Student Talks at LMU - IfI (on BSc and MSc Level)
Week View - Agenda View - Plain HTML - Download or Import ICal Feed
- Wed, 28.04.
-
14:30–14:55
Shareable Benchmarking Reports with Enhanced Filters and Dynamic Statistics for BenchExec
BA Abschlussvortrag von Dennis SimonRaum: (online) Organisator: SoSy-Lab
-
14:30–14:55
Past talks
- Wed, 17.02.
-
14:30–14:55
Improve Analysis of Java Programs in CPAchecker
BA Abschlussvortrag von Sven MasardRaum: (online) Organisator: SoSy-LabTalk details
This bachelor thesis covers the adaptation and extension of CPAchecker in order to analyze a range of Java programs. A collection of Java programs used for the Competition on Software Verification exists that can be used to find and implement cases that CPAchecker was not yet able to handle. In order test this collection of Java programs with CPAchecker in one large batch, CPAchecker for Java is extended to accept property files which are passed using the benchmark definition files. Finally, a configurable program analysis to track exceptions inside of try catch statements is implemented and its implementation is evaluated by a short series of test programs.
-
14:30–14:55
- Wed, 10.02.
-
14:30–14:55
Converting between ACSL Annotations and Witness Invariants
BA Abschlussvortrag von Sven UmbrichtRaum: (online) Organisator: SoSy-LabTalk details
Proving the correctness of a given program with regard to a certain specification is hard. To make this task easier one can additionally give invariants that may aid the verification. Several formats exist to provide invariants for this purpose, like GraphML-based correctness witnesses or ACSL, but herein already lies the problem: A tool that relies on having invariants provided in a specific format cannot profit from invariants that are structured differently. It would therefore be helpful to be able to translate invariants from one format into the other. The goal of this thesis is to translate invariants from correctness witnesses into ACSL annotations and vice versa. We describe a possible way to perform these translations and implement a proof of concept in CPAchecker . Our evaluation shows that we can indeed generate valid ACSL-annotated programs from correctness witnesses produced by different verifiers and that we are able to again create valid witnesses for these annotated programs. -
15:15–15:40
Verification Witnesses: from Llvm to C
BA Abschlussvortrag von Yun ZhangRaum: (online) Organisator: SoSy-Lab
-
14:30–14:55
- Wed, 03.02.
-
12:30–13:00
Fuzzing/Legion in CPAchecker
MA Abschlussvortrag von Christoph GirstenbreiRaum: (online) Organisator: SoSy-Lab
-
12:30–13:00
- Wed, 27.01.
-
14:30–14:55
Implementierung und Evaluation von einfacher Schleifenabstraktion für das CPAchecker-Framework
BA Abschlussvortrag von Benedikt DamböckRaum: (online) Organisator: SoSy-LabTalk details
In der Programmverifikation haben viele Analysen Probleme mit komplizierten Schleifen. Es gibt jedoch die Option, diese zu abstrahieren, so dass die Analyse beschleunigt wird oder es sogar erst möglich wird, zu einem Ergebnis zu kommen. Bei dieser Arbeit handelt es sich um eine Reproduktion eines bestehenden Prinzips der Schleifenabstraktion. Dieses Prinzip wurde mit Anpassungen in das Verifikationprogramm CPAchecker integriert und mit Hilfe von Programmen getestet. Dabei wird es vor der normalen Analyse genutzt, um zu überprüfen, ob die Abstraktion von Schleifen im allgemeinen zu einer Leistungsverbesserung in den Kategorien Zeit und Speicherplatz führt. Es werden 3 SMT-basierte“ Analysen und die Value-Analyse, die ” Übersicht über konstante Variablenwerte behält, eingesetzt. -
15:30–15:40
Genetic Programming in Software Verification
BA Antrittsvortrag von Lukas GlückstadtRaum: (online) Organisator: SoSy-LabTalk details
The idea is to generate verification tasks via genetic programming,i.e. do the following repeatedly on a set of programs:
1. mutation of the programs' ASTs
2. selection of 'fit' programs based by running the generated programs against some verifier and chosing some fitness metric that is determined by the verification resultsThis can then be used used for a large number of interesting applications:
One very simple would be fault localization: Here the allowed mutations are those that remove program statements, and the fitness is determined by a) the bug has to still be present and b) the shorter the program the fitter.
