Prof. Dr. Gidon Ernst, LMU Munich

Prof. Dr. Gidon Ernst

Junior Professor, Software Verification

Software and Computational Systems Lab
Department of Computer Science
Ludwig-Maximilians-Universität München (LMU Munich)
Oettingenstraße 67
80538 Munich (Germany)

Office: Room F 007, Oettingenstr. 67
Office hours: By appointment, via https://meet.lrz.de/gidon
E-Mail: firstname.lastname@lmu.de
Phone: Please note that I no longer have an office phone
Chat: Zulip (LMU/IFI internal)
ORCID: 0000-0002-3289-5764

GPG-Key

Please send me encrypted mails!
My GPG key: 0x43E74A64
Fingerprint: 2936 1F81 7F7E 77FC 114F E87D 864B 9E41 43E7 4A64

Consider using the keyserver at https://keys.openpgp.org/.

Personal

CV, Google Scholar, Semantic Scholar, DBLP, ORCID, GitHub, Twitter

formal methods for software engineering
software testing
interactive and automated proofs
hybrid systems falsification

This Page

Recent, Teaching, Thesis Mentoring, Research, Software, Service

Recent

[09/2023] Paper Accepted: Toby Murray, Mukesh Tiwari, Gidon Ernst, David Naumann: Assume but Verify: Deductive Verification of Leaked Information in Concurrent Applications, CCS 2023, Extended Version, Website
[07/2023] Paper Accepted: Toby Murray, Pengbo Yan, Gidon Ernst: Compositional Vulnerability Detection with Insecurity Separation Logic, ICFEM 2023, Extended Version, Artifacts
[04/2023] Challenge: Join the VerifyThis long-term collaborative challenge in software specification and verification: https://verifythis.github.io/
[04/2023] Publication: Korn—Software Verification with Horn Clauses (Competition Contribution), Paper, GitHub
[01/2023] Award: I have received the award “best master lecture” 2022 in computer science for my course Methods in Software Engineering by the student association Gruppe Aktiver Fachschaftika. I highly appreciate this recognition and would like to thank everybody involved, notably Nian-Ze Lee for massive help with the preparations and for an excellent tutorial.
[11/2022] Invited Talk: Loop Verification with Invariants and Contracts at Dagstuhl Seminar Principles of Contract Languages, Slides, Tool Cuvée, Demo: inference and framing
[10/2022] Publication: Gidon Ernst, Alexander Knapp, Toby Murray: A Hoare Logic with Regular Behavioral Specifications, ISoLa 2022, Paper, Slides, arXiv
[01/2022] Publication: Loop Verification with Invariants and Contracts at VMCAI 2022, Paper, Technical Report, Slides, Video
[12/2022] Paper Accepted: Dongge Liu, Van-Thuan Pham, Gidon Ernst, Toby Murray, Benjamin Rubinstein: State Selection Algorithms and Their Impact on The Performance of Stateful Network Protocol Fuzzing, SANER 2022.

Lehrveranstaltungen (siehe auch)

Wintersemester 2023/24

Vorlesung: Formale Spezifikation und Verifikation (Ernst, Baier)
Bachelor-Seminar: Verifikation von Programmen mit Schleifen und Arrays (via Zentralanmeldung) (Ernst, Brieger)

Sommersemester 2023

Lecture: Methods in Software Engineering (in English, Bachelor and Master) (Ernst, Wendler)
Bachelor-Seminar: Programmsynthese (via Zentralanmeldung) (Ernst, Brieger)

Mentoring, Bachelor-/Master Theses (see also)

Currently assigned topics

Case-studies in verifying Python programs

Loop summarization for array programs

Formal Verification of Interactive Visual Novels

Security Specifications for Dafny

Penetration Testing of Web-Applications

Finished topics

Specifying Loops with Contracts. [1]

Information flow testing for PGP keyservers [1]

Implement Fuzzing in CPAchecker

SMT-based checking and synthesis of formal refinements

Rely/Guarantee Reasoning for Separation Logic in SecC

Loop Contracts for Boogie and Dafny

Frontends for a deductive verifier (Python)

