Interpolation Methods for Symbolic Execution

Ph.DDOCTOR OF PHILOSOPH

Making Smart Contracts Smarter

Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has evolved to give practical shape to the ideas of smart contracts, or full-fledged programs that are run on blockchains. Recently, Ethereum\u27s smart contract system has seen steady adoption, supporting tens of thousands of contracts, holding millions dollars worth of virtual coins. In this paper, we investigate the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among 19, 336 existing Ethereum contracts, Oyente flags 8, 833 of them as vulnerable, including the TheDAO bug which led to a 60 million US dollar loss in June 2016. We also discuss the severity of other attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network

Frequency and Risk Factor of Lower-limb Deep Vein Thrombosis after Major Orthopedic Surgery in Vietnamese Patients

BACKGROUND: Deep venous thrombosis (DVT) is a prevalent complication of orthopedic surgery. According in many studies. The incidence of DVT may be up to 50% if thromboprophylaxis is not available. AIM: The objective of this study was to check the degree of disease, clinical characteristics and analyzed factors in vulnerabilities with lower-limp DVT after orthopedic surgery in a Vietnam teaching hospital. METHODS: Orthopedic patients who met criteria were recruited at our hospital between August 2017 and June 2018. Ultrasound was used to discovering lower-limp DVT in pre-surgery and 7 days after surgery in all patients. RESULTS: The incidence of DVT after orthopedic surgery was 7.2%. Patients with older age (> 60) have a risk of 2 times higher of DVT after surgery than normal people (p < 0.05). The incidence of postoperative DVT was higher in immobile individuals > 72 hours (p < 0.05). Patients with prolonged surgical time (>120 minutes) had a higher risk of postoperative DVT than non-surgical patients’ surgery (p < 0.05). CONCLUSIONS: DVT remains a common complication following orthopedic surgery. Older age, immobility status, and surgical time have been found to be risky factors for the development of postoperative lower-limp DVT in orthopedic patients

S3: Syntax- and semantic-guided repair synthesis via programming by examples

National Science Foundatio

Invariant Synthesis for Incomplete Verification Engines

We propose a framework for synthesizing inductive invariants for incomplete verification engines, which soundly reduce logical problems in undecidable theories to decidable theories. Our framework is based on the counter-example guided inductive synthesis principle (CEGIS) and allows verification engines to communicate non-provability information to guide invariant synthesis. We show precisely how the verification engine can compute such non-provability information and how to build effective learning algorithms when invariants are expressed as Boolean combinations of a fixed set of predicates. Moreover, we evaluate our framework in two verification settings, one in which verification engines need to handle quantified formulas and one in which verification engines have to reason about heap properties expressed in an expressive but undecidable separation logic. Our experiments show that our invariant synthesis framework based on non-provability information can both effectively synthesize inductive invariants and adequately strengthen contracts across a large suite of programs