- Computer Science, Software Engineering, Theoretical Computer Science, Logic And Foundations Of Mathematics, Computer Security, Automata Theory (Formal Languages), and 25 moreQuantum Physics, Mathematics, Programming Language Semantics, Formal methods, Computability Theory, Formal Verification, Linux Kernel, Linux Open Source System, Parsing, Linux Device Drvers, Decompilation, Information Security, Cyber Security, Computer Security And Reliability, Static Analysis, Functional Programming, Open Source and Free Software Studies, Formal Methods (Formal Verification), Software Verification and Validation, Verification (Computer Science), Hardware Description Languages, Logic Programming, Open Source Software, Compilers, and Verification and Validationedit
- I'm a mathematician, engineer and computer scientist and these pages collect together some of my papers and ongoing p... moreI'm a mathematician, engineer and computer scientist and these pages collect together some of my papers and ongoing projects. Current work is focused around encrypted computing and formal methods in software engineering. You may want to check out my page at https://www.researchgate.net/profile/Peter_Breuer3 and my CS blog at ptbcs.blogspot.com.es .edit
When the patterns of bits that represent numbers in a computer are different from standard and many different patterns are used for the same number, then an observer sees what is called `homomorphically encrypted computing': addition and... more
When the patterns of bits that represent numbers in a computer are different from standard and many different patterns are used for the same number, then an observer sees what is called `homomorphically encrypted computing': addition and multiplication and other operations satisfy the same alegbraic laws as always, but the inputs to and outputs from each operation are not recognizable.
However, the output from `x/x' is nearly always `1' and thus a hacker with access to the hardware can blindly fabricate a bit pattern that means `1', then a bit pattern that means `2' from `1+1', and so on, eventually constructing a complete code book. That raises the question of whether division is safe to use in this context.
This research note formalizes the question as follows: can a known constant can be obtained from a formula that contains only operators and variables, as in `x/x'? The answer is that division on 32-bit integers as standardly formulated is not safe in this sense but it can be lightly modified to make it so.
However, the output from `x/x' is nearly always `1' and thus a hacker with access to the hardware can blindly fabricate a bit pattern that means `1', then a bit pattern that means `2' from `1+1', and so on, eventually constructing a complete code book. That raises the question of whether division is safe to use in this context.
This research note formalizes the question as follows: can a known constant can be obtained from a formula that contains only operators and variables, as in `x/x'? The answer is that division on 32-bit integers as standardly formulated is not safe in this sense but it can be lightly modified to make it so.
Research Interests:
Because it is so unusual, or hard to find, a truly tiny 8- or 12-bit block AES (Rijndael) cipher is described for posterity here, along with its Java source code.
Research Interests:
Research Interests:
Homomorphic encryptions preserve addition, so why doesn't an attacker take any old random encrypted value x and subtract x-x in the encryption, getting out a known bona fide encryption of 0?
Research Interests:
"How to guarantee that the same memory location is read as written, when we're running in an environment where memory-aliasing has an influential effect?
One answer is: use static typing. Pay the static analysts for protection!"
One answer is: use static typing. Pay the static analysts for protection!"
Research Interests:
The result in the Correctness of a Secret Computer paper needs a fix.
Research Interests:
Is the less than operator dangerous to security in a homomorphic encryption context? The real difference between a KPU (see publications on `crypto-processor') and what we could think of as `classical' homomorphic encryption is that a... more
Is the less than operator dangerous to security in a homomorphic encryption context?
The real difference between a KPU (see publications on `crypto-processor') and what we could think of as `classical' homomorphic encryption is that a KPU can do arbitrary recursive functions (`anything computable') under the encryption, while classically we can do just primitive recursive functions (`fixed formulas in +,*, and other primitives').
The real difference between a KPU (see publications on `crypto-processor') and what we could think of as `classical' homomorphic encryption is that a KPU can do arbitrary recursive functions (`anything computable') under the encryption, while classically we can do just primitive recursive functions (`fixed formulas in +,*, and other primitives').
Research Interests:
"For humans - what is Gentry's encoding of one bit (zero or one) in a `fully homomorphic encryption scheme'? I'm going to think here about implementations that make sense in the context of standard PC-like hardware, with 32-bit... more
"For humans - what is Gentry's encoding of one bit (zero or one) in a `fully homomorphic encryption scheme'?
I'm going to think here about implementations that make sense in the context of standard PC-like hardware, with 32-bit registers and arithmetic.
"
I'm going to think here about implementations that make sense in the context of standard PC-like hardware, with 32-bit registers and arithmetic.
