School of Computing Science

Evaluating and Enhancing Memory Safety in LLM-Generated Code on CHERI

Group: Systems Seminars
Speaker: Yuxin Qin, University of Glasgow
Date: 12 May, 2026
Time: 14:00 - 15:00
Location: Room 422, Sir Alwyn Williams Building and Zoom

Abstract: We investigate whether large language models (LLMs) can generate low-level C code that satisfies practical memory safety requirements under capability enforcement. By prompting multiple local LLMs to produce 120 compilable programs for binary parsing, record decoding, and image/ log processing, and analyzing them with CBMC, AddressSanitizer (ASan), Valgrind, and the CHERI platform (Arm Morello), we find that memory safety violations are prevalent. Error patterns, particularly in pointer and raw buffer manipulations, closely resemble mistakes made by novice programmers.

Notably, we find that CHERI not only detects all violations caught by traditional tools but also reliably traps spatial violations that remain latent on conventional systems, demonstrating its potential for securing untrusted LLM-generated code.

Motivated by these findings, we propose a two-stage collaborative workflow model that combines LLM generation with hardware-assisted CHERI enforcement. As a first step, we implement a prototype integrating prompt-plus-RAG with CHERI and WARDuino, achieving a 3.2× speedup and 86\% first-run success on memory safety benchmarks—demonstrating a promising path toward safer automated systems code.

Speaker: Yuxin is a fifth year PhD student in Computing Science as you may know well in this building. This talk is mainly about her eighth paper during her PhD. Details can be seen in the abstract above. Yuxin is also well experienced in NSFC application. She is currently looking for a Europe based PI to apply for a NSFC travel budget (€ 37,500) together closing on 4th June (UK ddl). For UK: https://royalsociety.org/grants/ international-exchanges/ , For All: https://www.nsfc.gov.cn/english/site_1/international/D6/2026/03-24/510.html  This will be her third NSFC funding application planned in this fiscal year. Looking forward to working together with you!

[FATA Seminar] Logics for the specification of hyperproperties

Group: Formal Analysis, Theory and Algorithms (FATA)
Speaker: Jonni Virtema, FATA
Date: 12 May, 2026
Time: 15:00 - 16:00
Location: Sir Alwyn Williams Building, 422 Seminar Room

Since the 1980s, model checking has become a staple in verification. For Linear Temporal Logic (LTL) and its progeny, the model checking problem asks whether every trace of a given system fulfils a given temporal specification such as a liveness or fairness property. Notably, this specification considers the traces of the input in isolation and cannot relate different traces to each other. However, it is not hard to come up with natural properties that require viewing different traces in tandem. A textbook example is bounded termination; one cannot decide whether a system terminates in bounded time by considering computation traces of the system in isolation. Further typical properties of this kind are many information-flow properties of systems such as observational determinism or generalised non-interference. A common term coined for properties of the aforementioned kind are hyperproperties (in contrast to trace properties). Hyperproperties describe properties of sets of traces, and since LTL and other traditional temporal logics can only specify trace properties, new logics have needed to be designed to fill this gap. In this talk, I review two approaches for designing logics for hyperproperties: a) HyperLTL and is progeny that are obtained from classical temporal logics by extending their syntax with quantifiers ranging over traces, b) TeamLTL and its variants, which adopt team semantics and lift the satisfaction of LTL formulae to sets of traces directly. In addition to introducing these logical formalism, I will review their expressive power (in relation to each other) and the complexity of their model checking and satisfiability problems.

MSci presentation

Group: Systems Seminars
Speaker: Ravin Syahravindra Fadeyka Aziz, University of Glasgow
Date: 13 May, 2026
Time: 10:00 - 11:00
Location: SAWB 203 or Zoom

Describing Binary Data using Dependent Types

Group: Programming Languages at University of Glasgow (PLUG)
Speaker: Daniel Hally
Date: 13 May, 2026
Time: 15:00 - 16:00
Location: F121 Lilybank Gardens and Online

Ad-hoc data formats can be difficult to work with, often lacking thorough documentation and typically having little publicly released tooling tooling. Data description languages (DDLs) are designed to aid in working with these formats, providing a way to describe the structure of data in a rigorous, declarative manner and generate parsers based on these descriptions (and sometimes serialisers too). Fisher et al.'s Data Description Calculus (DDC) is a formalisation of this family of languages, defining a set of types that can describe various data formats with rich error reporting.