Another application would be to generate structure-wise simple programs that are still hard to solve or to generate programs that are easy to solve by verifier/approach A, but hard to solve by verifier/approach B.In the end the challenging part here (and why this probably has not been done really for software verification) is to keep time per roundtrip low enough to get enough iterations. For that the idea would be to start use bounded model checking/ limit the analysis time. Other tactics like speculative execution or using some static method to predict the fitness might also be worth exploring.
From a techical point of view the goal is to use BenchExec for executing the mutated programs each round (and such reduce the wall time for each round).
The language used for implementation will be Python3, which allows to use the pycparser as a frontend.
-
14:30–14:55
- Wed, 20.01.
- Fri, 15.01.
-
14:15–15:00
Variations and implementation details of Hopcroft's partitioning algorithm for DFA minimisation: Correctness and Time Complexity
von Elisabeth LempaRaum: zoom Organisator: TCSTalk details
In 1971, John Hopcroft described a new algorithm for DFA minimisation. This algorihm is claimed to run in O(m * n * log n) time (where n is the number of states and m is the size of the input alphabet), which is considerably faster than what was then viewed as the 'standard method', which requires O(n^2) steps. However, Hopcroft's original paper, being only five pages long, leaves out many implementation details that turn out to be crucial for achieving this runtime bound. This has of course led to a variety of other authors taking it upon themselves to fill in the gaps, coming up with wildly different approaches in the process. While the details of Hopcroft's initial algorithm were subsequently delivered in a textbook that Hopcroft co-authored and that was published three years later, this has not led people to stop trying to describe and modify the algorithm, with the most recent publication on the subject that I have yet discovered being from 2009. In this Masterarbeit, I will examine the different variations of the algorithm. A set of criteria will be given to discern if an algorithm can still be counted as a variation, or if it's a completely different algorithm. For what are deemed variations, the specific 'choice points' where the approaches differ will be described. And finally, software is used to make it possible to pick and choose which variation should be used at particular points, thereby allowing combination of details from different approaches and authors. It is then examined by testing which of these different combinations will a) give correct results, and b) meet the runtime bound.
-
14:15–15:00
- Wed, 13.01.
-
12:30–12:55
Converting Test Goals to Condition Automata
BA Abschlussvortrag von Frederic SchönbergerRaum: (online) Organisator: SoSy-Lab -
13:30–13:40
Taint Analysis for CPAchecker
BA Antrittsvortrag von Sebastian TschöpelRaum: (online) Organisator: SoSy-Lab -
13:50–14:00
Unityped functional programs and proofs
MA Antrittsvortrag von Lucas HoffmannRaum: (online) Organisator: SoSy-Lab -
14:10–14:20
Invariant Generation through Sampling for CPAchecker
BA Antrittsvortrag von Daniel MössnerRaum: (online) Organisator: SoSy-Lab
-
12:30–12:55
- Wed, 16.12.2020
-
12:30–12:55
Verification of Timed Automata with CPAchecker
MA Abschlussvortrag von Nico WeiseRaum: (online) Organisator: SoSy-LabTalk details
Automata are a formal model for systems of which the behavior is sensitive to time. Failures of such systems can have fatal consequences. Therefore, there is an interest to verify that such systems operate safely. To this end, a system can be modeled as timed automaton. The backbone of many of the state-of-the-art timed automaton verification tools are sophisticated data structures. Other tools use SMT-solvers. SMT-based methods express a verification problem as logical formulas, such that the verification problem is solvable by checking the satisfiability of these formulas. CPAchecker is a state-of-the-art software verification tool and implements SMT-based software verification. This thesis makes the first step towards timed automaton verification with CPAchecker by adding bounded model checking for reachability analyses of timed automata. Formula encodings are represented as composition of encoding parts. This makes it possible to reuse existing parts and define new encodings by configuration. The goal is to equip CPAchecker with a wide range of known encodings that are known to be efficient. An experimental evaluation of different encodings reveals that no encoding outperforms the others on every benchmark automaton. This result supports the idea to make a wide range of different encodings available by configuration, instead of explicitly implementing only some. A comparison with other tools shows that the implementation in CPAchecker is not yet sophisticated enough to be competitive. Moreover, the state-of-the-art tool Uppaal outperforms the bounded model checking approach on most of the benchmarks.
