We are hiring new doctoral researchers, student research assistants, and tutors. Apply now!
Paper on Non-termination Witnesses accepted at ASE 2025!

Daniel Baier

Picture of Daniel Baier

Software and Computational Systems Lab
Department of Computer Science
Ludwig-Maximilians-Universität München (LMU Munich)
Oettingenstraße 67
80538 Munich (Germany)

Office
Room F 012, Oettingenstr. 67
E-Mail
firstname.lastname@sosy.ifi.lmu.de
Office Hours
By appointment
ORCID
0000-0001-9116-1974

GPG-Key

Please send me encrypted mails!
My GPG key: 0x528868ABC94AED58
Fingerprint: 92 9B 08 7D 9E 64 19 47 7C FD DD 70 52 88 68 AB C9 4A ED 58

Thesis Mentoring

Available topics
Interprocedural Memory-Image Tracking Analysis using Symbolic Memory Graphs in CPAchecker

CPAchecker has several different implementations of pointer-aliasing analyses with different levels of abstraction, but no way of inferring information about a programs memory-image, as well as a memory-safety analysis, that tracks the memory image of a program precisely. The goal of this thesis is to create a new CPA based on our memory-safety analysis, which is capable of tracking the abstract or precise memory-image of a program, and inferring pointer aliasing information from the tracked memory. This new CPA is based on the existing Symbolic-Memory-Graph (SMG) analysis, but is meant to be interprocedural, i.e. other analyses in CPAchecker should be able to use it. Therefore, this new CPA needs to be fast and be able to track memory-information based on the information provided by the chosen composite analysis. Automatic tests and an evaluation of this addition to CPAchecker are a necessary part of this thesis.

Analyze and evaluate used data-structures in the software verification framework CPAchecker, and add new, advanced/specializes data-structures based on the found usage-profile, including automatic tests and subsequent evaluation

Java does not offer advanced data-structures like union-find, persistent data-structures with efficient copy operations, or efficient self-balancing trees natively. However, these, and many more, can be useful in situations with the need for specialized data-structures, like in the software verification framework CPAchecker. This project/thesis aims at analyzing where such data-structures would be useful in CPAchecker and then implementing them in Java in the SoSy-Commons library. New data-structures should be automatically tested and documented thoroughly. The efficiency is then to be benchmarked and evaluated.

JavaSMT: Implement a minimal Python API for JavaSMT with native compiled Java code with automatic tests and subsequent evaluation

JavaSMT is a library offering a common interface for many SMT solvers. However, as it is written in Java, it uses the Java Virtual Machine, which invokes a run-time overhead when started. This problem can be reduced by compiling JavaSMT natively, e.g. using Graal-VM. Since this problem is only of concern for non-Java based applications, a Python interface can be added using Graal-VM, which allows the usage of JavaSMT through Python. This can then be evaluated, for example using the setup and benchmark tasks of SMT-COMP.

JavaSMT: integrate a new SMT or CHC solver (with automated tests and build documentation). Possible candidates: Lean-SMT, STP, Eldarica, Golem, ...

JavaSMT is a framework that provides a common API for several SMT solvers. Adding support for an additional SMT solver is straightforward. However, JavaSMT is written in Java, while most solvers are written in C or C++. This means one usually has to write bindings using the Java Native Interface. Alternativly, CHC solvers based on SMT solvers could also be added in the existing infrastructure. This topic is suited for a bachelor's thesis.

JavaSMT: boost SMT solver performance using optimization/simplification techniques

JavaSMT is a framework that provides a common API for several SMT solvers. These have different strengths and weaknesses. To boost these, common simplification or optimization techniques could be added to boost existingt solvers capabilities. This can be based on solver independent techniques, finding optimal solver settings, or utilizing features from distinct solvers to the currently used etc. This should also be added in the existing infrastructure, including automatic tests, documentation and a thorough evaluation.

Currently assigned topics
Boost Symbolic Memory Graph based Explicit Value Analysis with Numerical Abstract Reasoning

Explicit Value Analysis with Symbolic Memory Graphs (SMGs) can analyse programs, including memory operations, fast and efficient. However, Value Analysis often over-approximates values beyond an already encountered bound. The goal is to combine the existing SMG based Value Analysis with the existing Numerical Abstract Domain (APRON) using a composite analysis, reusing the already existing components. This is then implemented in CPAchecker and evaluated against other verification approaches over the SV-COMP benchmark set.

Finished topics
JavaSMT: develop a interface for proofs returned by SMT solvers and add support for existing SMT solvers inside JavaSMT (with automated tests and build documentation).

JavaSMT is a framework that provides a common API for several SMT solvers. SMT solvers are capable of returning a proof for a verdict. These proofs however are different from solver to solver. The goal of this thesis is first an analysis of the different proofs returned by the solvers to develop a common interface, then implementing this in JavaSMT and finally connecting all possible SMT solvers to this interface (with automated tests and possible build documentation). This topic is suited for a bachelor's thesis

JavaSMT: add support for UltimateEliminator, a tool for solver-independent quantifier elimination, to JavaSMT. (with automated tests and build documentation).

JavaSMT is a framework that provides a common API for several SMT solvers. However, some SMT solvers lack support for quantifier theory and quantifier elimination. UltimateEliminator bridges this gap by offering solver-independent quantifier elimination. The goal of this thesis is adding a solver-independent quantifier layer to JavaSMT and connecting UltimateEliminator to it, allowing all solvers to utilize quantifiers as long as they are eliminated in the end (with automated tests and build documentation). This topic is suited for a bachelor's thesis

JavaSMT: extend the solver-independent SMT2 String parser/composer with missing SMT theories (e.g. Floating-Points, Strings, ...) and add a SMT-LIB2 based SMT solver to JavaSMT based on the added theories (with automated tests and build documentation).

JavaSMT is a framework that provides a common API for several SMT solvers. However, there are solver that do not offer parsing/dumping of formulas in the SMT2 format. The goal of this thesis would be the extension of our solver-independent SMT-LIB2 parser/generator layer in JavaSMT, that enables users to generate SMT2 formulas in String form using the API, but also read arbitrary SMT2 formulas into any of the existing solvers APIs without using the solvers parsing abilities. To evaluate this extension, we add a SMT solver using the parser/generator. This topic is suited for a bachelor's thesis

If you're a student interested in writing your thesis at our chair, you should also have a look at our full list of currently available theses.

Teaching

  • SS'23: Master-Seminar: Reproducibility of Software Engineering Research
  • SS'24: Methods in Software Engineering
  • WS'24: Principles of Compiler Design
  • SS'25: Master-Seminar: Reproducibility of Software Engineering Research
  • WS'25: Bachelor-Seminar: Software Quality Assurance

Publications, Theses, and Projects