SCONE Meeting

Group: Scottish Informatics and Computer Science Alliance (SICSA)
Speaker: SICSA Event, SICSA
Date: 15 May, 2026
Time: 12:00 - 17:00
Location:Informatics Forum, School of Informatics, University of Edinburgh, Edinburgh, EH8 9AB

The next SCONE meeting will be hosted at University of Edinburgh on Friday 15th May. Register SCONE is the SCOttish Networking Event – an informal gathering of networking and systems researchers in and around Scotland. The goal of these meetings is to foster interaction between researchers from our various institutions. Each meeting will take place over the course of an afternoon, and feature: talks from PhD students talks from faculty, postdocs and industrial researchers discussions of possible funding opportunities food and drink

Evaluating and Enhancing Memory Safety in LLM-Generated Code on CHERI

Group: Systems Seminars
Speaker: Yuxin Qin, University of Glasgow
Date: 12 May, 2026
Time: 14:00 - 15:00
Location: Room 422, Sir Alwyn Williams Building and Zoom

Abstract: We investigate whether large language models (LLMs) can generate low-level C code that satisfies practical memory safety requirements under capability enforcement. By prompting multiple local LLMs to produce 120 compilable programs for binary parsing, record decoding, and image/ log processing, and analyzing them with CBMC, AddressSanitizer (ASan), Valgrind, and the CHERI platform (Arm Morello), we find that memory safety violations are prevalent. Error patterns, particularly in pointer and raw buffer manipulations, closely resemble mistakes made by novice programmers.

Notably, we find that CHERI not only detects all violations caught by traditional tools but also reliably traps spatial violations that remain latent on conventional systems, demonstrating its potential for securing untrusted LLM-generated code.

Motivated by these findings, we propose a two-stage collaborative workflow model that combines LLM generation with hardware-assisted CHERI enforcement. As a first step, we implement a prototype integrating prompt-plus-RAG with CHERI and WARDuino, achieving a 3.2× speedup and 86\% first-run success on memory safety benchmarks—demonstrating a promising path toward safer automated systems code.

Speaker: Yuxin is a fifth year PhD student in Computing Science as you may know well in this building. This talk is mainly about her eighth paper during her PhD. Details can be seen in the abstract above. Yuxin is also well experienced in NSFC application. She is currently looking for a Europe based PI to apply for a NSFC travel budget (€ 37,500) together closing on 4th June (UK ddl). For UK: https://royalsociety.org/grants/ international-exchanges/ , For All: https://www.nsfc.gov.cn/english/site_1/international/D6/2026/03-24/510.html  This will be her third NSFC funding application planned in this fiscal year. Looking forward to working together with you!

[FATA Seminar] Logics for the specification of hyperproperties

Group: Formal Analysis, Theory and Algorithms (FATA)
Speaker: Jonni Virtema, FATA
Date: 12 May, 2026
Time: 15:00 - 16:00
Location: Sir Alwyn Williams Building, 422 Seminar Room

Since the 1980s, model checking has become a staple in verification. For Linear Temporal Logic (LTL) and its progeny, the model checking problem asks whether every trace of a given system fulfils a given temporal specification such as a liveness or fairness property. Notably, this specification considers the traces of the input in isolation and cannot relate different traces to each other. However, it is not hard to come up with natural properties that require viewing different traces in tandem. A textbook example is bounded termination; one cannot decide whether a system terminates in bounded time by considering computation traces of the system in isolation. Further typical properties of this kind are many information-flow properties of systems such as observational determinism or generalised non-interference. A common term coined for properties of the aforementioned kind are hyperproperties (in contrast to trace properties). Hyperproperties describe properties of sets of traces, and since LTL and other traditional temporal logics can only specify trace properties, new logics have needed to be designed to fill this gap. In this talk, I review two approaches for designing logics for hyperproperties: a) HyperLTL and is progeny that are obtained from classical temporal logics by extending their syntax with quantifiers ranging over traces, b) TeamLTL and its variants, which adopt team semantics and lift the satisfaction of LTL formulae to sets of traces directly. In addition to introducing these logical formalism, I will review their expressive power (in relation to each other) and the complexity of their model checking and satisfiability problems.