"
Research Interests:
"The motivation for this little proof is wondering whether there is some bounded computation a script kiddie can do in a KPU (see publications on `crypto-processor') in order to get a known constant output, modulo encryption. That's ``a... more
"The motivation for this little proof is wondering whether there is some bounded computation a script kiddie can do in a KPU (see publications on `crypto-processor') in order to get a known constant output, modulo encryption. That's ``a formula" to you and me!"
Research Interests:
Research Interests:
Google, Inc. (search). ...
Research Interests:
Research Interests:
Hardware aliasing occurs when the same logical address can access different physical memory locations. This is a problem for software on some embedded systems and more generally when hardware becomes faulty in irretrievable locations,... more
Hardware aliasing occurs when the same logical address can access different physical memory locations. This is a problem for software on some embedded systems and more generally when hardware becomes faulty in irretrievable locations, such as on a Mars Lander. We show how to work around the hardware problem with software logic, compiling code so it works on any platform with hardware aliasing with hidden determinism. That means: (i) a copy of an address accesses the same location, and (ii) repeating an address calculation exactly will repeat the same access again. Stuck bits can mean that even adding zero to an address can make a difference in that environment so nothing but a systematic approach could work.
Research Interests:
Research Interests:
Security with respect to the operator as an adversary is considered for processors supporting unbounded general purpose homomorphic encrypted computation. An efficient machine code architecture is defined for those platforms and it is... more
Security with respect to the operator as an adversary is considered for processors supporting unbounded general purpose homomorphic encrypted computation. An efficient machine code architecture is defined for those platforms and it is proved that user programs expressed in it are cryptographically obfuscated, guaranteeing privacy though they, their traces and (encrypted) data are visible to the operator. It is proved that encrypted user data cannot be deciphered by the operator, nor may programs be altered to give an intended result. A compiler is defined and it is proved that any recompilation produces uniformly distributed random variations in runtime data, supporting cryptographic obfuscation.
Research Interests:
Over the past few years we have articulated theory that describes ‘encrypted computing’, in which data remains in encrypted form while being worked on inside a processor, by virtue of a modified arithmetic. The last two years have seen... more
Over the past few years we have articulated theory that describes ‘encrypted computing’, in which data remains in encrypted form while being worked on inside a processor, by virtue of a modified arithmetic. The last two years have seen research and development on a standards-compliant processor that shows that near-conventional speeds are attainable via this approach. Benchmark performance with the US AES-128 flagship encryption and a 1GHz clock is now equivalent to a 433MHz classic Pentium, and most block encryptions fit in AES's place. This summary article details how user data is protected by a system based on the processor from being read or interfered with by the computer operator, for those computing paradigms that entail trust in data-oriented computation in remote locations where it may be accessible to powerful and dishonest insiders. We combine: (i) the processor that runs encrypted; (ii) a slightly modified conventional machine code instruction set architecture with w...
Research Interests:
We ask whether two or more images of arithmetic may inhabit the same space via different encodings. The answers have significance for a class of processor design that does all its computation in an encrypted form, without ever performing... more
We ask whether two or more images of arithmetic may inhabit the same space via different encodings. The answers have significance for a class of processor design that does all its computation in an encrypted form, without ever performing any decryption or encryption itself. Against the possibility of algebraic attacks against the arithmetic in a ‘crypto-processor’ (KPU) we propose a defence called ‘ABC encryption’ and show how this kind of encryption makes it impossible for observations of the arithmetic to be used by an attacker to discover the actual values. We also show how to construct such encrypted arithmetics.
Hardware aliasing occurs when the same logical address can access different physical memory locations. This is a problem for software on some embedded systems and more generally when hardware becomes faulty in irretrievable locations,... more
Hardware aliasing occurs when the same logical address can access different physical memory locations. This is a problem for software on some embedded systems and more generally when hardware becomes faulty in irretrievable locations, such as on a Mars Lander. We show how to work around the hardware problem with software logic, compiling code so it works on any platform with hardware aliasing with hidden determinism. That is: (i) a copy of an address accesses the same location, and (ii) repeating an address calculation exactly will repeat the same access again. Stuck bits can mean that even adding zero to an address can make a difference in that environment so nothing but a systematic approach has a chance of working. The technique is extended to generate aliasing as well as compensate for it, in so-called chaotic compilation, and a sketch proof is included to show it may produce object code that is secure against discovery of the programmer's intention. A prototype compiler imp...
