Home Research Selected Publications Recent Publications Some Talks Students and Visitors Grants Courses Professional Activities

Professor Mooly (Shmuel) Sagiv, Chair of Software Systems, Fellow of the ACM School of Computer Science, Tel Aviv University, Email: msagiv at acm dot org, Vitae

Research My research focuses on easing the task of developing reliable and efficient software systems. I am particularly interested in static program analysis which combines two disciplines: automated theorem proving and abstract interpretation. In the next decade, I am hoping to develop useful techniques in order to change the ways modern software is built. I am particularly interested in proof automation, given a program and a requirement, automatically prove or disprove that all executions of the program satisfy the requirements. This problem is in general undecidable and untractable. I am interested in developing practical solutions to proof-automation by: (i) exploring modularity of the system and (ii) relying on semi-automatic and interactive process, where the user manually and interactively guides the proof automation, and (iii) simplifying the verification task by using domain-specific abstractions expressed in a decidable logic. I am applying these techniques to verify safety of liveness of distributed systems. Verifying Liveness and Safety of Distributed Systems Distributed protocols play a significant role in our daily life. For example, consensus algorithms guarantee the consistency of distributed systems used to control the behavior of autonomous cars, internet of things and smart cities. These systems have severe bugs both in the design and the implementation which have tremendous consequences on our security. Full end-to end formal verification is beyond the reach of existing methods because of the complexity of the protocols and their tricky low-level implementations. Moreover, testing these protocols is ineffective since crucial bugs do occur in rare scenarios. We plan to develop techniques for semi-automatic formal verification of realistic distributed protocols all the way from the design to the implementation. The idea is to interact with protocol designers in order to harness their understanding of the system without burdening them with the need to understand how formal verification is implemented. The system will solve complicated decidable problems and the user will guide the system towards a proof or bug finding. This is achieved by breaking the verification problem into decidable sub-problems that can be solved using existing mature tools. Our experience to date has been that automated solvers are far more stable when solving problems in decidable logic fragments. Restricting to decidable logics differs from most common approaches to verification, which use undecidable logics. There is a trade-off, however: undecidable logics frequently allow a direct mapping of systems concepts (e.g., arithmetic, quantifiers, data-structures) into the language of the solver, whereas the mapping is not as direct with decidable logic fragments. To address this issue, we keep the user in the loop; in particular, an important step is typically for the user to break the problem into decidable sub-problems using modularity. We have recently built a preliminary prototype tool called Ivy, which can be used to perform automatic reasoning about the designs of simple distributed protocols. Invariant Checking We have shown how to perform invariant checking using decidable logic in protocol designs and protocol implementations. Invariant Inference We started studying the the decidability of invariant inference. Quantifier Instantiation A basic research problem related to invariant checking and invariant inference is given a first order formula, how to instantiate the quantifiers in order to check if a formula is valid. We have recently shown that the bounded horizon technique is rather powerful. Beyond Safety Oded Padon's thesis addresses the problem of reasoning about liveness of infinite state systems. Analyzing Cloud Applications We plan to develop mechanisms for ensuring the safety of cloud applications. We have developed a system for tracking information flow for cloud applications. Selected Publications Nina Narodytska, Shiva Prasad Kasiviswanathan, Leonid Ryzhyk, Mooly Sagiv, Toby Walsh: Verifying Properties of Binarized Deep Neural Networks. AAAI 2018: 6615-6624 Temporal Prophecy for Proving Temporal Properties of Infinite-State Systems Oded Padon, Jochen Hoenicke, Kenneth L. McMillan, Andreas Podelsk, Mooly Sagiv, Sharon Shoham. FMCAD 2018. Kalev Alpernas, Cormac Flanagan, Sadjad Fouladi, Leonid Ryzhyk, Mooly Sagiv, Thomas Schmitz, Keith Winstein: Secure serverless computing using dynamic information flow control. PACMPL 2(OOPSLA): 118:1-118:26 (2018) Modularity for Decidability of Deductive Verification with Applications to Distributed Systems Marcelo Taube, Giuliano Losa, Kenneth McMillan, Oded Padon, Mooly Sagiv, Sharon Shoham, James R. Wilcox, Doug Woos. Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, Yoni Zohar: Online detection of effectively callback free objects with applications to smart contracts. PACMPL 2(POPL): 48:1-48:28 (2018) Oded Padon, Jochen Hoenicke, Giuliano Losa, Andreas Podelski, Mooly Sagiv, Sharon Shoham: Reducing liveness to safety in first-order logic. PACMPL 2(POPL): 26:1-26:33 (2018) Paxos Made EPR: Decidable Reasoning about Distributed Protocols Oded Padon, Giuliano Losa, Mooly Sagiv, Sharon Shoham. OOPSLA 2017. Bounded Quantifier Instantiation for Checking Inductive Invariants Yotam M. Y. Feldman, Oded Padon, Neil Immerman, Mooly Sagiv, Sharon Shoham. TACAS 2017. Conjunctive Abstract Interpretation using Paramodulation Or Ozeri, Oded Padon, Noam Rinetzky, Mooly Sagiv. VMCAI 2017 IVY: Interactive Safety Verification via Counterexample Generalization Property Directed Reachability for Proving Absence of Concurrent Modification Errors Asya Frumkin, Yotam M. Y. Feldman, Ondrej Lhotak, Oded Padon, Mooly Sagiv, Sharon Shoham. VMCAI 2017. Oded Padon, Kenneth McMillan, Aurojit Panda, Mooly Sagiv, Sharon Shoham. PLDI 2016. Decidability of Inferring Inductive Invariants Oded Padon, Neil Immerman, Sharon Shoham, Aleksandr Karbyshev, Mooly Sagiv. POPL 2016 New Directions for Network Verification Aurojit Panda, Katerina Argyraki, Mooly Sagiv, Michael Schapira, Scott Shenker Decentralizing SDN Policies Oded Padon, Neil Immerman, Ori Lahav, Aleksandr Karbyshev, Mooly Sagiv, Sharon Shoham. POPL 2015. Effectively-Propositional Reasoning about Reachability in Linked Data Structures.. Shachar Itzhaky, Anindya Banerjee, Neil Immerman, Aleksandar Nanevski, Mooly Sagiv: CAV 2013: 756--772 An Introduction to Data Representation Synthesis. Testing Atomicity of Composed Concurrent Operations. O. Shacham, N. Bronson, A. Aiken, M. Sagiv, M. Vechev, and E. Yahav. Proceedings of the International Conference on Object-Oriented Programming, Systems, Languages, and Applications 2011. Eran Yahav, Mooly Sagiv Verifying safety properties of concurrent heap-manipulating programs. ACM Trans. Program. Lang. Syst. 32(5): (2010) Finite differencing of logical formulas for static analysis. Thomas W. Reps, Mooly Sagiv, Alexey Loginov: ACM Trans. Program. Lang. Syst. 32(6): (2010) Simulating reachability using first-order logic with applications to verification of linked data structures Tal Lev-Ami, Neil Immerman, Thomas W. Reps, Mooly Sagiv, Siddharth Srivastava, Greta Yorsh. Logical Methods in Computer Science 5(2): (2009) Heap Decomposition for Concurrent Shape Analysis Roman Manevich, Tal Lev-Ami, Mooly Sagiv, Ganesan Ramalingam, Josh Berdine: SAS 2008: 363-377 A semantics for procedure local heaps and its abstractions, N. Rinetzky, J. Bauer, T. Reps, M. Sagiv, and R. Wilhelm. POPL '05: 32nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2005 CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C Nurit Dor, Michael Rodeh, and Mooly Sagiv. PLDI 2003 Parametric Shape Analysis via 3-Valued Logic. Mooly Sagiv, Thomas Reps, and Reinhard Wilhelm. Journal ACM Transactions on Programming Languages and Systems (TOPLAS) Volume 24 Issue 3, May 2002 Precise interprocedural dataflow analysis via graph reachability Reps, T., Horwitz, S., and Sagiv, M., the Twenty-Second ACM Symposium on Principles of Programming Languages, (San Francisco, CA, Jan. 23-25, 1995), pp. 49-60 Precise interprocedural dataflow analysis with applications to constant propagation Sagiv, M., Reps, T., and Horwitz, S., . Theoretical Computer Science 167 (1996), 131-170 Speeding up slicing. T. Reps, S. Horwitz, M. Sagiv, M., and G. Rosay. In SIGSOFT '94: Proceedings of the Second ACM SIGSOFT Symposium on the Foundations of Software Engineering (Awarded an ACM SIGSOFT Retrospective Impact Paper Award 2011.)