MSci presentation

Group: Systems Seminars
Speaker: Ravin Syahravindra Fadeyka Aziz, University of Glasgow
Date: 13 May, 2026
Time: 10:00 - 11:00
Location: SAWB 203 or Zoom

Describing Binary Data using Dependent Types

Group: Programming Languages at University of Glasgow (PLUG)
Speaker: Daniel Hally
Date: 13 May, 2026
Time: 15:00 - 16:00
Location: F121 Lilybank Gardens and Online

Ad-hoc data formats can be difficult to work with, often lacking thorough documentation and typically having little publicly released tooling tooling. Data description languages (DDLs) are designed to aid in working with these formats, providing a way to describe the structure of data in a rigorous, declarative manner and generate parsers based on these descriptions (and sometimes serialisers too). Fisher et al.'s Data Description Calculus (DDC) is a formalisation of this family of languages, defining a set of types that can describe various data formats with rich error reporting.

SCONE Meeting

Group: Scottish Informatics and Computer Science Alliance (SICSA)
Speaker: SICSA Event, SICSA
Date: 15 May, 2026
Time: 12:00 - 17:00
Location: Informatics Forum, School of Informatics, University of Edinburgh, Edinburgh, EH8 9AB

The next SCONE meeting will be hosted at University of Edinburgh on Friday 15th May. Register SCONE is the SCOttish Networking Event – an informal gathering of networking and systems researchers in and around Scotland. The goal of these meetings is to foster interaction between researchers from our various institutions. Each meeting will take place over the course of an afternoon, and feature: talks from PhD students talks from faculty, postdocs and industrial researchers discussions of possible funding opportunities food and drink

SICSA Seminar - Dr Abd Alsattar Ardati presents Teaching Product Judgement

Group: Scottish Informatics and Computer Science Alliance (SICSA)
Speaker: SICSA Event, SICSA
Date: 19 May, 2026
Time: 11:00 - 11:00
Location: Jack Cole Building, University of St Andrews, St Andrews

Teaching Product Judgement: Rethinking the Student Experience in Software Product and Project Management with Dr Abd Alsattar Ardati Abstract: Software engineering students are often well prepared to think about implementation and delivery, but less often asked to reason about value, prioritisation, uncertainty, and strategic trade-offs. In this talk, I will present the pedagogical design of CS5034, a Master’s-level module in Software Product and Project Management at the University of St Andrews, and reflect on how it was used to reshape the student experience around product judgement rather than delivery alone. The module combines a standards-based foundation in software product management through ISPMA with discovery-led teaching, a shared fictional startup case, studio-style tutorials, and coursework built around revision and feedback. I will discuss how this design makes assumptions, trade-offs, and strategic reasoning more visible to students, and what this experience suggests for educators seeking stronger connections between software engineering education and contemporary product practice. Dr Abd Alsattar Ardati is a Lecturer in Computer Science at the University of St Andrews where his work spans human computer interaction, software engineering, and digital inclusion, with a focus on participatory design and socio-technical systems that connect universities, industry, and communities. This seminar will be hybrid from University of St Andrews. Register to receive meeting link.

Automated Digital Twin Generation for Network Testing: A Multi-Topology Validation

Group: Systems Seminars
Speaker: Shenjia Ding, University of Glasgow
Date: 19 May, 2026
Time: 14:00 - 15:00
Location: Room 422, Sir Alwyn Williams Building and Zoom

[FATA Seminar] Constraint Solving During a RAM Crisis - CP in 300 Kilobytes

Group: Formal Analysis, Theory and Algorithms (FATA)
Speaker: Guido Tack, Monash University
Date: 19 May, 2026
Time: 15:00 - 16:00
Location: Sir Alwyn Williams Building, 422 Seminar Room

Constraint solving is a way of describing decision problems using variables and rules, and then automatically finding solutions that satisfy those rules. It is widely used in applications such as scheduling, assignment, configuration, routing, and rostering. The systems used for solving these problems are usually designed for desktop and server machines with abundant memory. This talk explores whether constraint programming can be reengineered for microcontroller-class hardware instead, where processors are increasingly capable, but RAM is often limited to only a few hundred kilobytes. I will present Thornbill-CP, a constraint programming solver architecture designed for that environment, and discuss what changes are necessary when constraint solving is pushed into such a tight memory budget. The talk will explain briefly how traditional constraint solvers work, and then cover the main architectural ideas behind Thornbill-CP, early results from running it on ESP32 and RP-series devices, and the kinds of embedded applications that could benefit from on-device constraint solving.

