of the notable forthcoming challenges. For example, C programmers regularly
use inline assembly for low-level optimizations and system primitives. This
usually results in driving state-of-the-art formal analyzers developed for C
ineffective. We thus propose TInA, an automated, generic, trustable and
verification-oriented lifting technique turning inline assembly into
semantically equivalent C code, in order to take advantage of existing C
analyzers. Extensive experiments on real-world C code with inline assembly
(including GMP and ffmpeg) show the feasibility and benefits of TInA
Zenon: an Extensible Automated Theorem Prover Producing Checkable Proofs
International audienceWe present Zenon, an automated theorem prover for first order classical logic (with equality), based on the tableau method. Zenon is intended to be the dedicated prover of the Focal environment, an object-oriented algebraic specification and proof system, which is able to produce OCaml code for execution and Coq code for certification. Zenon can directly generate Coq proofs (proof scripts or proof terms), which can be reinserted in the Coq specifications produced by Focal. Zenon can also be extended, which makes specific (and possibly local) automation possible in Focal
Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine
Inline assembly is still a common practice in low-level C programming,
typically for efficiency reasons or for accessing specific hardware resources.
Such embedded assembly codes in the GNU syntax (supported by major compilers
such as GCC, Clang and ICC) have an interface specifying how the assembly codes
interact with the C environment. For simplicity reasons, the compiler treats
GNU inline assembly codes as blackboxes and relies only on their interface to
correctly glue them into the compiled C code. Therefore, the adequacy between
the assembly chunk and its interface (named compliance) is of primary
importance, as such compliance issues can lead to subtle and hard-to-find bugs.
We propose RUSTInA, the first automated technique for formally checking inline
assembly compliance, with the extra ability to propose (proven) patches and
(optimization) refinements in certain cases. RUSTInA is based on an original
formalization of the inline assembly compliance problem together with novel
dedicated algorithms. Our prototype has been evaluated on 202 Debian packages
with inline assembly (2656 chunks), finding 2183 issues in 85 packages -- 986
significant issues in 54 packages (including major projects such as ffmpeg or
ALSA), and proposing patches for 92% of them. Currently, 38 patches have
already been accepted (solving 156 significant issues), with positive feedback
from development teams
TaMeD: A Tableau Method for Deduction Modulo
International audienceDeduction modulo is a formalism introduced to separate cleanly computations and deductions by reasoning modulo a congruence on propositions. A sequent calculus modulo has been defined by Dowek, Hardin and Kirchner as well as a resolution-based proof search method called Extended Narrowing And Resolution (ENAR), in which the congruences are handled through rewrite rules on terms and atomic propositions.We define a tableau-based proof search method, called Tableau Method for Deduction modulo (TaMeD), for theorem proving modulo. We then give a syntactic proof of the completeness of the method with respect to provability in the sequent calculus modulo. Moreover, we follow in our proofs the same steps as the ENAR method in such a way that it allows to try and compare the characteristics of both methods
Tableaux et déduction modulo
La déduction modulo est un cadre logique qui intègre étapes de déduction et de calcul. Ce cadre est très adapté à la preuve automatique. Les preuves produites y sont plus courtes et lisibles. Beaucoup de théories axiomatiques peuvent y être expriméees par des règles de réécriture. Cette thèse définit et étudie une méthode de preuve automatique à base de tableaux pour la déduction modulo. Nous étudions l'évolution de la méthode des tableaux. Puis nous rappelons les résultats principaux de la déduction modulo. Nous définissons alors une méthode de tableaux pour la logique classique modulo et prouvons ses propriétés syntaxiquement. Nous les démontrons ensuite sous un angle sémantique, en rapport aves l'éliminiation des coupures. Nous obtenons dans le cadre de la logique intuitionniste une preuve d'élimination des coupures dont le contenu calculatoire est un tableau. Enfin, nous décrivons une application avec le démonstrateur automatique Zenon.PARIS-BIUSJ-Thèses (751052125) / SudocPARIS-BIUSJ-Mathématiques rech (751052111) / SudocSudocFranceF
Obfuscation: where are we in anti-DSE protections? (a first attempt)
International audienceObfuscation is widely used to protect software against man-at-the- end attacks. Recent attacks based on semantic methods, especially dynamic symbolic execution (DSE), have proven extremely powerful against standard obfuscation techniques, leading several teams to investigate anti-DSE protections. Yet, the domain is in its infancy, and the current state of research on the topic is quite unclear. We propose a systematic review of anti-DSE techniques. In particular, we propose a classification and identify strengths and weaknesses of the current lines of research, as well as promising future directions