Christoph Matheja

Christoph Matheja
Technical University of Denmark | DTU · Department of Applied Mathematics and Computer Science

Dr. rer. nat.

About

41
Publications
1,825
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
405
Citations
Introduction
I'm broadly interested in formal program verification, i.e. applying rigorous mathematical techniques to reason about software. In particular, this includes formal reasoning about heap-manipulating and probabilistic programs. To this end, I have worked with Hoare-style and weakest-precondition-style proof systems, separation logic, graph grammars, model-checking, and abstract interpretation.
Additional affiliations
November 2021 - present
Technical University of Denmark
Position
  • Professor (Assistant)
March 2020 - October 2021
ETH Zurich
Position
  • PostDoc Position
December 2014 - February 2020
RWTH Aachen University
Position
  • Research and Teaching Assistant
Education
October 2014 - January 2020
RWTH Aachen University
Field of study
  • Theoretical Computer Science
October 2012 - September 2014
RWTH Aachen University
Field of study
  • Computer Science
October 2009 - September 2012
RWTH Aachen University
Field of study
  • Computer Science

Publications

Publications (41)
Preprint
Full-text available
A desired property of randomized systems, represented by probabilistic programs, is that the probability to reach some error state is sufficiently small; verification of such properties is often addressed by probabilistic model checking. We contribute an inductive synthesis approach for proving quantitative reachability properties by finding induct...
Preprint
Full-text available
Quantitative separation logic (QSL) is an extension of separation logic (SL) for the verification of probabilistic pointer programs. In QSL, formulae evaluate to real numbers instead of truth values, e.g., the probability of memory-safe termination in a given symbolic heap. As with \SL, one of the key problems when reasoning with QSL is \emph{entai...
Chapter
Quantitative separation logic () is an extension of separation logic () for the verification of probabilistic pointer programs. In , formulae evaluate to real numbers instead of truth values, e.g., the probability of memory-safe termination in a given symbolic heap. As with , one of the key problems when reasoning with is entailment : does a formul...
Preprint
Full-text available
Refinement transforms an abstract system model into a concrete, executable program, such that properties established for the abstract model carry over to the concrete implementation. Refinement has been used successfully in the development of substantial verified systems. Nevertheless, existing refinement techniques have limitations that impede the...
Article
Closures are a language feature supported by many mainstream languages, combining the ability to package up references to code blocks with the possibility of capturing state from the environment of the closure's declaration. Closures are powerful, but complicate understanding and formal reasoning, especially when closure invocations may mutate obje...
Chapter
Full-text available
We revisit two well-established verification techniques, k-induction and bounded model checking (BMC), in the more general setting of fixed point theory over complete lattices. Our main theoretical contribution is latticed k-induction , which (i) generalizes classical k -induction for verifying transition systems, (ii) generalizes Park induction fo...
Chapter
Full-text available
We present a tool that checks for a given context-free graph grammar whether the corresponding graph reduction system in which all rules are applied backward, is confluent—a question that arises when using graph grammars to guide state space abstractions for analyzing heap-manipulating programs; confluence of the graph reduction system then guarant...
Preprint
Full-text available
We revisit two well-established verification techniques, $k$-induction and bounded model checking (BMC), in the more general setting of fixed point theory over complete lattices. Our main theoretical contribution is latticed $k$-induction, which (i) generalizes classical $k$-induction for verifying transition systems, (ii) generalizes Park inductio...
Article
Full-text available
We study a syntax for specifying quantitative assertions —functions mapping program states to numbers—for probabilistic program verification. We prove that our syntax is expressive in the following sense: Given any probabilistic program C , if a function f is expressible in our syntax, then the function mapping each initial state σ to the expected...
Article
Full-text available
Sensitivity properties describe how changes to the input of a program affect the output, typically by upper bounding the distance between the outputs of two runs by a monotone function of the distance between the corresponding inputs. When programs are probabilistic, the distance between outputs is a distance between distributions. The Kantorovich...
Preprint
Full-text available
