VSTTE 2024
16th International Conference on Verified Software: Theories, Tools, and Experiments
October 14-15, 2024, Prague, Czech Republic
Co-located with Formal
Methods in Computer-Aided Design 2024
(FMCAD 2024)
Overview
The goal of the VSTTE conference series is to advance the state of the art in the science and technology of software verification, through the interaction of theory development, tool evolution, and experimental validation.
The Verified Software Initiative (VSI), spearheaded by Tony Hoare and Jayadev Misra, is an ambitious research program for making large-scale verified software a practical reality. The International Conference on Verified Software: Theories, Tools and Experiments (VSTTE) is the main forum for advancing the initiative. VSTTE brings together experts spanning the spectrum of software verification in order to foster international collaboration on the critical research challenges. The theoretical work includes semantic foundations and logics for specification and verification, and verification algorithms and methodologies. The tools cover specification and annotation languages, program analyzers, model checkers, interactive verifiers and proof checkers, automated theorem provers and SAT/SMT solvers, and integrated verification environments. The experimental work drives the research agenda for theory and tools by taking on significant specification/verification exercises covering hardware, operating systems, compilers, computer security, parallel computing, and cyber-physical systems.
The 2024 edition of VSTTE will be the 16th international conference in the series, and will be co-located with FMCAD 2024 in Prague, Czech Republic.
We welcome submissions describing significant advances in the production of verified software, i.e. software that has been proved to meet its functional specifications. Submissions of theoretical, practical, and experimental contributions are equally encouraged, including those that focus on specific problems or problem domains. We are especially interested in submissions describing large-scale verification efforts that involve collaboration, theory unification, tool integration, and formalized domain knowledge. We also welcome papers describing novel experiments and case studies evaluating verification techniques and technologies. We encourage submissions on in-progress verified software projects. Presenters will have the option to not include their papers in the post-proceedings, leaving them free to submit their work to other venues later.
Topics of interest for this conference include, but are not limited to, requirements modelling, specification languages, specification/verification/certification case studies, formal calculi, software design methods, automatic code generation, refinement methodologies, compositional analysis, verification tools (e.g., static analysis, dynamic analysis, model checking, theorem proving, satisfiability), tool integration, benchmarks, challenge problems, and integrated verification environments.
Paper Submissions
VSTTE 2024 will accept both long (limited to 16 pages, excluding references) and short (limited to 10 pages, excluding references) paper submissions. Short submissions also cover Verification Pearls describing an elegant proof or proof technique. Submitted research papers and system descriptions must be original and not submitted for publication elsewhere. Submissions of theoretical, practical, and experimental contributions are equally encouraged, including those that focus on specific problems or problem domains.
Papers will be submitted via HotCRP at the VSTTE 2024 conference page. Submissions that arrive late, are not in the proper format, or are too long will not be considered. The post-conference proceedings of VSTTE 2024 will be published as a LNCS volume by Springer-Verlag. Authors of accepted papers will be requested to sign a form transferring copyright of their contribution to Springer-Verlag. The use of LaTeX and the Springer LNCS class files is strongly encouraged.
Camera-ready submissions. Please read the "Instructions for Authors of Papers to be Published in Springer Computer Science Proceedings" document, available here, carefully and make sure your camera-ready submission adheres to the guidelines.
Important Dates
- Paper submission: August 3, 2024 (AoE)
- Notification of presentation acceptance: August 24, 2024 (AoE)
- Final pre-conference paper submission: October 3, 2024 (AoE)
- Conference: October 14-15, 2024
- Notification of proceedings acceptance: TBD
- Camera-ready for post-conference proceedings: TBD
Registration
Registration to VSTTE will be part of the FMCAD registration process.
