2023Activity reportProject-TeamANTIQUE

7.1.1 APRON

• Scientific Description:
  The APRON library is intended to be a common interface to various underlying libraries/abstract domains and to provide additional services that can be implemented independently from the underlying library/abstract domain, as shown by the poster on the right (presented at the SAS 2007 conference. You may also look at:
• Functional Description:
  The Apron library is dedicated to the static analysis of the numerical variables of a program by abstract interpretation. Its goal is threefold: provide ready-to-use numerical abstractions under a common API for analysis implementers, encourage the research in numerical abstract domains by providing a platform for integration and comparison of domains, and provide a teaching and demonstration tool to disseminate knowledge on abstract interpretation.
• URL:
  http://­apron.­cri.­ensmp.­fr/­library/
• Contact:
  Antoine Miné
• Participants:
  Antoine Miné, Bertrand Jeannet

7.1.2 Astrée

• Name:
  The AstréeA Static Analyzer of Asynchronous Software
• Keywords:
  Static analysis, Static program analysis, Program verification, Software Verification, Abstraction
• Scientific Description:

  Astrée analyzes structured C programs, with complex memory usages, but without dynamic memory allocation nor recursion. This encompasses many embedded programs as found in earth transportation, nuclear energy, medical instrumentation, and aerospace applications, in particular synchronous control/command. The whole analysis process is entirely automatic.

  Astrée discovers all runtime errors including:

  undefined behaviors in the terms of the ANSI C99 norm of the C language (such as division by 0 or out of bounds array indexing),

  any violation of the implementation-specific behavior as defined in the relevant Application Binary Interface (such as the size of integers and arithmetic overflows),

  any potentially harmful or incorrect use of C violating optional user-defined programming guidelines (such as no modular arithmetic for integers, even though this might be the hardware choice),

  failure of user-defined assertions.

• Functional Description:

  Astrée analyzes structured C programs, with complex memory usages, but without dynamic memory allocation nor recursion. This encompasses many embedded programs as found in earth transportation, nuclear energy, medical instrumentation, and aerospace applications, in particular synchronous control/command. The whole analysis process is entirely automatic.

  Astrée discovers all runtime errors including: - undefined behaviors in the terms of the ANSI C99 norm of the C language (such as division by 0 or out of bounds array indexing), - any violation of the implementation-specific behavior as defined in the relevant Application Binary Interface (such as the size of integers and arithmetic overflows), - any potentially harmful or incorrect use of C violating optional user-defined programming guidelines (such as no modular arithmetic for integers, even though this might be the hardware choice), - failure of user-defined assertions.

  Astrée is a static analyzer for sequential programs based on abstract interpretation. The Astrée static analyzer aims at proving the absence of runtime errors in programs written in the C programming language.

• URL:
  http://­www.­astree.­ens.­fr/
• Contact:
  Patrick Cousot
• Participants:
  Antoine Miné, Jerome Feret, Laurent Mauborgne, Patrick Cousot, Radhia Cousot, Xavier Rival
• Partners:
  CNRS, ENS Paris, AbsInt Angewandte Informatik GmbH

7.1.3 AstréeA

• Name:
  The AstréeA Static Analyzer of Asynchronous Software
• Keywords:
  Static analysis, Static program analysis
• Scientific Description:
  AstréeA analyzes C programs composed of a fixed set of threads that communicate through a shared memory and synchronization primitives (mutexes, FIFOs, blackboards, etc.), but without recursion nor dynamic creation of memory, threads nor synchronization objects. AstréeA assumes a real-time scheduler, where thread scheduling strictly obeys the fixed priority of threads. Our model follows the ARINC 653 OS specification used in embedded industrial aeronautic software. Additionally, AstréeA employs a weakly-consistent memory semantics to model memory accesses not protected by a mutex, in order to take into account soundly hardware and compiler-level program transformations (such as optimizations). AstréeA checks for the same run-time errors as Astrée , with the addition of data-races.
• Functional Description:
  AstréeA is a static analyzer prototype for parallel software based on abstract interpretation. The AstréeA prototype is a fork of the Astrée static analyzer that adds support for analyzing parallel embedded C software.
• URL:
  http://­www.­astree.­ens.­fr/
• Contact:
  Patrick Cousot
• Participants:
  Antoine Miné, Jerome Feret, Patrick Cousot, Radhia Cousot, Xavier Rival
• Partners:
  CNRS, ENS Paris, AbsInt Angewandte Informatik GmbH

7.1.4 ClangML

• Keyword:
  Compilation
• Functional Description:
  ClangML is an OCaml binding with the Clang front-end of the LLVM compiler suite. Its goal is to provide an easy to use solution to parse a wide range of C programs, that can be called from static analysis tools implemented in OCaml, which allows to test them on existing programs written in C (or in other idioms derived from C) without having to redesign a front-end from scratch. ClangML features an interface to a large set of internal AST nodes of Clang , with an easy to use API. Currently, ClangML supports all C language AST nodes, as well as a large part of the C nodes related to C++ and Objective-C.
• URL:
  https://­github.­com/­Antique-team/­clangml/­tree/­master/­clang
• Contact:
  Xavier Rival
• Participants:
  Devin Mccoughlin, François Berenger, Pippijn Van Steenhoven

7.1.5 FuncTion

• Scientific Description:
  FuncTion is based on an extension to liveness properties of the framework to analyze termination by abstract interpretation proposed by Patrick Cousot and Radhia Cousot. FuncTion infers ranking functions using piecewise-defined abstract domains. Several domains are available to partition the ranking function, including intervals, octagons, and polyhedra. Two domains are also available to represent the value of ranking functions: a domain of affine ranking functions, and a domain of ordinal-valued ranking functions (which allows handling programs with unbounded non-determinism).
• Functional Description:
  FuncTion is a research prototype static analyzer to analyze the termination and functional liveness properties of programs. It accepts programs in a small non-deterministic imperative language. It is also parameterized by a property: either termination, or a recurrence or a guarantee property (according to the classification by Manna and Pnueli of program properties). It then performs a backward static analysis that automatically infers sufficient conditions at the beginning of the program so that all executions satisfying the conditions also satisfy the property.
• URL:
  http://­www.­di.­ens.­fr/­~urban/­FuncTion.­html
• Contact:
  Caterina Urban
• Participants:
  Antoine Miné, Caterina Urban

7.1.6 HOO

• Name:
  Heap Abstraction for Open Objects
• Functional Description:

  JSAna with HOO is a static analyzer for JavaScript programs. The primary component, HOO, which is designed to be reusable by itself, is an abstract domain for a dynamic language heap. A dynamic language heap consists of open, extensible objects linked together by pointers. Uniquely, HOO abstracts these extensible objects, where attribute/field names of objects may be unknown. Additionally, it contains features to keeping precise track of attribute name/value relationships as well as calling unknown functions through desynchronized separation.

  As a library, HOO is useful for any dynamic language static analysis. It is designed to allow abstractions for values to be easily swapped out for different abstractions, allowing it to be used for a wide-range of dynamic languages outside of JavaScript.

