Michal Moskal

Microsoft · Research in Software Engineering (RiSE)

Physical computing is becoming mainstream. More people than ever---from artists, makers and entrepreneurs to educators and students---are connecting microcontrollers with sensors and actuators to create new interactive devices. However, physical computing still presents many challenges and demands many skills, spanning electronics, low-level protoc...

A codable computer half the size of a credit card is inspiring students worldwide to develop core computing skills in fun and creative ways.

Microsoft MakeCode (https://www.makecode.com) is a platform and accompanying web app for simplifying the programming of microcontroller-based devices in the classroom. For each device, MakeCode provides a customized end-to-end experience in the web browser consisting of code editors, device simulator, debugger, compiler to machine code, and linker...

While the programming of microcontroller-based embeddable devices typically is the realm of the C language, such devices are now finding their way into the classroom for CS education, even at the level of middle school. As a result, the use of scripting languages (such as JavaScript and Python) for microcontrollers is on the rise. We present Static...

Historically, embedded systems development has been a specialist skill, requiring knowledge of low-level programming languages, complex compilation toolchains, and specialist hardware, firmware, device drivers and applications. However, it has now become commonplace for a broader range of non-specialists to engage in the making (design and developm...

The growing maker movement has created a number of hardware and construction toolkits that lower the barriers of entry into programming for youth and others, using a variety of approaches, such as gaming or robotics. For constructionist-like kits that use gaming, many are focused on designing and programming games that are single player, and few ex...

Across the globe, it is now commonplace for educators to engage in the making (design and development) of embedded systems in the classroom to motivate and excite their students. This new domain brings its own set of unique requirements. Historically, embedded systems development requires knowledge of low-level programming languages, local installa...

Across the globe, it is now commonplace for educators to engage in the making (design and development) of embedded systems in the classroom to motivate and excite their students. This new domain brings its own set of unique requirements. Historically, embedded systems development requires knowledge of low-level programming languages, local installa...

Collaborating on a piece of code is notoriously difficult when the number of people involved goes above 1. In particular, every computer programmer dreads the "merge conflict", a brutal, unforgiving experience, where they must reconcile their changes with someone else's. If offline collaboration is already so painful, real-time collaboration seems...

Software engineering tools and environments are migrating to the cloud, enabling more people to participate in programming from many more devices. To study this phenomenon in detail, we designed, implemented and deployed Touch Develop (url www.touchdevelop.com), a cloud-based integrated development environment (CIDE), which has been online for the...

A tracing just-in-time (TJIT) compiler system is described for performing parallelization of code in a runtime phase in the execution of code. Upon detecting a hot loop during the execution of the code, the compiler system extracts trace information from sequentially recorded traces. In a first phase, the compiler system uses the trace information...

The description relates to media files and more particularly to media files that include a program and a human-understandable description of the program. One example can receive executable code. This example can determine a functionality provided by the executable code. The example can also create a media file that stores the executable code and pr...

JavaScript has long outpaced its original target applications, being used not only for coding complex web clients, but also web servers, game development and even desktop applications. The most appealing advantage of moving applications to JavaScript is its capability to run the same code in a large number of different devices. It is not surprising...

Live programming allows programmers to edit the code of a running program and immediately see the effect of the code changes. This tightening of the traditional edit-compile-run cycle reduces the cognitive gap between program code and execution, improving the learning experience of beginning programmers while boosting the productivity of seasoned o...

Mobile devices are becoming the prevalent computing platform for most people. TouchDevelop is a new mobile development environment that enables anyone with a Windows Phone to create new apps directly on the smartphone, without a PC or a traditional keyboard. At the core is a new mobile programming language and editor that was designed with the touc...

Applications in mobile-marketplaces may leak private user infor-mation without notification. Existing mobile platforms provide lit-tle information on how applications use private user data, making it difficult for experts to validate applications and for users to grant applications access to their private data. We propose a user-aware privacy contr...

In this tutorial I’ll show how to prove deep functional properties of tricky sequential and concurrent C programs using VCC. I’ll get into induction, termination, algebraic data types, infinite maps, and lemmas, all unified as ghost data and C-like code manipulating it. Once these are provided, verification is automatic, but the development process...

From paper to computers, the way that we have been writing down thoughts and performing symbolic computations has been constantly evolving. Teaching methods closely follow this trend, leveraging existing technology to make teaching more effective and preparing students for their later careers with the available technology. Right now, in 2012, we ar...

Code search has always been essential to software development; it is the cornerstone of activities such as program comprehension and maintenance. Traditionally, code search required learning of complex query languages with very steep learning curves.

We propose a technique for verifying high-level security properties of cryptographic protocol implementations based on stepwise refinement. Our refinement strategy supports reasoning about abstract protocol descriptions in the symbolic model of cryptography and gradually concretizing them towards executable code. We have implemented the technique w...

We are experiencing a technology shift: powerful and easy-to-use touchscreen-based mobile devices such as smartphones and tablets are becoming more prevalent than traditional PCs and laptops. Many mobile devices are going to be the first and, in less developed countries, possibly the only computing devices that virtually all people would own and ca...

The Boogie Verification Debugger (BVD) is a tool that lets users explore the potential program errors reported by a deductive program verifier. The user interface is like that of a dynamic debugger, but the debugging happens statically without executing the program. BVD integrates with the program-verification engine Boogie. Just as Boogie supports...

Software verification is one of the most prominent application areas for automatic reasoning systems, but their potential improvement is limited by shortage of good benchmarks. Current benchmarks are usually large but shallow, require decision procedures, or have soundness problems. In contrast, we propose a family of benchmarks in first-order logi...