We study a syntax for specifying quantitative "assertions" - functions mapping program states to numbers - for probabilistic program verification. We prove that our syntax is expressive in the following sense: Given any probabilistic program $C$, if a function $f$ is expressible in our syntax, then the function mapping each initial state $\sigma$ t...
Chapter
Full-text available
IC3 has been a leap forward in symbolic model checking. This paper proposes PrIC3 (pronounced pricy-three), a conservative extension of IC3 to symbolic model checking of MDPs. Our main focus is to develop the theory underlying PrIC3. Alongside, we present a first implementation of PrIC3 including the key ingredients from IC3 such as generalization,...
Conference Paper
Full-text available
IC3 has been a leap forward in symbolic model checking. This paper proposes PrIC3 (pronounced pricy-three), a conservative extension of IC3 to symbolic model checking of MDPs. Our main focus is to develop the theory underlying PrIC3. Alongside, we present a first implementation of PrIC3 including the key ingredients from IC3 such as generalization,...
Preprint
Full-text available
IC3 has been a leap forward in symbolic model checking. This paper proposes PrIC3 (pronounced pricy-three), a conservative extension of IC3 to symbolic model checking of MDPs. Our main focus is to develop the theory underlying PrIC3. Alongside, we present a first implementation of PrIC3 including the key ingredients from IC3 such as generalization,...
Preprint
Full-text available
In [A], we proposed a novel decision procedure for entailment checking in the symbolic-heap segment of separation logic with user-defined inductive definitions of bounded treewidth. In the meantime, we discovered that the decision procedure in [A] is incomplete. In this article, we fix the incompleteness issues while retaining the double-exponentia...
Chapter
Full-text available
SL-COMP aims at bringing together researchers interested on improving the state of the art of the automated deduction methods for Separation Logic (SL). The event took place twice until now and collected more than 1K problems for different fragments of SL. The input format of problems is based on the SMT-LIB format and therefore fully typed; only o...
Chapter
Symbolic-Heap Separation logic is a popular formalism for automated reasoning about heap-manipulating programs, which allows the user to give customized data structure definitions.
Article
Full-text available
We study the hardness of deciding probabilistic termination as well as the hardness of approximating expected values (e.g. of program variables) and (co)variances for probabilistic programs. Termination We distinguish two notions of probabilistic termination: Given a program P and an input σ\documentclass[12pt]{minimal} \usepackage{amsmath} \usepac...
Preprint
Full-text available
The Kantorovich metric is a canonical lifting of a distance from sets to distributions over this set. The metric also arises naturally when proving continuity properties of probabilistic programs. For instance, algorithmic stability of machine learning algorithms is upper bounded by the maximal Kantorovich distance between program executions, for a...
Article
Full-text available
We present quantitative separation logic (QSL). In contrast to classical separation logic, QSL employs quantities which evaluate to real numbers instead of predicates which evaluate to Boolean values. The connectives of classical separation logic, separating conjunction and separating implication, are lifted from predicates to quantities. This exte...
Conference Paper
Full-text available
SL-COMP aims at bringing together researchers interested on improving the state of the art of the automated deduction methods for Separation Logic (SL). The event took place twice until now and collected more than 1K problems for different fragments of SL. The input format of problems is based on the SMT-LIB format and therefore fully typed; only o...
Conference Paper
Full-text available
Data interoperability is a major issue in data management for data science and big data analytics. Probabilistic data integration (PDI) is a specific kind of data integration where extraction and integration problems such as inconsistency and uncertainty are handled by means of a probabilistic data representation. This allows a data integration pro...
Article
Full-text available
This article presents a wp--style calculus for obtaining bounds on the expected runtime of randomized algorithms. Its application includes determining the (possibly infinite) expected termination time of a randomized algorithm and proving positive almost--sure termination—does a program terminate with probability one in finite expected time? We pro...
Chapter
We present a graph-based tool for analysing Java programs operating on dynamic data structures. It involves the generation of an abstract state space employing a user-defined graph grammar. LTL model checking is then applied to this state space, supporting both structural and functional correctness properties. The analysis is fully automated, proce...
Chapter
Full-text available