"Abuse Risks are Often Inherent to Product Features": Exploring AI Vendors' Bug Bounty and Responsible Disclosure Policies

Group: Networked Systems Research Laboratory (NETLAB)
Speaker: Yangheran Piao, University of Edinburgh
Date: 21 May, 2026
Time: 10:00 - 11:00
Location: Sir Alwyn Williams Building, 423 Seminar Room

Abstract:

As vendors adopt AI technologies, security researchers are working to uncover and fix related vulnerabilities, which is important given AI systems handle sensitive data and critical functions. This process relies on vendors receiving and rewarding AI vulnerability reports. To assess current practices, we analyzed the vulnerability disclosure policies of 264 AI vendors. We employed a mixed-methods approach, combining snapshot and longitudinal qualitative analysis, as well as comparing alignment with 320 AI incidents and 260 academic articles. Our analysis reveals that 36% of AI vendors have no established policy, and only 18% mention AI risks. Data access, authorization, and model extraction vulnerabilities are most consistently declared in-scope. Jailbreaking and hallucination are most commonly declared out-of-scope. We identify three profiles that reflect vendors' different positions toward AI vulnerabilities: proactive clarification (n = 46), silent (n = 115), and restrictive (n = 103). Our alignment results suggest that vendors may address AI vulnerability disclosure later than academic research and real-world incidents.

Bio:

Yangheran (Lawrence) Piao is a third-year PhD student at the School of Informatics, University of Edinburgh. His research explores usable security, security economics, and cybercrime, with a specific focus on the vulnerability disclosure ecosystem, bug bounties, and AI vulnerability reporting. Yangheran’s work has been published and presented at premier security venues, including USENIX Security, IEEE S&P (Oakland), and WEIS.

Computing for Whom? Capital and Participation in Computing Higher Education

Group: Computing Science Education Research and Practice
Speaker: Thom Kunkeler, Uppsala University
Date: 21 May, 2026
Time: 15:00 - 16:00
Location: F121 Lilybank Gardens and Online

Computing education in Western countries has traditionally been characterised by low levels of participation and diversity amongst its student population. In order to broaden participation in the field, it is fundamental to understand why students engage with computing, and what they aspire to get out of their education. In my PhD research, I apply Bourdieu’s framework on social, cultural, and economic capital to address the issue. During this informal research discussion, I present findings from a nationwide population study examining transitions into computing education in Sweden. Using administrative register data covering all 1,014,519 upper secondary graduates between 2014 and 2024, the analysis identifies 8,916 individuals who completed a computing-related higher education degree as their first qualification. The study examines how upper secondary programme choice, academic performance, family education, income, parental occupation, and geography shape transitions into computing. The results show that computing graduates are disproportionately drawn from technical and science programmes and from families with higher levels of educational and socioeconomic capital. These findings highlight how early educational pathways and social background structure access to computing education, with implications for broadening participation in the field.

Synergistic Hardware-Software Co-Design for Approximate Real-Time Systems

Group: Systems Seminars
Speaker: Shounak Chakraborty, Durham University
Date: 26 May, 2026
Time: 14:00 - 15:00
Location: Room 422, Sir Alwyn Williams Building and Zoom

Abstract: Modern data centers in hubs consume hundreds of megawatts to support global services. To address this energy crisis, we must optimize the performance-per-watt across the entire stack—from application layers down to the device level. This seminar introduces PRECIOUS, a framework designed to maximize Quality of Service (QoS) for dependent real-time tasks on heterogeneous Chip Multi-Processors (CMPs). The core of PRECIOUS is a hybrid offline-online strategy. Offline, we utilise an Integer Linear Programming (ILP) scheduling approach to optimally assign task versions and cores while satisfying power and timing constraints. Online, the framework leverages the density of Multi-Level Cell (MLC) MRAM-based Last-Level Caches (LLC). By employing novel cell-splitting and intelligent write-steering, we reduce cache miss rates by 19% and improve throughput by 5.7%. Validated on 64-core systems, PRECIOUS achieves up to 76% normalised QoS, outperforming traditional heuristic methods. Furthermore, the framework converts architectural efficiency into dynamic runtime slacks, enabling a 9.0% QoS boost and cluster power-gating without additional energy overhead. 