• Contact:
  Arlen Cox
• Participant:
  Arlen Cox

7.1.7 MemCAD

• Name:
  The MemCAD static analyzer
• Keywords:
  Static analysis, Abstraction
• Functional Description:
  MemCAD is a static analyzer that focuses on memory abstraction. It takes as input C programs, and computes invariants on the data structures manipulated by the programs. It can also verify memory safety. It comprises several memory abstract domains, including a flat representation, and two graph abstractions with summaries based on inductive definitions of data-structures, such as lists and trees and several combination operators for memory abstract domains (hierarchical abstraction, reduced product). The purpose of this construction is to offer a great flexibility in the memory abstraction, so as to either make very efficient static analyses of relatively simple programs, or still quite efficient static analyses of very involved pieces of code. The implementation consists of over 30 000 lines of ML code, and relies on the ClangML front-end. The current implementation comes with over 300 small size test cases that are used as regression tests.
• URL:
  http://­www.­di.­ens.­fr/­~rival/­memcad.­html
• Contact:
  Xavier Rival
• Participants:
  Antoine Toubhans, François Berenger, Huisong Li, Xavier Rival

7.1.8 KAPPA

• Name:
  A rule-based language for modeling interaction networks
• Keywords:
  Systems Biology, Modeling, Static analysis, Simulation, Model reduction
• Scientific Description:
  OpenKappa is a collection of tools to build, debug and run models of biological pathways. It contains a compiler for the Kappa Language, a static analyzer (for debugging models), a simulator, a compression tool for causal traces, and a model reduction tool.
• Functional Description:
  Kappa is provided with the following tools: - a compiler - a stochastic simulator - a static analyzer - a trace compression algorithm - an ODE generator.
• Release Contributions:
  On line UI, Simulation is based on a new data-structure (see ESOP 2017 ), New abstract domains are available in the static analyzer (see SASB 2016), Local traces (see TCBB 2018), Reasoning on polymers (see SASB 2018).
• URL:
  http://­www.­kappalanguage.­org/
• Contact:
  Jerome Feret
• Participants:
  Jean Krivine, Jerome Feret, Kim-Quyen Ly, Pierre Boutillier, Russ Harmer, Vincent Danos, Walter Fontana, Antoine Pouille, Matthieu Bougueon
• Partners:
  ENS Lyon, Université Paris-Diderot, HARVARD Medical School

7.1.9 QUICr

• Functional Description:
  QUICr is an OCaml library that implements a parametric abstract domain for sets. It is constructed as a functor that accepts any numeric abstract domain that can be adapted to the interface and produces an abstract domain for sets of numbers combined with numbers. It is relational, flexible, and tunable. It serves as a basis for future exploration of set abstraction.
• Contact:
  Arlen Cox
• Participant:
  Arlen Cox

7.1.10 Zarith

• Functional Description:

  Zarith is a small (10K lines) OCaml library that implements arithmetic and logical operations over arbitrary-precision integers. It is based on the GNU MP library to efficiently implement arithmetic over big integers. Special care has been taken to ensure the efficiency of the library also for small integers: small integers are represented as Caml unboxed integers and use a specific C code path. Moreover, optimized assembly versions of small integer operations are provided for a few common architectures.

  Zarith is currently used in the Astrée analyzer to enable the sound analysis of programs featuring 64-bit (or larger) integers. It is also used in the Frama-C analyzer platform developed at CEA LIST and Inria Saclay.

• URL:
  http://­forge.­ocamlcore.­org/­projects/­zarith
• Contact:
  Antoine Miné
• Participants:
  Antoine Miné, Pascal Cuoq, Xavier Leroy

7.1.11 PYPPAI

• Name:
  Pyro Probabilistic Program Analyzer
• Keywords:
  Probability, Static analysis, Program verification, Abstraction
• Functional Description:

  PYPPAI is a program analyzer to verify the correct semantic definition of probabilistic programs written in Pyro. At the moment, PYPPAI verifies consistency conditions between models and guides used in probabilistic inference programs.

  PYPPAI is written in OCaml and uses the pyml Python in OCaml library. It features a numerical abstract domain based on Apron, an abstract domain to represent zones in tensors, and dedicated abstract domains to describe distributions and states in probabilistic programs.

• URL:
  https://­github.­com/­wonyeol/­static-analysis-for-support-match
• Contact:
  Xavier Rival

A Categorical Framework for Program Semantics and Semantic Abstraction.

Participants: Jérémy Dubut, Shin-ya Katsumata, Xavier Rival [correspondant].

Categorical semantics of type theories are often characterized as structure-preserving functors. This is because in category theory both the syntax and the domain of interpretation are uniformly treated as structured categories, so that we can express interpretations as structure-preserving functors between them. This mathematical characterization of semantics makes it convenient to manipulate and to reason about relationships between interpretations. Motivated by this success of functorial semantics, we address the question of finding a functorial analogue in abstract interpretation, a general framework for comparing semantics, so that we can bring similar benefits of functorial semantics to semantic abstractions used in abstract interpretation. Major differences concern the notion of interpretation that is being considered. Indeed, conventional semantics are value-based whereas abstract interpretation typically deals with more complex properties. In this paper, we propose a functorial approach to abstract interpretation and study associated fundamental concepts therein. In our approach, interpretations are expressed as oplax functors in the category of posets, and abstraction relations between interpretations are expressed as lax natural transformations representing concretizations. We present examples of these formal concepts from monadic semantics of programming languages and discuss soundness.

This work has been accepted for publishation at MFPS 2023 17.

A generic framework to coarse-grain stochastic reaction networks by Abstract Interpretation

Participants: Jérôme Boillot, Jérôme Feret.

In 12, we present symbolic methods to improve the precision of static analyses of modular integer expressions based on Abstract Interpretation. Like similar symbolic methods, the idea is to simplify on-the-fly arithmetic expressions before they are given to abstract transfer functions of underlying abstract domains. When manipulating fixed-length integer data types, casts and overflows generally act like modulo computations which hinder the use of symbolic techniques. The goal of this article is to formalize how modulo operations can be safely eliminated by abstracting arbitrary arithmetic expressions into sum, product, or division of linear forms with integer coefficients, while simplifying them. We provide some rules to simplify arithmetic expressions that are involved in the computation of linear interpolations, while ensuring the soundness of the transformation.

All these methods have been incorparated in three static analyzers: a toy analyzer publicly available, the ASTRÉE statis analyzer, and the MOPSA open-source static analysis platform. In particular, MOPSA aims at broadening their application to the general software development community. The symbolic simplification of expressions involving modular integer expressions turned out to be very useful to solve some corner cases that other tools could not attack. Jérôme Boillot has participated to the team Mopsa who won the Gold Medal (Winner) of SV-Comp's SoftwareSystems category 2024. The competition will take place at TACAS 2024. The detailed results are available at: https://sv-comp.sosy-lab.org/2024/results/results-verified/.

A Formal Framework to Measure the Incompleteness of Abstract Interpretations

Participants: Marco Campion, Caterina Urban, Mila Dalla Preda, Roberto Giacobazzi.

In program analysis by abstract interpretation, backward-completeness represents no loss of precision between the result of the analysis and the abstraction of the concrete execution, while forward-completeness stands for no imprecision between the concretization of the analysis result and the concrete execution. Program analyzers satisfying one of the two properties (or both) are considered precise. Regrettably, as for all approximation methods, the presence of false alarms is most of the time unavoidable and therefore we need to deal somehow with incompleteness of both. To this end, a new property called partial completeness has recently been formalized as a relaxation of backward-completeness allowing a limited amount of imprecision measured by quasi-metrics. However, the use of quasi-metrics enforces distance functions to adhere precisely the abstract domain ordering, thus not suitable to be used to weaken the forward-completeness property which considers also abstract domains that are not necessarily based on Galois Connections. In 13 (published at SAS 2023), we formalize a weaker form of quasi-metric, called pre-metric, which can be defined on all domains equipped with a pre-order relation. We show how this newly defined notion of pre-metric allows us to derive other pre-metrics on other domains by exploiting the concretization and, when available, the abstraction maps, according to the information and the corresponding level of approximation that we want to measure. Finally, by exploiting pre-metrics as our imprecision meter, we introduce the partial forward/backward-completeness properties.