Research Interests:
Research Interests:
Research Interests:
Research Interests:
This paper presents a concrete grammar for Z, based on the BNF-like syntax description in the Z Reference Manual. The grammar will immediately generate ANSI C code for a parser using the public domain compiler-compiler PRECC, and has... more
This paper presents a concrete grammar for Z, based on the BNF-like syntax description in the Z Reference Manual. The grammar will immediately generate ANSI C code for a parser using the public domain compiler-compiler PRECC, and has already also been used as the basis for grammar scripts for utilities such as yacc and PCCTS. The intention in publishing it here is to make a working concrete grammar more widely available and thus promote the spread of Z-based utilities.
ABSTRACT `Hardware aliasing' classically arises when a processor through failure or design has fewer bits than required to address each memory location uniquely, and also – nowadays – in the context of homomorphically... more
ABSTRACT `Hardware aliasing' classically arises when a processor through failure or design has fewer bits than required to address each memory location uniquely, and also – nowadays – in the context of homomorphically encrypted computing. In such contexts, different physical locations may sporadically be accessed by the same address due to factors not directly under the control of the programmer but still deterministic in nature. We check RISC machine and assembly code to ensure that each memory address is calculated in exactly the same way at one write to and the next read from it, which allows programs to work correctly even in a hardware aliasing context.
Research Interests:
Research Interests:
Research Interests:
ABSTRACT Este arti'culo presenta un enfoque general para manejar los eventos de duracio'n breve en la sema'ntica de los lenguajes de programacio'n de tiempo real, usando como ejemplo el lenguaje de... more
ABSTRACT Este arti'culo presenta un enfoque general para manejar los eventos de duracio'n breve en la sema'ntica de los lenguajes de programacio'n de tiempo real, usando como ejemplo el lenguaje de descripcio'n hardware VHDL, esta'ndar del IEEE. Introducimos iinfinitesimales en la li'nea del tiempo para modelar dichos eventos. Demostramos que esto no afecta a la sema'ntica que modela el comportamiento en tiempo apreciable.
Research Interests:
Research Interests:
ABSTRACT A KPU is a replacement for a standard CPU that natively runs encrypted machine code on encrypted data in registers and memory - a `crypto-processor unit', in other words. Its computations are opaque to an observer... more
ABSTRACT A KPU is a replacement for a standard CPU that natively runs encrypted machine code on encrypted data in registers and memory - a `crypto-processor unit', in other words. Its computations are opaque to an observer with physical access to the processor but remain meaningful to the owner of the computation. In theory, a KPU can be run in simulation and remain as secure (or otherwise) as in hardware. Any block cipher with a block-size of about a word is compatible with this developing technology, the long-term aim of which is to make it safe to entrust data-oriented computation to a remote environment. Hardware is arranged in a KPU to make the chosen cipher behave as a mathematical homomorphism with respect to computer arithmetic. We describe the architecture formally here and show that `type-safe' programs run correctly when encrypted.
Research Interests:
Research Interests:
Research Interests:
ABSTRACT
Research Interests:
ABSTRACT A real-time semantics for the IEEE standard hardware description and simulation language VHDL is extended to cover the simulation concept of delta-cycles. During a delta-cycle, real time does not advance. We extend the physically... more
ABSTRACT A real-time semantics for the IEEE standard hardware description and simulation language VHDL is extended to cover the simulation concept of delta-cycles. During a delta-cycle, real time does not advance. We extend the physically meaningful real-time semantics to cover delta-cycle simulations by adding infinitesimal intervals to the time domain. These are smaller than any standard interval, but still non-zero. We show that the extension is {\\em conservative} with respect to the real-time semantics. That is, assertions about codes do not change their truth value. We conclude that verification of an interesting class of VHDL codes and assertions can ignore delta-time.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
... Decompilation. ... CITED BY, Peter T. Breuer , Jonathan P. Bowen, Decompilation: the enumeration of types and grammars, ACM Transactions on Programming Languages and Systems (TOPLAS), v.16 n.5, p.1613-1647, Sept. 1994. INDEX TERMS ...
Research Interests:
Research Interests: Computer Science, Tourism Studies, Tourism Marketing, Tourist Behavior, Travel Writing, and 15 moreHumor, Cultural Tourism, Travel Literature, England, United Kingdom, Travel Guide, Travel, Humour, University, Oxford, Travel and Tourism, Quotations, University of Oxford, The River Thames, and Travel Tourism
... Download: http://www.ssgrr.it/en/ssgrr2000/papers/277.pdf CACHED: Download as a PDF. by Peter T. Breuer , Carlos Delgado Kloos , Andres Marín Lopez , María del Carmen Fernandez Panadero , Mar A Del Carmen Fern , Ez Panadero , Luis... more
... Download: http://www.ssgrr.it/en/ssgrr2000/papers/277.pdf CACHED: Download as a PDF. by Peter T. Breuer , Carlos Delgado Kloos , Andres Marín Lopez , María del Carmen Fernandez Panadero , Mar A Del Carmen Fern , Ez Panadero , Luis Sanchez Fernandez. ...
