George Necula's Publications

• DetReduce: Minimizing Android GUI Test Suites for Regression Testing. Wontae Choi, Koushik Sen, George Necula, Wenyu Wang. In 40th International Conference on Software Engineering (ICSE'18), IEEE, 2018.
• Minimizing Faulty Executions of Distributed Systems. Colin Scott, Aurojit Panda, Vjekoslav Brajkovic, George Necula, Arvind Krishnamurthy, Scott Shenker. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI '16), March 2016.
• SJS: A Type Sys-tem for JavaScript with Fixed Object Layout. Wontae Choi, Satish Chandra, George Necula, Koushik Sen. In International Static Analysis Symposium (SAS'15), September 2015. There is also an extended technical report.
• MultiSE: Multi-Path Symbolic Execution using Value Summaries. Koushik Sen, George Necula, Liang Gong, Wontae Choi. In ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE'15), September 2015. There is also an extended technical report.
• EventBreak: Analyzing the Responsiveness of User Interfaces through Performance-Guided Test Generation. Michael Pradel, Parker Schuh, George Necula, Koushik Sen. In ACM Conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA'14), October 2014.
• Guided GUI Testing of Android Apps with Minimal Restart and Approximate Learning. Wontae Choi, George C. Necula, Koushik Sen. In ACM Conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA'13), October 2013.
• CONCURRIT: A Domain Specific Language for Reproducing Concurrency Bugs. Jacob Burnim, Tayfun Elmas, George Necula, Koushik Sen. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'13), June 2013.
• Towards Hinted Collection: Annotations for Decreasing Garbage Collector Pause Times. Philip Reames, George Necula. In International Symposium on Memory Management (ISMM'13), June 2013
• CONCURRIT: Testing Concurrent Programs with Programmable State-Space Exploration. Jacob Burnim, Tayfun Elmas, George Necula, Koushik Sen. In 4th USENIX Workshop on Hot Topics in Parallelism (HotPar'12), 2012
• A Model and Framework for Reliable Build Systems. Derrick Coetzee, Anand Bhaskar, George Necula. Technical Report UCB/EECS-2012-27, February 2012
• NDetermin: Inferring Nondeterministic Sequential Specifications of Parallel Correctness (poster paper). Jacob Burnim, Tayfun Elmas, George Necula, Koushik Sen. In 17th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP'12), February 2012, pp. 329-330. And an extended version Technical Report UCB/EECS-2011-143, December 2011
• NDSeq: Runtime Checking for Nondeterministic Sequential Specifications of Parallel Correctness. Jacob Burnim, Tayfun Elmas, George Necula, Koushik Sen. Appeared in ACM SIGPLAN Symposium on Programming Language Design and Implementation (PLDI'11), 2011, pp. 401-414
• Reverse Execution With Constraint Solving. Raluca Sauciuc, George Necula. Technical report UCB/EECS-2011-67, EECS Department, University of California, Berkeley, May 2011.
• Specifying and Checking Semantic Atomicity for Multithreaded Programs. Jacob Burnim, George Necula, Koushik Sen.In 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'11), 2011, pp. 79-90
• Separating Functional and Parallel Correctness using Nondeterministic Sequential Specifications. Jacob Burnim, George Necula, Koushik Sen. In 2nd Usenix Workshop on Hot Topics in Parallelism, HotPAR'10, June 2010.
• Exceptional Situations and Program Reliability. Wes Weimer, George C. Necula. In ACM Transactions on Programming Languages and Systems, Volume 30, No 2, pp 8:1-51, March 2008
• Shape Analysis with Structural Invariant Checkers. Bor-Yuh Evan Chang, Xavier Rival, and George C. Necula. Static Analysis Symposium 2007 (SAS'07), Denmark 2007. An extended technical report.
• Beyond Bug-Finding: Sound Program Analysis for Linux. Zachary Anderson, Eric Brewer, Jeremy Condit, Rob Ennals, David Gay, Matthew Harren, George Necula, and Feng Zhou. HotOS 2007, San Diego, CA, May 2007.
• Dependent Types for Low-Level Programming. Jeremy Condit, Matthew Harren, Zachary Anderson, David Gay, and George C. Necula. In Proceedings of European Symposium on Programming (ESOP'07), 2007. An extended technical report.
• XFI: Software Guards for System Address Spaces. Ulfar Erlingsson, Martin Abadi, Michael Vrable, Mihai Budiu, George Necula. In Proceedings of Operating System Design and Implementation (OSDI'06), Seattle, 2006.