Speaker's Bio: Dr. Shounak Chakraborty is an Assistant Professor in the Department of Computer Science at Durham University and a member of the Scientific Computing Research Group. He also serves as a Visiting Fellow at the University of Essex and was previously a Marie Curie Postdoctoral Fellow as well as an ERCIM Postdoctoral Fellow at NTNU, Norway. Beyond his academic background, he brings two years of industry experience as a Computer System Architect at ZeroPoint Technologies AB in Sweden, where he researched memory compression mechanisms to enhance energy efficiency. His research is situated at the intersection of computer architecture and compilers, with a focus on improving the energy and thermal efficiency of modern Chip Multi-Processors. Dr. Chakraborty's recent work, which includes a project supported by APRIL AI Hub, investigates the use of emerging non-volatile memory technologies and 3D-FETs to optimize Quality of Service in time-critical systems. His research has been published in several journals such as IEEE TC, IEEE TCAD, IEEE TPDS, ACM TECS, ACM TACO, etc. some conferences including the DAC, IPDPS, CF, DATE, ASAP, etc. 

[FATA Seminar] TBA

Group: Formal Analysis, Theory and Algorithms (FATA)
Speaker: Ricardo Almeida, FATA
Date: 26 May, 2026
Time: 15:00 - 16:00
Location: Sir Alwyn Williams Building, 422 Seminar Room

TBA

Mathematical Foundations for Symmetric Programming

Group: Programming Languages at University of Glasgow (PLUG)
Speaker: Ohad Kammar, University of Edinburgh
Date: 27 May, 2026
Time: 15:00 - 16:00
Location: F121 Lilybank Gardens and Online

Joint work with Matija Pretnar.

We propose abstractions for exploiting symmetries in programming and
reasoning based on the mathematical proof principle
"without-loss-of-generality" (wlog). We decompose such arguments into
three components. The first component makes the symmetry explicit by
defining appropriate groups and their action on the input/assumptions
and output/conclusions. The second component explicates how to
canonise the input, by choosing appropriate symmetries for each
input. The third component is a core function/proof that transforms
canonical inputs into outputs. The proposed wlog construct combines
these components: given an input, calculate its canonising symmetry,
use the symmetry to canonise the input, apply the core function to the
canonical input, and apply the inverse symmetry to the output.
Here we develop the mathematical foundations for these abstractions.

We illustrate the approach on running examples: sliding-tile merges in
2048, binary-tree insertion, and Schur's inequality as a mathematical
instance of WLOG. We extend the framework to algebraic datatypes using
initial algebra semantics, showing how a G-symmetry strength on a
functor lifts group actions to inductive types and that the unique
fold into an equivariant algebra is itself equivariant, allowing us to
avoid using general recursion to define a symmetric version of tree
insertion. Finally, we develop the theory of equivariant canonisers
and explore the cases when the WLOG construction is guaranteed to
produce an equivariant function.

Scottish Argumentation Day 2026

Group: Scottish Informatics and Computer Science Alliance (SICSA)
Speaker: SICSA Event, SICSA
Date: 29 May, 2026
Time: 01:00 - 01:00
Location: University of Dundee

Scotland has a particularly high concentration of research groups working in the AI subfield of computational argumentation. Scottish Argumentation Day has previously been attended by researchers based both in Scotland and further afield, and has enabled the Scottish argumentation community to present their work in an informal setting, share feedback, and strengthen professional links. SAD began with Aberdeen 2011, and most recently took place in Edinburgh 2024. In continuing this series, our aim is threefold: (i) enable Scottish argumentation researchers, and especially PhD students, to mutually present their work; (ii) affirm Scottish argumentation research as a recognisable presence; (iii) provide a concrete opportunity for Scottish researchers to network. At SAD 2026 we aim to improve visibility for Scotland-based researchers, especially PhD students and early-career researchers, to encourage knowledge- and skill-exchange at all levels, and to foster cross-institution relations and collaborations. Participation is free but registration is required. ————————————————– We invite abstracts of up to 250 words to be presented as a short talk or poster. Participants at all levels are encouraged to present work, so that everyone can come away with a view of the current Scottish argumentation landscape. We invite abstracts at a range of levels, including: Overview of a specific research project or a lab’s area of work Recent work Work in progress, recent findings or initial results PhD projects and project plans PhD students are especially encouraged to present their projects and project plans to benefit from wider feedback in a supportive atmosphere. Abstract submission form: https://forms.gle/qCVGqi1sahCKATJv6 ————————————————– The day will be scaffolded by three keynote talks by John Lawrence of the University of Dundee, Elena Musi of the University of Liverpool and Henning Wachsmuth of Leibniz University Hannover. ————————————————–