Recent Papers

• Nina Narodytska, Nikolaj Bjorner, Maria-Cristina Marinescu, Mooly Sagiv: Core-Guided Minimal Correction Set and Core Enumeration. IJCAI 2018: 1353-1361
• Svyatoslav Korneev, Nina Narodytska, Luca Pulina, Armando Tacchella, Nikolaj Bjorner, Mooly Sagiv: Constrained Image Generation Using Binarized Neural Networks with Decision Procedures. SAT 2018: 438-449
• Kalev Alpernas, Roman Manevich, Aurojit Panda, Mooly Sagiv, Scott Shenker, Sharon Shoham, Yaron Velner: Abstract Interpretation of Stateful Networks. SAS 2018: 86-106
• Nina Narodytska, Shiva Prasad Kasiviswanathan, Leonid Ryzhyk, Mooly Sagiv, Toby Walsh: Verifying Properties of Binarized Deep Neural Networks. AAAI 2018: 6615-6624
• Temporal Prophecy for Proving Temporal Properties of Infinite-State Systems Oded Padon, Jochen Hoenicke, Kenneth L. McMillan, Andreas Podelsk, Mooly Sagiv, Sharon Shoham. FMCAD 2018.
• Kalev Alpernas, Cormac Flanagan, Sadjad Fouladi, Leonid Ryzhyk, Mooly Sagiv, Thomas Schmitz, Keith Winstein: Secure serverless computing using dynamic information flow control. PACMPL 2(OOPSLA): 118:1-118:26 (2018)
• Modularity for Decidability of Deductive Verification with Applications to Distributed Systems Marcelo Taube, Giuliano Losa, Kenneth McMillan, Oded Padon, Mooly Sagiv, Sharon Shoham, James R. Wilcox, Doug Woos.
• Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, Yoni Zohar: Online detection of effectively callback free objects with applications to smart contracts. PACMPL 2(POPL): 48:1-48:28 (2018)
• Oded Padon, Jochen Hoenicke, Giuliano Losa, Andreas Podelski, Mooly Sagiv, Sharon Shoham: Reducing liveness to safety in first-order logic. PACMPL 2(POPL): 26:1-26:33 (2018)
• Paxos Made EPR: Decidable Reasoning about Distributed Protocols Oded Padon, Giuliano Losa, Mooly Sagiv, Sharon Shoham. OOPSLA 2017.
• Bounded Quantifier Instantiation for Checking Inductive Invariants Yotam M. Y. Feldman, Oded Padon, Neil Immerman, Mooly Sagiv, Sharon Shoham. TACAS 2017.
