A syntactic soundness proof for free-variable tableaux with on-the-fly Skolemization

We prove the syntactic soundness of classical tableaux with free variables and on-the-fly Skolemization. Soundness proofs are usually built from semantic arguments, and this is to our knowledge, the first proof that appeals to syntactic means. We actually prove the soundness property with respect to cut-free sequent calculus. This requires great care because of the additional liberty in freshness checking allowed by the use of Skolem terms. In contrast to semantic soundness, we gain the possibility to state a cut elimination theorem for sequent calculus, under the proviso that completeness of the method holds. We believe that such techniques can be applied to tableaux in other logics as well

Format Unraveled

International audiencePretty-printing can be described as finding a good-looking solution to typeset data according to a set of formatting conventions. Oppen [6] pioneered the field with an algorithmic solution to pretty-printing, using the notions of boxes and break hints. The Format module is a direct descendant of this work: it is unfortunately often misunderstood or even misused. The first goal of this article is to enhance the available documentation about Format by explaining its basic and advanced features but also its relationship and differences with Oppen's seminal work. The second goal is to investigate the links that Format has with the document-based pretty-printing tradition fostered by the lazy programming community [3, 4, 9, 10]

Get rid of inline assembly through verification-oriented lifting

Formal methods for software development have made great strides in the last two decades, to the point that their application in safety-critical embedded software is an undeniable success. Their extension to non-critical software is one of the notable forthcoming challenges. For example, C programmers regularly use inline assembly for low-level optimizations and system primitives. This usually results in driving state-of-the-art formal analyzers developed for C ineffective. We thus propose TInA, an automated, generic, trustable and verification-oriented lifting technique turning inline assembly into semantically equivalent C code, in order to take advantage of existing C analyzers. Extensive experiments on real-world C code with inline assembly (including GMP and ffmpeg) show the feasibility and benefits of TInA

Zenon: an Extensible Automated Theorem Prover Producing Checkable Proofs

International audienceWe present Zenon, an automated theorem prover for first order classical logic (with equality), based on the tableau method. Zenon is intended to be the dedicated prover of the Focal environment, an object-oriented algebraic specification and proof system, which is able to produce OCaml code for execution and Coq code for certification. Zenon can directly generate Coq proofs (proof scripts or proof terms), which can be reinserted in the Coq specifications produced by Focal. Zenon can also be extended, which makes specific (and possibly local) automation possible in Focal

Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine

Inline assembly is still a common practice in low-level C programming, typically for efficiency reasons or for accessing specific hardware resources. Such embedded assembly codes in the GNU syntax (supported by major compilers such as GCC, Clang and ICC) have an interface specifying how the assembly codes interact with the C environment. For simplicity reasons, the compiler treats GNU inline assembly codes as blackboxes and relies only on their interface to correctly glue them into the compiled C code. Therefore, the adequacy between the assembly chunk and its interface (named compliance) is of primary importance, as such compliance issues can lead to subtle and hard-to-find bugs. We propose RUSTInA, the first automated technique for formally checking inline assembly compliance, with the extra ability to propose (proven) patches and (optimization) refinements in certain cases. RUSTInA is based on an original formalization of the inline assembly compliance problem together with novel dedicated algorithms. Our prototype has been evaluated on 202 Debian packages with inline assembly (2656 chunks), finding 2183 issues in 85 packages -- 986 significant issues in 54 packages (including major projects such as ffmpeg or ALSA), and proposing patches for 92% of them. Currently, 38 patches have already been accepted (solving 156 significant issues), with positive feedback from development teams

TaMeD: A Tableau Method for Deduction Modulo

International audienceDeduction modulo is a formalism introduced to separate cleanly computations and deductions by reasoning modulo a congruence on propositions. A sequent calculus modulo has been defined by Dowek, Hardin and Kirchner as well as a resolution-based proof search method called Extended Narrowing And Resolution (ENAR), in which the congruences are handled through rewrite rules on terms and atomic propositions.We define a tableau-based proof search method, called Tableau Method for Deduction modulo (TaMeD), for theorem proving modulo. We then give a syntactic proof of the completeness of the method with respect to provability in the sequent calculus modulo. Moreover, we follow in our proofs the same steps as the ENAR method in such a way that it allows to try and compare the characteristics of both methods

Tableaux et déduction modulo

La déduction modulo est un cadre logique qui intègre étapes de déduction et de calcul. Ce cadre est très adapté à la preuve automatique. Les preuves produites y sont plus courtes et lisibles. Beaucoup de théories axiomatiques peuvent y être expriméees par des règles de réécriture. Cette thèse définit et étudie une méthode de preuve automatique à base de tableaux pour la déduction modulo. Nous étudions l'évolution de la méthode des tableaux. Puis nous rappelons les résultats principaux de la déduction modulo. Nous définissons alors une méthode de tableaux pour la logique classique modulo et prouvons ses propriétés syntaxiquement. Nous les démontrons ensuite sous un angle sémantique, en rapport aves l'éliminiation des coupures. Nous obtenons dans le cadre de la logique intuitionniste une preuve d'élimination des coupures dont le contenu calculatoire est un tableau. Enfin, nous décrivons une application avec le démonstrateur automatique Zenon.PARIS-BIUSJ-Thèses (751052125) / SudocPARIS-BIUSJ-Mathématiques rech (751052111) / SudocSudocFranceF

Obfuscation: where are we in anti-DSE protections? (a first attempt)

International audienceObfuscation is widely used to protect software against man-at-the- end attacks. Recent attacks based on semantic methods, especially dynamic symbolic execution (DSE), have proven extremely powerful against standard obfuscation techniques, leading several teams to investigate anti-DSE protections. Yet, the domain is in its infancy, and the current state of research on the topic is quite unclear. We propose a systematic review of anti-DSE techniques. In particular, we propose a classification and identify strengths and weaknesses of the current lines of research, as well as promising future directions