Monotonicity and the Precision of Program Analysis

Participants: Marco Campion, Mila Dalla Preda, Roberto Giacobazzi, Caterina Urban.

It is widely known that the precision of a program analyzer is closely related to intensional program properties, namely, properties concerning how the program is written. Less is known about a possible relation between what the program extensionally computes, namely, its input-output relation, and the precision of a program analyzer. In our paper 4 accepted for publication at POPL 2024, we explore this potential connection in an effort to isolate program fragments that can be precisely analyzed by abstract interpretation, namely, programs for which there exists a complete abstract interpretation. In the field of static inference of numeric invariants, this happens for programs, or parts of programs, that manifest a monotone (either non-decreasing or non-increasing) behavior. In the paper, we first formalize the notion of program monotonicity with respect to a given input and a set of numerical variables of interest. A sound proof system is then introduced with judgments specifying whether a program is monotone relatively to a set of variables and a set of inputs. The interest in monotonicity is justified because we prove that the family of monotone programs admits a complete abstract interpretation over a specific class of non-trivial numerical abstractions and inputs. This class includes all non-relational abstract domains that refine interval analysis (i.e., at least as precise as the intervals abstraction) and that satisfy a topological convexity hypothesis.

Static analysis and model reduction

Participants: Jérôme Feret.

In our habilitation thesis 24, we describe the design of formal tools for Kappa, a site-graph rewriting language inspired by bio-chemistry. In particular, we introduce a static analysis to compute some properties on the biological entities that may arise in models, so as to increase our confidence in them. We also present a model reduction approach based on a study of the flow of information between the different regions of the biological entities and the potential symmetries. This approach is applied both in the differential and in the stochastic semantics.

The first three chapters of 24 forms the material for a course that has been taught at EJCIM 2023, the PhD spring school of the CNRS research group informatic mathematics (GDR IM) 27.

Faithful Model Reduction of Discrete Biological Systems

Participants: Jérôme Feret, Albin Salazar.

In the last decades, logical or discrete models have emerged as a successful paradigm for capturing and predicting the behaviors of systems of molecular interactions. Intuitively, they consist in sampling the abundance of each kind of biochemical entity within finite sets of intervals and deriving transitions accordingly. On one hand, formallyproven sound derivation from more precise descriptions (such as from reaction networks) may include many fictitious behaviors. On the other hand, direct modeling usually favors dominant interactions with no guarantee on the behaviors that are neglected.

In his PhD 28 from which is also extracted the paper 15, Albin Salazar formalize a sound coarse-graining approach for stochastic reaction networks. Its originality relies on two main ingredients. Firstly, we abstract values by intervals that overlap in order to introduce a minimal effort for the system to go back to the previous interval, hence limiting fictitious oscillations in the coarse-grained models. Secondly, we compute for pairs of transitions (in the coarse-grained model) bounds on the probabilities on which one will occur first. We illustrate our ideas on two case studies and demonstrate how techniques from Abstract Interpretation can be used to design more precise discretization methods, while providing a framework to further investigate the underlying structure of logical and discrete models.

Modeling populations of hepatic stellar cells

Participants: Matthieu Bouguéon, Jérôme Feret, Anne Siegel, Nathalie Théret.

Hepatic fibrosis is an excessive response to cicatrisation that is induced by chronical lesions. It is characterised by an accumulation of the extracellular matrix, mainly made of collagene, which increases the rigidity of tissues and leads to severe liver disorders. The activation of hepatic stellar cells, induced by the TGF-$\beta$ growth factor is the main processus at the origin of hepatic fibrosis.

So as to study the dynamics of hepatic stellar cells during the development and the reversion of bibrosis, Matthieu Bouguéon has, in his PhD thesis 26, codirectied by Anne Siegel and Nathalie Théret, and comentored by Jérôme Feret, developped a multi-scale model integrating several states of the hepatic stellar cells and their production of collagene, under the influence of TGF-$\beta$1. This model is implemented in Kappa. Besides being the first multi-scale model in Kappa, this model captures the plasticity of stellar cells during the development and the reversion of fibrosis. The model predicts that the inactivation of fibrosis plays an essential role in the development of fibrosis. The model has been validated by new experiments in mouses and the predictions have been validated by RNAseq data in fibrotic patients.

Verifying Attention Robustness of Deep Neural Networks against Semantic Perturbations

Participants: Satoshi Munakata, Caterina Urban, Haruki Yokoyama, Koji Yamamoto, Kazuki Munakata.

  It is known that deep neural networks (DNNs) classify an input image by paying particular attention to certain specific pixels; a graphical representation of the magnitude of attention to each pixel is called a saliency-map. Saliency-maps are used to check the validity of the classification decision basis, e.g., it is not a valid basis for classification if a DNN pays more attention to the background rather than the subject of an image. Semantic perturbations can significantly change the saliency-map. In 20, we propose the first verification method for attention robustness, i.e., the local robustness of the changes in the saliency-map against combinations of semantic perturbations. Specifically, our method determines the range of the perturbation parameters (e.g., the brightness change) that maintains the difference between the actual saliency-map change and the expected saliency-map change below a given threshold value. Our method is based on activation region traversals, focusing on the outermost robust boundary for scalability on larger DNNs. Experimental results demonstrate that our method can show the extent to which DNNs can classify with the same basis regardless of semantic perturbations and report on performance and performance factors of activation region traversals.

Abstract Interpretation-Based Feature Importance for Support Vector Machines

Participants: Abhinandan Pal, Francesco Ranzato, Caterina Urban, Marco Zanella.

In 22 (accepted for publication at VMCAI 2024), we propose a symbolic representation for support vector machines (SVMs) by means of abstract interpretation, a well-known and successful technique for designing and implementing static program analyses. We leverage this abstraction in two ways: (1) to enhance the interpretability of SVMs by deriving a novel feature importance measure, called abstract feature importance (AFI), that does not depend in any way on a given dataset of the accuracy of the SVM and is very fast to compute, and (2) for verifying stability, notably individual fairness, of SVMs and producing concrete counterexamples when the verification fails. We implemented our approach and we empirically demonstrated its effectiveness on SVMs based on linear and nonlinear (polynomial and radial basis function) kernels. Our experimental results show that, independently of the accuracy of the SVM, our AFI measure correlates much more strongly with the stability of the SVM to feature perturbations than feature importance measures widely available in machine learning software such as permutation feature importance. It thus gives better insight into the trustworthiness of SVMs.

Static Analysis of Data Transformations in Jupyter Notebooks

Participants: Luca Negrini, Guruprerana Shabadi, Caterina Urban.