• SafeDrive: Safe and Recoverable Extensions Using Language-Based Techniques. Feng Zhou, Jeremy Condit, Zachary Anderson, Ilya Bagrak, Rob Ennals, Matthew Harren, George Necula, Eric Brewer. In Proceedings of Operating System Design and Implementation (OSDI'06), Seattle, 2006.
• Analysis of Low-Level Code Using Cooperating Decompilers. Bor-Yuh Evan Chang, Matthew Harren, and George C. Necula. Thirteenth International Static Analysis Symposium (SAS'06), Seoul, 2006. Extended version available as Technical Report UCB/EECS-2006-86 (pdf).
• Cooperative Integration of an Interactive Proof Assistant and an Automated Prover. Adam Chlipala, George C. Necula. In Proceedings 6th International Workshop on Strategies in Automated Deduction. August 2006.
• A Framework for Certified Program Analyses and Its Applications to Mobile-Code Safety.Bor-Yuh Evan Chang, Adam Chlipala, George C. Necula. In Proceedings of the 7^th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'06). An extended version appeared as UCB ERL M05/32.
• Using Dependent Types to Certify the Safety of Assembly Code. Matthew Harren, George C. Necula. In Proceedings of the Symposium on Static Analysis (SAS'05), 2005.
• JVer: A Java Verifier. A. Chander, D. Espinosa, N. Islam, P. Lee, G. Necula. In Proceedings of the Conference on Computer Aided Verification (CAV'05), 2005.
• Data Structure Specification via Local Equality Axioms. Scott McPeak, George C. Necula. In Proceedings of the Conference on Computer Aided Verification (CAV'05), 2005.
• Data Slicing: Separating the Heap into Independent Regions. Jeremy Condit, George C. Necula. In Proceedings of the Conference on Compiler Construction (CC'05), 2005. Paper received European Association for Programming Languages and Systems Award.
• Mining Temporal Specifications for Error Detection. Westley Weimer, George C. Necula. In Proceedings of the Conference on Tools and Applications for the Construction and Analysis of Systems (TACAS'05), 2005.
• Enforcing Resource Bounds via Static Verification of Dynamic Checks, A. Chander, D. Espinosa, N. Islam, P. Lee, G. Necula. In Proceedings of the European Symposium on Programming (ESOP'05), 2005. A longer journal version.
• CCured: Type-Safe Retrofitting of Legacy Software, George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, Westley Weimer. In ACM Transactions on Programming Languages and Systems (TOPLAS), Vol 27, No 3, May 2005.
• Precise Interprocedural Analysis using Random Interpretation, Sumit Gulwani, George C. Necula. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL'05), 2005. And an expanded technical report UCB/CSD-04-1353
• The Open Verifier Framework for Foundational Verifiers, Bor-Yuh Evan Chang, Adam Chlipala, George C. Necula, Robert R. Schneck. In Proceedings of the ACM SIGPLAN Workshop on Types in Language Design and Implementation (TLDI'05), 2005.
• Type-Based Verificaton of Assembly Language for Compiler Debugging, Bor-Yuh Evan Chang, Adam Chlipala, George C. Necula, Robert R. Schneck. In Proceedings of the ACM SIGPLAN Workshop on Types in Language Design and Implementation (TLDI'05), 2005.
• Join Algorithms for the Theory of Uninterpreted Functions, Sumit Gulwani, Ashish Tiwari, George C. Necula. In Proceedings of the Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS'04), 2004.
• Finding and Preventing Run-Time Error Handling Mistakes, Westley Weimer, George C. Necula. In Proceedings of the Conference on Object-Oriented Programming Systems, Languages and Applications, (OOPSLA'04), 2004.
• Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions, Sumit Gulwani, George C. Necula. In Proceedings of the Symposium on Static Analysis (SAS'04), 2004. And an expanded technical report UCB/CSD-04-1325.
• A Polynomial-Time Algorithm for Global Value Numbering, Sumit Gulwani, George C. Necula. In Proceedings of the Symposium on Static Analysis (SAS'04), 2004. An extended version appeared in the Science of Computer Programming Journal, 2007.
• By Reason and Authority: A system for Authorization of Proof-Carrying Code, Nathan Whitehead, Martin Abadi, George Necula. In Proceedings of the 17^th IEEE Computer Security Foundations Workshop (CSFW'04), June 2004.
• Elkhound: A Fast, Practical GLR Parser Generator, Scott McPeak, George C. Necula. In Proceedings of Conference on Compiler Constructor (CC'04), April 2004. And an expanded technical report UCB/CSD-2-1214.
