|
|
|
- Lynne Ray
- 8 years ago
- Views:
Transcription
1 AmyP.Felty1,DouglasJ.Howe1,andFrankA.Stomp2 ProtocolVericationinNuprl? whileretainingexistingadvantagesofthesystem,anddescribesapplicationoftheprovertoverifyingthescicachecoherenceprotocol.the interactivetheoremproveramoreeectivetoolforprotocolverication vericationisbased,inpart,onformalmathematicsimportedfromanothertheorem-provingsystem,exploitingaconnectionweimplemented Abstract.ThispaperpresentsworkdirectedtowardmakingtheNuprl signicantbecausenuprl'spowerfulconstructivetypetheorybuysmuch eectivelyappliedbythesystem'sautomatedreasoningfacilities.thisis annotationschemefornuprl'slogicthatallowstypeinformationtobe betweennuprlandhol.wehavedesignedandimplementedatype 1Introduction ofitsexpressivepowerandexibilityatthecostofgivingupthemore manageablekindsoftypesystemfoundinotherlogics. ofitsmaindistinguishingcharacteristicsisitshighlyexpressiveformallogic,a constructivetypetheorywhoseclassicalvarianthasexpressivepowerequivalent toconventionalsettheory(zfc)[12,6]. Nuprl[2]isaninteractivetheorem-provingsysteminthelineageofLCF.One shallowandrepresentationallysimple. tobeasubstantialadvantageinavarietyofdomains,butlittleworkhasbeen specicallydirectedtowardeectivenessforthekindoflarge-scalepracticalapplicationswherethebulkoftheformalmathematicsishighlycomplicated,but Nuprlhasbeenextensivelyapplied,anditsexpressivepowerhasbeenshown ofnuprltoprovesafetypropertiesofthescicachecoherenceprotocol[8]. Modelcheckingsystemsthathavebeenappliedtotheprotocolsuerfromstate ofthescaleofalgorithmswhichcanbecurrentlyhandledbymechanizedtools. Thispaperdescribesourworkinthisdirection,andfeaturesanapplication explosionatasmallnumberofprocessors,thoughevensosomebugshavebeen found[11].asecondreasonforchoosingitisthataproofmethodandsupported WechoseSCIasanexamplepartlybecauseitscomplexityisrepresentative compromisingexistingadvantagesofthesystemby,e.g.,addingrestrictionsto thelogic.therearethreepartstothiswork. invariantshavealreadybeenworkedout[3].?inproceedingsofthetenthinternationalconferenceoncomputer-aidedverication,june1998. OurworkhasbeentoimproveNuprlforthesekindsofapplicationswithout
2 andmodels.buildingitistime-consuming,andislargelyduplicationofeort sincethesebasicfactstendtobesimilaracrosssystems.toavoiddoingthis quiresagreatdealofbasicformalmathematicsaboutelementarydatastructures ourselves,weimportsomebasicmathematicsfromhol[5],asystemthathas, Importedmathematics.Vericationusinganinteractivetheorem-proverre- applicationtoamoderatelydicultprobleminmetamathematics.ourwork, thoughjustarststep,establishesthatsharingmathematicscanbeusefulin forsoftware/hardwareverication.thepaper[7]givesthebasicdesignofthe connectionbetweenholandnuprl,and[4]givesanextensiontoitandan overtheyears,accumulatedalargecorpusofmathematicsofthekinduseful software/hardwareverication. ditionalaspectsoftypesystems.inparticular,thetypetheory'sexibilityisin largepartduetothefactthattermsareuntypedinthesensethatonecannotdeterminefromthesyntaxofanexpressionwhat,ifany,typeitisamemberof.in thisway,nuprlissimilartosettheory,withtypesbeinganalogoustosets.this TypeAnnotation.Nuprlbuysitsexpressivepoweratthecostofsometra- isaproblemforautomationfortworeasons.first,itisoftenimportantforterms tocomewiththeirtypes;forexample,intermrewriting,typeinformationcan enableausefulformofconditionalrewriting.second,typingpropertiesrequire proof,so,forexample,everytimealemmaisinstantiated,theinstantiatingobjectsmustbeprovedtohavetherighttypes.wehavedesignedandimplemented anannotationschemewheretermsaredecoratedwithtypesinsuchawaythat tunately,theimplementationwasn'tcompleteduntilpart-waythroughthesci typescan(almostalways)beecientlymaintainedduringinference,butnonew of10speedupintermrewriting(themainworkhorseinnuprlproofs).unfor- syntacticrestrictionsareplacedonthelogic.wehaveobtainedroughlyafactor toimplementasuiteofautomatedreasonersspecializedtothismodel. kindofembeddingofaunity-likelanguage.weusednuprl'stacticmechanism eort,soagooddealofworkwasdonewithoutitsbenet. OnemightaskwhynotjustuseHOL(forexample)?Theansweristhatwe Tacticsupport.Werepresenttheprotocolanditsspecicationusingafamiliar areaimingtomakenuprlaneectivetoolforawiderangeofformalproblems relatedtoprotocolverication.forexample,wewanttobeabletoreasonabout expressivepowercanbeagreatadvantage.ofcourse,thereareverication abstractionandrenementmethods(see[1]foranexample),anareawhere restrictionsthataecttherstkind. tasks,suchascheckingthattheatomicstatetransitionsofasystempreservea eectivenessofbasicinferencemechanisms,suchastermrewriting,iscrucial. property,whereexpressivepowermaybelessimportantandwherethespeedand applicationforthisfactinthisparticularcase,itisnoteworthythatconstructivityhasnotgottenintheway.itmaybepossibletoengineerconstructiveproofs simulationsoftheprotocolandproduceinterestingdataaboutthecurrentstate. ofprotocolsfromwhichonecansynthesize,forexample,programsthattrack Ourproofiscompletelyconstructive(bychoice).Whilewedon'tseemuch Onegoalofourworkistoenhancethesecondkindofreasoningwithoutimposing 2
3 paper.detailsofthecompletedformalizationwillbeavailableonthewebat completion.adescriptionofwhatremainstobedoneisincludedlaterinthe provementswemadetonuprl.theproofisnotyetnished,thoughitisnearing IntherestofthepaperwedescribetheSCIcorrectnessproofandtheim- ThissectiongivesanoverviewoftheSCIcachecoherenceprotocolanditsformalizationinNuprl.Beforeproceedingtotheoverview,wegiveabriefdescription ofnuprl.formalmathematicsinnuprlisorganizedinasinglelibrary,whichis displayforms,theorems,commentsorobjectscontainingmlcode.denitions termsandpreviouslydenedoperators.displayformsprovidenotationsforde- brokenintolessimulatingatheorystructure.libraryobjectscanbedenitions, 2SCICacheCoherenceanditsFormalizationinNuprl usesstructureeditors.theoremshavetreestructuredproofs,possiblyincomplete.eachnodehasasequent,andrepresentsaninferencestep.thestepis nedandprimitiveoperators.thesenotationsneednotbeparsablesincenuprl derivedfromthatoflcf,asishol's. someexampletypes:n2n:bn!bn, justiedeitherbyaprimitiverule,orbyatactic.nuprl'snotionoftacticis denenewoperators,possiblywithbindingstructure,intermsofexistingnuprl fx2nlistjx6=nilg;n2n:bn;(x;y):zn+==(x1y2=y1x2): Nuprl'stypetheoryhasarichsetoftypeconstructors.Thefollowingare numbersrepresentedaspairsofintegerswiththeusualequivalencerelation. ann-arybit-vectortoann-arybit-vector.thesecondisthetypeofnonempty Therstofthesecanbethoughtofasthetypeoffunctionsmappingannand isann-arybit-vector,andthelastisaquotienttyperepresentingtherational listofnaturalnumbers,thethirdisthecollectionofpairs(n;b)suchthatb 2.1SCICacheCoherence thatprotocol.adetaileddescriptionofourmodelcanbefoundin[3]. presentaveryhigh-leveldescriptionofourmodelofthecachecoherencepartof multiprocessorsinasharedmemorymodel[8].duetothespacelimitationswe TheSCIprotocolisanIEEEstandardforspecifyingcommunicationbetween trackof,forinstance,itsviewofthecache(cvp),knowledgeofwhetherornotits forthelinkedlist.insteadeachprocessorphasasetoflocalvariableswhichkeeps arise.theprotocolisdistributed;thereisnoglobalcacheorglobaldatastructure canbethoughtofasprioritizingprocessorssothatreadandwriteconictsdonot Processorswhichtrytoaccessthestoreformadoublylinkedlist.Thislist thelinkedlist,ifany.allcommunicationisviapoint-to-pointmessagepassing. Sinceaverylargenumberofprocessorscouldbeonthenetwork,ahugeamount viewisvalid(csp),anditscurrentsuccessor(succp)andpredecessor(predp)on 3