Research Interests:
ABSTRACT This article details architecture and architectural principles for RAID in the context of network-attached and distributed storage. In the network setting ``network block devices" substitute for the usual hard disks in a... more
ABSTRACT This article details architecture and architectural principles for RAID in the context of network-attached and distributed storage. In the network setting ``network block devices" substitute for the usual hard disks in a RAID array. Special new mechanisms for reporting, recording and recovery are required to lower re-synchronisation transfer totals, lower latency, and in order to provide an intelligent control that recognises and compensates for temporary network brown-outs. The design has been implemented for the Linux kernel.
Research Interests:
Research Interests: Computer Science, Software Engineering, Formal Methods (Formal Verification), Software Maintenance, Semantics, and 11 moreSoftware Testing, Software Development, Formal methods, Formal Semantics, Reverse Engineering, COBOL Programming, Formal Specification, Z Notation, Decompilation, Reverse Engineering Software, and Software Specification
Sometimes machine code turns out to be a better target for verification than source code. RISC machine code is especially advantaged with respect to source code in this regard because it has only two instructions that access memory. That... more
Sometimes machine code turns out to be a better target for verification than source code. RISC machine code is especially advantaged with respect to source code in this regard because it has only two instructions that access memory. That architecture forms the basis here for an inference system that can prove machine code safe against `hardware aliasing', an effect that occurs in embedded systems. There are programming memes that ensure code is safe from hardware aliasing, but we want to certify that a given machine code is provably safe.
We ask whether two or more images of arithmetic may inhabit the same space via different encodings. The answers have significance for a class of processor design that does all its computation in an encrypted form, without ever performing... more
We ask whether two or more images of arithmetic may inhabit the same space via different encodings. The answers have significance for a class of processor design that does all its computation in an encrypted form, without ever performing any decryption or encryption itself. Against the possibility of algebraic attacks against the arithmetic in a `crypto-processor' (KPU) we propose a defence called `ABC encryption' and show how this kind of encryption makes it impossible for observations of the arithmetic to be used by an attacker to discover the actual values. We also show how to construct such encrypted arithmetics.
Research Interests:
Research Interests:
The standardized hardware description language vhdl has an imperative semantics which includes delayed (scheduled) assignment and blocking handshakes. It can be seen as a side-effect on an infinitely long line of past and future program... more
The standardized hardware description language vhdl has an imperative semantics which includes delayed (scheduled) assignment and blocking handshakes. It can be seen as a side-effect on an infinitely long line of past and future program states. Directly expressing its Hoare logic ...
ABSTRACT The lack of standards supporting interoperability and reusability of learning content is a major concern in educational technology. Several academic and business initiatives have started to promote the use of learning objects... more
ABSTRACT The lack of standards supporting interoperability and reusability of learning content is a major concern in educational technology. Several academic and business initiatives have started to promote the use of learning objects technology in providing strong connections between learners, learning content, content developers and training managers. However, interoperability between different tools is difficult to achieve. In this paper we propose a framework which supports generation, integration and reuse of different kinds of learning objects, following the educational standard specifications and providing teachers/designers with a tool for the creation of didactical units in Web-based self-contained courses.
Research Interests:
ABSTRACT It may be possible to circumvent all arguments about the security of a KPU by showing that one may use a KPU to run a full computer simulation entirely within only the encrypted arithmetic portion of its system.
Research Interests:
ABSTRACT Is the less than operator dangerous to security?
ABSTRACT Because it is so unusual, or hard to find, a truly tiny 8-or 12-bit block AES (Rijndael) cipher is described for posterity here, along with its Java source code.
Research Interests:
ABSTRACT How to guarantee that the same memory location is read as written, when we've got memory aliasing monsters hiding in the circuits? One answer is "use static typing".
Research Interests:
Working within the monad of side-effects [MacL71] [Mogg88a/b] , we write down a functional equation which defines `reality' -- the relation between past histories and future histories of the system under consideration. A... more
Working within the monad of side-effects [MacL71] [Mogg88a/b] , we write down a functional equation which defines `reality' -- the relation between past histories and future histories of the system under consideration. A past history is a sequence of events and a future history is a branching tree reflecting non-deterministic choices. We may tentatively identify an operating system with a physical `universe', each state of which has two components; respectively the `laws of physics', and `space', and these each evolve along paths determined, but not fixed, by `reality'. We pursue the perceived analogy as follows; for `past history' read `trace', for `laws of physics' read `process table', for `space' read `memory area', and so on. `Reality' becomes a useful functional specification which automatically implements viable operating system specifications. We apply the descriptive technique to several different operating systems; first a classical multi-tasking system, then an object-oriented one, then distributed processing systems. In each case, the descriptions are rendered simple through the use of `theories of physics', which automatically generate higher-order resumption-based descriptions from simpler attribute-based ones. Each simple `theory' immediately generates a different operating system, which we can then test.