• Global Value Numbering Using Random Interpretation, Sumit Gulwani, George C. Necula. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL'04), January 2004. And an expanded technical report UCB/CSD-03-1296.
• Lightweight Wrappers for Interfacing with Binary code in CCured, Matthew Harren, George C. Necula. In Proceedings of the Software Security Symposium (ISSS'03), 2003.
• Capriccio: Scalable Threads for Internet Services, Rob von Behren, Jeremy Condit, Feng Zhou, George C. Necula, Eric Brewer. In Proceeding of Symposium on Operating System Principles, SOSP'03, October 2003.
• A Sound Framework for Untrustred Verification-Condition Generators. George C. Necula, Robert R. Schneck. In Proceedings of IEEE Symposium on Logic in Computer Science, LICS'03, July 2003.
• A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols. Sumit Gulwani, George C. Necula. In Proceedings of Conference on Computer Automated Deduction, CADE'03, July 2003. An extended version appeared in the Journal of Information and Computation, 2005.
• CCured in the Real World. Jeremy Condit, Mathew Harren, Scott McPeak, George C. Necula, Westley Weimer. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI'03), June 2003.
• Discovering Affine Equalities Using Random Interpretation. Sumit Gulwani and George C. Necula. In Proceedings of the 30^th ACM Symposium on Principles of Programming Languages (POPL'03), January 2003.
• Proof-Carrying Code with Untrusted Proof Rules. George C. Necula. Robert Schneck. In Proceedings of the 2^nd International Software Security Symposium, November 2002.
• Temporal Safety Proofs for Systems Code. Thomas Henzinger, Ranjit Jhala, Rupak Majumdar, George Necula, Gregoire Sutre, Westley Weimer. In Proceedings of the 14th International Conference on Computer Aided Verification (CAV'02), Copenhagen, July 2002. 
• A Gradual Approach to a More Trustworthy, yet Scalable, Proof-Carrying Code. Robert R. Schneck, George C. Necula. In proceedings of Conference on Automated Deduction (CADE'02), Copenhagen, July 2002. 
• CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs,  George C. Necula, Scott McPeak, S. P. Rahul, Westley Weimer. In Proceedings of Conference on Compiler Construction (CC'02), Grenoble, March 2002.
• CCured: Type-Safe Retrofitting of Legacy Code. George C. Necula, Scott McPeak, Westley Weimer. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL'02), London, January 2002. Received the 2012 Award for the Most Influential POPL'02 paper.
• A Scalable Architecture for Proof-Carrying Code. George C. Necula.  An invited paper at the Fifth International Symposium on Functional and Logic Programming, Tokyo, March 2001.
• Proof-Carrying Code. Design and Implementation. George C. Necula. In H. Schwichtenberg and R. Steinbruggen (eds.), Proof and System Reliability (lecture notes for a summer course in Marktoberdorf, 2001).
• Oracle-Based Checking of Untrusted Software. George C. Necula, S. P. Rahul.  In Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL'01), London, January 2001. 
• A Proof-Carrying Code Architecture for Java, Christopher Colby, Peter Lee, George C. Necula. In Proceedings of the 12th International Conference on Computer Aided Verification (CAV'00), Chicago, 15 July 2000.
• A Certifying Compiler for Java, Christopher Colby, Peter Lee, George C. Necula, Fred Blau, Ken Cline, Mark Plesko. In Proceedings of the 2000 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'00), Vancouver, British Columbia, Canada, June 18-21, 2000.
• Translation Validation for an Optimizing Compiler, George C. Necula.  In Proceedings of the 2000 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'00), Vancouver, British Columbia, Canada, June 18-21, 2000.
• Proof Generation in the Touchstone Theorem Prover, George C. Necula, Peter Lee. In Proceedings of the 17th International Conference on Automated Deduction, CADE'00, Pittsburgh, 13 June 2000.
• Efficient Representation and Validation of Proofs George C. Necula, Peter Lee. In Proceedings of the 13th Annual symposium on Logic in Computer Science, Indianapolis (LICS'98), 1998. Abstract.
• The Design and Implementation of a Certifying Compiler George C. Necula, Peter Lee. November 1997. In Proceedings of the 1998 Conference on Programming Language Design and Implementation (PLDI'98), Montreal, 1998. Abstract.