Program
Monday, October 14
8:30-8:55 | Registration |
8:55-9:00 | Opening |
Session 1 | |
9:00-10:00 | Invited Speaker:
Cristian Cadar Dynamic Symbolic Execution: Between Testing and Verification Abstract: Dynamic symbolic execution has gathered a lot of attention in recent years as a key ingredient in areas including software engineering, programming languages, cybersecurity, and computer systems. While dynamic symbolic execution is primarily a testing and analysis technique, it has also been used in program verification. In this talk, I will discuss its opportunities and limitations in a verification context, and also argue for the need of testing as a complement to verification. Bio: Cristian Cadar is a Professor in the Department of Computing at Imperial College London, where he leads the Software Reliability Group (http://srg.doc.ic.ac.uk), working on automatic techniques for increasing the reliability and security of software systems. Cristian's research has been recognised by several prestigious awards, including the IEEE TCSE New Directions Award, BCS Roger Needham Award, HVC Award, EuroSys Jochen Liedtke Award, and two test of time awards. Many of the research techniques he co-authored have been used in both academia and industry. In particular, he is co-author and maintainer of the KLEE symbolic execution system, a popular system with a large user base. Cristian has a PhD in Computer Science from Stanford University, and undergraduate and Master's degrees from the Massachusetts Institute of Technology. |
10:00-10:30 | Rahul Kumar, Celina Val, Felipe Monteiro, Michael Tautschnig, Zyad Hassan, Qinheping Hu, Adrian Palacios, Remi Delmas, Jaisurya Nanduri, Felix Klock, Justus Adam, Carolyn Zech, and Artem Agvanian Invited Paper: Verifying the Rust Standard Library |
10:30-11:00 | Coffee Break |
Session 2 | |
11:00-12:00 | Invited Speaker:
Karthikeyan Bhargavan High-Assurance Post-Quantum Cryptography Abstract: Modern cryptography offers rewarding targets for software verification. Cryptographic algorithms, like AES or ML-KEM, have clean mathematical specifications that can be implemented in a few hundred lines of code, and yet they are prone to subtle implementation errors. Communication protocols, like TLS or PQXDH, define relatively small concurrent state machines that communicate over public channels, but they are also routinely shown to be vulnerable to attacks that sometimes remain undiscovered for years. In this talk, we will discuss how formal verification is being used to improve the state of real-world cryptography from design to implementation. We will use examples from ongoing work on post-quantum cryptography and their use in messaging protocols. We will see how verification can expose attacks as well as establish security theorems that provide a higher assurance in the software we use on a daily basis. Bio: Karthik is co-founder and chief research scientist at Cryspen, a company that develops verification tools and high-assurance security-critical software. He has contributed to the design and formal security analysis of cryptographic standards like TLS 1.3, HPKE, and MLS, and to the deployment of formally verified high-performance cryptographic code in projects like Firefox, Linux, Python, WireGuard, mbedTLS, etc. He is currently on leave from Inria Paris, where he led a team called Prosecco. |
12:00-12:30 | Quentin Peyras, Ghada Gharbi, Souheib Baarir Towards Verifying Security Policies for Infinite-State Systems |
12:30-13:00 | Salih Ates, Dirk Beyer, Po-Chun Chien, Nian-Ze Lee MoXIchecker: An Extensible Model Checker for MoXI |
13:00-14:30 | Lunch Break |
Session 3 | |
14:30-15:30 | Invited Speaker:
Igor Konnov Pragmatic bounded model checking for TLA+ with Apalache Abstract: TLA+ continues to be the preferred specification language for fault-tolerant distributed algorithms, especially, for distributed consensus. Although consensus algorithms have relatively concise specifications, analyzing their behavior is notoriously difficult due to the inherent control and data non-determinism arising from their distributed nature and potential Byzantine faults. In this talk, I will showcase the spectrum of guarantees that can be obtained in reasonable time using the Apalache model checker. I will also discuss the usability aspects of both TLA+ and Apalache for system engineers. Bio: Igor Konnov is an independent security & formal methods researcher. As a principal research scientist at Informal Systems (2020-2023) and senior research scientist at Interchain Foundation (2019), he has experience of integrating formal methods in the blockchain development process. Igor was the principal investigator in the projects Quint and Apalache. Before joining the blockchain industry, he worked as a formal methods researcher at Inria Nancy, TU Wien, and Lomonosov Moscow State University. |
15:30-16:00 | Feitong Qiao, Aryana Mohammadi, Jürgen Cito, Mark Santolucito Statically Inferring Usage Bounds for Infrastructure as Code |
16:00-16:30 |
Didrik Lundberg, Roberto Guanciale, Mads Dam Proof-Producing Symbolic Execution for P4 |
16:30-17:00 | Coffee Break |
Session 4 | |
17:00-17:30 |
Jakob Rath, Clemens Eisenhofer, Daniela Kaufmann, Nikolaj Bjørner, Laura Kovacs PolySAT: Word-level Bit-vector Reasoning in Z3 |
17:30-18:00 |
Catherine Dubois Deductive Verification of Sparse Sets in Why3 |
18:00-18:05 | Concluding Remarks by PC Chairs |
Invited Speakers
Title: Dynamic Symbolic Execution: Between Testing and Verification
Abstract: Dynamic symbolic execution has gathered a lot of attention in recent years as a key ingredient in areas including software engineering, programming languages, cybersecurity, and computer systems. While dynamic symbolic execution is primarily a testing and analysis technique, it has also been used in program verification. In this talk, I will discuss its opportunities and limitations in a verification context, and also argue for the need of testing as a complement to verification.