4 formalizingprovesthecorrectnessforanarbitrarynitenumberofprocessors.) IEEEstandardspeciesanupperboundof64,000processors.Theproofweare ofconcurrencyispresent,complicatingtheunderstandingoftheprotocol.(the lowingisanactionexecutedbythememorycontrollerm. Theprotocolisspeciedasasetofguardedactions.Forexample,thefol- buf[m]?readcachefreshq(p)! ifstatusm=gonethenbuf[p]!readcachefreshr(m;headm;cvm;gone) Here,theguardindicatesthatthisactioncanbeexecutediftherstmessage elsebuf[p]!readcachefreshr(m;headm;cvm;ok); inbuf[m](m'smessagebuer)hastypereadcachefreshqwhichindicatesthat headm:=p;ifstatusm=homethenstatusm:=fresh senttop.(argumentokindicatesthatnoprocessorsareonthelistwhichhave toprocessorp,ifsomeprocessoronthelisthadissuedawritequery(indicatedby theargumentgone).otherwise,responsereadcachefreshr(m;headm;cvm;ok)is processorpwantstoread.themessageisremovedfromthequeue(received)and requestedtomodifythestore.)localvariablestatusmisusedbymtorecord thebodyisexecuted.amessagereadcachefreshr(m;headm;cvm;gone)issent whethersomeprocessorisonthelistwhichhasissuedawritequery itsvalue isthengone;orwhetherprocessorsonthelisthaveissuedreadqueriesonly bebooleanconditions. containassignments,conditionals,andsends.inadditiontoreceives,guardscan itsvalueisthenfresh;orifnosuchquerieshavebeenissuedandhencethelist bymtorecordtheheadofthelist.asshownbythisexample,bodiescan isempty itsvalueisthenhome.finally,localvariableheadmismaintained aboveand17foreachprocessor.communicationisvia14typesofmessages, processorthatisalreadyonthedoublylinkedlistbecauseitisreading,andone madeupof7pairsofquery(q)andresponse(r)messages.inadditiontothe aboveaction,memoryhastwoactionsrespondingtowriterequests,onefroma Theprotocolisrepresentedas21actions:4formemoryincludingtheone fromaprocessorthatisnotyetonthelist.italsohasanactionrespondingtoa processorthatwantstogoothelist.the17actionsforeachprocessorinclude onereadrequest,twowriterequests,actionsforrequestingtogoonthelistor togoothelist(forexample,afterithas\accessed"thestore),anactionfor Severalroundsofmessagesmustbeexchangedbeforeaprocessorisonthelist Thishighdegreeofcommunicationisamaincomplicatingfactorintheprotocol. aswellasactionsthatrespondtoeachkindofrequestfromanotherprocessor. anddecidedthatitisindeedgoingtodoso,actionsformodifyingthecache, purgingothersothelistwhenithasbeengivenpermissiontowritethestore modiedandconstitutesanabstractionofthestructurewhicharisesduringan actualcomputation.avariablestatuspkeepstrackofaprocessorp'sstatewith respecttothelistandcantakeononeof8possiblevalues. withsuccpandpredpproperlyset.thus,thedoublylinkedlistisconstantly 4
![readcachefreshr(m;headm;cvm;gone) Here,theguardindicatesthatthisactioncanbeexecutediftherstmessage elsebuf[p]!](/docs-images/46/368603/images/page_4.jpg "readcachefreshr(m;headm;cvm;ok); inbuf[m](m'smessagebuer)hastypereadcachefreshqwhichindicatesthat headm:=p;ifstatusm=homethenstatusm:=fresh senttop.")
5 2.2FormalizationinNuprl Ourformalizationofcorrectnessfollowscloselytheproofin[3].Ourembedding Wedeneastateasapairwheretherstcomponentistheusualmappingfrom ofthesemanticsofstatetransitionsystemsinnuprlisfairlystraightforward. identierstovalues.thesecondcomponentisahistoryvariablethatrecords dardnuprllibraries. execution.thishistoryvariableisimportantforreasoningabouttheprogram's givenbelow.booleans(b),atoms,integers(z),andlistsaredenedinthestan- thesequenceofmessagesthathavebeensentandreceivedduringtheentire PId=={k:Z k0} communicationbehavior.thenuprldenitionsofthecomponentsofstateare Forsimplicity,thevaluesofallidentiers(id)areassumedtobeintegers.The id==atompid mesg==zzlist state==(id!z)hist hist_el==bpidzmesg rstcomponentofanidentierisitsname(typeatom)andthesecondisthe ==hist_ellist processidentier(typepid)towhichthevariablebelongs.therstcomponent encodesthearguments. encodedasintegersastherstcomponentofamessage.thesecondcomponent ofahistoryelement(hist_el)isabooleanvalueindicatingwhetherthemessage isasend(tt)orareceive(ff).theremainingcomponentsarethesender, receiver,andmessage(typemesg).messagetypessuchasreadcachefreshqare x:=e==s.<y.if(x=y)then(es)else(ys),s.h> com==state!state wegivethedenitionoftheassignmentcommand. Expressionsandcommandsaredenedasfunctionsonstate.Asanexample, uationdenedas(es)and(ys)mapsidentierstovaluesandisdenedas Nuprl'sdisplayformsareusedtodene:=andasinxoperators.Thedot rstcomponentofthestate.thesendcommandupdatesthesecondcomponent commandsaredenedsimilarly.notethattheassignmentstatementupdatesthe (s.1y)(where.1denotestheprojectionoftherstelementofapair).other isusedforevaluationinastateandisoverloaded.hereesisexpressionevalementtothefrontofthehistory,butismorecomplicatedbecauseitcomputes thiselementfromthecontentsofthecurrenthistoryh.itusesanoperation arerepresentedinreverseorder.)thereceivecommandalsoaddsahistoryel- componentandthenewmessageasitslastcomponent.(historiesandbuers bysimplyaddingahistoryelementtothefrontofthehistorywithttasitsrst queue(p;h)whichltersoutthosehistoryelementsthatcontainmessagesthat projectedout. Inthiscase,themessagecomponentsoftheelementsoflistqueue(p;s.2)are havebeensentandnotyetreceivedbyprocessp.itthenchoosesthelast(oldest) ofaprocesspinstates,denoted(buf[p])s,isalsocomputedusingqueue. elementandcreatesanewcopywhoserstcomponentisff.themessagebuer conditionwhichisapredicateonstate(oftypestate!p1wherep1isthe Aprogramisdenedasapaircontainingalistofcommandsandaninitial 5