Research Interests:
Following a sequence of hardware designs for a fully homomorphic crypto-processor -- a general purpose processor that natively runs encrypted machine code on encrypted data in registers and memory, resulting in encrypted machine states --... more
Following a sequence of hardware designs for a fully homomorphic crypto-processor -- a general purpose processor that natively runs encrypted machine code on encrypted data in registers and memory, resulting in encrypted machine states -- proposed by the authors in 2014, we discuss a working prototype of the first of those, a so-called `pseudo-homomorphic' design. This processor is in principle safe against physical or software-based attacks by the owner/operator of the processor on user processes running in it. The processor is intended as a more secure option for those emerging computing paradigms that require trust to be placed in computations carried out in remote locations or overseen by untrusted operators.
The prototype has a single-pipeline superscalar architecture that runs OpenRISC standard machine code in two distinct modes. The processor runs in the encrypted mode (the unprivileged, `user' mode, with a long pipeline) at 60-70\% of the speed in the unencrypted mode (the privileged, `supervisor' mode, with a short pipeline), emitting a completed encrypted instruction every 1.67-1.8 cycles on average in real trials.
The prototype has a single-pipeline superscalar architecture that runs OpenRISC standard machine code in two distinct modes. The processor runs in the encrypted mode (the unprivileged, `user' mode, with a long pipeline) at 60-70\% of the speed in the unencrypted mode (the privileged, `supervisor' mode, with a short pipeline), emitting a completed encrypted instruction every 1.67-1.8 cycles on average in real trials.
Research Interests:
In embedded applications and other low-level contexts it is sometimes the case that the programmer must write code that avoids memory-aliasing effects. We have come across the problem in writing for a general purpose crypto-processor, a... more
In embedded applications and other low-level contexts it is sometimes the case that the programmer must write code that avoids memory-aliasing effects. We have come across the problem in writing for a general purpose crypto-processor, a processor which does its computation in encrypted form. Since practically useful encryptions are 1-many relations, one underlying logical address can manifest as many alternative physical encryptions, which makes referencing memory fraught with hazard for the programmer. There are programming memes that make programing safe in this context, but we want to show that a given machine code is provably safe against memory-aliasing, which requires some disassembly or decompilation and an inference system set against an abstract stack machine.
Research Interests:
We ask whether two or more images of arithmetic may inhabit the same space via different encodings. The answers have significance for a class of processor design that does all its computation in an encrypted form, without ever performing... more
We ask whether two or more images of arithmetic may inhabit the same space via different encodings. The answers have significance for a class of processor design that does all its computation in an encrypted form, without ever performing any
decryption or encryption itself. Against the possibility of algebraic attacks against the arithmetic in a ‘crypto-processor’ (KPU) we propose a defence called ‘ABC encryption’ and show how this kind of encryption makes it impossible for observations of the arithmetic to be used by an attacker to discover the actual values. We also show how to construct such encrypted arithmetics.
decryption or encryption itself. Against the possibility of algebraic attacks against the arithmetic in a ‘crypto-processor’ (KPU) we propose a defence called ‘ABC encryption’ and show how this kind of encryption makes it impossible for observations of the arithmetic to be used by an attacker to discover the actual values. We also show how to construct such encrypted arithmetics.
Research Interests:
A KPU (`General Purpose Crypto-Processor') is a replacement for a standard CPU that natively runs encrypted machine code on encrypted data in registers and memory. Program addresses are not encrypted in a KPU, so a mix of encrypted and... more
A KPU (`General Purpose Crypto-Processor') is a replacement for a standard CPU that natively runs encrypted machine code on encrypted data in registers and memory. Program addresses are not encrypted in a KPU, so a mix of encrypted and unencrypted data flows through the processor, and it is essential for correct functioning that those machine instructions that work on encrypted data get encrypted data at run-time, while those that work on unencrypted data get unencrypted data. That is `crypto-safety', and this paper treats the problem of checking a compiled RISC machine code, via static typing, to see if it is crypto-safe for a KPU.