• This paper was reprinted in “20 years of ACM/SIGPLAN Conference on Programming Language Design and Implementation (1979-1999): A Selection”, 2003. See the authors retrospective.

• Safe, Untrusted Agents using Proof-Carrying Code George C. Necula, Peter Lee. In LNCS 1419: Special Issue on Mobile Agent Security, 1998. Abstract.
• "Research on Proof-Carrying Code for Untrusted-Code Security". George C. Necula and Peter Lee. In Proceedings of the 1997 IEEE Symposium on Security and Privacy (Oakland'97), Oakland, 1997.
• "Research on Proof-Carrying Code on Mobile-Code Security". Peter Lee and George C. Necula. In Proceedings of the Workshop on Foundations of Mobile Code Security, Monterey, 1997.
• Proof-Carrying Code . George C. Necula. Presented at the ACM Symposium on Principles of Programming Languages (POPL'97, January 1997. Received the 2007 Award for the Most Influential POPL 1997 paper.
• Safe Kernel Extensions Without Run-Time Checking. George C. Necula, Peter Lee. Presented at Operating System Design and Implementation (OSDI'96), October 1996. This paper received the Best Paper Award and also the 2006 ACM SIGOPS Hall of Fame Award.
• Accounting for the performance of Standard ML on the DEC Alpha. George C. Necula, Lal George. September 1994.
• MacFS: A Portable Macintosh File System Library Peter A. Dinda, George C. Necula, Morgan Price, January, 1994.

Technical reports

• Proof-Carrying Code . George C. Necula and Peter Lee. Technical Report CMU-CS-96-165, November 96. (62 pages)
• Efficient Representation and Validation of Logical Proofs . George C. Necula and Peter Lee. Technical Report CMU-CS-97-172, October 97. (70 pages)

Ph.D. Thesis

• Compiling with Proofs. George C. Necula, Carnegie Mellon University, September 1998.

An annotated bibliography on Proof-Carrying Code

Note: This is not up to date anymore. Now it should contain also many papers by other authors.

Note: this bibliography is now out of date and does not include papers written by other researchers. The following papers are ordered by their technical difficulty, starting with the gentlest introductions to the Proof-Carrying Code technique and ending with a detailed implementation guide. These papers address different aspects of Proof-Carrying Code, ranging from its foundations in type-theory and logic, to its applications in software systems. I recommend first the application papers since the papers dealing with type-theory and logic might seem too technical to the reader that is not experienced in these areas. However, even in the most technical of the papers, we have tried to get across the purely practical and engineering motivations for most of the formal developments, and so, they might make an interesting reading even for the non-specialist

 For the busy reader, here is a one-page introduction to Proof-Carrying Code: "Research on Proof-Carrying Code for Untrusted-Code Security". George C. Necula and Peter Lee. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, Oakland, 1997.

 Another short paper about Proof-Carrying Code, with an emphasis on its applications for mobile-code security: "Research on Proof-Carrying Code on Mobile-Code Security". George C. Necula and Peter Lee. In Proceedings of the Workshop on Foundations of Mobile Code Security, Monterey, 1997.

 Next comes our first paper on PCC, paper which received the Best Paper Award at OSDI'96. "Safe Kernel Extensions Without Run-Time Checking". George C. Necula, Peter Lee. Presented at OSDI'96,October 1996.