6 typeofnuprlpropositions).inourmodel,acommandisenabledifitchangesthe statewhenapplied.thuscommandswhoseguardsaretruebutdonotchange thestateareconsidereddisabled.atraceisdenedintheusualwayasafunction fromnaturalnumberstostatessuchthatforanyn,thereisanaction(enabled ornot)suchthatwhenappliedtostatenresultsinstaten+1. cache,thenmemoryistheowner.otherwise,theownerroughlycorrespondsto distributednatureoftheprotocol.ifnoprocessorhasrequestedtowritetothe temporallogicformulas.therst,forexample,expressesthatthereisalwaysa uniquecacheowner.thenotionofcacheownerisfairlycomplexbecauseofthe ThecorrectnessoftheSCIcachecoherenceprotocolisstatedasvelinear Inordertoshowthatthisuniquenesspropertyandtheotherfourproperties theprocessorpwhosevariablecsphasvaluedirty.however,therearevarious hold,weproveaseriesofcomplexinvariantsfromwhichthesepropertiesfollow. todirtyortosomethingelsemakingitorsomeotherprocessortheuniqueowner. alwaysamessageinsomeprocessor'sbuerthatwillcauseittosetitsvalueofcsp caseswhere0ormorethan1processorhasthisvalue.insuchcasesthereisa Theseinvariantsareexpressedas14lemmas(spanningseveralpagesin[3]), eachwithseveralinterdependentclauses.therearealsomanyauxiliaryconcepts thatappearintheinvariants.forexample,thereare6predicatesonprocessors indicatingtheirdegreeofprogressingettingonorothedoublylinkedlist.the mostcomplexconceptisafunctioncalledrankwhosevaluereectshowclosea processistogettingpermissiontowrite. smallerexample.themodeltheyusedwasextractedfromtheccodedescribing employsexplicitstateenumeration,toanalyzescicachecoherence.theirlargest oneaddressandtwodatavalues,andtheyreportedndingseveralerrorsusinga exampleincludedthreeprocessorswithonecachelineeach,onememorywith Inrelatedwork,SternandDill[11]useMur,avericationsystemthat theprotocolin[8],whereasourmodelhasbeenconstructedfromtheinformal Englishexplanation.Byabstractingatthislevel,inconsistenciesinthelowerleveldescriptionwereremoved.Ourmodelalsodiersfromtheirs(andfrom thesciprotocolstandard)inthatwehaveassumedthatmessagessentfrom cache.theotherisessentiallythesameasaninvariantinoneofoursupporting anddillcheckforcertainsafetyproperties,twoofwhichareformulatedas propertiesstatingthatprocessorsinacertainstatehaveaconsistentviewofthe invariants.oneoftheirinvariantscorrespondstooneofourvecorrectness oneprocessortoanotherprocessorarealwaysreceivedintheordersent.stern lemmasstatingatwhatpointaprocessorisattheheadofthelinkedlist. notbeapplicabletosci. seemssimpler,andalsoitseemsthattheabstractionmethodtheyemploymay BecausetheprotocolusesdirectoriesinsteadofthedistributedlistofSCI,it In[10],ParkandDillusePVStoverifytheFLASHcachecoherenceprotocol. 6
7 marizehowitwasusedinourproof. 3ImportedMathematics InthissectionwedescribetheconnectionbetweenHOLandNuprl,andsum- 3.1TheImportationMechanism sharable,includingtheoriesofbasicdatatypes,andalsoagooddealofthe Webelievethatmuchofthemathematicsusedinpracticalvericationishighly level.anholtheoryconsistsofsometypeandindividualconstants,some mathematicsrelatedtosoftwaremodelingandsemanticconnectionstoexternal tools.wehavetakenarststeptowardthiskindofsharingbyborrowingsome axioms(usuallydenitional)constrainingtheconstants,andasetoftheorems ofthemathematicsweneededforourvericationfromhol. theory,oneinterpretsthetypeconstantswithnuprltypesandthetermconstants followingfromtheaxioms(andtheaxiomsofancestortheories).toimporta ImportationofmathematicsfromHOLintoNuprlisdoneatthetheory isdone,thetheoremscanthenallbeacceptedimmediatelyasnuprltheorems. mustbeprovenexplicitly. withmembersoftheappropriatetypes,andthenprovestheaxioms.whenthis TypecheckingisundecidableinNuprl,sothewell-typednessofinterpretingterms mathematics,consideranexamplefromlisttheory.thefollowingisarawimportofaholtheoremstatingthatanon-emptylistisacons.becausenuprl erquantiesoverthetypesofall(small)non-emptytypes(thisquantieris currentlyhasasingleatnamespace,thenamesofallimportedconstantshave an\h"prependedtoavoidconictswithnuprlobjects.theoutermostquanti- 8'a:S"(hall(l:hlist('a). theoremsintothedesiredformispossible,andislargelyautomatable. uselessfordirectapplicationinnuprlproofs.itturnsoutthatmassagingthe Toillustratewhatkindoftransformationsareneededondirectlyimported TheoremsdirectlyimportedfromHOLareusuallyofaformthatmakesthem implicitinhol). portedconstants.thetransformed,\nuprl-friendly"theoremgeneratedfrom Apartfromtheoutermostquantier,thelogicalconnectivesthemselvesareim- himplies(hnot(hnulll)) theaboveis (hequal(hcons(hhdl)(htll))l))) theseconnectivesusebooleanlogicdenedwithinnuprl.thebooleanconnectivesarerewritteninthesecondtheoremtonuprl'snormallogicalconnectives, whicharedenedusingapropositions-as-typescorrespondence.theoperator ThelogicalconnectivesinHOLareallboolean-valuedfunctions,possiblytaking functionalarguments,asinthecaseofthequantiers.theinterpretationsof 8'a:S.8l:'aList.:mt(l))hd(l)::tl(l)=l. 7
8 importedlisttypeisinterpretedasnuprl'slisttype,andtheimportedtailfunctionisinterpretedasnuprl'stailfunction.notehoweverthathtlisapplied,asa "intheimportedtheoremcoercesabooleanintoanuprlproposition.the function,toitsargument,whilethenuprltlisadenedoperatorwithasingle importedtheorem.eachoftheimportedconstantsinthetheoremactuallyhas operand(nuprlalsohasanoperatorforfunctionapplication,ofcourse).we atleastonetypeargument.intherewrittentheorem,therearenohiddentype arguments(thenuprloperationsare\implicitlypolymorphic"). haveusedanotationaldevicetosuppresstypeargumentsinthe(pre-rewrite) list.inhol,thisisatotalfunctiononlists.whenweimportitintonuprl, not.sincehhdispolymorphic,givenanarbitrarytypeandtheemptylistasan argument,itmustchoosesomearbitrarymemberofthetypeasoutput.thus wemustprovethattheinterpretationreturnsavalueoneverylist,emptyor Themostinterestingpointinthistranslationisthefunctionforheadofa wemustgivehhdanoncomputabledenitioninnuprl.however,wecanprove givesusaconditionalrewritewhichgoesthroughforthisexampletheorem. 3.2HOLMathUsedintheSCIVerication thatthisfunctionisthesameasnuprl'shdwhenthelistisnon-empty.this oftheoremsaboutlists.listsareimportantintwocentralareasoftheproof. sophisticatedlistmanipulationsince,asmentioned,theyarecomputedfromthe ThemainsourceofHOLtheoremsusedintheSCIvericationisalargebody First,thedenitionandproofofpropertiesaboutthecontentsofbuersrequire thatbut_last_el((buf[p])s)isthecontentsofp'sbuerafterpreceivesa itsbuerbecomesm::((buf[p])s)where::istheconsoperator.theproof isstraightforwardtoprovethatwhenamessagemissenttoprocesspinstates, messageissignicantlymorecomplex.theoperatorbut_last_elisdenedin historycomponentofastate.forexample,fromthedenitionofbuer,itfairly anhollibraryintermsofthelastnoperator(theoperationwhichextractsthe reasoningabouttheseoperators.theexistingholtheoremsabouttheseanda lastnelementsofalist)whichisalsodenedinhol.thesnocoperator,which useofthismachineryisessentialforalargeproofsuchasthesciverication. providespowerfulautomationfortheapplicationofrewritelemmasandgood varietyofotheroperatorsweredirectlyusableinthisandotherproofs. historiesandbuers.avarietyofothertheoremsabouthistoriesandbuers Weprovedandmakeextensiveuseofnumerousotherrewritelemmasinvolving Theabovetwotheoremsareexamplesoflemmasusedasrewriterules.Nuprl havealsobeenprovedandusedassupportforotherkindsofrewritelemmas. q'sbuer,orthereis0or1rmessagesinp'sbuer,butnotboth.ourrewrite QmessageforwhichaprocessoriswaitingforthecorrespondingRmessage. Thismeansthatthereiseither0or1Qmessagesfromaprocessorpinsome oneoutstandingmessage.inparticular,foranyq/rpair,thereisatmostone Oneinvariant(partofLemma9[3])statesthatanyprocessorhasatmost 8