Frontends for a deductive verifier (Boogie)

Guided fuzz testing with stochastic optimization

Interactive verification debugging [1]

Simplification and solving strategies for SMT

Development of an interactive theorem prover for untyped logic

User-friendly tactics for interactive proofs

Inference of Invariants over Algebraic Data Types

Test-case generation for protocol implementations via fuzzing

Concolic Testing for Liskov's substitution principle

Studie: PBT Driven Design am Beispiel eines Embedded Software Projekts

Fuzzing Strategies in Legion/SymCC

Symbolic Automata Learning for Unbounded Systems

Experiments with Inference of Loop Contracts in Dafny

Further topics can be discussed on request.

Before contacting me with your own topic proposal, please think about this first: What would be the scientific question leading your project? Does the topic fit well with the research and teaching area of Prof. Ernst?

See also: Merkblatt für externe Arbeiten des Prüfungsamtes.

Recommendation Letters/Empfehlungsschreiben

Recommendation letters are a common requirement for applications to top universities, notably in the US. If you consider asking me for such a letter, please make sure that I can offer concrete evidence of your qualifications that goes beyond your course grades. Just taking part in my lecture is not sufficient and the resulting letter would typically be too generic to actually be favorable for your application.

Examples for such evidence could be: you have worked as a Hiwi/Tutor within the SoSy-Lab or you did a thesis/project/seminar with us. Perhaps in some cases very good exercise solutions can count, too.

Research

Relational Proofs

The goal is to infer simulation relations and invariants to prove that two implementations of the same interface exhibit the same external behavior (i.e., Liskov and Wing’s substitution principle).

Notably, we focus on complex data types such as Arrays and Lists in combination where simulation relations often need to be defined by recursion with the help of quantifiers.

Joint work with Grigory Fedyukovich.

Softare Testing

Legion is a software tester based on a tight integration of concolic execution and fuzzing, mediated by Monte-Carlo tree search. Input values to target a specific part of the program are generated by approximate path-preserving fuzzing, a variant of constrained random sampling, using an adaption of the Quicksampler algorithm.

Joint work with Dongge Liu, Ben Rubinstein, Toby Murray.

See also the competition on software testing.

Concurrent Information Flow

Security Concurrent Separation Logic (SecCSL) combines reasoning about expressive, value-dependent security classifications with concurrency and low-level code.
The approach is implemented in the tool SecC (code on bitbucket).

Joint work with Toby Murray (University of Melbourne).

Falsification

Falsification of temporal logic requirements for hybrid systems. See FalStar and the ARCH competition on falsification.

Joint work with Ichiro Hasuo, Sean Sedwards, Zhenya Zhang (NII Tokyo, University of Waterloo).

Previous Projects

KIV: interactive theorem prover and software verification platform (see also VerifyThis)
Flashix: verified file system for flash memory (github)
With Wolfgang Reif, Gerhard Schellhorn, Jörg Pfähler, Stefan Bodenmüller (Augsburg University).
IMP3: integration of shape analysis and theorem proving
Takatuka: Java Virtual Machine for sensor networks

PhD Students

Dongge Liu: Software fuzzing with machine learning (2018–2022).
Co-supervised with Ben Rubinstein, Toby Murray (University of Melbourne).

Software

Cuvée: SMT-LIB with programs and weakest preconditions, draft.
Korn: Horn-clause based verifier for C, draft.
Legion/SymCC: tight integration of concolic execution and fuzzing.
SecC: verified information flow for C.
FalStar: hybrid systems falsification.
Easyparse: LL parsing for Scala case classes made simple.

Service

Editorial Board:

STTT Cocha

PC co-chair:

PhD Symposium @ iFM 2023
FTfJP 2019 at ECOOP 2019

Organizer/Co-organizer:

PC:

Formalise 2023
HSCC 2021
VSTTE 2020
SAC 2020
4PAD 2019
SAC 2019
4PAD 2018
Artifact Evaluation: HSCC 2020, SAS 2018