• Abstract: This paper received the "Best Paper Award" at OSDI'96. This is the gentler introduction to Proof-Carrying Code and its applications in systems. As a case study, we analyze in this paper the use of PCC for ensuring the safety of network packet filters. We show that PCC can be used even for hand-optimized packet filters written in assembly language. As a result the runtime performance of PCC packet filters is the best attainable on a given architecture. Measurements show that this approach yields filters that are about an order of magnitude faster than interpreted Berkeley Packet Filters and about 30% faster than filters "sandboxed" filters using Software Fault Isolation. The cost of PCC filters lies in proof checking. Measurements show that proof-checking is fast and its one-time cost is usually amortized over a few thousand network packets. 

If you want to read about more applications on the spirit of network packet filters, then you can read the expanded version of the OSDI'96 paper. Keep in mind, however, that some of the later papers might describe PCC slightly differently, as our own understanding of it has improved.

 Next paper is the standard reference for PCC. "Proof-Carrying Code ". George C. Necula. Presented at POPL97, January 1997.

·  Abstract: This paper describes Proof-Carrying Code from a more formal and language-theoretic perspective. On the application side, this paper describes the use of PCC as a basis for verifying the type safety of hand-optimized assembly language programs. This is useful for the safe interaction of native code libraries with code written in a type-safe language.

 Next is a recent paper that describes part of my thesis work. The Design and Implementation of a Certifying Compiler , George C. Necula, Peter Lee, June 1998, presented at PLDI'98.

·  Abstract: This paper presents a compiler from a type-safe subset of the C language to optimized DEC Alpha machine code. The novel feature of the compiler is that it contains a certifier that automatically checks the type safety and memory safety of any assembly language program produced by the compiler. The result of the certifier is either a formal proof of type safety or a counterexample pointing to a potential violation of the type system by the assembly-language target program. The ensemble of the compiler and the certifier is called a certifying compiler.

Several advantages of certifying compilation over previous approaches can be claimed. The notion of a certifying compiler is significantly easier to employ than a formal compiler verification, in part because it is generally easier to verify the correctness of the result of a computation than to prove the correctness of the computation itself. Also, the approach can be applied even to highly optimizing compilers, as demonstrated by the fact that our compiler generates target code, for a range of realistic C programs, which is competitive with both the cc and gcc compilers with all optimizations enabled. The certifier also drastically improves the effectiveness of compiler testing because, for each test case, it statically signals compilation errors that might otherwise require many executions to detect. Finally, this approach is a practical way to produce the safety proofs for a Proof-Carrying Code system, and thus may be useful in a system for safe mobile code.

 This is the most technical paper on PCC. It describes the framework that is used in PCC to represent and to verify the safety proofs: Efficient Representation and Validation of Proofs George C. Necula, Peter Lee, June 1998, presented at LICS'98.

·  Abstract: This paper presents a logical framework derived from the Edinburgh Logical Framework (LF) that can be used to obtain compact representations of proofs and efficient proof checkers. These are essential ingredients of any application that manipulates proofs as first-class objects, such as a Proof-Carrying Code system, in which proofs are used to allow the easy validation of properties of safety-critical or untrusted code.

Our framework, which we call LFi, inherits from LF the capability to encode various logics in a natural way. In addition, the LFi framework allows proof representations without the high degree of redundancy that is characteristic of LF representations. The missing parts of LFi proof representations can be reconstructed during proof checking by an efficient reconstruction algorithm. We also describe an algorithm that can be used to strip the unnecessary parts of an LF representation of a proof. The experimental data that we gathered in the context of a Proof-Carrying Code system shows that the savings obtained from using LFi instead of LF can make the difference between practically useless proofs of several megabytes and manageable proofs of tens of kilobytes.

This paper is an abbreviated version of a longer (70 pages) technical report. Read it if you want to see the detailed (15 pages) proofs of soundness of the efficient proof-checking algorithm that is used in PCC.

 This longer paper describes many of the implementation details of our PCC prototype. It also describes the use of PCC for enforcing resource-usage bounds in addition to memory and type-safety. Safe, Untrusted Agents using Proof-Carrying Code George C. Necula, Peter Lee. October 1997, in LNCS 1419: Special Issue on Mobile Agent Security.

·  Abstract: This paper is intended to be both a comprehensive implementation guide for a Proof-Carrying Code system and a case study for using PCC in a mobile agent environment. Specifically, the paper describes the use of PCC for enforcing memory safety, access control and resource usage bounds for untrusted agents that access a database.

My home page