9 notionofrank.rankroughlycorrespondstotheorderinwhichprocessorshave lemmasalongwithvariousotherlistoperatorsandpropertiesfromholplaya requestedtoreadorwritetothecache.itisonlydenedforactiveprocessors, centralroleinprovingthisfact. importantpropertyisthefactthatforanyprocessor,itsrankdoesnotincrease. apropertyofprocessorsthatareonor\mostlyon"thedoublylinkedlist.an Thesecondareaoftheproofinwhichlistsareimportantisindeningthe Thispropertyinsuresthatthelistdoesnotcontaincircularities.Aslongasa eachactiveprocessorintheresultinglist.therstoccurrencecorrespondstoa processstaysactive(andafewotherpropertieshold)itsrankwilldecreaseuntil processor'smostrecentrequest.weproveavarietyoflemmasdescribinghowa hasreceived,projectingoutthesender,andkeepingonlytherstoccurrenceof isdenedbylteringfromthehistoryallreadandwriterequeststhatmemory itbecomes0atwhichpointitisallowedtowriteifithasrequestedtodoso.rank 4ATypeAnnotationSchemeforNuprl processor'srankchangeswithchangesinthestate.theselemmasarealsoused asrewriterulesinprovinginvariants. meetsthefollowinggoals. Ourtypeannotationschemeisawayofattachingtypeexpressions,whichwe callannotations,toall(oronlysome)ofthesubtermsofaterm.ourscheme 2.IfatermtisintroducedintoaproofasamemberofatypeT,andtoccurssomewhereinthecurrentgoalwithacompatibleannotation,thenthe themaretreatedasbeforebynuprl'stactics. 1.Annotationsareoptional.Termsthatdonothaveannotationsattachedto requirementtoprovet2tiseliminated. 4.Therearenoheuristicsintheschemeperse.Althoughtypeinferenceand 3.Annotationsjustifyrewriting,sothatasubtermwithanannotationAcanbe checkingarehighlyheuristicinnuprl,thisisindependentoftheannotation scheme.annotationsfortermsaregeneratedbyexaminingtheresultsof replacedbyanequalterm(quamemberofa)withoutfurtherjustication. 5.Annotationscanbeeectivelymaintained.Inprincipal,itispossiblefor intheinductionruleneedstoreannotated(orleftwithoutannotations). annotationstobelostduringinference.forexample,thegeneralizedterm applyingnuprl'sexistingmachinery. 6.Therearenoglobaltables.Weretainthetree-structuringofproofs,with annotationsarealmostneverlostduringequationalrewriting. However,suchinferencestepsformatinyfractioninpractice.Forexample, 7.Soundnessdependsonlyonaxedsetofprimitiveinferencerulesthatall dependency-directedbacktracking,andselectivereplayofsubproofs. proofsmustreduceto. independenceofproofbranches,thatallowsus,amongotherthings,todo 8.Theschemeisalmostentirelyinvisibletousers. 9
10 PVSusesatypingdisciplinethatachievesmostofthegoalsabove,butitwould assubtypes,(alimitedformof)dependenttypes,andundecidabletypechecking. onlybeapplicabletoaninsucientlysmallsubtheoryofnuprl.somecomplicatingaspectsofnuprl,whicharen'tpresentinpvs,are:universepolymorphism; ThetypetheoryofthePVSsystem[9]hassomesimilaritiestoNuprl,such isenlargedwhenitsdomainisshrunk;andgeneraldependenttypes.inaddition, thepvsschemedoesnotaddress7above. inonetypeandnotintheother;contravariantsubtyping,whereafunctiontype type-indexedequality,sothattwotermsmaybothbeintwotypes,butbeequal theform notypesareassociatedwiththevariablesinthissyntax.anannotatedtermhas eachoperandxi:ei,eachofthevariablesinthesequencexibindsinei.notethat Nuprltermshavetheform(x1:e1;:::;xn:en)whereisanoperatorandin notationsoftheterm,andcanbethoughtofastheexpectedtypesforthe operands,andbistheannotationtypeoftheterm.informally,ei:[i]aican wheretheeiarealsoannotatedterms.theexpressions[i]aiarethesuban- (:::;xi:ei:[i]ai;:::):b refertothevariablesinxi,andcancontain,forexample,assertionsoftheform bethoughtofasmeaningthatunderassumptioni,eihastypeai.theican x2t.examplesofannotatedtermsarefact((3:z):[true]n):n,wherefact, NandZarefactorial,thenaturalnumbersandtheintegersrespectively,and if(b:b;e1:[b]a;e2:[:b]a):a. wheretheoperande:aisitselfanannotatedterm,werequire,rst,thatfor subannotationsandtothesubannotationsofanimmediatelysurroundingterm. andsowerequireonlyrespectforequality.forexample,in((e:a):[]a0):b; Wechosetheminimalrequirementthatsupportsrewritingasdescribedabove, Oneofthekeypointsishowtheannotationtypeofatermrelatestoits presenceofbindingvariablesisstraightforward. ifx=e2athenx=e2a0.thegeneralizationofthisrequirementtothe allx2a0,ifx=e2a0then(x)=(e)2b,and,second,thatforallx2a, undecidable,andmustbeproven.onepossibilitywouldbetogenerate\type byputtingtogetherappropriateprimitiveinferencerules,andneedanopportunitytoassembleproofsofannotationvalidityatthesametimeastheproofs checkingconditions"aspvsdoes,whicharesideconditionsgeneratedwhenever anewtermisintroduced.thisisnotworkablefornuprlbecausetacticswork AswithordinarytypinginNuprl,thevalidityofanannotationofatermis terms,itisnaturaltomodifyrewritingtotakeanannotatedterm,andproduce arecorrect.wethereforehavetwokindsofannotations:onekindwecanassume anewterm,anequalityproof,andalsoaproofthatthenewterm'sannotations andproducingarewrittentermalongwithaproofofequality.forannotated justifyingthemaininference.rewritingworks,forexample,bytakingaterm ofthesemanticsofsequents.afullreportisinpreparation. arevalidduringthecourseofaproof,andtheothermustbeprovedtobevalid. Theannotationschemeisjustiedsemantically,andrequiresare-interpretation 10
11 Thedenitionbelowencodestheformula2Pfromlineartemporallogicand 5TheCorrectnessProofinNuprl iscentralinprovinginvariants.astatesisinanexecutionofprogramprg, inv(prg;s.i[s])==8s:state.in_exec(prg;s))i[s] Inaproofofthismagnitude,itwasessentialtoprovideahighdegreeofautomation.Ourautomationfallsroughlyintotwocategories:tacticsthatdecompose Boththedecompositionpropertiesandrewritetheoremsincludegeneraltheo- reasoningmodularly,andpropertiesexpressingequalityandequivalencethatcan beusedbynuprl'srewritingmachinerysuchasthosementionedinsect.3.2. remsandtheoremsspecictosci.therewritesformessagebuersdiscussedin Sect.3.2,forexample,arenotspecictoSCI,whilethenotionofrankis.The decompositiontacticsrelyonlemmasthatwehaveproven,suchasonestating eachactionoftheprogramandtoshowthattheinitialconditionholdsinthe whichdecomposereasoninginto21cases,oneforeachmemoryactionandone initialstate.fromthisgenerallemma,weproveddecompositionlemmasforsci thattoshowthatinv(prg;s.i[s])holds,itsucestoconsideronecasefor denotedin_exec(s;prg),ifsoccursinsometraceofprg. receive,andassignmentstatements.rewritingoperatesonthesesimpliedcases. generationoftheirstatements