TBC

Group: Networked Systems Research Laboratory (NETLAB)
Speaker: Jinming Yang
Date: 04 June, 2026
Time: 10:00 - 11:00
Location: Sir Alwyn Williams Building, 423 Seminar Room

EASE 2026: International Conference on Evaluation and Assessment in Software Engineering

Group: Scottish Informatics and Computer Science Alliance (SICSA)
Speaker: SICSA Event, SICSA
Date: 09 June, 2026
Time: 01:00 - 01:00
Location: James McCune Smith Learning Hub, University Avenue, Glasgow, G12 8QW

EASE is an internationally leading venue for academics and practitioners to present and discuss their research on evidence-based software engineering, and its implications for software practice. EASE is ranked as A conference in CORE. The 30th edition of EASE will take place in Glasgow, Scotland. EASE 2026 welcomes high-quality submissions, describing original and unpublished research for the following tracks: full research papers, short papers & emerging results, industry, posters & vision, journal-first, and a doctoral symposium. There will also be co-located events, including workshops and tutorials, and a track planned for journal-first presentations. See conference website for submission tracks and deadlines. EASE 2026

S3CIX 2026 - Symposium and Summer School on Computational Interaction

Group: Scottish Informatics and Computer Science Alliance (SICSA)
Speaker: SICSA Event, SICSA
Date: 16 June, 2026
Time: 01:00 - 01:00
Location: Sir Alwyn Williams Building, University of Glasgow, 18 Lilybank Gardens, Glasgow, G12 8QN, United Kingdom

Registration for the 10th Symposium and Summer School on Computational Interaction will open 1 February and close 14 March 2026. View programme, event details and registration process at S³CIX 2026. This year S³CIX is expanding from a Summer School format to also include a 4 day long academic Symposium. We anticipate about 30 students and 40 academics and invited speakers to attend. There will also be two workshops. Computational interaction often involves elements from machine learning, signal processing, information theory, optimisation, inference, control theory and formal modelling. Computational interaction would typically involve at least one of: an explicit mathematical model of user-system behaviour; a way of updating that model with observed data from users; an algorithmic element that, using this model, can directly synthesise or adapt the design; a way of automating and instrumenting the modelling and design process; the ability to simulate or synthesise elements of the expected user-system behaviour.”

TBC

Group: Networked Systems Research Laboratory (NETLAB)
Speaker: Muhammad Arif
Date: 18 June, 2026
Time: 10:00 - 11:00
Location: Lilybank Gardens, F121 Conference Room

10th Summer School and Symposium on Computational Interaction (S³CIX)

Group: Inference, Dynamics and Interaction (IDI)
Speaker: multiple
Date: 20 June, 2026
Time: 09:00 - 16:00
Location: Sir Alwyn Williams Building, 422 Seminar Room

Welcome to the Symposium and Summer School on Computational Interaction! This year we are expanding from a Summer School format to also include a 4 day long academic Symposium. We anticipate about 30 students and 40 academics and invited speakers to attend. There will also be two workshops.

SPLV’26: Scottish Programming Languages and Verification Summer School 2026

Group: Scottish Informatics and Computer Science Alliance (SICSA)
Speaker: SICSA Event, SICSA
Date: 03 August, 2026
Time: 01:00 - 01:00
Location: TBA

The 2026 edition of SPLV will be held at the University of Glasgow, with the main courses running from within the Gilbert Scott Building. The school is aimed at PhD students in programming languages, verification and related areas. Researchers and practitioners are welcome, as are strong undergraduate and masters students with the support of a supervisor. Participants should have a background in computer science, mathematics or a related discipline. Prospective students may contact the organisers if they have any concerns about background knowledge. Registration will open March 2026. View full programme at SPLV 2026 | SPLV