-
12:30–12:55
- Wed, 09.12.2020
-
12:30–12:55
Domain Types for Predicate Analysis in CPAchecker
BA Abschlussvortrag von Yannick AdamsRaum: (online) Organisator: SoSy-Lab -
13:30–13:55
SMT-based Model Checking of Concurrent Programs
BA Abschlussvortrag von Vladyslav KolesnykovRaum: (online) Organisator: SoSy-LabTalk details
Nowadays, modern software applications are complex concurrent and distributed software systems that should be highly reliable and efficient, without data races, deadlocks, and other program bugs. Thus, the automated verification of concurrent programs is becoming increasingly important in order to benefit from the potential of advanced multi-core hardware and distributed infrastructure. However, this process can be challenging even for modern verification software due to the non-deterministic behavior of multithreaded programs. Several successful automated software verification approaches are based on the Satisfiability Modulo Theories (SMT), solving first-order-logic formulas over predicates. This thesis studies two SMT-based software verification techniques, Bounded Model Checking and Predicate Abstraction, as well as a configurable verification framework CPAchecker for C programs. Our framework implements these approaches in a single configurable component for predicate-based analyses, representing Bounded Model Checking and Predicate Abstraction in a single setting. In addition to the theoretical contribution, we present our implementation that extends the existing components of CPAchecker to use Bounded Model Checking and Predicate Abstraction for concurrent programs. The predicate-based analyses component is used with the underlying reachability analysis that explores the program’s state-space analyzing all possible thread interleavings. We evaluate the performance of implemented verification techniques and some optimizations on the broad set of concurrent benchmark tasks, comparing them with other existing analyses in the same framework CPAchecker. We also present a combination of our techniques with explicit value-analysis to solve the state-space explosion problem and achieve even better verification performance. Finally, the implemented changes are applied as part of CPAchecker to participate in the International Competition on Software Verification 2021.
-
12:30–12:55
- Wed, 25.11.2020
- Wed, 18.11.2020
-
12:30–12:45
Domain-independent Function Summaries
MA Antrittsvortrag von Philipp WaldingerRaum: (online) Organisator: SoSy-Lab
-
12:30–12:45
- Wed, 11.11.2020
-
12:30–12:45
A Python Frontend for Cuvée
BA Antrittsvortrag von Maximilian DoodsRaum: (online) Organisator: SoSy-Lab
-
12:30–12:45
- Wed, 04.11.2020
- Wed, 21.10.2020
- Wed, 30.09.2020
-
12:30–13:00
Fault Localization in Model Checking. Implementation and Evaluation of Fault-Localization Techniques with Distance Metrics
BA Abschlussvortrag von Angelos KafounisRaum: (online) Organisator: SoSy-Lab -
13:20–13:50
For The Win (FTW) Agent
Abschlussvortrag Praktikum zur Entwicklung eines groesseren Softwaresystems von Johannes TochtermannRaum: (online) Organisator: SoSy-Lab -
14:15–14:45
Integration und Evaluation von verketteten Entscheidungsdiagrammen in PJBDD und CPAchecker
BA Abschlussvortrag von Sebastian NiednerRaum: (online) Organisator: SoSy-Lab
-
12:30–13:00
- Wed, 16.09.2020
-
12:30–12:40
CWE-IDs for Software Analysis in CPAchecker and SV-COMP
BA Antrittsvortrag von Clara GoldmannRaum: (online) Organisator: SoSy-Lab -
12:50–13:20
Interval-based Optimization for SMT Solvers
BA Abschlussvortrag von Radu RusanuRaum: (online) Organisator: SoSy-LabTalk details
