Refinement Type Inference via Horn Constraint Optimization

We propose a novel method for inferring refinement types of higher-order functional programs. The main advantage of the proposed method is that it can infer maximally preferred (i.e., Pareto optimal) refinement types with respect to a user-specified preference order. The flexible optimization of refinement types enabled by the proposed method paves the way for interesting applications, such as inferring most-general characterization of inputs for which a given program satisfies (or violates) a given safety (or termination) property. Our method reduces such a type optimization problem to a Horn constraint optimization problem by using a new refinement type system that can flexibly reason about non-determinism in programs. Our method then solves the constraint optimization problem by repeatedly improving a current solution until convergence via template-based invariant generation. We have implemented a prototype inference system based on our method, and obtained promising results in preliminary experiments.Comment: 19 page

Automatic Abstraction in SMT-Based Unbounded Software Model Checking

Software model checkers based on under-approximations and SMT solvers are very successful at verifying safety (i.e. reachability) properties. They combine two key ideas -- (a) "concreteness": a counterexample in an under-approximation is a counterexample in the original program as well, and (b) "generalization": a proof of safety of an under-approximation, produced by an SMT solver, are generalizable to proofs of safety of the original program. In this paper, we present a combination of "automatic abstraction" with the under-approximation-driven framework. We explore two iterative approaches for obtaining and refining abstractions -- "proof based" and "counterexample based" -- and show how they can be combined into a unified algorithm. To the best of our knowledge, this is the first application of Proof-Based Abstraction, primarily used to verify hardware, to Software Verification. We have implemented a prototype of the framework using Z3, and evaluate it on many benchmarks from the Software Verification Competition. We show experimentally that our combination is quite effective on hard instances.Comment: Extended version of a paper in the proceedings of CAV 201

A simple abstraction of arrays and maps by program translation

We present an approach for the static analysis of programs handling arrays, with a Galois connection between the semantics of the array program and semantics of purely scalar operations. The simplest way to implement it is by automatic, syntactic transformation of the array program into a scalar program followed analysis of the scalar program with any static analysis technique (abstract interpretation, acceleration, predicate abstraction,.. .). The scalars invariants thus obtained are translated back onto the original program as universally quantified array invariants. We illustrate our approach on a variety of examples, leading to the " Dutch flag " algorithm

Software Model Checking with Explicit Scheduler and Symbolic Threads

In many practical application domains, the software is organized into a set of threads, whose activation is exclusive and controlled by a cooperative scheduling policy: threads execute, without any interruption, until they either terminate or yield the control explicitly to the scheduler. The formal verification of such software poses significant challenges. On the one side, each thread may have infinite state space, and might call for abstraction. On the other side, the scheduling policy is often important for correctness, and an approach based on abstracting the scheduler may result in loss of precision and false positives. Unfortunately, the translation of the problem into a purely sequential software model checking problem turns out to be highly inefficient for the available technologies. We propose a software model checking technique that exploits the intrinsic structure of these programs. Each thread is translated into a separate sequential program and explored symbolically with lazy abstraction, while the overall verification is orchestrated by the direct execution of the scheduler. The approach is optimized by filtering the exploration of the scheduler with the integration of partial-order reduction. The technique, called ESST (Explicit Scheduler, Symbolic Threads) has been implemented and experimentally evaluated on a significant set of benchmarks. The results demonstrate that ESST technique is way more effective than software model checking applied to the sequentialized programs, and that partial-order reduction can lead to further performance improvements.Comment: 40 pages, 10 figures, accepted for publication in journal of logical methods in computer scienc

Deductive Verification of Cryptographic Software

We report on the application of an off-the-shelf verification platform to the RC4 stream cipher cryptographic software implementation (as available in the openSSL library), and introduce a deductive verification technique based on self-composition for proving the absence of error propagation

A Postulate for Tiger Recovery: The Case of the Caspian Tiger

Recent genetic analysis has shown that the extinct Caspian Tiger (P. t. virgata) and the living Amur Tigers (P. t. altaica) of the Russian Far East are actually taxonomically synonymous and that Caspian and Amur groups historically formed a single population, only becoming separated within the last 200 years by human agency. A major conservation implication of this finding is that tigers of Amur stock might be reintroduced, not only back into the Koreas and China as is now proposed, but also through vast areas of Central Asia where the Caspian tiger once lived. However, under the current tiger conservation framework the 12 “Caspian Tiger States” are not fully involved in conservation planning. Equal recognition as “Tiger Range States” should be given to the countries where the Caspian tiger once lived and their involvement in tiger conservation planning encouraged. Today, preliminary ecological surveys show that some sparsely populated areas of Central Asia preserve natural habitat suitable for tigers. In depth assessments should be completed in these and other areas of the Caspian range to evaluate the possibility of tiger reintroductions. Because tigers are a charismatic umbrella species, both ecologically and politically, reintroduction to these landscapes would provide an effective conservation framework for the protection of many species in addition to tigers. And for today’s Amur Tigers this added range will provide a buffer against further loss of genetic diversity, one which will maintain that diversity in the face of selective pressures that can only be experienced in the wild

ENDOPHYTIC BACTERIA AS BIOFERTILIZERS FOR MAIZE (ZEA MAYS L.)