Biography: Cristian Cadar is a Professor in the Department of Computing at Imperial College London, where he leads the Software Reliability Group (http://srg.doc.ic.ac.uk), working on automatic techniques for increasing the reliability and security of software systems. Cristian's research has been recognised by several prestigious awards, including the IEEE TCSE New Directions Award, BCS Roger Needham Award, HVC Award, EuroSys Jochen Liedtke Award, and two test of time awards. Many of the research techniques he co-authored have been used in both academia and industry. In particular, he is co-author and maintainer of the KLEE symbolic execution system, a popular system with a large user base. Cristian has a PhD in Computer Science from Stanford University, and undergraduate and Master's degrees from the Massachusetts Institute of Technology.
Title: High-Assurance Post-Quantum Cryptography
Abstract: Modern cryptography offers rewarding targets for software verification. Cryptographic algorithms, like AES or ML-KEM, have clean mathematical specifications that can be implemented in a few hundred lines of code, and yet they are prone to subtle implementation errors. Communication protocols, like TLS or PQXDH, define relatively small concurrent state machines that communicate over public channels, but they are also routinely shown to be vulnerable to attacks that sometimes remain undiscovered for years. In this talk, we will discuss how formal verification is being used to improve the state of real-world cryptography from design to implementation. We will use examples from ongoing work on post-quantum cryptography and their use in messaging protocols. We will see how verification can expose attacks as well as establish security theorems that provide a higher assurance in the software we use on a daily basis.
Biography: Karthik is co-founder and chief research scientist at Cryspen, a company that develops verification tools and high-assurance security-critical software. He has contributed to the design and formal security analysis of cryptographic standards like TLS 1.3, HPKE, and MLS, and to the deployment of formally verified high-performance cryptographic code in projects like Firefox, Linux, Python, WireGuard, mbedTLS, etc. He is currently on leave from Inria Paris, where he led a team called Prosecco.
Title: Pragmatic bounded model checking for TLA+ with Apalache
Abstract: TLA+ continues to be the preferred specification language for fault-tolerant distributed algorithms, especially, for distributed consensus. Although consensus algorithms have relatively concise specifications, analyzing their behavior is notoriously difficult due to the inherent control and data non-determinism arising from their distributed nature and potential Byzantine faults. In this talk, I will showcase the spectrum of guarantees that can be obtained in reasonable time using the Apalache model checker. I will also discuss the usability aspects of both TLA+ and Apalache for system engineers.
Biography: Igor Konnov is an independent security & formal methods researcher. As a principal research scientist at Informal Systems (2020-2023) and senior research scientist at Interchain Foundation (2019), he has experience of integrating formal methods in the blockchain development process. Igor was the principal investigator in the projects Quint and Apalache. Before joining the blockchain industry, he worked as a formal methods researcher at Inria Nancy, TU Wien, and Lomonosov Moscow State University.
Invited Tutorial
Sebastian Ullrich and Joachim Breitner (Lean FRO)
Title: The Lean Programming Language and Theorem Prover
Abstract:
Lean is an interactive theorem prover and general-purpose programming language developed by the Lean Focused Research Organization (Lean FRO). It has gotten much attention as the basis for the vast mathematical library (mathlib) and successes in formalizing contemporary research mathematics, but as a general purpose system, it can also be used for authoring and verifying software among other applications.