Jupyter notebooks used to pre-process and polish raw data for data science and machine learning processes are challenging to analyze. Their data-centric code manipulates dataframes through call to library functions with complex semantics, and the properties to track over it vary widely depending on the verification task. In 21 (published at SOAP 2023), we presents a novel abstract domain that simplifies writing analyses for such programs, by extracting a unique Control Flow Graph (CFG) from the notebook that contains all transformations applied to the data. Several properties can then be determined by analyzing such CFG, that is simpler than the original Python code. In the paper, we present a first use case that exploits our analysis to infer the required shape of the dataframes manipulated by the notebook.

A Product of Shape and Sequence Abstractions.

Participants: Josselin Giet, Félix Ridoux, Xavier Rival [correspondant].

Traditional separation logic-based shape analyses utilize in- ductive summarizing predicates so as to capture general properties of the layout of data-structures, to verify accurate manipulations of, e.g., various forms of lists or trees. However, they also usually abstract away contents properties, so that they may only verify memory safety and invariance of data-structure shapes. In this paper, we introduce a novel abstract domain to describe sequences of values of unbounded size, and track constraints on their length and on extremal values contained in them. We define a reduced product of such a sequence abstraction together with an existing shape abstraction so as to infer both shape and contents properties of data-structures. We report on the implementation of the sequence domain, its integration into a static analyzer for C code, and we evaluate its ability to verify partial functional correctness properties for list and tree algorithms.

This work has been accepted for publishation at SAS 2023 16.

Towards the verification of semantic assumptions required by probabilistic inference algorithms

Participants: Wonyeol Lee, Hangyeol Wu, Xavier Rival [correspondant], Hongseok Yang.

Probabilistic programming is the idea of writing models from statistics and machine learning using program notations and reasoning about these models using generic inference engines. Recently its combination with deep learning has been explored intensely, which led to the development of so called deep probabilistic programming languages, such as Pyro, Edward and ProbTorch. At the core of this development lie inference engines based on stochastic variational inference algorithms. When asked to find information about the posterior distribution of a model written in such a language, these algorithms convert this posterior-inference query into an optimisation problem and solve it approximately by a form of gradient ascent or descent. We analysed one of the most fundamental and versatile variational inference algorithms, called score estimator or REINFORCE, using tools from denotational semantics and program analysis. We formally expressed what this algorithm does on models denoted by programs, and exposed implicit assumptions made by the algorithm on the models. The violation of these assumptions may lead to an undefined optimisation objective or the loss of convergence guarantee of the optimisation process. We then describe rules for proving these assumptions, which can be automated by static program analyses. Some of our rules use nontrivial facts from continuous mathematics, and let us replace requirements about integrals in the assumptions, such as integrability of functions defined in terms of programs’ denotations, by conditions involving differentiation or boundedness, which are much easier to prove automatically (and manually). Following our general methodology, we have developed a static program analysis for the Pyro programming language that aims at discharging the assumption about what we call model-guide support match. Our analysis is applied to the eight representative model-guide pairs from the Pyro webpage, which include sophisticated neural network models such as AIR. It found a bug in one of these cases, and revealed a non-standard use of an inference engine in another, and showed that the assumptions are met in the remaining six cases.

Moreover, we have implemented an analysis for differentiability and other classes of smoothness properties. This analysis can be ran on regular Python programs or on Pyro programs, and verify the differentiability properties required for the sound definition of model guide pairs.,

The basis for this method has been published at POPL 2020 37.

Smoothness Analysis for Probabilistic Programs with Application to Optimised Variational Inference

Participants: Wonyeol Lee, Xavier Rival [correspondant], Hongseok Yang.

We proposed a static analysis for discovering differentiable or more generally smooth parts of a given probabilistic program, and showed how the analysis can be used to improve the pathwise gradient estimator, one of the most popular methods for posterior inference and model learning. Our improvement increases the scope of the estimator from differentiable models to non-differentiable ones without requiring manual intervention of the user; the improved estimator automatically identifies differentiable parts of a given probabilistic program using our static analysis, and applies the pathwise gradient estimator to the identified parts while using a more general but less efficient estimator, called score estimator, for the rest of the program. Our analysis has a surprisingly subtle soundness argument, partly due to the misbehaviours of some target smoothness properties when viewed from the perspective of program analysis designers. For instance, some smoothness properties, such as partial differentiability and partial continuity, are not preserved by function composition, and this makes it difficult to analyse sequential composition soundly without heavily sacrificing precision. We formulated five assumptions on a target smoothness property, prove the soundness of our analysis under those assumptions, and show that our leading examples satisfy these assumptions. We have also shown that by using information from our analysis instantiated for differentiability, our improved gradient estimator satisfies an important differentiability requirement and thus computes the correct estimate on average (i.e., returns an unbiased estimate) under a regularity condition. Our experiments with representative probabilistic programs in the Pyro language show that our static analysis is capable of identifying smooth parts of those programs accurately, and making our improved pathwise gradient estimator exploit all the opportunities for high performance in those programs.

This work has been accepted for publication at POPL 2023 10.

Sound Symbolic Execution via Abstract Interpretation and its Application to Security

Participants: Tamara Rezk, Xavier Rival [correspondant], Ignacio Tiraboschi.

Symbolic execution is a program analysis technique commonly utilized to determine whether programs violate properties and, in case violations are found, to generate inputs that can trigger them. Used in the context of security properties such as noninterference, symbolic execution is precise when looking for counter-example pairs of traces when insecure information flows are found, however it is sound only up to a bound thus it does not allow to prove the correctness of programs with executions beyond the given bound. By contrast, abstract interpretation-based static analysis guarantees soundness but generally lacks the ability to provide counter-example pairs of traces.

In this work, we propose to weave both to obtain the best of two worlds. We demonstrate this with a series of static analyses, including a static analysis called DSym aimed at verifying noninterference. DSym provides both semantically sound results and the ability to derive counter-example pairs of traces up to a bound. It relies on a combination of symbolic execution and abstract domains inspired by the well known notion of reduced product. We formalize DSym and prove its soundness as well as its relative precision up to a bound. We also provide a prototype implementation of DSym and evaluate it on a sample of challenging examples.

This work has been accepted for publication at VMCAI 2023 23.

Testing consensus implementations using communication closure

Participants: Cezara Drăgoi, Constantin Enea, Burcu Kulahcioglu Ozkan, Rupak Majumdar, Filip Niksic.

Large scale production distributed systems are difficult to design and test. Correctness must be ensured when processes run asynchronously, at arbitrary rates relative to each other, and in the presence of failures, e.g., process crashes or message losses. These conditions create a huge space of executions that is difficult to explore in a principled way. Current testing techniques focus on systematic or randomized exploration of all executions of an implementation while treating the implemented algorithms as black boxes. On the other hand, proofs of correctness of many of the underlying algorithms often exploit semantic properties that reduce reasoning about correctness to a subset of behaviors. For example, the communication-closure property, used in many proofs of distributed consensus algorithms, shows that every asynchronous execution of the algorithm is equivalent to a lossy synchronous execution, thus reducing the burden of proof to only that subset. In a lossy synchronous execution, processes execute in lock-step rounds, and messages are either received in the same round or lost forever—such executions form a small subset of all asynchronous ones.

In 36 we formulate the communication-closure hypothesis, which states that bugs in implementations of distributed consensus algorithms will already manifest in lossy synchronous executions and present a testing algorithm based on this hypothesis. We prioritize the search space based on a bound on the number of failures in the execution and the rate at which these failures are recovered. We show that a random testing algorithm based on sampling lossy synchronous executions can empirically find a number of bugs—including previously unknown ones—in production distributed systems such as Zookeeper, Cassandra, and Ratis, and also produce more understandable bug traces.