Symbolic execution is a program analysis technique, used to determine the inputs that execute a part of a program. The program is first converted to an execution tree, consisting of path conditions which may or may not be satisfiable. Variables are mapped to their symbolic input values (for boolean variables, the symbolic value is [0,1], for integer variables [−2^31, 2^31] and so forth) and then runs the program in order to find the reachable paths. Every path in the execution tree is parsed as a logical formula, which is defined as satisfiable if a model can be found which renders it as true, and tautological if every possible interpretation makes it true. Since most programs contain an abundance of numeral variables, a partial solver that narrows down the definition intervals of every variable and then performs the satisfiability-check is expected to speed up the solving, as the use of numbers instead of variables eliminates a considerable overhead. Since not every operation used by SMT-solvers is supported, a fallback to a complete solver is integrated if an unsupported operand is encountered. My implementation covers the theory of quantifier-free linear integer arithmetic (QF_LIA), however there is the possibility of expanding it to non-linear rational arithmetic and bit-vectors, which would model the semantics of imperative languages. The algorithm occurs in two stages - the learning stage, where the lower and upper bound of every variable are derived from the formulas passed as queries, and the decision stage where the variables are replaced with their respective intervals. The module is integrated into JavaSMT, an API developed by the Software and Computational Systems lab of the LMU München, which accesses common solvers like Z3 and SMTInterpol. -
13:35–14:20
Solver-based Analysis of Memory Safety using Separation Logic
MA Abschlussvortrag von Moritz BeckRaum: (online) Organisator: SoSy-Lab
-
12:30–12:40
- Wed, 02.09.2020
-
12:30–13:15
Test-based Fault Localization in the Context of Formal Verification: Implementation and Evaluation of the Tarantula Algorithm in CPAchecker
BA Abschlussvortrag von Schindar AliRaum: (online) Organisator: SoSy-Lab
-
12:30–13:15
- Wed, 22.07.2020
-
12:30–13:15
Fault Localization in CPAchecker with Error Invariants and UNSAT-Cores
BA Abschlussvortrag von Matthias KettlRaum: (online) Organisator: SoSy-Lab -
13:15–14:00
Energy Consumption Prediction of Verification Work
BA Abschlussvortrag von Petros IsaakidisRaum: (online) Organisator: SoSy-LabTalk details
Every aspect of our lives is nowadays being influenced by computer science, with its cornerstone being the compilation of computer programs that operate properly without malfunctions. For this purpose, the use of verification programs, such as the CPAchecker developed by the department of Software and Computational Systems at the LMU Munich, is essential. Nevertheless, these programs typically require considerable amounts of energy to conduct their verification tests. In order to minimize their power demands over time, monitoring of the required energy consumption is imperative. Intel’s Running Average Power Limit (RAPL) interface, which is usually implemented for this purpose, is software based and does not estimate the energy consumption of the whole computer system; thus, it is not suited for direct estimation of the whole system consumption. This thesis examines an alternative method of measuring the energy consumption of a system while running verification tests, using the EMH Metering ED300L energy meter. Our primary objective is to present the results of this approach and determine if there is a significant difference in energy estimation between the two methods. Furthermore, we aimed to propose an effective approach to predict the energy measurements of the energy meter based on Intel’s RAPL’s estimations while running verification tests on the CPAchecker software-verification platform. The overall goal of this thesis is to serve as an orientation to support the accurate energy usage measurement of a system.