Research Interests:
Symbolic approximation is a technique for static analysis in the large, developed for the post-hoc verification of C code in large-scale open source projects such as the Linux kernel. The aim is to discover logical errors and... more
Symbolic approximation is a technique for static analysis in the large, developed for the post-hoc verification of C code in large-scale open source projects such as the Linux kernel. The aim is to discover logical errors and vulnerabilities in the code that have been missed by human eyes. The associated toolset nowadays treats millions of lines of C code source in a few hours on very modest platforms, finding about two to three real instances per thousand source files (million lines of code) of each class of error searched for in the already highly scrutinized
Linux kernel, for example. The analysis is safe, in that it reports no false negatives but can report false positives. This article describes the software engineering behind both technique and tools.
Linux kernel, for example. The analysis is safe, in that it reports no false negatives but can report false positives. This article describes the software engineering behind both technique and tools.
Research Interests:
"Lectures and course materials for Computer Systems and Architectures (2nd year undergraduate course)."
Research Interests:
Lectures on Fundamentals of Software Engineering (3rd year undergraduate course, also for MSc students converting to CS from another academic discipline).
Research Interests:
Lectures in Formal Methods (4th year undergraduate and MSc level course)
Research Interests:
Lectures on Principles if Programming Languages [Static Analysis] (3rd year undergraduate course).
Abstract Z is one of the most widely used formal speci cation languages. However, traditionally it has lacked adequate tool support for use in an industrial setting. It has grown up from a mathematically based tradition of the use of... more
Abstract Z is one of the most widely used formal speci cation languages. However, traditionally it has lacked adequate tool support for use in an industrial setting. It has grown up from a mathematically based tradition of the use of formal methods, rather than being based on any particular tool. This paper presents a tool and, in particular, its associated machine-readable syntax description of Z that could be useful as a common front-end to a number of tools to aid the production of a Z speci cation.
Research Interests:
This article presents a concrete grammar for the specification language Z, following as precisely as possible the BNF-like syntax description in the widely used Z Reference Manual. The grammar has been used as a starting point for several... more
This article presents a concrete grammar for the specification language Z, following as precisely as possible the BNF-like syntax description in the widely used Z Reference Manual. The grammar has been used as a starting point for several projects associated with Z. It is written in an extended BNF format for the public domain compiler-compiler PRECC. The grammar has also been used as a basis for grammars aimed at other compiler-compilers, including yacc and PCCTS. The important goal in publishing it here is to make the accepted ZRM grammar for Z publicly available in concrete form and thus to promote the production of Z-based utilities. The formalization has been tested by interpreting it standardly 1) in PRECC as a parse-tree builder, and, more abstractly, 2) as a generator of its valid phrases. In the non-standard configuration it has generated a suite of test expressions for the standard parser and some examples from that test suite are provided here. The 1st of these has a rigorous claim to the title of most trivial non-trivial Z specification possible, but all are good tests for any parser of Z.
Research Interests:
Compiler compilers are in widespread use, but decompiler compilers are a more novel concept. This paper sets out a technique for the decompilation of object code back to source code, and describes a working decompiler generator. Existing... more
Compiler compilers are in widespread use, but decompiler compilers are a more novel concept. This paper sets out a technique for the decompilation of object code back to source code, and describes a working decompiler generator. Existing and potential applications include reverse engineering, quality assessment, debugging and safety-critical code validation or verification.
Research Interests:
Research Interests:
A free type definition may be remolded into a simple functional program which enumerates all the terms of the associated grammar. This is the starting point for a reliable method of compiling decompilers. The technique produces e cient... more
A free type definition may be remolded into a simple functional program which enumerates all the terms of the associated grammar. This is the starting point for a reliable method of compiling decompilers. The technique produces e cient functional code and handles quite general synthetic and inherited attribute grammar descriptions (which correspond loosely to algebraically constrained and parametrized types in the functional programming terminology). Its e ciency derives from a close relationship between functionality and notation, and may also suggest a natural way to extend the popular list comprehension syntax.
The theory developed here guarantees the correctness of a decompiler for an occam-like language, and, via a known correspondence between attribute grammars and logic programs, of a corresponding Prolog decompiler. Whilst enumerating grammars completely may be Halting Problem hard in general, it is shown here, with the aid of methods of
abstract interpretation, that most grammars can be enumerated by the technique presented.
The theory developed here guarantees the correctness of a decompiler for an occam-like language, and, via a known correspondence between attribute grammars and logic programs, of a corresponding Prolog decompiler. Whilst enumerating grammars completely may be Halting Problem hard in general, it is shown here, with the aid of methods of
abstract interpretation, that most grammars can be enumerated by the technique presented.