Geometric bounds for convergence rates of averaging algorithms

Participants: Bernadette Charron-Bost.

  We developed a generic method for bounding the convergence rate of an averaging algorithm running in a multi-agent system with a time-varying network, where the associated stochastic matrices have a time-independent Perron vector. This method provides bounds on convergence rates that unify and refine most of the previously known bounds. They depend on geometric parameters of the dynamic communication graph such as the normalized diameter or the bottleneck measure. As corollaries of these geometric bounds, we show that the convergence rate of the Metropolis algorithm in a system of n agents is less than $1-0.25n2$ with any communication graph that may vary in time, but is permanently connected and bidirectional. We prove a similar upper bound for the EqualNeighbor algorithm under the additional assumptions that the number of neighbors of each agent is constant and that the communication graph is not too irregular. Moreover our bounds offer improved convergence rates for several averaging algorithms and specific families of communication graphs. Finally we extend our methodology to a time-varying Perron vector and show how convergence times may dramatically degrade with even limited variations of Perron vectors.

Computing Outside the Box: Average Consensus over Dynamic Networks

Participants: Bernadette Charron-Bost, Patrick Lambein-Monette.

  Networked systems of autonomous agents, and applications thereof, often rely on the control primitive of average consensus, where the agents are to compute the average of private initial values. To provide reliable services that are easy to deploy, average consensus should continue to operate when the network is subject to frequent and unpredictable change, and should mobilize few computational resources, so that deterministic, low powered, and anonymous agents can partake in the network. In this stringent adversarial context, we investigated the implementation of average consensus by distributed algorithms over networks with bidirectional, but potentially short-lived, communication links. Inspired by convex recurrence rules for multi-agent systems, and the Metropolis average consensus rule in particular, we designed a deterministic distributed algorithm that achieves asymptotic average consensus, which we show to operate in polynomial time in a synchronous temporal model. The algorithm is easy to implement, has low space and computational complexity, and is fully distributed, requiring neither symmetry-breaking devices like unique identifiers, nor global control or knowledge of the network. In the fully decentralized model that we adopt, to our knowledge, no other distributed average consensus algorithm has a better temporal complexity. Our approach distinguishes itself from classical convex recurrence rules in that the agent’s values may sometimes leave their previous convex hull. As a consequence, our convergence bound requires a subtle analysis, despite the syntactic simplicity of our algorithm.

A Kappa model for hepatic stellate cells activation by TGFB1

Participants: Matthieu Bougéon, Pierre Boutillier, Jérôme Feret, Octave Hazard, Nathalie Théret.

We model as a realistic case study, a population of hepatic stellate cells under the effect of the TGFB1 protein. In this case study, the components will be occurrences of hepatic stellate cells in different states, and occurrences of the protein TGFB1. The protein TGFB1 induces different behaviors of hepatic stellate cells thereby contributing either to tissue repair or to fibrosis. Better understanding the overall behavior of the mechanisms that are involved in these processes is a key issue to identify markers and therapeutic targets likely to promote the resolution of fibrosis at the expense of its progression.

Static analysis for rule-based models

Participants: Jérôme Feret.

In the context biochemical systems, in the first steps of modeling, static analysis helps the modeler by warning about potential issues in the model. Then it provides useful properties to check that what is implemented is what the modeler has in mind and to provide a quick overview of the model for the people who have not written it. We recall the basic ingredients of the language Kappa and we explain how local patterns can be used as a cornerstone to build extensible static analyses.

Rate Equations for Graphs

Participants: Vincent Danos, Tobias Heindel, Ricardo Honorato-Zimmer, Sandro Stucki.

We combine ideas from: 1) graph transformation systems (GTSs) stemming from the theory of formal languages and concurrency, and 2) mean field approximations (MFAs), a collection of approximation techniques ubiquitous in the study of complex dynamics to build a framework which generates rate equations for stochastic GTSs and from which one can derive MFAs of any order (no longer limited to the humanly computable). The procedure for deriving rate equations and their approximations can be automated. An implementation and example models are available online. We apply our techniques and tools to derive an expression for the mean velocity of a two-legged walker protein on DNA.

9.1.1 Disco project with Tezos

Participants: Bernadette Charron-Bost, Cezara Drăgoi, Jérôme Feret, Xavier Rival.

• Title: DISCO: Synchronous Abstractions for Blockchain Infrastructures
• Type: Research contracts funded by Tezos
• Duration: September 2020 - September 2023
• Inria contact: Xavier Rival, Jérôme Feret

• Abstract: The literature in distributed computing distinguishes two main classes of computational models: asynchronous models have better performance, whereas synchronous models provide stronger formal guarantees. Implementations of distributed systems must operate in asynchronous models of computation, where performance emerges from the load of the system. The correctness of asynchronous protocols is very hard to prove, due to the challenges of concurrency, faults, buffered message queues, and message loss, altering, and re-ordering by the network. In contrast, synchronous models are based on (communication- closed) rounds, and this structure greatly facilitates verification. There are no interleavings, and the cumulative size of reception buffers is bounded by the number of processes in the network.

  The goal of this project is to increase the confidence we have in blockchain systems. We propose to: (1) define a synchronous computational model for blockchain algorithms and build a domain-specific language appropriate for this synchronous computational model, (2) equip the domain-specific language with support for mechanized formal verification with a high degree of automation, and (3) prototypically implement a dedicated runtime for efficiently executing, within an asynchronous context, algorithms defined for a synchronous models, together with a formal correctness proof that certifies the correctness of the synchronous abstraction with respect to the asynchronous runtime.

10.1.1 Associate Teams in the framework of an Inria International Lab or in the framework of an Inria International Program

• AISAPPL (Abstract Interpretation-based Static Analysis of Probabilistic Programming Languages), 2023–2025

  Xavier Rival (INRIA Antique), Hongseok Yang (KAIST, South Korea)

  The purpose of this associated team is to formalize conditions ensuring the well-definedness of the semantics of probabilistic programs, and to investigate the application of static analysis techniques in order to guarantee these conditions hold. It mainly targets the Pyro probabilistic programming language (an overlay of Python, initially developped at Uber AI), but it studies concepts that are of general interest in probabilistic programming.

10.2.1 Visits of international scientists

10.2.2 Visits to international teams

10.3.1 DCore

Participants: Jérôme Feret, Gregor Gössler, Jean Krivine, Ivan Lanese, Claudio Antares Mezzina, Davide Sangiorgi, Jean-Bernard Stefani, German Vidál, Gianluigi Zavattaro.

• Title: DCore - Causal Debugging for Concurrent Systems
• Type: ANR générique 2018
• Defi: Société de l'information et de la communication
• Instrument: ANR grant
• Duration: March 2019 - February 2023
• Coordinator: INRIA Grenoble - Rhône-Alpes (France)
• Others partners: IRIF (France), Inria Paris (France)
• Inria contact: Jérôme Feret

• Abstract: As software takes over more and more functionalities in embedded and safety-critical systems, bugs may endanger the safety of human beings and of the environment, or entail heavy financial losses. In spite of the development of verification and testing techniques, debugging still plays a crucial part in the arsenal of the software developer. Unfortunately, usual debugging techniques do not scale to large concurrent and distributed systems: they fail to provide precise and efficient means to inspect and analyze large concurrent executions; they do not provide means to automatically reveal software faults that constitute actual causes for errors; and they do not provide succinct and relevant explanations linking causes (software bugs) to their effects (errors observed during execution).