aswellasavarietyofotherpropertiesspecic composeconditionalstatementsintocasessothateachcasecontainsonlysend, AlthoughthesedecompositionpropertiesarespecictoSCI,weautomatedthe foreachprocessoractionforsomearbitraryprocessorp.wechosetofurtherde- tosci fromthedenitionsoftheactions.theirproofswereoftenlargely automaticalso.wealsoautomatedtheapplicationofmanyoftheselemmasby writingtacticswhichapplythemandsolvevarioussubgoalsautomatically. arefairlysimpleandexpresspropertiesaboutthevaluesthatvariousvariables cantakeonduringexecution.forexample,weprove: Ofthe14lemmasexpressinginvariants,therst8(roughly2.5pagesin[3]) HereP(n)denotesthesetofprocessorsinvolvedintheprotocol,withprocess identiers1;:::;n. readcachefreshr(p;r;cv;arg)2buf[p]) The9thlemmacontainsvestatementswhichtogetherexpresstheproperty [p=m^q2p(n)^(r=nil_r2p(n))^(arg=ok_arg=gone)]: ofoutstandingmessagesdescribedinsect.3.2aswellaseightstatementsexpressingwhichkindofoutstandingmessageaprocessorphasdependingonthe valueofstatusp.lemmas10and11expressavarietyofpropertiesoftheform proofssimilartothosefortheotherinvariants.lemma12expressessomebasic 2(PWQ)(whereWistheweakuntiloperator).Weprovedageneraldecompositiontheoremforformulasofthisformwhichmakesthestructureofthese mustbeprovenasinvariants.whiletheinvariantsuptothispointarelarge anddetailed,theyarefairlystraightforwardtoprove.themaindicultyinthe (whichisslightlydierentbutequivalenttotheonegivenin[3])andtwowhich propertiesaboutrankincludingtwowhichfollowdirectlyfromthedenition 11
12 proofisfoundinthe13thand14thlemmas.lemma13has17clausesandone protocol. thecomplexinvariantsaboutrankthatarerequiredtoprovecorrectnessofthe assumptionwhichlatergetsdischargedandlemma14has7clauses.theystate example,wehaveproventheinvariant: thetwopropertiesoflemma12thatfollowfromthedenitionofrank.wehave alsoproven5andnearlycompleted2moreofthe17clausesoflemma13.for TheproofsupthroughandincludingLemma11arecompleted,aswellas velopedalloftherewritelemmasabouttherankfunctionandallotherauxilliary wherevisitingprocessorsareasubsetoftheactiveones.indoingso,wehavede- predicatesthatweneedtocompletetheremainderoflemmas12,13,and14. purgeq(q)2buf[p])(visiting(p)^rank(q)=rank(p)+1) propertiesfollowfromtheseinvariantswillbedetailedbutstraightforward. Thereasoningneededtocompletetheproofbyshowingthatthedesiredsafety wehadtoaddandprovesomeadditionalclauses.oneisaninvariantexplicitly assertionswehadformulated,althoughtheyaretrue.toprovetheseconjuncts, errorsintheprotocol.however,wehavefoundtwoerrorsintheproof.twoof theconjunctsoftherstclauseoflemma13couldnotbeprovedusingthe Becausewestartedfromaproofofcorrectness[3],wedidnotexpecttond statingthattwoparticularmessagessentfromoneprocessortoanotherare receivedintheordersent. References 1.C.-T.ChouandD.Peled.Verifyingamodel-checkingalgorithm.InToolsand 2.R.L.Constable,etal.ImplementingMathematicswiththeNuprlProofDevelopmentSystem.Prentice-Hall,EnglewoodClis,NewJersey,1986. NotesinComputerScience,pages241{257.Springer-Verlag,1996. AlgorithmsfortheConstructionandAnalysisofSystems,volume1055ofLecture 4.A.P.FeltyandD.J.Howe.HybridinteractivetheoremprovingusingNuprland 3.A.FeltyandF.Stomp.Acorrectnessproofofacachecoherenceprotocol ceedingsofthe11thannualconferenceoncomputerassurance,1996. Availableatwww.cs.bell-labs.com/felty/sci/.AnearlierversionappearsinPro- 5.M.J.C.GordonandT.F.Melham.IntroductiontoHOL:ATheoremProving 6.D.J.Howe.Oncomputationalopen-endednessinMartin-Lof'stypetheory.In EnvironmentforHigherOrderLogic.CambridgeUniversityPress, ofLectureNotesinComputerScience,pages351{365.Springer-Verlag,1997. HOL.InFourteenthInternationalConferenceonAutomatedDeduction,volume 7.D.J.Howe.ImportingmathematicsfromHOLintoNuprl.InTheoremProving ProceedingsoftheSixthAnnualSymposiumonLogicinComputerScience,pages 8.IEEE-P Nov90-doc197-iii.PartIIIA:SCICoherenceOverview,1990.UnapprovedDraft.ApprovedstandardisdescribedinIEEEStd \The 267{281.Springer-Verlag, {172.IEEEComputerSociety,1991. ScalableCoherentInterface". inhigherorderlogics,volume1125oflecturenotesincomputerscience,pages 12
13 10.S.ParkandD.L.Dill.VericationofFLASHcachecoherenceprotocolbyaggregationofdistributedtransactions.In8thACMSymposiumonParallelAlgorithms InCorrectHardwareDesignandVericationMethods,1995. AspectsofComputerSoftware,volume1281ofLectureNotesinComputerScience. 9.S.OwreandN.Shankar.TheformalsemanticsofPVS.Technicalreport,SRI, 11.U.SternandD.L.Dill.AutomaticvericationoftheSCIcachecoherenceprotocol. August B.Werner.Setsintypes,typesinsets.InInternationalSymposiumonTheoretical andarchitectures,1996. Springer-Verlag,
Reprintofapaperpresentedatthe8thACMSymposiumonOperatingSystem Principles,PacicGrove,California,14{16December1981.(ACMOperating DesignandVericationofSecureSystems SystemsReviewVol.15No.5pp.12-21) ComputerScienceLaboratory
FromDependableComputingforCriticalApplications{5,Champaign,IL,September1995,pp.139{157;Volume10of theseriesindependablecomputingandfaulttolerantsystemspublishedbyieeecomputersocietypress. ByzantineAgreementwithAuthentication:Observationsand
Application. Generic Conference Control (T.124) Multipoint Communications Service (T.122/T.125) Network Specific Transport Protocols (T.
ATRANSPORT-INDEPENDENTCOMPONENTFORA GROUPANDSESSIONMANAGEMENTSERVICEIN GROUPCOMMUNICATIONSPLATFORMS ComputerEngineeringandNetworksLaboratory(TIK) ErikWilde,MuraliNanduri,BernhardPlattner SwissFederalInstituteofTechnology(ETHZurich)
KeyEscrowinMutuallyMistrustingDomains?
KeyEscrowinMutuallyMistrustingDomains? Abstract.Inthispaperwepresentakeyescrowsystemwhichmeets L.Chen,D.GollmannandC.J.Mitchell possiblerequirementsforinternationalkeyescrow,wheredierentdomainsmaynottrusteachother.inthissystemmultiplethirdparties,
timeout StoR!msg0 RtoS?ack0
c1997kluweracademicpublishers,boston.manufacturedinthenetherlands. FormalMethodsinSystemDesign,,?{??(1997) SymbolicVericationofCommunication ProtocolswithInniteStateSpacesusingQDDs queues.itiswell-knownthatmostinterestingvericationproblems,suchasdeadlockdetection,
InclusionConstraintsover MartinMuller1,JoachimNiehren1andAndreasPodelski2 Non-emptySetsofTrees? UniversitatdesSaarlandes,66041Saarbrucken,Germany ImStadtwald,66123Saarbrucken,Germany 2Max-Planck-InstitutfurInformatik,
1. What are the three types of business organizations? Define them
Written Exam Ticket 1 1. What is Finance? What do financial managers try to maximize, and what is their second objective? 2. How do you compare cash flows at different points in time? 3. Write the formulas
Last not not Last Last Next! Next! Line Line Forms Forms Here Here Last In, First Out Last In, First Out not Last Next! Call stack: Worst line ever!