Bayesian networks (BNs) are probabilistic graphical models for describing complex joint probability distributions. The main problem for BNs is inference: Determine the probability of an event given observed evidence. Since exact inference is often infeasible for large BNs, popular approximate inference methods rely on sampling.
Conference Paper
Full-text available
The Author(s) 2018. Bayesian networks (BNs) are probabilistic graphical models for describing complex joint probability distributions. The main problem for BNs is inference: Determine the probability of an event given observed evidence. Since exact inference is often infeasible for large BNs, popular approximate inference methods rely on sampling....
Article
Full-text available
Bayesian networks (BNs) are probabilistic graphical models for describing complex joint probability distributions. The main problem for BNs is inference: Determine the probability of an event given observed evidence. Since exact inference is often infeasible for large BNs, popular approximate inference methods rely on sampling. We study the problem...
Article
Full-text available
We present quantitative separation logic (QSL). In contrast to classical separation logic, QSL employs quantities which evaluate to real numbers instead of predicates which evaluate to boolean values. The connectives of classical separation logic, separating conjunction and separating implication, are both lifted from predicates to quantities. This...
Article
Full-text available
The aim of shape analysis is to discover precise abstractions of the reachable data structures in a program's heap. This paper develops a shape analysis for reasoning about relational properties of data structures, such as balancedness of trees or lengths of lists. Both the concrete and the abstract domain are represented by hypergraphs. The analys...
Conference Paper
We introduce heap automata, a formalism for automatic reasoning about robustness properties of the symbolic heap fragment of separation logic with user-defined inductive predicates. Robustness properties, such as satisfiability, reachability, and acyclicity, are important for a wide range of reasoning tasks in automated program analysis and verific...
Article
Full-text available
We introduce heap automata, a formalism for automatic reasoning about robustness properties of the symbolic heap fragment of separation logic with user-defined inductive predicates. Robustness properties, such as satisfiability, reachability, and acyclicity, are important for a wide range of reasoning tasks in automated program analysis and verific...
Conference Paper
Full-text available
We study weakest precondition reasoning about the (co)va-riance of outcomes and the variance of run–times of probabilistic programs with conditioning. For outcomes, we show that approximating (co)variances is computationally more difficult than approximating expected values. In particular, we prove that computing both lower and upper bounds for (co...
Article
Full-text available
We study weakest precondition reasoning about the (co)variance of outcomes and the variance of run-times of probabilistic programs with conditioning. For outcomes, we show that approximating (co)variances is computationally more difficult than approximating expected values. In particular, we prove that computing both lower and upper bounds for (co)...
Conference Paper
This paper presents a wp–style calculus for obtaining bounds on the expected run–time of probabilistic programs. Its application includes determining the (possibly infinite) expected termination time of a probabilistic program and proving positive almost–sure termination—does a program terminate with probability one in finite expected time? We prov...
Conference Paper
Full-text available
This paper presents a wp-style calculus for obtaining expectations on the outcomes of (mutually) recursive probabilistic programs. We provide several proof rules to derive one-- and two--sided bounds for such expectations, and show the soundness of our wp-calculus with respect to a probabilistic pushdown automaton semantics. We also give a wp-style...
Article
Full-text available
This paper presents a wp-style calculus for obtaining bounds on the expected run-time of probabilistic programs. Its application includes determining the (possibly infinite) expected termination time of a probabilistic program and proving positive almost-sure termination - does a program terminate with probability one in finite expected time? We pr...
Conference Paper
Separation Logic with inductive predicate definitions (\(\texttt {SL}\)) and hyperedge replacement grammars (HRG) are established formalisms to describe the abstract shape of data structures maintained by heap-manipulating programs. Fragments of both formalisms are known to coincide, and neither the entailment problem for \(\texttt {SL}\) nor its c...

Network

Cited By

Projects

Project (1)
Project
We develop novel verification calculi for reasoning about quantitative properties of programs, for instance expected runtimes of probabilistic programs. Our calculi are in the style of Dijkstra's weakest preconditions and Hoare logic and hence work with annotations on source code level. We put a special emphasis on developing (inductive) proof rules for reasoning about loops.