  The overall objective of the project is to develop a semantically well-founded, novel form of concurrent debugging, which we call "causal debugging”, that aims to alleviate the deficiencies of current debugging techniques for large concurrent software systems.

  Briefly, the causal debugging technology developed by the DCore project will comprise and integrate two main novel engines:

  1. A reversible execution engine that allows programmers to backtrack and replay a concurrent or distributed program execution, in a way that is both precise and efficient (only the exact threads involved by a return to a target anterior or posterior program state are impacted);
  2. a causal analysis engine that allows programmers to analyze concurrent executions, by asking questions of the form "what caused the violation of this program property?”, and that allows for the precise and efficient investigation of past and potential program executions.

  The project will build its causal debugging technology on results obtained by members of the team, as part of the past ANR project REVER, on the causal semantics of concurrent languages, and the semantics of concurrent reversible languages, as well as on recent works by members of the project on abstract interpretation, causal explanations and counterfactual causal analysis.

  The project primarily targets multithreaded, multicore and multiprocessor software systems, and functional software errors, that is errors that arise in concurrent executions because of faults (bugs) in software that prevents it to meet its intended function. Distributed systems, which can be impacted by network failures and remote site failures are not an immediate target for DCore, although the technology developed by the project should constitute an important contribution towards full-fledged distributed debugging. Likewise, we do not target performance or security errors, which come with specific issues and require different levels of instrumentation, although the DCore technology should prove a key contribution in these areas as well.

10.3.2 SAFTA

• Title: SAFTA Static Analysis for Fault-Tolerant distributed Algorithms.
• Type: ANR JCJC 2018
• Duration: February 2018 - August 2023
• Coordinator: Cezara Drăgoi, CR Inria
• Abstract: Fault-tolerant distributed data structures are at the core distributed systems. Due to the multiple sources of non-determinism, their development is challenging. The project aims to increase the confidence we have in distributed implementations of data structures. We think that the difficulty does not only come from the algorithms but from the way we think about distributed systems. In this project we investigate partially synchronous communication-closed round based programming abstractions that reduce the number of interleavings, simplifying the reasoning about distributed systems and their proof arguments. We use partial synchrony to define reduction theorems from asynchronous semantics to partially synchronous ones, enabling the transfer of proofs from the synchronous world to the asynchronous one. Moreover, we define a domain specific language, that allows the programmer to focus on the algorithm task, it compiles into efficient asynchronous code, and it is equipped with automated verification engines.

10.3.3 ANR VeriAMOS

• Title: Verification of Abstract Machines for Operating Systems
• Type: ANR générique 2018
• Defi: Société de l'information et de la communication
• Instrument: ANR grant
• Duration: January 2019 - July 2024
• Coordinator: INRIA Paris (France)
• Others partners: LIP6 (France), IRISA (France), UGA (France)
• Inria contact: Xavier Rival
• Abstract: Operating System (OS) programming is notoriously difficult and error prone. Moreover, OS bugs can have a serious impact on the functioning of computer systems. Yet, the verification of OSes is still mostly an open problem, and has only been done using user-assisted approaches that require a huge amount of human intervention. The VeriAMOS proposal relies on a novel approach to automatically and fully verifying OS services, that combines Domain Specific Languages (DSLs) and automatic static analysis. In this approach, DSLs provide language abstraction and let users express complex policies in high-level simple code. This code is later compiled into low level C code, to be executed on an abstract machine. Last, the automatic static analysis verifies structural and robustness properties on the abstract machine and generated code. We will apply this approach to the automatic, full verification of input/output schedulers for modern supports like SSDs.

10.3.4 ANR EMASS

• Title: Analyse Mémoire Efficace de Logiciel Système
• Type: ANR appel 2022
• Defi: CE39 - Sécurité globale, résilience et gestion de crise, cybersécurité
• Instrument: ANR grant
• Duration: 2023 - 2027
• Coordinator: CEA Saclay
• Others partners: INRIA (France), Thalés (France)
• Inria contact: Xavier Rival
• Abstract: The goal of this project is to develop and integrate static analysis techniques that target memory properties for low level code (such as operating system code), in order both to establish safety and security properties. As part of this project, antique is carrying out research on the analysis of programs using complex data-structures.

10.3.5 PEPR SecurEval

• Title: SecurEval, Improving Digital Systems Security Evaluation
• Type: PEPR
• Defi: PEPR Cybersécurité
• Instrument: PEPR
• Duration: 2022 - 2028
• Coordinator: CEA Saclay
• partners: CNRS, INRIA, CEA, INP Grenoble, Supelec, UGA, Université Paris Saclay, Université Sorbonne nouvelle
• Inria contact: Xavier Rival and Jérôme Feret
• Abstract: This project targets methods to improve the security of software, using programming languages techniques (static analysis, testing, programming languages). It gathers a large number of academic partners (CNRS, INRIA, CEA, INP Grenoble, Supelec, UGA, Université Paris Saclay, Université Sorbonne nouvelle). As part of this project, antique is investigating static analysis techniques for the verification of safety and security proeprties.

10.3.6 PEPR SAIF

• Title: PEPR SAIF
• Type: PEPR
• Defi: PEPR IA
• Instrument: PEPR
• Duration: 2022 - 2028
• Coordinator: CEA Saclay
• partners: INRIA Paris (project team antique), INRIA Saclay (project team TAU), and INRIA Rennes (project team SuMo), Université Paris-Saclay (Formal Methods Laboratory, LMF), École Polytechnique (Computer Science Laboratory, LIX), CEA-List (Software Safety &Security Lab, LSL), and Université de Bordeaux (Bordeaux Computer Science Laboratory)
• Inria contact: Caterina Urban

• Abstract: SAIF is a project led by Caterina Urban within the PEPR IA. The consortium includes INRIA Paris (project team antique), INRIA Saclay (project team TAU), and INRIA Rennes (project team SuMo), as well as Université Paris-Saclay (Formal Methods Laboratory, LMF), École Polytechnique (Computer Science Laboratory, LIX), CEA-List (Software Safety &Security Lab, LSL), and Université de Bordeaux (Bordeaux Computer Science Laboratory).

  The overall goal of SAIF is to use the vast knowledge accumulated over decades in formal methods to rethink them and address the novel safety concerns raised by machine learning-based systems.

10.3.7 INRIA Challenge SPAI

(Security Program Analyses for IoT), 2019–2023

Coordinated by Tamara Rezk (INDES), and with Daniel Le Métayer (PRIVATICS) Xavier Rival (ANTIQUE) Manuel Serrano (INDES) Alan Schmitt (EPICURE) Robert de Simone (KAIROS)

This project aims at developing programming languages techniques to reason over security properties of Internet of Things devices, where several clients, servers, and devices may communicate, and where devices may either act upon or observe the physical world, hereby contributing to information flows. The project already led to the design of not only a programming language able to describe such systems but also of verification techniques for security.