-
12:30–13:15
- Wed, 15.07.2020
-
12:30–12:40
A Booge Frontend for Cuvee
BA Antrittsvortrag von Marius FunkRaum: (online) Organisator: SoSy-Lab -
12:45–13:30
A Web Frontend for Visualization of Computation Steps and their Results in CPAchecker
BA Abschlussvortrag von Sonja MünchowRaum: (online) Organisator: SoSy-Lab -
13:30–14:15
An IDE Plugin for CPAchecker
BA Abschlussvortrag von Adrian LeimeisterRaum: (online) Organisator: SoSy-Lab
-
12:30–12:40
- Wed, 01.07.2020
- Wed, 17.06.2020
- Wed, 10.06.2020
- Wed, 13.05.2020
-
12:30–13:15
Extending the Framework JavaSMT with the SMT Solver Yices2
BA Abschlussvortrag von Michael ObermeierRaum: (online) Organisator: SoSy-LabTalk details
JavaSMT, developed at the Software and Computational Systems Lab at LMU Munich, is a common API for SMT solvers. It offers access to a selection of solvers developed in Java as well as other programming languages. Support for those non-Java solvers is achieved through either existing or self-developed language bindings. While most solvers have a mostly identical core set of supported theories and features, they still differ by availability of additional theories and performance. As such adding more solvers to the framework will always be beneficial to the users. The Yices2 SMT solver, developed at SRI International’s Computer Science Laboratory was chosen as an addition because of its large feature set and extensive, well documented API. In this paper we will go over how the needed Java binding was developed and the integration with the JavaSMT API works. We will also cover the problems that were encountered while adapting the Yices2 API to JavaSMT’s and the solutions that were implemented. After covering the implementation, we will evaluate the performance of Yices2 against existing solvers in JavaSMT using the CPAchecker software verification framework and the SV-benchmarks set of verification tasks, which are also maintained at the SoSy-Lab. -
13:15–13:30
Code-Complexity Analysis on the Example of CPAchecker
BA Antrittsvortrag von Simon LundRaum: (online) Organisator: SoSy-Lab -
13:30–13:45
Support for Invariant Annotations from Correctness Witnesses in CPAchecker
BA Antrittsvortrag von Sven UmbrichtRaum: (online) Organisator: SoSy-Lab
-
12:30–13:15
- Wed, 06.05.2020
-
12:30–12:40
Fuzzing/Legion in CPAchecker
MA Antrittsvortrag von Christoph GirstenbreiRaum: (online) Organisator: SoSy-Lab
-
12:30–12:40
- Wed, 18.03.2020
-
12:30–13:15
Loop Contracts for Boogie and Dafny
Masterprojekt Abschlusspraesentation von Johannes BlauRaum: F003, Oettingenstr. 67 Organisator: SoSy-Lab
-
12:30–13:15
- Wed, 11.03.2020
-
13:00–13:10
Fault Localization with Tarantula
BA Antrittsvortrag von Schindar AliRaum: F003, Oettingenstr. 67 Organisator: SoSy-LabTalk details
There are many different ways to find out whether a program is buggy, for example testing or formal verification. Once we know that a program is buggy, i.e., that it shows some faulty behavior, a developer has to manually debug the program to find the cause of the problem and fix it - this is a difficult and long-taking process. The aim of this thesis is to help programmers with debugging by implementing Tarantula, a technique for bug-finding based on test coverage, to (1) automatically find potential causes for faulty behavior and (2) present the found causes.
-
13:00–13:10
- Fri, 06.03.2020
-
14:15–15:00
BDD-unterstützes SAT-Solving
BA Abschlussvortrag von Florian LeimgruberRaum: L109, Oettingenstr. 67 Organisator: TCSTalk details
Binary Decision Diagrams (BDDs) sind eine Datenstruktur zur Repräsentation Boolescher Funktionen, aus der sich viele Eigenschaften der Funktion leicht ablesen lassen. Um die Jahrtausendwende wurde die Effizienz von BDD basierten SAT-Solvern untersucht. Mit der Einführung des CDCL Algorithmus 1996 im Solver GRASP endeten diese Bemühungen größtenteils, da CDCL in der Praxis besser Performance zeigte. Mittlerweile basieren die meisten modernen SAT-Solver auf CDCL. Meine Bachelorarbeit griff BDD-basierte Ansätze wieder auf und untersuchte, wie hilfreich BDDs beim SAT-Solving sind. Es wurde dazu ein parallelen SAT-Solver entwickelt, die mithilfe von BDDs einen CDCL Solver unterstützen. Dabei werden BDD-Approximationsalgorithmen eingesetzt um die BDD-Größen zu limitieren. Die BDDs werden einerseits genutzt um lexikographische Suchraumeinschränkungen herzuleiten. Andererseits wurde ein Algorithmus entwickelt, der aus BDDs kleine Klauseln ableitet. Der Vortrag erläutert die Theorie hinter BDDs und CDCL, bevor erklärt wird, wie diese zu einem gemeinsam Solver kombiniert wurden. Zudem wird darauf eingegangen, worauf bei einer effizienten Implementierung geachtet werden muss. Zuletzt wird mit der experimentellen Evaluation belegt, dass die Suche nach kleinen Klauseln Vorteile bei ausgewählten kombinatorischen Problemen bringt.
