Results 11  20
of
1,754
Hierarchical correctness proofs for distributed algorithms
, 1987
"... We introduce the inputoutput automaton, a simple but powerful model of computation in asynchronous distributed networks. With this model we are able to construct modular, hierarchical correctness proofs for distributed algorithms. We define this model, and give an interesting example of how it can ..."
Abstract

Cited by 418 (51 self)
 Add to MetaCart
We introduce the inputoutput automaton, a simple but powerful model of computation in asynchronous distributed networks. With this model we are able to construct modular, hierarchical correctness proofs for distributed algorithms. We define this model, and give an interesting example of how it can be used to construct such proofs.
FailStop Processors: An Approach to Designing FaultTolerant Computing Systems
, 1983
"... This paper was originally submitted to ACM Transactions on Programming Languages and Systems. The responsible editor was Susan L. Graham. The authors and editor kindly agreed to transfer the paper to the ACM Transactions on Computer Systems ..."
Abstract

Cited by 354 (18 self)
 Add to MetaCart
This paper was originally submitted to ACM Transactions on Programming Languages and Systems. The responsible editor was Susan L. Graham. The authors and editor kindly agreed to transfer the paper to the ACM Transactions on Computer Systems
Definitional interpreters for higherorder programming languages
 Reprinted from the proceedings of the 25th ACM National Conference
, 1972
"... Abstract. Higherorder programming languages (i.e., languages in which procedures or labels can occur as values) are usually defined by interpreters that are themselves written in a programming language based on the lambda calculus (i.e., an applicative language such as pure LISP). Examples include ..."
Abstract

Cited by 338 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Higherorder programming languages (i.e., languages in which procedures or labels can occur as values) are usually defined by interpreters that are themselves written in a programming language based on the lambda calculus (i.e., an applicative language such as pure LISP). Examples include McCarthy’s definition of LISP, Landin’s SECD machine, the Vienna definition of PL/I, Reynolds ’ definitions of GEDANKEN, and recent unpublished work by L. Morris and C. Wadsworth. Such definitions can be classified according to whether the interpreter contains higherorder functions, and whether the order of application (i.e., call by value versus call by name) in the defined language depends upon the order of application in the defining language. As an example, we consider the definition of a simple applicative programming language by means of an interpreter written in a similar language. Definitions in each of the above classifications are derived from one another by informal but constructive methods. The treatment of imperative features such as jumps and assignment is also discussed.
Extended static checking
 SRC RESEARCH REPORT 159, COMPAQ SYSTEMS RESEARCH CENTER
, 1998
"... ..."
(Show Context)
ESP: PathSensitive Program Verification in Polynomial Time
, 2002
"... In this paper, we present a new algorithm for partial program verification that runs in polynomial time and space. We are interested in checking that a program satisfies a given temporal safety property. Our insight is that by accurately modeling only those branches in a program for which the proper ..."
Abstract

Cited by 299 (4 self)
 Add to MetaCart
(Show Context)
In this paper, we present a new algorithm for partial program verification that runs in polynomial time and space. We are interested in checking that a program satisfies a given temporal safety property. Our insight is that by accurately modeling only those branches in a program for which the propertyrelated behavior differs along the arms of the branch, we can design an algorithm that is accurate enough to verify the program with respect to the given property, without paying the potentially exponential cost of full pathsensitive analysis. We have implemented this “property simulation ” algorithm as part of a partial verification tool called ESP. We present the results of applying ESP to the problem of verifying the file I/O behavior of a version of the GNU C compiler (gcc, 140,000 LOC). We are able to prove that all of the 646 calls to fprintf in the source code of gcc are guaranteed to print to valid, open files. Our results show that property simulation scales to large programs and is accurate enough to verify meaningful properties.
AgentOriented Software Engineering
, 1999
"... Software and knowledge... In this article, we argue that intelligent agents and agentbased systems offer novel opportunities for developing effective tools and techniques. Following a discussion on the classic subject of what makes software complex, we introduce intelligent agents as software struc ..."
Abstract

Cited by 259 (19 self)
 Add to MetaCart
(Show Context)
Software and knowledge... In this article, we argue that intelligent agents and agentbased systems offer novel opportunities for developing effective tools and techniques. Following a discussion on the classic subject of what makes software complex, we introduce intelligent agents as software structures capable of making "rational decisions". Such rational decisionmakers are wellsuited to the construction of certain types of software, which mainstream software engineering has had little success with. We then go on to examine a number of prototype techniques proposed for engineering agent systems, including formal specification and verification methods for agent systems, and techniques for implementing agent specifications
Integrating noninterfering versions of programs
 ACM Transactions on Programming Languages and Systems
, 1989
"... The need to integrate several versions of a program into a common one arises frequently, but it is a tedious and time consuming task to integrate programs by hand. To date, the only available tools for assisting with program integration are variants of textbased differential file comparators; these ..."
Abstract