11.1.1 Scientific events: organisation

11.1.2 Scientific events: selection

11.1.3 Journal

11.1.4 Invited talks

• Caterina Urban will give an invited talk at the 17th International Scientific Conference on Informatics (Informatics 2024).
• Caterina Urban will give an invited talk at the 29th Journées Formalisation des Activités Concurrentes (FAC 2024).
• Caterina Urban will give an invited talk at Quarkslab, Paris.
• Caterina Urban gave an invited talk at the International Symposium on Model Checking of Software (SPIN 2023).
• Caterina Urban gave an invited talk at CEA-List, Palaiseau.
• Caterina Urban gave an invited talk at the Séminaire IRILL of the Center for Research and Innovation on Free Software.
• Xavier Rival gaven an invited talk at the Seminar of the University of Edinburgh.

11.1.5 Leadership within the scientific community

Xavier Rival is a member of the IFIP Working Group 2.4 on Software Implementation Technologies.

11.1.6 Scientific expertise

• Caterina Urban is a member of the Scientific Advisory Board of the Laboratoire Méthodes Formelles (LMF) de l’Université Paris-Saclay.
• Caterina Urban served as a member of the Assessment Committee for Associate Professor in Systems and Software Engineering at the University of Copenhagen.

11.1.7 Research administration

• Jérôme Feret is a Member of the Laboratory Council of the Department of Computer Science of École normale supérieure.
• Jérôme Feret is a Member of the PhD Review Committee (CSD) of Inria Paris.
• Jérôme Feret is Dean of Study of the Department of Computer Science of École normale supérieure.
• Xavier Rival is a Member of the Laboratory Council of the Department of Computer Science of École normale supérieure.
• Xavier Rival is a Member of the Evaluation Committee of INRIA.

11.2.1 Teaching

• Licence:
  • Jérôme Feret and Xavier Rival (lectures), and Josselin Giet (tutorials), “Semantics and Application to Verification”, 36h, L3, at École Normale Supérieure, France.
• Master:
  • Bernadette Charron-Bost, ”Calculability in multi-agent networks”, 24h, M2, Parisian Master of Research in Computer Science (MPRI), France.
  • Bernadette Charron-Bost, ”Consensus problems”, 24h, M1 Ecole Polytechnique Master
  • Jérôme Feret, Antoine Miné, Xavier Rival, and Caterina Urban, “Abstract Interpretation: application to verification and static analysis”, 72h, M2. Parisian Master of Research in Computer Science (MPRI), France.
  • Jérôme Feret and François Fages, “Biochemical Programming”, 24h, M2. Parisian Master of Research in Computer Science (MPRI), France.
  • Jérôme Feret, Jean Krivine, Sébastien Légaré, and Matthieu Bouguéon. "Rule-based Modelling", 24h, M1. Interdisciplinary Approaches to Life Science (AIV), Master Program, Université Paris-Descartes, France.
  • Xavier Rival gave a lecture on Formal Methods for Systems Security at the EXED.
• PhD::
  • Jérôme Feret, "Analyse statique et réduction de modèles de voies de signalisation intracellulaire", 6h, PhD School of the CNRS Informatics (EJCIM 2023) - Mathematics research group (GDR IM), Poitier, France.

11.2.2 Supervision

• Internship: Bernadette Charron-Bost and Jérôme Feret surpervised the research project of Sylvain Gay (4rd year student at ENS) and Vincent Peth (2nd year student at ENS). Fibration in graphs and application to modular proofs of distributed algorithms.
• Internship: Caterina Urban supervised the M2 ENS Rennes internship of Naïm Moussaoui-Remil, from March 2023 to August 2023, on “Static Analyses for Robust (Un)reachability”.
• Internship: Caterina Urban supervised the Master internship of Kevin Pinochet (University of Chile), from January 2023 to April 2024, on “Input Data Usage Analyses for Jupyter Notebooks”.
• Internship: Caterina Urban supervised the Bachelor internship of Abhinandan Pal (IIT Kalyani), from November 2022 to January 2023, on “Attention Robustness Static Analysis”.
• Internship: Xavier Rival supervised the Master Internship of Charles De Haro from March 2023 till August 2023 on the static analysis based inference for smoothness properties (Paris MPRI Master)
• PhD in progress: Jérôme Boillot, Static Analysis of the setting of expanded memory in a dedicated operating system, started in 2022 and supervised by Jérôme Feret.
• PhD in progress: Aurélie Kong Win Chang, Abstractions for causal analysis and explanations in concurrent programs, started in 2021 and supervised by Gregor Gössler (INRIA Grenoble - Rhône Alpes, Project team Spades) and Jérôme Feret.
• PhD in progress: Naïm Moussaoui-Remil, Static Analyses for Robust (Un)reachability, started in 2023 and supervised by
• Phd in progress: Serge Durand, Formal Specification of Machine Learning Algorithms, started in 2021 and supervised by Zakaria Chihani (CEA/List) and Caterina Urban.
• Phd in progress: Denis Mazzucato, Static Analysis by Abstract Interpretation of Quantitative Extensional Program Properties, started in 2020 and supervised by Caterina Urban.
• PhD in progress: Valentin Barbazo, Static analysis of parallel programs operating over unbounded dynamic data-structures, started in 2023, and supervised by Xavier Rival.
• PhD in progress: Josselin Giet, Static Analysis of components of operating systems by abstract interpretation, started in 2020 and supervised by Xavier Rival.
• PhD in progress: Ignacio Tiraboschi, Static analysis of security properties for IoT systems, started in 2020 and co-supervised by Tamara Rezk (EP Indes) and Xavier Rival.
• PhD defended: Albin Salazar, Formal derivation of discrete models with separated time-scales, started in 2019 and supervised by Jérôme Feret.
• PhD defended: Matthieu Bouguéon, Modélisation de la dynamique des cellules étoilées hépatiques durant le developpement et la réversion de la fibrose, started in 2020 and supervised by Nathalie Théret and Anne Siegel, and mentored by Jérôme Feret.

11.2.3 Juries

• Bernadette Charron-Bost served as a jury member for the Habilitation Thesis Committee of Jérôme Feret (ENS).
• Jérôme Feret served as a member of the Review Committee for the PhD of Giann Karlo Aguirre Samboni at École normale supérieure of Paris-Saclay (Defense: December 2023).
• Caterina Urban will serve as a Jury member for the defense of the PhD of Olivier Martinot (Université Paris Cité, Defense: May or June 2023).
• Xavier Rival served as reviewer and president for the Habilitation Thesis Committee of Arthur Charguéraud (University of Strasbourg).
• Xavier Rival served as a reviewer and jury member for the PhD of Santiago-Sara Bautista (Université of Rennes I).
• Xavier Rival served as a jury member for the Habilitation Thesis Committee of Jérôme Feret (ENS).

11.3.1 Internal or external Inria responsibilities

• Jérôme Feret served in the “admissibility” jury for INRIA researcher positions (CRCN) for the center of “Paris” in 2023.
• Jérôme Feret served in the “admissibility” jury for INRIA researcher positions (CRCN) for the center of “Paris-Saclay” in 2023.
• Jérôme Feret is a Member of the PhD Review Committee (CSD) of Inria Paris.
• Jérôme Feret is head of study of the department of computer science of École normale supérieure.
• Jérôme Feret is member of the laboratory board of the department of computer sciences of École normale supérieure.

11.3.2 Interventions

• Jérôme Feret hosted eight fourteen years old students during three hours within the Antique team.