• Conjunctive Abstract Interpretation using Paramodulation Or Ozeri, Oded Padon, Noam Rinetzky, Mooly Sagiv. VMCAI 2017
• Isil Dillig, Thomas Dillig, Boyang Li, Kenneth L. McMillan, Mooly Sagiv: Synthesis of circular compositional program proofs via abduction. STTT 19(5): 535-547 (2017)
• Guy Golan-Gueta, G. Ramalingam, Mooly Sagiv, Eran Yahav: Automatic Scalable Atomicity via Semantic Locking. TOPC 3(4): 21:1-21:29 (2017)
• Shelly Grossman, Sara Cohen, Shachar Itzhaky, Noam Rinetzky, Mooly Sagiv: Verifying Equivalence of Spark Programs. CAV (2) 2017: 282-300
• Nikolaj Bjorner, Maria-Cristina Marinescu, Mooly Sagiv: Abduction for Learning Smart City Rules. GCAI 2017: 233-238
• Aurojit Panda, Mooly Sagiv, Scott Shenker: Verification in the Age of Microservices. HotOS 2017: 30-36
• Shachar Itzhaky, Tomer Kotek, Noam Rinetzky, Mooly Sagiv, Orr Tamir, Helmut Veith, Florian Zuleger: On the Automated Verification of Web Applications with Embedded SQL. ICDT 2017: 16:1-16:18
• Aurojit Panda, Ori Lahav, Katerina J. Argyraki, Mooly Sagiv, Scott Shenker: Verifying Reachability in Networks with Mutable Datapaths. NSDI 2017: 699-718
• IVY: Interactive Safety Verification via Counterexample Generalization Oded Padon, Kenneth McMillan, Aurojit Panda, Mooly Sagiv, Sharon Shoham. To appear PLDI 2016.
• Some Complexity Results for Stateful Network Verification. Yaron Velner, Kalev Alpernas, Aurojit Panda, Alexander Rabinovich, Mooly Sagiv, Scott Shenker and Sharon Shoham. To appear TACAS 2016.
• Oded Padon, Neil Immerman, Sharon Shoham, Aleksandr Karbyshev, Mooly Sagiv: Decidability of inferring inductive invariants. POPL 2016: 217-231
• Guy Golan-Gueta, G. Ramalingam, Mooly Sagiv, Eran Yahav: Automatic scalable atomicity via semantic locking. PPOPP 2015: 31-41
• Ofri Ziv, Alex Aiken, Guy Golan-Gueata, G. Ramalingam, m. Sagiv: Composing Concurrency Control PLDI 2015
• Oded Padon, Neil Immerman, Ori Lahav, Aleksandr Karbyshev, Mooly Sagiv, Sharon Shoham: Decentralizing SDN Policies POPL 2015
• Aurojit Panda, Ori Lahav, Katerina Argyraki, Mooly Sagiv, Scott Shenker: Verifying Isolation Properties in the Presence of Middleboxes
• Ghila Castelnuovo, Mayur Naik, Noam Rinetzky, Mooly Sagiv, Hongseok Yang: Modularity in Lattices: A Case Study on the Correspondence Between Top-Down and Bottom-Up Analysis. SAS 2015: 252-274
• Property-Directed Shape Analysis Shachar Itzhaky, Nikolaj Bjorner, Thomas W. Reps, Mooly Sagiv, Aditya V. Thakur: CAV 2014: 35-51
• Oren Zomer, Guy Golan-Gueta, G. Ramalingam, Mooly Sagiv: Checking Linearizability of Encapsulated Extended Operations. ESOP 2014: 311-330
• Ohad Shacham, Eran Yahav, Guy Golan-Gueta, Alex Aiken, Nathan Grasso Bronson, Mooly Sagiv, Martin T. Vechev: Verifying atomicity via data independence. ISSTA 2014: 26-36
• Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly Sagiv, Michael Schapira, Asaf Valadarsky: VeriCon: towards verifying controller programs in software-defined networks. PLDI 2014: 31
• Guy Golan-Gueta, G. Ramalingam, Mooly Sagiv, Eran Yahav: Automatic semantic locking. PPOPP 2014: 385-386
• Shachar Itzhaky, Anindya Banerjee, Neil Immerman, Ori Lahav, Aleksandar Nanevski, Mooly Sagiv: Modular reasoning about heap paths via effectively propositional formulas. POPL 2014: 385-396
• Effectively-Propositional Reasoning about Reachability in Linked Data Structures. Shachar Itzhaky, Anindya Banerjee, Neil Immerman, Aleks Nanevski, Mooly Sagiv. CAV 2013
• An Introduction to Data Representation Synthesis. P. Hawkins, A. Aiken, K. Fisher, M. Rinard, and M. Sagiv. Communications of the ACM, research highlight, December 2012.
