"... In PAGE 14: ...Table2 . Our analysis proved a num- ber of driver routines to be memory-safe in a sequential execution environment (see [6] for notes on how we can lift this analysis to a concurrent setting).... In PAGE 14: ... Our analysis also found several previously unknown errors in the routines. As an example, one error (from t1394 CancelIrp, Table2 ) involves a procedure that takes a list pointed to by a structure contained in another list and commits a memory-safety error when the nested list is empty (the presumption that the list can never be empty turns out not to be justi ed). This bug has been con rmed by the Windows kernel team and placed into the database of device driver bugs to be repaired.... ..."

"... In PAGE 2: ... It is also possible, however, to view the program to be evaluated as data, which are transformed by certain operations according to a particular inference mechanism, and apply some of these operations in parallel to the whole, or parts of the original program. Table1 shows an overview of the categories of parallelism, arranged according to the granularity and the components of a logic program. It identi es the particular data structures and operations applied in a category.... In PAGE 2: ... It identi es the particular data structures and operations applied in a category. The notation used in Table1 is based on viewing a logic program as a collection of clauses, possibly organized into modules (or objects). The clauses consist of literals, arranged as head and tail.... ..."

"... In PAGE 26: ... Observe that if 0 x lt; 2, then trunc(x; 32) = x(1 ? x), for some 0 x lt; 2?31, and away(x; 32) = x(1 + x), for some 0 x lt; 2?31. These two observations, along with the de nition of comp and appropriate de nitions of quot;sdd0, quot;sd1, quot;sdd1, and quot;sd2 (as functions of d analogous to quot;sd0 above) allow us to derive the equations and inequalities of Table2 . From these inequalities it readily follows that 0 quot;sd2(d) lt; 2?28 and hence Lemma 8.... ..."

"... In PAGE 2: ... Upper part: The nine di erent possible combinations of high-, normal-, and low levels in the bu er (left tank) and supply (right tank), separated byvertical dotted lines, are shown. The level limits (see Table4 ) are indicated by two short horizontal lines in each tank. The three numbers above the tanks show, in each of the nine cases, the control input setting of the inlet valve (u d 3 ), the pump (u d 2 ), and the outlet valve(u d 4 ), respectively.... In PAGE 2: ... Then the pump stage is set to 0 or 2 (according to the present situation), while the valves keep their position from the upper part. See Table4 for the value of . The inlet- and outlet valves should be open.... ..."

"... In PAGE 4: ...eparation Logic. We now introduce the separation logic (SL), see e.g. [Rey02], on top of which we will define our temporal logic. The syntax of the logic is given in Table1 . As separation logic is about reasoning on disjoint heaps, and we need to define what we mean by disjoint heaps in our model.... ..."

"... In PAGE 10: ... Yet, rule applications for rst- order reasoning and program reasoning are not separated but intertwined. For rst-order and propositional logic standard rule schemata are listed in Table1 , including an integer induction scheme. Within the rules for the program logic part (Table 2), state update rules R29{R30 constitute a peculiarity of ODL and will be discussed after de ning rule applications.... ..."

"... In PAGE 14: ... We believe a slightly specialized termination analyzer for typed programs could remove a significant part of this overhead. In Table2 , our second experiment, we selected six programs from the lit- erature, including our first example of Section 1. First, we manually added polymorphic Hindley/Milner types and checked well-typedness.... In PAGE 14: ... To construct the type separated program we used the inferred regular types. The results are shown in the last column of Table2 . In some cases we significantly improve the termination conditions for an untyped program without needing any user-added type information.... ..."