ECE 551 C++ Programming, Data structures, and Algorithms Abstract Data Type: Stack Last In First Out (LIFO) 1 2 2 1 4 3 1 3 4 Stacks in Programming Worst line ever! 5 3 1 5 Stacks are not useful for waiting
AccountView. Single Sign-On Guide
AccountView Single Sign-On Guide 2014 Morningstar. All Rights Reserved. AccountView Version: 1.4 Document Version: 2 Document Issue Date: March 09, 2013 Technical Support: (866) 856-4951 Telephone: (781)
2Proofbymathematicalinductionplaysacrucialroleinthevericationofprogramtrans-
SubmissiontoJ.FunctionalProgrammingSpecialIssueonTheoremProving&FunctionalProgramming AutomaticVericationofFunctionswith DepartmentofComputing&ElectricalEngineering, AccumulatingParameters UniversityofEdinburgh,80SouthBridge,
Binary Heaps * * * * * * * / / \ / \ / \ / \ / \ * * * * * * * * * * * / / \ / \ / / \ / \ * * * * * * * * * *
Binary Heaps A binary heap is another data structure. It implements a priority queue. Priority Queue has the following operations: isempty add (with priority) remove (highest priority) peek (at highest
DATA STRUCTURE - STACK
DATA STRUCTURE - STACK http://www.tutorialspoint.com/data_structures_algorithms/stack_algorithm.htm Copyright tutorialspoint.com A stack is an abstract data type ADT, commonly used in most programming
Data Structures and Algorithms Lists
Data Structures and Algorithms Lists Chris Brooks Department of Computer Science University of San Francisco Department of Computer Science University of San Francisco p.1/19 5-0: Abstract Data Types An
W10 HOW TO TEST YOUR NEW.NET APPLICATIONS. Dan Koloski Empirix Software BIO PRESENTATION. May 19, 2004 1:45PM
BIO PRESENTATION W10 May 19, 2004 1:45PM HOW TO TEST YOUR NEW.NET APPLICATIONS Dan Koloski Empirix Software International Conference On Software Testing Analysis and Review May 17-21, 2004 Orlando, Florida
H.Bowman@ukc.ac.uk,G.Faconti@cnuce.cnr.itandM.Massink@guest.cnuce.cnr.it
3Dept.ofComputerScience,U.ofYork,Heslington,York,YO15DD,UK SpecicationandVericationofMedia 1ComputingLab.,U.ofKent,Canterbury,Kent,CT27NF,UK HowardBowman1,GiorgioP.Faconti2andMiekeMassink3 2CNR-IstitutoCNUCE,ViaS.Maria36,56126-Pisa-Italy
DATA STRUCTURE - QUEUE
DATA STRUCTURE - QUEUE http://www.tutorialspoint.com/data_structures_algorithms/dsa_queue.htm Copyright tutorialspoint.com Queue is an abstract data structure, somewhat similar to stack. In contrast to
SERVICES PRICE LIST - COMMERCIAL Sysorex Government Services, Inc.
SERVICES - COMMERCIAL Sysorex Government Services, Inc. ITEM NUMBER LABOR TYPE DESCRIPTION PT00201 PT00202 Junior System Staff System equivalent working knowledge of System ing $ 109.63 experience or equivalent,
Sorting revisited. Build the binary search tree: O(n^2) Traverse the binary tree: O(n) Total: O(n^2) + O(n) = O(n^2)
Sorting revisited How did we use a binary search tree to sort an array of elements? Tree Sort Algorithm Given: An array of elements to sort 1. Build a binary search tree out of the elements 2. Traverse
TESTING WITH JUNIT. Lab 3 : Testing
TESTING WITH JUNIT Lab 3 : Testing Overview Testing with JUnit JUnit Basics Sample Test Case How To Write a Test Case Running Tests with JUnit JUnit plug-in for NetBeans Running Tests in NetBeans Testing
Montgomery G.I. Bill Selected Reserve (Chapter 1606)
Montgomery G.I. Bill Selected Reserve (Chapter 1606) What is Chapter 1606 GI Bill? Montgomery G.I. Bill Selected Reserve (Chapter 1606) Monthly educational stipend for service members who are currently
Abstract Data Type. EECS 281: Data Structures and Algorithms. The Foundation: Data Structures and Abstract Data Types
EECS 281: Data Structures and Algorithms The Foundation: Data Structures and Abstract Data Types Computer science is the science of abstraction. Abstract Data Type Abstraction of a data structure on that
How To Validate Synchronous Reactivesystems
fromformalvericationtoautomatictesting? ValidationofSynchronousReactiveSystems: fnicolas.halbwachs,pascal.raymondg@imag.fr NicolasHalbwachs,PascalRaymond thevalidationofreactivesystemsdescribedinthesynchronousdata-ow
3.Processstatemonitoring
Chapter14 Processmonitoringandvisualisation O.SimulaandJ.Kangas HelsinkiUniversityofTechnology,LaboratoryofComputerandInformation usingself-organizingmaps Science,Rakentajanaukio2C,02150Espoo,Finland,Fax:358(0)4513277,
COSC 3351 Software Design. Architectural Design (II) Edgar Gabriel. Spring 2008. Virtual Machine
COSC 3351 Software Design Architectural Design (II) Spring 2008 Virtual Machine A software system of virtual machine architecture usually consists of 4 components: Program component: stores the program
Classes and Pointers: Some Peculiarities (cont d.)
Classes and Pointers: Some Peculiarities (cont d.) Assignment operator Built-in assignment operators for classes with pointer member variables may lead to shallow copying of data FIGURE 3-22 Objects objectone
SBM2302 Advanced Supply Chain Management 2
SBM2302 Advanced Supply Chain Management 2 UOS CODE SBM2302 SUMMARY UOS NAME Advanced Supply Chain Management CREDIT POINTS 6 STATUS Elective Supply Chain Management (SCM) is strategically important and
REQUEST FOR RE=iCORDS ITION AUTHORITY
REQUEST FOR RE=iCORDS ITION AUTHORITY JOB (See instructions on separate page) -/11 - ~ l/ / - tj/ - / J J To: NATIONAL ARCHIVES and RECORDS ADMINISTRATION W DC 20408 (NWM) /tj-;) 7-- 00 NOTIFICATION TO
Get me off Your Fucking Mailing List
Get me off Your Fucking Mailing List David Mazières and Eddie Kohler New York University University of California, Los Angeles http://www.mailavenger.org/ Abstract off off off mailing 1 Introduction off
A framework for distributed digital object services
International Journal on Digital Libraries (2006) 6(2): 115 123 DOI 10.1007/s00799-005-0128-x REGULAR PAPER Robert Kahn Robert Wilensky A framework for distributed digital object services Published online:
Online. 2011-2012: Implement in Spring 2012 2012-2013 2013-2014
Major Program: CISS Graduate - Masters in Information Systems & Security Mission of the Department: The Department of Computer Information Systems & Security (CISS) is dedicated to providing students,
Outline. Computer Science 331. Stack ADT. Definition of a Stack ADT. Stacks. Parenthesis Matching. Mike Jacobson
Outline Computer Science 1 Stacks Mike Jacobson Department of Computer Science University of Calgary Lecture #12 1 2 Applications Array-Based Linked List-Based 4 Additional Information Mike Jacobson (University
AdvancedNetworkManagementFunctionalities throughtheuseofmobilesoftwareagents 1DipartimentodiMatematica,UniversitadiMessina C.daPapardo-SalitaSperone,98166Messina-Italy AntonioPuliato1,OrazioTomarchio2
2015-10-22 19:22:59 Report Generated: 10/22/2015 20:03 UTC. CPU Intel Xeon E5-2670 v2 2.50GHz Connections 1 Mean Jitter 10/22/15 1
2015-10-22 19:22:59 Report Generated: 10/22/2015 20:03 UTC Page 1 of 10 Provider Amazon Web Services Test Protocol TCP Mean Bandwidth Service Amazon EC2 Direction Up Median Bandwidth Region us-west-2 Duration
Admissions Protocol and Procedures
Admissions Protocol and Procedures NewFriendsAdmissions WewelcomeinquiriesfromfamiliesinterestedinCamphillCommunitiesCalifornia. CamphillCommunitiesCaliforniaisanot7for7profit501(c)3organizationandispartof
Data Management Plan Template Guidelines
Data Management Plan Template Guidelines This sample plan is provided to assist grant applicants in creating a data management plan, if required by the agency receiving the proposal. A data management
ENUM successes failures - alternatives. 18/4/2012 ENUM success, failures, alternatives 1
ENUM successes failures - alternatives 18/4/2012 ENUM success, failures, alternatives 1 ENUM ecosystem components 18/4/2012 Ändern über "Ansicht" / "Kopf- und Fusszeile" 2 ENUM ecosystem components II
Two-Level Metadata Management for Data Deduplication System
Two-Level Metadata Management for Data Deduplication System Jin San Kong 1, Min Ja Kim 2, Wan Yeon Lee 3.,Young Woong Ko 1 1 Dept. of Computer Engineering, Hallym University Chuncheon, Korea { kongjs,
Queues and Stacks. Atul Prakash Downey: Chapter 15 and 16
Queues and Stacks Atul Prakash Downey: Chapter 15 and 16 Queues Queues occur in real life a lot. Queues at checkout Queues in banks In software systems: Queue of requests at a web servers Properties of
SysAid Remote Discovery Tool
SysAid Remote Discovery Tool SysAid Release 7 Document Updated: 27-Apr-10 SysAid Remote Discovery Tool The SysAid server comes with a built-in discovery service that performs various network discovery
Performance Comparison of SCTP and TCP over Linux Platform
Performance Comparison of SCTP and TCP over Linux Platform Jong-Shik Ha, Sang-Tae Kim, and Seok J. Koh Department of Computer Science, Kyungpook National University, Korea {mugal1, saintpaul1978, sjkoh}@cs.knu.ac.kr
Situational Awareness at Internet Scale: Detection of Extremely Rare Crisis Periods
Situational Awareness at Internet Scale: Detection of Extremely Rare Crisis Periods 2008 Sandia Workshop on Data Mining and Data Analysis David Cieslak, dcieslak@cse.nd.edu, http://www.nd.edu/~dcieslak/,
ISO/IEC 9126 in practice: what do we need to know?