• Concurrent Libraries with Foresight. Guy Golan Gueta, G. Ramalingam, Mooly Sagiv, and Eran Yahav. To appear in PLDI'2013
• Synthesis of Circular Compositional Program Proofs via Abduction. Boyang Li, Isil Dillig, Thomas Dillig, Kenneth L. McMillan, and Mooly Sagiv. TACAS'13
• Understanding the Behavior of Database Operations under Program Control. J. Tamayo, A. Aiken, N. Bronson and M. Sagiv. Proceedings of the International Conference on Object-Oriented Programming, Systems, Languages, and Applications, October 2012.
• Concurrent Data Representation Synthesis. P. Hawkins, A. Aiken, K. Fisher, M. Rinard, and M. Sagiv. Proceedings of the Conference on Programming Language Design and Implementation (PLDI'12). (Best Paper Award)
• Reasoning About Lock Placements. P. Hawkins, A. Aiken, K. Fisher, M. Rinard, and M. Sagiv. Proceedings of the European Symposium on Programming 2012.
• Eventually Consistent Transactions. Sebastian Burckhardt, Manuel Fahndrich, Daan Leijen, and Mooly Sagiv Proceedings of the European Symposium on Programming, 2012. full version
• Janus: Exploiting Parallelism via Hindsight. Omer Tripp, Roman Manevich, John Field, and Mooly Sagiv. PLDI'12: ACM Conference on Programming Language Design and Implementation
• Abstractions from Tests. Mayur Naik, Hongseok Yang, Ghila Castelnuovo, and Mooly Sagiv. POPL'12.
• Testing Atomicity of Composed Concurrent Operations. O. Shacham, N. Bronson, A. Aiken, M. Sagiv, M. Vechev, and E. Yahav. Proceedings of the International Conference on Object-Oriented Programming, Systems, Languages, and Applications 2011.
• Automatic Fine-Grain Locking Using Shape Properties. G. Golan-Gueta, N. Bronson, A. Aiken, G. Ramalingam, M. Sagiv, E. Yahav. Proceedings of the International Conference on Object-Oriented Programming, Systems, Languages, and Applications 2011
• Data Representation Synthesis. P. Hawkins, A. Aiken, K. Fisher, and M. Sagiv. Proceedings of the Conference on Programming Language Design and Implementation 2011. (Best Paper Award)
• Precise and Compact Modular Procedure Summaries for Heap Manipulating Programs. I. Dillig, T. Dillig, A. Aiken, and M. Sagiv. Proceedings of the Conference on Programming Language Design and Implementation. 2011.
• Hawkeye: Effective Discovery of Dataflow Impediments to Parallelization Omer Tripp, Greta Yorsh, John Field, and Mooly Sagiv OOPSLA'11: ACM Conference on Systems, Programming, Languages and Applications
• Data Structure Fusion. P. Hawkins, A. Aiken, K. Fisher, M.Rinard, and M. Sagiv. Proceedings of the Asian Symposium on Programming Languages and Systems 2010.