International journals

• 10 articleW.Wonyeol Lee, X.Xavier Rival and H.Hongseok Yang. Smoothness Analysis for Probabilistic Programs with Application to Optimised Variational Inference.Proceedings of the ACM on Programming Languages7January 2023, 335 - 366HALDOIback to text
• 11 articleL.Louis Penet de Monterno, B.Bernadette Charron-Bost and S.Stephan Merz. Synchronization modulo P in dynamic networks.Theoretical Computer Science942January 2023, 200-212HALDOI

International peer-reviewed conferences

• 12 inproceedingsJ.Jérôme Boillot and J.Jérôme Feret. Symbolic transformation of expressions in modular arithmetic.Static Analysis: 30th International Symposium, SAS 2023Static Analysis: 30th International Symposium, SAS 2023Static Analysis: 30th International Symposium, SAS 2023Cascais, PortugalOctober 2023HALback to text
• 13 inproceedingsM.Marco Campion, C.Caterina Urban, M. D.Mila Dalla Preda and R.Roberto Giacobazzi. A Formal Framework to Measure the Incompleteness of Abstract Interpretations.30th International Static Analysis Symposium (SAS 2023)30th International Static Analysis Symposium (SAS 2023)30th International Static Analysis Symposium (SAS 2023)Cascais, PortugalOctober 2023HALback to text
• 14 inproceedingsB.Bernadette Charron-Bost and L.Louis Penet de Monterno. Self-Stabilizing Clock Synchronization in Probabilistic Networks.DISC 2023 - 37th International Symposium on Distributed Computing281L'Aquila, Italie, ItalySchloss Dagstuhl - Leibniz-Zentrum für Informatik2023, 12:1--12:18HALDOI
• 15 inproceedingsJ.Jérôme Feret and A.Albin Salazar. A generic framework to coarse-grain stochastic reaction networks by Abstract Interpretation.VMCAI 2023 - 24th International Conference on Verification, Model Checking and Abstract InterpretationBoston, United StatesJanuary 2023HALback to text
• 16 inproceedingsJ.Josselin Giet, F.Félix Ridoux and X.Xavier Rival. A Product of Shape and Sequence Abstractions.Static AnalysisStatic Analysis: 30th International Symposium, SAS 2023Static Analysis: 30th International Symposium, SAS 2023Cascais, PortugalOctober 2023HALback to text
• 17 inproceedingsS.-Y.Shin-Ya Katsumata, X.Xavier Rival and J.Jérémy Dubut. A Categorical Framework for Program Semantics and Semantic Abstraction.MFPS 2023 - Mathematical Foundations of Program SemanticsBloomington, United StatesSeptember 2023HALback to text
• 18 inproceedingsA.Aurélie Kong Win Chang, J.Jerome Feret and G.Gregor Gössler. A Semantics of Core Erlang with Handling of Signals.ACM Digital LibraryErlang 2023 - 22nd ACM SIGPLAN International Workshop on ErlangSeattle WA, United StatesACM2023, 31-38HALDOIback to text
• 19 inproceedingsB.Baptiste Lepers, J.Josselin Giet, J.Julia Lawall and W.Willy Zwaenepoel. OFence: Pairing Barriers to Find Concurrency Bugs in the Linux Kernel.EuroSys 2023 : Eighteenth European Conference on Computer SystemsRome, ItalyACMMay 2023, 33-45HALDOI
• 20 inproceedingsS.Satoshi Munakata, C.Caterina Urban, H.Haruki Yokoyama, K.Koji Yamamoto and K.Kazuki Munakata. Verifying Attention Robustness of Deep Neural Networks Against Semantic Perturbations.15th International Symposium on NASA Formal Methods (NFM 2023)13903Lecture Notes in Computer ScienceHouston (TX), United StatesSpringer Nature SwitzerlandJune 2023, 37-61HALDOIback to text
• 21 inproceedingsL.Luca Negrini, G.Guruprerana Shabadi and C.Caterina Urban. Static Analysis of Data Transformations in Jupyter Notebooks.12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 2023)12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 2023)Orlando FL, United StatesACMJune 2023, 8-13HALDOIback to text
• 22 inproceedingsA.Abhinandan Pal, F.Francesco Ranzato, C.Caterina Urban and M.Marco Zanella. Abstract Interpretation-Based Feature Importance for Support Vector Machines.25th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI 2024)14499Lecture Notes in Computer ScienceLondon, United KingdomSpringer Nature SwitzerlandDecember 2024, 27-49HALDOIback to text
• 23 inproceedingsI.Ignacio Tiraboschi, T.Tamara Rezk and X.Xavier Rival. Sound Symbolic Execution via Abstract Interpretation and its Application to Security.Lecture Notes in Computer ScienceVMCAI 2023 - 24th International Conference on Verification, Model Checking, and Abstract Interpretation13881Verification, Model Checking, and Abstract Interpretation 24th International Conference, VMCAI 2023, Boston, MA, USA, January 16–17, 2023, ProceedingBoston, MA, United StatesSpringer Nature SwitzerlandJanuary 2023, 267-295HALDOIback to text

Scientific book chapters

• 24 inbookJ.Jérôme Feret. Analyse statique et réduction de modèles de voies de signalisation intracellulaire.Informatique Mathématique Une photographie en 2023CNRSJune 2023, 67HALback to textback to text
• 25 inbookC.Caterina Urban. Static Analysis for Data Scientists.238Challenges of Software VerificationIntelligent Systems Reference LibrarySpringer Nature SingaporeJuly 2023, 77-91HALDOI

Doctoral dissertations and habilitation theses

• 26 thesisM.Matthieu Bouguéon. Kappa modeling of hepatic stellate cell dynamics during fibrosis development and reversion.Université de Rennes (2023-....)December 2023HALback to text
• 27 thesisJ.Jérôme Feret. Analyse statique et réduction de modèles pour un langage de réécriture de graphes à sites.ENS-PSLDecember 2023HALback to text
• 28 thesisA.Albin Salazar. Faithful model reduction of discrete biological systems.ENS ParisNovember 2023HALback to text

Reports & preprints

• 29 reportF.Frédéric Blanqui, A.Anne Canteaut, H.Hidde de Jong, S.Sébastien Imperiale, N.Nathalie Mitton, G.Guillaume Pallez, X.Xavier Pennec, X.Xavier Rival and B.Bertrand Thirion. Recommandations sur les « éditeurs de la zone grise ».InriaJanuary 2023, 1-3HAL
• 30 reportF.Frédéric Blanqui, A.Anne Canteaut, H. D.Hidde De Jong, S.Sébastien Imperiale, N.Nathalie Mitton, G.Guillaume Pallez, X.Xavier Pennec, X.Xavier Rival and B.Bertrand Thirion. Recommendations on "Grey-Zone Publishers": Recommendations from the Inria Evaluation Committee, translated from https://hal.inria.fr/hal-04001505.InriaJanuary 2023, 1-3HAL
• 31 reportA.Anne Canteaut, M.Manuel Serrano, C.Céline Grandmont, G.Guillaume Pallez, V.Vincent Perrier, X.Xavier Rival and E.Emmanuel Thomé. Bilan de la mandature 2019-2023 de la Commission d'Évaluation Inria.InriaAugust 2023HAL
• 32 miscB.Bernadette Charron-Bost and P.Patrick Lambein-Monette. Know your audience: Communication model and computability in anonymous networks.December 2023HAL
• 33 miscD.Denis Mazzucato, M.Marco Campion and C.Caterina Urban. Quantitative Input Usage Static Analysis.December 2023HAL