-
14:15–15:00
- Wed, 12.02.2020
-
12:30–13:00
SMT-based checking and synthesis of formal refinements
MA Antrittsvortrag von Tillmann GaidaRaum: F003, Oettingenstr. 67 Organisator: SoSy-Lab
-
12:30–13:00
- Wed, 05.02.2020
-
12:30–12:40
Improve usability of summary tab for HTML tables of BenchExec
BA Antrittsvortrag von Dennis SimonRaum: F003, Oettingenstr. 67 Organisator: SoSy-Lab
-
12:30–12:40
- Wed, 29.01.2020
-
12:30–13:15
Rely/Guarantee for Separation Logic in SecC
Masterprojekt Abschlusspraesentation von Bernhard PöttingerRaum: F003, Oettingenstr. 67 Organisator: SoSy-Lab -
13:30–14:00
Fault Localization with Error Invariants
BA Antrittsvortrag von Matthias KettlRaum: F003, Oettingenstr. 67 Organisator: SoSy-LabTalk details
There are many different ways to find out whether a program is buggy, for example testing or formal verification. Once we know that a program is buggy, i.e., that it shows some faulty behavior, a developer has to manually debug the program to find the cause of the problem and fix it - this is a difficult and long-taking process. The aim of the planned thesis is to help programmers with debugging by implementing Error Invariants and bug-finding with unsat cores, techniques for bug-finding based on boolean representations of the faulty program, to (1) automatically find potential causes for faulty behavior and (2) present the found causes. This talk is an overview talk for the planned thesis. -
14:00–14:25
Design and Implementation of a Cluster Based Approach for Software Verification
BA Presentation von Alexander RiedRaum: F003, Oettingenstr. 67 Organisator: SoSy-LabTalk details
Automatic software verification is a resource intensive process that often exceeds the capacity of a single machine. To tackle bigger programs, a way to add more computing power is needed. But hardware can not be upgraded indefinitely. One solution is to form a cluster out of several computers and use the combined computing power. To make the best use of the clustered resources, algorithms must be designed with increased latency and non-local data in mind. This thesis evaluates different ways of adding cluster support to an existing parallel verification algorithm that is part of the configurable software verification platform CPAchecker.
-
12:30–13:15
- Wed, 22.01.2020
-
12:30–13:00
Real-World Requirements for Software Analysis
BA Anstrittsvortrag von Amena AbdallaRaum: F003, Oettingenstr. 67 Organisator: SoSy-Lab -
13:15–13:45
Information Flow Testing für ein Modell eines PGP Servers
BA Antrittsvortrag von Lukas RiegerRaum: F003, Oettingenstr. 67 Organisator: SoSy-Lab
-
12:30–13:00
- Tue, 14.01.2020
-
10:00–10:30
Octagon Analysis in CPAchecker (with ELINA)
BA Antrittsvortrag von Martin ZehendnerRaum: F003, Oettingenstr. 67 Organisator: SoSy-Lab
-
10:00–10:30
- Thu, 09.01.2020
-
14:15–15:00
Unifikation von Multimengengleichungen von Variablen-zu-Variablen-Bindungen
BA Abschlussvortrag von Taro YoshiokaRaum: L109, Oettingenstr. 67 Organisator: TCSTalk details
Unfikationsprobleme zwischen Multimengen von Bindungen sind Gleichungen der Form {a_1 = b_1;...;a_n=b_n} = {x_1 = y_1;...;x_m=y_m}, wobei a_i, b_i, x_i, y_i sowohl feste Variablennamen oder instanziierbare Variablen für solche festen Namen sein dürfen. Solche Gleichungen können noch erweitert werden um Variablen, die ganze (Teil-)mengen solcher Multimengen repräsentieren. Im Rahmen einer Bachelorarbeit wurden Algorithmen zur Lösung solcher Unfikationsprobleme entwickelt und in der funktionalen Programmiersprache Haskell implementiert. Im Vortrag werden die Ergebnisse dieser Arbeit vorgestellt.
-
14:15–15:00