• A Dynamic Evaluation of the Precision of Static Heap Abstractions Percy Liang, Omer Tripp, Mayur Naik, and Mooly Sagiv OOPSLA'10: ACM Conference on Systems, Programming, Languages and Applications
• Specifying and verifying sparse matrix codes. Gilad Arnold, Johannes Ho"lzl, Ali Sinan Ko"ksal, Rastislav Bodik, and Mooly Sagiv. ICFP 2010: 249-260
• A simple inductive synthesis methodology and its applications . Shachar Itzhaky, Sumit Gulwani, Neil Immerman, Mooly Sagiv OOPSLA 2010: 36-46
• Statically Inferring Complex Heap, Array, and Numeric Invariants. Bill McCloskey, Thomas W. Reps, Mooly Sagiv. SAS 2010: 71-99
• Field-sensitive program dependence analysis. Shay Litvak, Nurit Dor, Rastislav Bodi'k, Noam Rinetzky, Mooly Sagiv: SIGSOFT FSE 2010: 287-296
• A relational approach to interprocedural shape analysis Bertrand Jeannet, Alexey Loginov, Thomas W. Reps, Mooly Sagiv. ACM Trans. Program. Lang. Syst. 32(2): (2010)
• Eran Yahav, Mooly Sagiv Verifying safety properties of concurrent heap-manipulating programs. ACM Trans. Program. Lang. Syst. 32(5): (2010)
• Finite differencing of logical formulas for static analysis. Thomas W. Reps, Mooly Sagiv, Alexey Loginov: ACM Trans. Program. Lang. Syst. 32(6): (2010)
• Decidable fragments of many-sorted logic.Aharon Abadi, Alexander Rabinovich, Mooly Sagiv: J. Symb. Comput. 45(2): 153-172 (2010)

Some Talks

• London Ethereum October 2018 meetup Certora: Deductive Verification Deductive Verification Deductive Verification Deductive Verification Slides Video Technology Video Certora Web site
• Bay area Ethereum October 2018 meetup Deductive Verification of Smart Contracts: A tribute to the legacy of Prof. Zohar Mana Slides Video Technology Video Certora Web site
• Deep Specification as part of PLDI'18, Modularity for decidability Modularity for Decidability: Implementing and Semi-Automatically Verifying Distributed Systems
• Eighth Summer School on Formal Techniques 2018, Modularity for decidability Modularity for Decidability: Implementing and Semi-Automatically Verifying Distributed Systems Slides
• Reasoning about Program Data Structure Shape: from the Heap to Distributed Systems. Keynote Haifa Verification Conference Keynote, November 2015
• Concurrent Data Representation Synthesis< Keynote Compiler and Architecture Tool Conference Keynote, November 2015
• Verifying Correctness of Stateful Networks, ECOOP Invited Talk
• Effectively-Propositional Reasoning About Reachability
• Concurrent Data Representation Synthesis The Strachey Lectures in Computing Science Oxford
• COLT: Testing and Verifying Atomicity of Composed Operations IMDEA Software March 2012
• TVLA: A system for inferring Quantified Invariants Software Seminar at Stanford University 2008

Current Grants

• 2018-22 Static Analysis of Distributed Protocols (CO-PI Dr. Sharon Shoham) Israel Science Foundation
• 2017-21 Effective Reasoning about Dynamically Evolving Relations CO-PIs Prof. Neil Immerman and Dr. Sharon Shoham) BSF United States Israel Science Foundation
• 2017-21 Symbolic Reasoning about Executable Code(CO-PI Prof. Noam Rinetzky) Pazy Excelling in Science
• 2013-19 Verifying and Synthesizing Software Compositions, erc advanced grant
• 2016-18 Co-Location-Resistant Clouds Security (CO-PI Prof. Noam Rinetzky) ICRC Blavatnik Interdisciplinary Cyber Research Center Tel Aviv University

Courses (2013-2019)

• (March 19):Techniques for Improving Software Productivity.
• (March 19)Workshop in Smart Contract Programming Shelly Grossman and Mooly Sagiv
• (March 19) Concepts in Programming Languages.
• (March 18) Workshop in Formal Verification of Distributed Protocols Oded Padon and Mooly Sagiv
• (March 18) Concepts in Programming Languages.
• (Match 18) The Blockchain Technolgy.
• (Oct 17): Advanced Topics in Programming Languages.
• (Oct'16): Concepts in Programming Languages.
• (Oct'16):Techniques for Improving Software Productivity.
• (Feb'16): Concepts in Programming Languages.
• (Feb'16): Reasoning about Software Systems.
• PL seminar organized by Noam Rinetzky and myself.
• (Oct'16): Principles of Program Analysis.
• (Mar'15): Automatic Software Verification.
• (Mar'15): Concepts in Programming Languages.
• (Oct'13): Reasoning about Software Defined Networks.
• (Feb'14): Programming Languages.
• (Feb'14):A workshop about software defined networks