ISO/IEC 9126 in practice: what do we need to know? P. Botella, X. Burgués, J.P. Carvallo, X. Franch, G. Grau, J. Marco, C. Quer Abstract ISO/IEC 9126 is currently one of the most widespread quality standards.
1.04 1.02 0.98 0.96 0.94 0.92 0.9
ANewExtensionoftheKalmanFiltertoNonlinear SimonJ.JulierSystems TheRoboticsResearchGroup,DepartmentofEngineeringScience,TheUniversityofOxford Oxford,OX13PJ,UK,Phone:+44-1865-282180,Fax:+44-1865-273908 siju@robots.ox.ac.ukuhlmann@robots.ox.ac.uk
Smart Integration of Wireless Temperature Monitoring System with Building Automation System
Smart Integration of Wireless Temperature Monitoring System with Building Automation System Case Study Area of engagement Solution to integrate wireless temperature monitoring system with BMS (Building
Quality of Service Routing Network and Performance Evaluation*
Quality of Service Routing Network and Performance Evaluation* Shen Lin, Cui Yong, Xu Ming-wei, and Xu Ke Department of Computer Science, Tsinghua University, Beijing, P.R.China, 100084 {shenlin, cy, xmw,
Appendix B Checklist for the Empirical Cycle
Appendix B Checklist for the Empirical Cycle This checklist can be used to design your research, write a report about it (internal report, published paper, or thesis), and read a research report written
Recursion. Definition: o A procedure or function that calls itself, directly or indirectly, is said to be recursive.
Recursion Definition: o A procedure or function that calls itself, directly or indirectly, is said to be recursive. Why recursion? o For many problems, the recursion solution is more natural than the alternative
The Advantages of Automatic Protocol Creation
AUTOMATIC PROTOCOL CREATION FOR INFORMATION SECURITY SYSTEM Mr. Arjun Kumar arjunsingh@abes.ac.in ABES Engineering College, Ghaziabad Master of Computer Application ABSTRACT Now a days, security is very
TIBCO ActiveMatrix BPM Integration with Content Management Systems Software Release 2.2.0 September 2013
TIBCO ActiveMatrix BPM Integration with Content Management Systems Software Release 2.2.0 September 2013 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE.
FSPAMFPI06 Complete reports for mortgage and/or financial planning clients
Complete reports for mortgage and/or financial planning clients Overview You must be able to accurately complete reports of a complex nature, and take a proactive approach to the preparation of valuations
Identity based Authentication in Session Initiation. Session Initiation Protocol
Identity based Authentication in Session Initiation by Harsh Kupwade Southern Methodist University Dean Willis Softarmor LLC Thomas M. Chen Swansea University Nhut Nguyen Samsung Telecommunications 1 Session
Research and Implementation of Single Sign-On Mechanism for ASP Pattern *
Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software
Computer Science 483/580 Concurrent Programming Midterm Exam February 23, 2009
Computer Science 483/580 Concurrent Programming Midterm Exam February 23, 2009 Your name There are 6 pages to this exam printed front and back. Please make sure that you have all the pages now. The exam
Agent-Oriented Software Engineering PORTO Methodology AIAD 2013/2014. António Castro and Eugénio Oliveira
Agent-Oriented Software Engineering PORTO Methodology AIAD 2013/2014 António Castro and Eugénio Oliveira NIAD&R Distributed Artificial Intelligence and Robotics Group 1 Contents What is AOSE? Main Existing
Time has something to tell us about Network Address Translation
Time has something to tell us about Network Address Translation Elie Bursztein Abstract In this paper we introduce a new technique to count the number of hosts behind a NAT. This technique based on TCP
St S a t ck a ck nd Qu Q eue 1
Stack and Queue 1 Stack Data structure with Last-In First-Out (LIFO) behavior In Out C B A B C 2 Typical Operations Pop on Stack Push isempty: determines if the stack has no elements isfull: determines
Analysis of a Search Algorithm
CSE 326 Lecture 4: Lists and Stacks 1. Agfgd 2. Dgsdsfd 3. Hdffdsf 4. Sdfgsfdg 5. Tefsdgass We will review: Analysis: Searching a sorted array (from last time) List ADT: Insert, Delete, Find, First, Kth,
Oracle Health Sciences Network Patient Recruiter Cloud Service - Overview
Oracle Health Sciences Network Patient Recruiter Cloud Service Services Description Version: 2.0 Effective Date: 01-April-2013 Oracle Health Sciences Network Patient Recruiter Cloud Service - Services
TheworkreportedinthispaperhasbeenfundedinpartbytheCooperativeResearchCentresProgramthroughtheDepartmentofthePrimeMinisterandCabinetoftheCommonwealth
InternationalJournalofCooperativeInformationSystems fcworldscienticpublishingcompany DepartmentofComputerScienceandElectricalEngineering ShaziaW.Sadiq,OliveraMarjanovic,MariaE.Orlowska TheUniversityofQueensland,QLD4072Australia
HW3: Programming with stacks
HW3: Programming with stacks Due: 12PM, Noon Thursday, September 18 Total: 20pts You may do this assignment with one other student. A team of two members must practice pair programming. Pair programming
An Application Framework for Open Application Development and Distribution in Pervasive Display Networks
An Application Framework for Open Application Development and Distribution in Pervasive Display Networks (Short Paper) Constantin Taivan and Rui José University of Minho, Department of Information Systems,
Reducing Certificate Revocation Cost using NPKI
Reducing Certificate Revocation Cost using NPKI Albert Levi and Çetin Kaya Koç Oregon State University, Electrical and Computer Engineering Dept., Information Security Lab, Corvallis, Oregon, USA levi@ece.orst.edu
2.3 Product Manual Models: 400, 500, 500 R, and 1000
MiraLinkCorporation 2.3ProductManual Models:400,500,500 R,and1000 2006MiraLinkCorporation AllRightsReserved. MiraLink andintellibuffer aretrademarksofthemiralinkcorporation. DocumentID:2.0.7 LicenseAgreement
How To Write A Paper On Csp And Object-Z
Renementandvericationofconcurrentsystemsspecied TechnischeUniversitatBerlin,FBInformatik,FGSoftwaretechnik, GraemeSmithandJohnDerricky inobject-zandcsp ycomputinglaboratory,universityofkent,canterbury,ct27nf,uk.
Queues Outline and Required Reading: Queues ( 4.2 except 4.2.4) COSC 2011, Fall 2003, Section A Instructor: N. Vlajic
Queues Outline and Required Reading: Queues ( 4. except 4..4) COSC, Fall 3, Section A Instructor: N. Vlajic Queue ADT Queue linear data structure organized according to first-in/first-out (FIFO) principle!
User Setup for SQL Security
User Setup for SQL Security This section describes SQL security needed for MoversSuite and Microsoft Dynamics GP users. SQL Security for MoversSuite Users MoversSuite integrates with Windows Authentication
A Blueprint for Universal Trust Management Services
A Blueprint for Universal Trust Management Services Tomasz Kaszuba Krzysztof Rzadca Adam Wierzbicki Grzegorz Wierzowiecki Polish-Japanese Institute of Information Technology Warsaw, Poland adamw@pjwstk.edu.pl
MPR 1 Use a performance management system to monitor achievement of organizational objectives.