Research Interests:
"This guide gives some information about Oxford, particularly for visitors to the Programming Research Group. It was originally written for two collaborative ESPRIT projects, so some parts are targeted at a European and research project... more
"This guide gives some information about Oxford, particularly for visitors to the Programming Research Group. It was originally written for two collaborative ESPRIT projects, so some parts are targeted at a European and research project context. However it should be of general interest, particularly to overseas visitors who are attempting to unravel the mystique of Oxford (although the authors are still trying to do likewise!).
"
"
Research Interests:
This report gives an overview of the work performed by the Programming Research Group as part of the European collaborative ESPRIT II “REDO” project (no. 2487). This work covered the areas of reverse-engineering: re-documentation and... more
This report gives an overview of the work performed by the Programming Research Group as part of the European collaborative ESPRIT II “REDO” project (no. 2487). This work covered the areas of reverse-engineering: re-documentation and re-engineering; validation: post-hoc verification and generation of correct code from specifications; maintenance: new languages and methods to support maintenance. Research in areas of concurrent programming and decompilation were also performed.
Research Interests:
Research Interests:
We set out an automatic method of transforming source code to a functional specification. The key steps are the production of an initial specification and its subsequent reduction to a normal form.
Research Interests:
Working within the monad of side-effects [MacL71] [Mogg88a/b] , we write down a functional equation which defines `reality' -- the relation between past histories and future histories of the system under consideration. A... more
Working within the monad of side-effects [MacL71] [Mogg88a/b] , we write down a functional equation which defines `reality' -- the relation between past histories and future histories of the system under consideration. A past history is a sequence of events and a future history is a branching tree reflecting non-deterministic choices. We may tentatively identify an operating system with a physical `universe', each state of which has two components; respectively the `laws of physics', and `space', and these each evolve along paths determined, but not fixed, by `reality'. We pursue the perceived analogy as follows; for `past history' read `trace', for `laws of physics' read `process table', for `space' read `memory area', and so on. `Reality' becomes a useful functional specification which automatically implements viable operating system specifications. We apply the descriptive technique to several different operating systems; first a classical multi-tasking system, then an object-oriented one, then distributed processing systems. In each case, the descriptions are rendered simple through the use of `theories of physics', which automatically generate higher-order resumption-based descriptions from simpler attribute-based ones. Each simple `theory' immediately generates a different operating system, which we can then test.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
DL is a database language that uses the functional programming model of computation as its substrate. That gives it an inbuilt high-level query language."
Research Interests:
Research Interests:
Presentation given at SOMET, Naples, Italy, Sept. 2015: `What happens if a Mars lander takes a cosmic ray through the processor and thereafter 1+1=3? Coping with the fault is feasible but requires the numbers 2 and 3 to be treated as... more
Presentation given at SOMET, Naples, Italy, Sept. 2015: `What happens if a Mars lander takes a cosmic ray through the processor and thereafter 1+1=3? Coping with the fault is feasible but requires the numbers 2 and 3 to be treated as indistinguishable for the purposes of arithmetic, while as memory addresses they continue to access different memory cells. If a program is to run correctly in this altered environment it must be prepared to see address 2 sporadically access data in memory cell 3, which is known as `hardware aliasing'. This paper describes a programming discipline that allows software to run correctly in a hardware aliasing context, provided the aliasing is underpinned by hidden determinism.'
Research Interests:
Presentation at RSDA 2014 (ISSRE 2014), Naples, Italy, November 2014. `Hardware aliasing' classically arises when a processor through failure or design has fewer bits than required to address each memory location uniquely, and also –... more
Presentation at RSDA 2014 (ISSRE 2014), Naples, Italy, November 2014.
`Hardware aliasing' classically arises when a processor through failure or design has fewer bits than required to address each memory location uniquely, and also – nowadays – in the context of homomorphically encrypted computing. ...'
`Hardware aliasing' classically arises when a processor through failure or design has fewer bits than required to address each memory location uniquely, and also – nowadays – in the context of homomorphically encrypted computing. ...'
Research Interests:
Scholarly impact may be metricized using an author’s total number of citations as a stand-in for real worth, but this measure varies in applicability between disciplines. The detail of the number of citations per publication is nowadays... more
Scholarly impact may be metricized using an author’s total number of citations as a stand-in for real worth, but this measure varies in applicability between disciplines. The detail of the number of citations per publication is nowadays mapped in much more detail on the Web, exposing certain empirical patterns. This paper explores those patterns, using the citation data from Google Scholar for a number of authors.
Research Interests:
"A KPU is a replacement for a standard RISC processor that natively runs encrypted machine code on encrypted data in registers and memory – a ‘general-purpose crypto-processor’, in other words. It works because the processor’s arithmetic... more
"A KPU is a replacement for a standard RISC processor that
natively runs encrypted machine code on encrypted data in registers and memory – a ‘general-purpose crypto-processor’, in other words. It works because the processor’s arithmetic is customised to make the chosen encryption into a mathematical homomorphism, resulting in what is called a ‘fully-homomorphic encryption’ design. This paper discusses the problems and solutions associated with implementing a KPU in hardware.