VCC [2] is an industrial-strength verification environment for low-level concurrent systems code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. VCC’s verification methodology [4] allows global two-state invariants that restrict...

The Boogie Verification Debugger (BVD) is a tool that lets users explore the potential program errors reported by a deductive program verifier. The user interface is like that of a dynamic debugger, but the debugging happens statically without executing the program. BVD integrates with the programverification engine Boogie. Just as Boogie supports...

Consider interaction of principals where each principal has its own policy and different principals may not trust each other. In one scenario the principals could be pharmaceutical companies, hospitals, biomedical labs and health related government institutions. In another scenario principals could be navy fleets of different and not necessarily fr...

This tutorial provides basic information about developing specifications and annotations for concurrent C programs, so that they can be verified with VCC. [TODO: add more] 1

We describe a practical method for reasoning about realistic concurrent programs. Our method allows global two-state invariants that restrict update of shared state. We provide simple, sufficient conditions for checking those global invariants modularly. The method has been implemented in VCC 3, an automatic, sound, modular verifier for concurrent...

The main goal of the VerisoftXT project is the creation of methods and tools which allow for the pervasive formal verification of integrated computer systems, and the prototypical realization of four concrete industrial application tasks. In this paper, we report on two of VerisoftXT’s sub-projects, where formal verification is applied to real-wor...

This paper defines a suite of benchmark verification problems, to serve as an acid test for verification systems that reason about programs with non-trivial data-structure invariants. Solutions to the benchmarks can be used to understand similarities and differences between verification tools and techniques. The paper also gives a procedure for sco...

Verification for OO programs typically starts from a strongly typed object model in which distinct objects/fields are guaranteed not to overlap. This model simplifies verification by eliminating all “uninteresting” aliasing and allowing the use of more efficient frame axioms. Unfortunately, this model is unsound and incomplete for languages like C,...

VCC is an industrial-strength verification environment for low-level concurrent system code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. It includes tools for monitoring proof attempts and constructing partial counterex- ample...

The quest for modular concurrency reasoning has led to re- cent proposals that extend program assertions to include not just knowl- edge about the state, but rights to access the state. We argue that these rights are really just sugar for knowledge that certain updates preserve certain invariants.

Boogie is a verification condition generator for an imperative core language. It has front-ends for the programming languages C# and C enriched by annotations in first-order logic, i.e. pre- and postconditions, assertions, and loop invariants. Moreover, concepts like ghost fields, ghost variables, ghost code and specification functions have been in...

Most system level software is written in C and executed concurrently. Because such software is often critical for system reliability, it is an ideal target for formal verification. Annotated C and the Verified C Compiler (VCC) form the first modular sound verification methodology for concurrent C that scales to real-world production code. VCC is in...

We give a case study for a Satisfiability Modulo Theories (SMT) solver usage in functional verification of a real world operating system. In particular, we present a view of the E-matching pattern annotations on quantified formulas as a kind of logic programming language, used to encode se-mantics of the programming language undergoing verifica-tio...

We present the design of a meta-programming system em- bedded into Nemerle1, a new functional language for the .NET plat- form. The system enables compile-time operations { generation, trans- formation and automated analysis of programs by means of hygienic code quotation, syntax extensions, operating on the code like on any other datatype (e.g. li...

E!cie nt handling of quantifiers is crucial for solving software verification problems. E-matching algorithms are used in satisfability modulo theories solvers that handle quantified formulas through instantiation. Two novel, e!c ient algorithms for solv- ing the E-matching problem are presented and compared to a well-known algorithm described in t...

Modern Satisfiability Modulo Theories (SMT) solvers are used in a wide variety of software and hardware verification applications. Proof producing SMT solvers are very desirable as they increase confidence in the solver and ease debugging/profiling, while allowing for scenarios like Proof-Carrying Code (PCC). However, the size of typical proofs gen...

Well-specified programs enable code reuse and therefore techniques that help programmers to annotate code correctly are valuable. We devised an automated analysis that detects unreachable code in the presence of code annotations. We implemented it as an enhancement of the extended static checker ESC/Java2 where it serves as a check of coherency of...

Automated theorem provers are used in extended static check- ing, where they are the performance bottleneck. Extended static checkers are run typically after incremental changes to the code. We propose to exploit this usage pattern to improve performance. We present two ap- proaches of how to do so and a full solution.

Vx86 is the first static analyzer for sequential Intel x86 assembler code using automated deductive verification. It proves the correctness of assembler code against function contracts, which are expressed in terms of pre-, post-, and frame conditions using first-order predicates. Vx86 takes the annotated assembler code, translates it into C code s...

Folklore has it that verification of functional properties of C programs is intractable without making compromises on soundness of the heap model or coverage of C features. In contrast, we present a heap model for deductive verifi-cation that achieves (1) soundness by explicitly keeping track of runtime type as-signment of pointers, (2) completenes...

The number of applications available in mobile marketplaces is increasing rapidly. It's very easy to become overwhelmed by the sheer size of their codebase. We propose to use code clone analysis to help manage existing applications and develop new ones. First, we propose an automatic application ranking scheme based on (dis)similarity. Traditionall...

We describe a methodology for reasoning about realistic concurrent programs. Our methodology allows two-state invariants that span multiple objects without sacrificing thread- or data-modularity, as well as the derived construction of first-class objects that capture knowledge about the system state. The methodology has been implemented in an autom...

A common problem faced by modern mobile-device platforms is that third-party applications in the marketplace may leak private information without notifying users. Existing approaches adopted by these platforms provide little information on what applications will do with the private information, failing to effectively assist users in deciding whethe...