In this tutorial you will get a feeling for typical use of Lean for computer scientists: We will define a deep embedding of a simple imperative language, use Lean’s flexible frontend to give it custom syntax, define semantics and finally prove simple optimizations as well as concrete programs correct. The tutorial will mostly be “blackboard-style”, i.e. lively live-coding with explanations, interrupted by short hands-on sessions with suggested tasks. In order to participate, ideally install lean following the official instructions at https://docs.lean-lang.org/lean4/doc/quickstart.html before the event, and clone the repository at https://github.com/leanprover/vstte2024 (which will be made available in time).
Biographies:
Sebastian is the Head of Engineering at the Lean FRO, which he co-founded together with Leonardo de Moura, creator of Lean, in 2023. A Lean contributor since 2015, Sebastian was drawn to the project by its focus on general language design as well as user interaction. He wrote his PhD thesis on the design and extensibility of the user-facing “frontend” of Lean 4, the current version of Lean. He is the main author of Lean 4’s macro system Lean’s notational flexibility is based on.
When not programming, Sebastian instead enjoys following program-guided activities such as playing rhythm games and the piano.
Ever since Joachim has found beauty and elegance in Functional Programming, he’s been working with and on functional programming languages, in particular Haskell, where he has contributed to the compiler, helps with the steering committee and is a co-host of the Haskell Interlude podcast.
He’s also always been fascinated by Interactive Theorem Proving and his academic persona used Isabelle and Coq for formalize mathematics and verify programs.
These two interests find their natural synthesis in the Lean programming language, and Joachim joined the Lean FRO to work on the Lean compiler itself.
Besides such serious nerdery, you’ll find Joachim dancing Swing and Tango (in particular when traveling to conferences, so talk to him if you want to join), paragliding and unapologetically punning.
General Chair
- Supratik Chakraborty (IIT Bombay, India)
Program Chairs
- Azalea Raad (Imperial College London, UK)
- Jonathan Protzenko (Microsoft Research, Seattle, USA)
Publicity Chair
- Serdar Tasiran (Amazon Web Services, USA)
Program Committee
- Andreas Loow (Imperial College London)
- Arie Gurfinkel (University of Waterloo)
- Burcu Kulahcioglu (TU Delft)
- Claire Dross (AdaCore)
- Emanuele D'Osualdo (University of Konstanz)
- Greg Malecha (Bedrock Systems)
- Guillaume Ambal (Imperial College London)
- Guy Amir (Hebrew University of Jerusalem)
- John Wickerson (Imperial College London)
- Joonwon Choi (Apple)
- Juneyoung Lee (Amazon Web Services)
- Karine Even Mendoza (King's College London)
- Kartik Nagar (IIT Madras)
- Ken McMillan (University of Texas at Austin)
- Kumar Madhukar (IIT Delhi)
- Léo Stefanesco (MPI-SWS)
- Marc Pouzet (École Normale Supérieure)
- Martin Bodin (Inria, Grenoble|)
- Michael Sammler (ETH Zürich)
- Michalis Kokologiannakis (MPI-SWS)
- Paulo de Vilhena(Imperial College London)
- Roland Meyer (TU Braunschweig)
- Rupak Majumdar (MPI-SWS)
- Soham Chakraborty (TU Delft)
- Umang Mathur (National University of Singapore)
- Yu-Fang Chen (Academia Sinica)
Previous Editions
- VSTTE 2005 (Zürich, Switzerland)
- VSTTE 2008 (Toronto, Canada)
- VSTTE 2010 (Edinburgh, Scotland)
- VSTTE 2012 (Philadelphia, USA, co-located with POPL 2012)
- VSTTE 2013 (Atherton, USA)
- VSTTE 2014 (Vienna, Austria, co-located with CAV 2014 as part of VSL 2014)
- VSTTE 2015 (San Francisco, USA, co-located with CAV 2015)
- VSTTE 2016 (Toronto, Canada, co-located with CAV 2016)
- VSTTE 2017 (Heidelberg, Germany, co-located with CAV 2017)
- VSTTE 2018 (Oxford, UK, co-located with CAV 2018)
- VSTTE 2019 (New York, USA, co-located with CAV 2019)
- VSTTE 2020 (Los Angeles, USA, co-located with CAV 2020)
- VSTTE 2021 (Lugano, Switzerland, co-located with FMCAD 2021)
- VSTTE 2022 (Trento, Italy, co-located with FMCAD 2022)
- VSTTE 2023 (Ames, Iowa, USA, co-located with FMCAD 2023)