MPR 1 Use a performance management system to monitor achievement of organizational objectives. Reference: PHAB Standards and Measures 1.5, Standard 9.1 Indicator 1.1 Staff at all organizational levels
Paillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
Programming with Data Structures
Programming with Data Structures CMPSCI 187 Spring 2016 Please find a seat Try to sit close to the center (the room will be pretty full!) Turn off or silence your mobile phone Turn off your other internet-enabled
ISSUES IN RULE BASED KNOWLEDGE DISCOVERING PROCESS
Advances and Applications in Statistical Sciences Proceedings of The IV Meeting on Dynamics of Social and Economic Systems Volume 2, Issue 2, 2010, Pages 303-314 2010 Mili Publications ISSUES IN RULE BASED
How to set up as VPN Network
How to set up as VPN Network 1 Network and Sharing Firstly open the network and sharing centre by opening control panel and selecting Network and Sharing Center. If Network and Sharing cannot be found
1. Systematic literature review
1. Systematic literature review Details about population, intervention, outcomes, databases searched, search strings, inclusion exclusion criteria are presented here. The aim of systematic literature review
A secure email login system using virtual password
A secure email login system using virtual password Bhavin Tanti 1,Nishant Doshi 2 1 9seriesSoftwares, Ahmedabad,Gujarat,India 1 {bhavintanti@gmail.com} 2 SVNIT, Surat,Gujarat,India 2 {doshinikki2004@gmail.com}
Software Defined Active Queue Management
Software Defined Active Queue Management Future Networks 2014 Sebastian Meier sebastian.meier@ikr.uni-stuttgart.de 2014-09-26 Universität Stuttgart Institute of Communication Networks and Computer Engineering
VoIP Usage. 2010 Connected Tennessee. All Rights Reserved. Do Not Copy Without Written Permission.
VoIP Usage 2010 Connected Tennessee. All Rights Reserved. Do Not Copy Without Written Permission. 83 Businesses that Report Using Voice over Internet Protocol (VoIP) Only a small percentage (6%) of Tennessee
Print Manager Plus 2010 How to Migrate your Database to a New SQL or Print Server
1) Make a Copy of the Existing PMP SQL Database Files. 2) Upgrade PMP by running the installer on the old server 3) Install SQL 2005 or 2008 SQL server on the New Server (you may also use the PMP 2010
CFAS1.3 Use databases to support sales activities
Overview This unit is all about how you use databases to store, analyse and provide information that is useful to the sales process. The unit covers the full process of designing, setting up, populating,
Research and Design of Heterogeneous Data Exchange System in E-Government Based on XML
Research and Design of Heterogeneous Data Exchange System in E-Government Based on XML Huaiwen He, Yi Zheng, and Yihong Yang School of Computer, University of Electronic Science and Technology of China,
A Real-Time Cloud Based Model for Mass Email Delivery
A Real-Time Cloud Based Model for Mass Email Delivery Nyirabahizi Assouma, Mauricio Gomez, Seung-Bae Yang, and Eui-Nam Huh Department of Computer Engineering Kyung Hee University Suwon, South Korea {assouma,mgomez,johnhuh}@khu.ac.kr,
The Authentication and Processing Performance of Session Initiation Protocol (SIP) Based Multi-party Secure Closed Conference System
The Authentication and Processing Performance of Session Initiation Protocol () Based Multi-party Secure Closed Conference System Jongkyung Kim 1, Hyuncheol Kim 1, Seongjin Ahn 2, and Jinwook Chung 1 1
Master of Science Business Information Systems. Agile Processes Combining Business Processes and Business Rules
Master of Science Business Information Systems Agile Processes Combining Business Processes and Business Rules Knowledge and Processes knowledge about processes: workflow roles process logic used at design
Self Insured / Large Deductible Compensator
Self Insured / Large Deductible Compensator May 2013 Self Insured / Large Deductible This document provides guidance on the set up options in the Claims Portal available to self insured organisations or
Slinger Jansen Visting: University College London Home institution: UtrechtUniversity. i.e., the processes of:
Programme Introduction to Software and Configuration Updating CCU Model description Enterprise Information Systems for Software Vendors: bringing the vendor and customer closer together An enterprise information
NormalizingIncompleteDatabases
NormalizingIncompleteDatabases Abstract 600MountainAvenue,MurrayHill,NJ07974USA E-mail:libkin@research.att.com AT&TBellLaboratories LeonidLibkin Databasesareoftenincompletebecauseofthepresence ofdisjunctiveinformation,duetoconicts,partialknowledgeandotherreasons.queriesagainstsuchdatabaseswithnullvalues[akg91,il84],isdisjunctiveinforticsofsuchdatabasesandprovenormalizationtheorems
Object-Oriented Type Inference
Object-Oriented Type Inference Jens Palsberg and Michael I Schwartzbach palsberg@daimiaaudk and mis@daimiaaudk Computer Science Department, Aarhus University Ny Munkegade, DK-8000 Århus C, Denmark Abstract
A Probabilistic Quantum Key Transfer Protocol
A Probabilistic Quantum Key Transfer Protocol Abhishek Parakh Nebraska University Center for Information Assurance University of Nebraska at Omaha Omaha, NE 6818 Email: aparakh@unomaha.edu August 9, 01
Internet Single Sign-On Systems
Internet Single Sign-On Systems Radovan SEMANČÍK nlight, s.r.o. Súľovská 34, 812 05 Bratislava, Slovak Republic semancik@nlight.sk Abstract. This document describes the requirements and general principles
Characterization and Modeling of Packet Loss of a VoIP Communication
Characterization and Modeling of Packet Loss of a VoIP Communication L. Estrada, D. Torres, H. Toral Abstract In this work, a characterization and modeling of packet loss of a Voice over Internet Protocol
For background on the purpose and positioning of the role, see the Job Description Suggested ECVET credit points: <20
The IT Security Co-ordinator Qualification For background on the purpose and positioning of the role, see the Job Description Suggested ECVET credit points:
A Comprehensive Study on Cloud Computing Standardization
A Comprehensive Study on Cloud Computing Standardization Dr. Mukesh Chandra Negi Project Manager, Tech Mahindra Ltd, Noida, India ABSTRACT: Standard is a trust between standardization body, buyers and
Quosal Form Designer Training Documentation
Chapter 4 Advanced Form Design Concepts There is a huge amount of customization that can be done with the Report Designer, and basic quote forms only scratch the surface. Learning how to use the advanced
Accounting for Government Grants
124 Accounting Standard (AS) 12 Accounting for Government Grants Contents INTRODUCTION Paragraphs 1-3 Definitions 3 EXPLANATION 4-12 Accounting Treatment of Government Grants 5-11 Capital Approach versus
FortiGate UTM. Daily Activity Report. Nov 11, 2015 00:02:21. FortiGate Host Name: FG300C3913600056. FortiGate Serial Number: FG300C3913600056
FortiGate UTM Daily Activity Report Nov 11, 2015 00:02:21 FortiGate Host Name: FG300C3913600056 FortiGate Serial Number: FG300C3913600056 10-Nov-2015 00:00 To 10-Nov-2015 23:59 2 Table of Contents Bandwidth
SCADA System Security, Complexity, and Security Proof
SCADA System Security, Complexity, and Security Proof Reda Shbib, Shikun Zhou, Khalil Alkadhimi School of Engineering, University of Portsmouth, Portsmouth, UK {reda.shbib,shikun.zhou,khalil.alkadhimi}@port.ac.uk
FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation
Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity
A Secure Internet Service for Delivering Documents for the Blind
A Secure Internet Service for Delivering Documents for the Blind Benoit Guillon 1, Dominique Burger 1, and Bruno Marmol 2 1 Université Pierre et Marie Curie B23, INSERM U483, 75252 Paris Cedex, France
Continuous Quality Improvement Process Tailored for the School Nutrition Environment
National Food Service Management Institute The University of Mississippi Continuous Quality Improvement Process Tailored for the School Nutrition Environment Applied Research Division The University of
Trust areas: a security paradigm for the Future Internet
Trust areas: a security paradigm for the Future Internet Carsten Rudolph Fraunhofer Institute for Secure Information Technology SIT Rheinstrasse 75, Darmstadt, Germany Carsten.Rudolph@sit.fraunhofer.de
CONSIDERATION OF DYNAMIC STORAGE ATTRIBUTES IN CLOUD
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE CONSIDERATION OF DYNAMIC STORAGE ATTRIBUTES IN CLOUD Ravi Sativada 1, M.Prabhakar Rao 2 1 M.Tech Student, Dept of CSE, Chilkur Balaji