Symbolic execution proofs for higher order store programs

Higher order store programs are programs which store, manipulate and invoke code at runtime. Important examples of higher order store programs include operating system kernels which dynamically load and unload kernel modules. Yet conventional Hoare logics, which provide no means of representing changes to code at runtime, are not applicable to such programs. Recently, however, new logics using nested Hoare triples have addressed this shortcoming. In this paper we describe, from top to bottom, a sound semi-automated verification system for higher order store programs. We give a programming language with higher order store features, define an assertion language with nested triples for specifying such programs, and provide reasoning rules for proving programs correct. We then present in full our algorithms for automatically constructing correctness proofs. In contrast to earlier work, the language also includes ordinary (fixed) procedures and mutable local variables, making it easy to model programs which perform dynamic loading and other higher order store operations. We give an operational semantics for programs and a step-indexed interpretation of assertions, and use these to show soundness of our reasoning rules, which include a deep frame rule which allows more modular proofs. Our automated reasoning algorithms include a scheme for separation logic based symbolic execution of programs, and automated provers for solving various kinds of entailment problems. The latter are presented in the form of sets of derived proof rules which are constrained enough to be read as a proof search algorithm

A decidable class of verification conditions for programs with higher order store

Recent years have seen a surge in techniques and tools for automatic and semi-automatic static checking of imperative heap-manipulating programs. At the heart of such tools are algorithms for automatic logical reasoning, using heap description formalisms such as separation logic. In this paper we work towards extending these static checking techniques to languages with procedures as first class citizens. To do this, we first identify a class of entailment problems which arise naturally as verification conditions during the static checking of higher order heap-manipulating programs. We then present a decision procedure for this class and prove its correctness. Entailments in our class combine simple symbolic heaps, which are descriptions of the heap using a subset of separation logic, with (limited use of) nested Hoare triples to specify properties of higher order procedures

A semantic foundation for hidden state

We present the first complete soundness proof of the antiframe rule, a recently proposed proof rule for capturing information hiding in the presence of higher-order store. Our proof involves solving a non-trivial recursive domain equation, and it helps identify some of the key ingredients for soundness

Towards model checking real-world software-defined networks

In software-defined networks (SDN), a controller program is in charge of deploying diverse network functionality across a large number of switches, but this comes at a great risk: deploying buggy controller code could result in network and service disruption and security loopholes. The automatic detection of bugs or, even better, verification of their absence is thus most desirable, yet the size of the network and the complexity of the controller makes this a challenging undertaking. In this paper, we propose MOCS, a highly expressive, optimised SDN model that allows capturing subtle real-world bugs, in a reasonable amount of time. This is achieved by (1) analysing the model for possible partial order reductions, (2) statically pre-computing packet equivalence classes and (3) indexing packets and rules that exist in the model. We demonstrate its superiority compared to the state of the art in terms of expressivity, by providing examples of realistic bugs that a prototype implementation of MOCS in Uppaal caught, and performance/scalability, by running examples on various sizes of network topologies, highlighting the importance of our abstractions and optimisations

Nested Hoare Triples and Frame Rules for Higher-order Store

Separation logic is a Hoare-style logic for reasoning about programs with heap-allocated mutable data structures. As a step toward extending separation logic to high-level languages with ML-style general (higher-order) storage, we investigate the compatibility of nested Hoare triples with several variations of higher-order frame rules. The interaction of nested triples and frame rules can be subtle, and the inclusion of certain frame rules is in fact unsound. A particular combination of rules can be shown consistent by means of a Kripke model where worlds live in a recursively defined ultrametric space. The resulting logic allows us to elegantly prove programs involving stored code. In particular, using recursively defined assertions, it leads to natural specifications and proofs of invariants required for dealing with recursion through the store.Comment: 42 page

Key Contributions by the Swiss Tropical and Public Health Institute Towards New and Better Drugs for Tropical Diseases

Thanks to its expertise in clinical research, epidemiology, infectious diseases, microbiology, parasitology, public health, translational research and tropical medicine, coupled with deeply rooted partnerships with institutions in low- and middle-income countries (LMICs), the Swiss Tropical and Public Health Institute (Swiss TPH) has been a key contributor in many drug research and development consortia involving academia, pharma and product development partnerships. Our know-how of the maintenance of parasites and their life-cycles in the laboratory, plus our strong ties to research centres and disease control programme managers in LMICs with access to field sites and laboratories, have enabled systems for drug efficacy testing in vitro and in vivo, clinical research, and modelling to support the experimental approaches. Thus, Swiss TPH has made fundamental contributions towards the development of new drugs – and the better use of old drugs – for neglected tropical diseases and infectious diseases of poverty, such as Buruli ulcer, Chagas disease, food-borne trematodiasis (e.g. clonorchiasis, fascioliasis and opisthorchiasis), human African trypanosomiasis, leishmaniasis, malaria, schistosomiasis, soil-transmitted helminthiasis and tuberculosis. In this article, we show case the success stories of molecules to which Swiss TPH has made a substantial contribution regarding their use as anti-infective compounds with the ultimate aim to improve people’s health and well-being

CD28null pro-atherogenic CD4 T-cells explain the link between CMV infection and an increased risk of Cardiovascular death

An increased risk of cardiovascular death in Cytomegalovirus (CMV)-infected individuals remains unexplained, although it might partly result from the fact that CMV infection is closely associated with the accumulation of CD28null T-cells, in particular CD28null CD4 T-cells. These cells can directly damage endothelium and precipitate cardiovascular events. However, the current paradigm holds that the accumulation of CD28null T-cells is a normal consequence of aging, whereas the link between these T-cell populations and CMV infection is explained by the increased prevalence of this infection in older people. Resolving whether CMV infection or aging triggers CD28null T-cell expansions is of critical importance because, unlike aging, CMV infection can be treated. Methods: We used multi-color flow-cytometry, antigen-specific activation assays, and HLA-typing to dissect the contributions of CMV infection and aging to the accumulation of CD28null CD4 and CD8 T-cells in CMV+ and CMV− individuals aged 19 to 94 years. Linear/logistic regression was used to test the effect of sex, age, CMV infection, and HLA-type on CD28null T-cell frequencies. Results: The median frequencies of CD28null CD4 T-cells and CD28null CD8 T-cells were >12-fold (p=0.000) but only approximately 2-fold higher (p=0.000), respectively, in CMV+ (n=136) compared with CMV− individuals (n=106). The effect of CMV infection on these T-cell subsets was confirmed by linear regression. Unexpectedly, aging contributed only marginally to an increase in CD28null T-cell frequencies, and only in CMV+ individuals. Interestingly, the presence of HLA-DRB1*0301 led to an approximately 9-fold reduction of the risk of having CD28null CD4 T-cell expansions (OR=0.108, p=0.003). Over 75% of CMV-reactive CD4 T-cells were CD28null. Conclusion: CMV infection and HLA type are major risk factors for CD28null CD4 T-cell-associated cardiovascular pathology. Increased numbers of CD28null CD8 T-cells are also associated with CMV infection, but to a lesser extent. Aging, however, makes only a negligible contribution to the expansion of these T-cell subsets, and only in the presence of CMV infection. Our results open up new avenues for risk assessment, prevention, and treatment