"
natively runs encrypted machine code on encrypted data in registers and memory – a ‘general-purpose crypto-processor’, in other words. It works because the processor’s arithmetic is customised to make the chosen encryption into a mathematical homomorphism, resulting in what is called a ‘fully-homomorphic encryption’ design. This paper discusses the problems and solutions associated with implementing a KPU in hardware.
"
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
PRECCX stands for PREttier Compiler Compiler (eXtended). PRECCX converts context-grammar definition scripts (with a .y extension) into ANSI C code scripts (with a .c extension) that can in turn be compiled into working parsers,... more
PRECCX stands for PREttier Compiler Compiler (eXtended). PRECCX converts context-grammar definition scripts (with a .y extension) into ANSI C code scripts (with a .c extension) that can in turn be compiled into working parsers, interpreters or compilers using a standard ANSI C compiler.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Call for Papers OpenCert 2013, 23 September, Madrid, Spain Over the past decade, the Open Source Software (OSS) phenomenon has had a global impact on the way software systems and software-based services are developed, distributed and... more
Call for Papers OpenCert 2013, 23 September, Madrid, Spain
Over the past decade, the Open Source Software (OSS) phenomenon has had a global impact on the way software systems and software-based services are developed, distributed and deployed. Widely acknowledged benefits of OSS include reliability, low development and maintenance costs, as well as rapid code turnover.
However, state-of-the-art OSS, by its very nature, makes software quality assessment, let alone full certification, particularly hard to achieve and raises important challenges.
The aim of this workshop is to bring together researchers from Academia and Industry who are broadly interested in (a) the quality assessment of OSS projects, and (b) metrics, procedures,
and tools that could be useful in assessing and qualifying individual participation and collaboration patterns in OSS communities.
Contributions to the workshop are expected to present foundations, methods, tools and case studies that use and possibly integrate techniques from different areas such as:
- product and process certification;
- formal modelling;
- formal verification: model checking and theorem proving;
- reverse engineering;
- static analysis, testing and inspection;
- safety, security and usability analysis;
- language design and evolving systems;
- automated source code analyses;
- software evolution and reconfigurability;
- data mining and text mining;
- ontology engineering;
- knowledge management;
- cloud computing;
- analytical models for the OSS development process;
- social constructivism in OSS communities;
- OSS communities as peer-production models;
- collaborative learning and OSS communities;
- action research;
- empirical studies.
Paper submission deadline: 15 June 2013
Notification of acceptance/rejection: 20 July 2013
Camera-ready copy for pre-proceedings: 6 Sept 2013
Camera-ready copy for post-proceedings: 15 Oct 2013
Workshop date: 23 September 2013
We encourage the pre-submission of title and abstract by
8 June 2013 (not mandatory)
Over the past decade, the Open Source Software (OSS) phenomenon has had a global impact on the way software systems and software-based services are developed, distributed and deployed. Widely acknowledged benefits of OSS include reliability, low development and maintenance costs, as well as rapid code turnover.
However, state-of-the-art OSS, by its very nature, makes software quality assessment, let alone full certification, particularly hard to achieve and raises important challenges.
The aim of this workshop is to bring together researchers from Academia and Industry who are broadly interested in (a) the quality assessment of OSS projects, and (b) metrics, procedures,
and tools that could be useful in assessing and qualifying individual participation and collaboration patterns in OSS communities.
Contributions to the workshop are expected to present foundations, methods, tools and case studies that use and possibly integrate techniques from different areas such as:
- product and process certification;
- formal modelling;
- formal verification: model checking and theorem proving;
- reverse engineering;
- static analysis, testing and inspection;
- safety, security and usability analysis;
- language design and evolving systems;
- automated source code analyses;
- software evolution and reconfigurability;
- data mining and text mining;
- ontology engineering;
- knowledge management;
- cloud computing;
- analytical models for the OSS development process;
- social constructivism in OSS communities;
- OSS communities as peer-production models;
- collaborative learning and OSS communities;
- action research;
- empirical studies.
Paper submission deadline: 15 June 2013
Notification of acceptance/rejection: 20 July 2013
Camera-ready copy for pre-proceedings: 6 Sept 2013
Camera-ready copy for post-proceedings: 15 Oct 2013
Workshop date: 23 September 2013
We encourage the pre-submission of title and abstract by
8 June 2013 (not mandatory)
Research Interests:
Presentation at S4CIP May 2016.