Cited by 250 (23 self)
 Add to MetaCart
(Show Context)
The need to integrate several versions of a program into a common one arises frequently, but it is a tedious and time consuming task to integrate programs by hand. To date, the only available tools for assisting with program integration are variants of textbased differential file comparators; these are of limited utility because one has no guarantees about how the program that is the product of an integration behaves compared to the programs that were integrated. This paper concerns the design of a semanticsbased tool for automatically integrating program versions. The main contribution of the paper is an algorithm that takes as input three programs A, B, and Base, where A and 8 are two variants of Base. Whenever the changes made to Base to create A and B do not “interfere ” (in a sense defined in the paper), the algorithm produces a program M that integrates A and B. The algorithm is predicated on the assumption that differences in the behavior of the variant programs from that of Base, rather than differences in the text, are significant and must be preserved in M. Although it is undecidable whether a program modification actually leads to such a difference, it is possible to determine a safe approximation by comparing each of the variants with Base. To determine this information, the integration algorithm employs a program representation that is similar (although not identical) to the dependence graphs that have been used
Domain Theory in Logical Form
 Annals of Pure and Applied Logic
, 1991
"... The mathematical framework of Stone duality is used to synthesize a number of hitherto separate developments in Theoretical Computer Science: • Domain Theory, the mathematical theory of computation introduced by Scott as a foundation for denotational semantics. • The theory of concurrency and system ..."
Abstract

Cited by 249 (8 self)
 Add to MetaCart
(Show Context)
The mathematical framework of Stone duality is used to synthesize a number of hitherto separate developments in Theoretical Computer Science: • Domain Theory, the mathematical theory of computation introduced by Scott as a foundation for denotational semantics. • The theory of concurrency and systems behaviour developed by Milner, Hennessy et al. based on operational semantics. • Logics of programs. Stone duality provides a junction between semantics (spaces of points = denotations of computational processes) and logics (lattices of properties of processes). Moreover, the underlying logic is geometric, which can be computationally interpreted as the logic of observable properties—i.e. properties which can be determined to hold of a process on the basis of a finite amount of information about its execution. These ideas lead to the following programme:
OrderSorted Algebra I: Equational Deduction for Multiple Inheritance, Overloading, Exceptions and Partial Operations
 Theoretical Computer Science
, 1992
"... This paper generalizes manysorted algebra (hereafter, MSA) to ordersorted algebra (hereafter, OSA) by allowing a partial ordering relation on the set of sorts. This supports abstract data types with multiple inheritance (in roughly the sense of objectoriented programming), several forms of pol ..."
Abstract

Cited by 231 (36 self)
 Add to MetaCart
(Show Context)
This paper generalizes manysorted algebra (hereafter, MSA) to ordersorted algebra (hereafter, OSA) by allowing a partial ordering relation on the set of sorts. This supports abstract data types with multiple inheritance (in roughly the sense of objectoriented programming), several forms of polymorphism and overloading, partial operations (as total on equationally defined subsorts), exception handling, and an operational semantics based on term rewriting. We give the basic algebraic constructions for OSA, including quotient, image, product and term algebra, and we prove their basic properties, including Quotient, Homomorphism, and Initiality Theorems. The paper's major mathematical results include a notion of OSA deduction, a Completeness Theorem for it, and an OSA Birkhoff Variety Theorem. We also develop conditional OSA, including Initiality, Completeness, and McKinseyMalcev Quasivariety Theorems, and we reduce OSA to (conditional) MSA, which allows lifting many known MSA results to OSA. Retracts, which intuitively are left inverses to subsort inclusions, provide relatively inexpensive runtime error handling. We show that it is safe to add retracts to any OSA signature, in the sense that it gives rise to a conservative extension. A final section compares and contrasts many different approaches to OSA. This paper also includes several examples demonstrating the flexibility and applicability of OSA, including some standard benchmarks like STACK and LIST, as well as a much more substantial example, the number hierarchy from the naturals up to the quaternions.
Reasoning about Belief in Cryptographic Protocols
 Proceedings 1990 IEEE Symposium on Research in Security and Privacy
, 1990
"... Abstract. Analysis methods for cryptographic protocols have often focused on information leakage rather than on seeing whether a protocol meets its goals. Many protocols, however, fall far short of meeting their goals, sometimes for quite subtle reasons. We introduce a mechanism for reasoning about ..."
Abstract

Cited by 222 (6 self)
 Add to MetaCart
Abstract. Analysis methods for cryptographic protocols have often focused on information leakage rather than on seeing whether a protocol meets its goals. Many protocols, however, fall far short of meeting their goals, sometimes for quite subtle reasons. We introduce a mechanism for reasoning about belief as a systematic way to understand the working of cryptographic protocols. Our mechanism captures more features of such protocols than that given in a recent work [1], to which our proposals are a substantial extension. 1 Introduction Solutions to computer security problems over the last few years have brought forth the need for rigorous analysis methods. Formal tools must be provided to determine whether a solution indeed solves a problem, as well as to enable comparisons between proposed solutions. In this paper we propose a method for reasoning about cryptographic protocols in a distributed environment. The work described was inspired by the recent development of a modal logic to ...