Total ten isolates of endophytic bacteria mainly belonging to genera Acetobacter and Azospirillum having higher nitrogen fixing efficiency were isolated from surface sterilized plant parts of different plant species using LGIP and NFB media selective for growth of Acetobacter and Azospirillum respectively. All the isolates can colonize maize endophytically under laboratory conditions. In vitro nitrogen fixation rates of all the isolates ranged from 4.0 to 36.3 mg N fixed / gm of sugar consumed among which isolate A 10 showed the highest N fixing capacity i.e. 36.3 mg /g of sugar. All the isolates were also capable of solubilizing tri calcium phosphate in Pikovskaya’s broth, the soluble phosphate content was found in the range of 1.19 - 21.0 μg/ml and 4.44-23.81 μg/ml at 3 and 5 DAI, respectively. Seed inoculation of all the isolates significantly influenced growth of maize cv. Narmada moti in lab and field conditions. The highest grain yield (5694 Kg/ha) was obtained when seeds were inoculated with isolate A 10 was applied alongwith 75% recommended dose (RD) of N fertilizer which was significantly superior as compared to 100 % RD of chemical N fertilizer sowing savings of 25% of Nitrogenous fertilizer through bacterization

Isolation Without Taxation: {N}ear-Zero-Cost Transitions for {WebAssembly} and {SFI}

Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. Mozilla, for example, uses SFI to harden the Firefox browser by sandboxing third-party libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate untrusted tenants on their edge clouds. While there have been significant efforts to optimize and verify SFI enforcement, context switching in SFI systems remains largely unexplored: almost all SFI systems use \emph{heavyweight transitions} that are not only error-prone but incur significant performance overhead from saving, clearing, and restoring registers when context switching. We identify a set of \emph{zero-cost conditions} that characterize when sandboxed code has sufficient structured to guarantee security via lightweight \emph{zero-cost} transitions (simple function calls). We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions, eliminating the undue performance tax on systems that rely on Lucet for sandboxing (e.g., we speed up image and font rendering in Firefox by up to 29.7\% and 10\% respectively). To remove the Lucet compiler and its correct implementation of the Wasm specification from the trusted computing base, we (1) develop a \emph{static binary verifier}, VeriZero, which (in seconds) checks that binaries produced by Lucet satisfy our zero-cost conditions, and (2) prove the soundness of VeriZero by developing a logical relation that captures when a compiled Wasm function is semantically well-behaved with respect to our zero-cost conditions. Finally, we show that our model is useful beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our zero-cost conditions; our prototype performs on-par with the state-of-the-art Native Client SFI system

Tigers of Sundarbans in India: Is the Population a Separate Conservation Unit?

The Sundarbans tiger inhabits a unique mangrove habitat and are morphologically distinct from the recognized tiger subspecies in terms of skull morphometrics and body size. Thus, there is an urgent need to assess their ecological and genetic distinctiveness and determine if Sundarbans tigers should be defined and managed as separate conservation unit. We utilized nine microsatellites and 3 kb from four mitochondrial DNA (mtDNA) genes to estimate genetic variability, population structure, demographic parameters and visualize historic and contemporary connectivity among tiger populations from Sundarbans and mainland India. We also evaluated the traits that determine exchangeability or adaptive differences among tiger populations. Data from both markers suggest that Sundarbans tiger is not a separate tiger subspecies and should be regarded as Bengal tiger (P. t. tigris) subspecies. Maximum likelihood phylogenetic analyses of the mtDNA data revealed reciprocal monophyly. Genetic differentiation was found stronger for mtDNA than nuclear DNA. Microsatellite markers indicated low genetic variation in Sundarbans tigers (He= 0.58) as compared to other mainland populations, such as northern and Peninsular (Hebetween 0.67- 0.70). Molecular data supports migration between mainland and Sundarbans populations until very recent times. We attribute this reduction in gene flow to accelerated fragmentation and habitat alteration in the landscape over the past few centuries. Demographic analyses suggest that Sundarbans tigers have diverged recently from peninsular tiger population within last 2000 years. Sundarbans tigers are the most divergent group of Bengal tigers, and ecologically non-exchangeable with other tiger populations, and thus should be managed as a separate "evolutionarily significant unit" (ESU) following the adaptive evolutionary conservation (AEC) concept.Wildlife Institute of India, Dehra Dun (India)