Abstract. This contribution proposes a set of criteria that distinguish a grand challenge in science or engineering from the many other kinds of short-term or long-term research problems that engage the interest of scientists and engineers. As an example drawn from Computer Science, it revives an old challenge: the construction and application of a verifying compiler that guarantees correctness of a program before running it. Introduction. The primary purpose of the formulation and promulgation of a grand challenge is the advancement of science or engineering. A grand challenge represents a commitment by a significant section of the research community to work together towards a common goal, agreed to be valuable and achievable by a team effort within a predicted timescale. The challenge is formulated by the

ACL2 is a theorem proving system under development at Computational Logic, Inc., by the authors of the Boyer-Moore system, Nqthm, and its interactive enhancement, Pc-Nqthm, based on our perceptions of some of the inadequacies of Nqthm when used in large-scale verification projects. Foremost among those inadequacies is the fact that Nqthm's logic is an inefficient programming language. We now recognize that the efficiency of the logic as a programming language is of great importance because the models of microprocessors, operating systems, and languages typically constructed in verification projects must be executed to corroborate them against the realities they model. Simulation of such large scale systems stresses the logic in ways not imagined when Nqthm was designed. In addition, Nqthm does not adequately support certain proof techniques, nor does it encourage the reuse of previously developed libraries or the collaboration of semi-autonomous workers on different parts of a verifica...

Performance orientation in the development process of parallel software is motivated by outlining the misconception of current approaches where performance activies come in at the very end of the development, mainly in terms of measurement or monitoring after the implementation phase. At that time major part of the development work is already done, and performance pitfalls are very hard to repair - if this is possible at all. A development process for parallel programs that launches performance engineering in the early design phase is proposed, based on a Petri net specification methodology for the performance critical parts of a parallel system. The Petri net formalism is used to define Program Resource Mapping-net (PRM-net) models, that serve as an integrated performance model of parallel processing systems, combining performance characteristics of parallel programs (P-net), parallel hardware (R-net) and the assignment of programs to hardware (Mapping) into a single performance model...

We present a method for the design of nonmasking fault-tolerant programs. In our method, a set of constraints is associated with each program. As long as faults do not occur, the constraints are continually satisfied under the execution of program actions. Whenever some of the constraints are violated, due to certain faults, all constraints are eventually reestablished by subsequent execution of the program actions. To design programs thus, two types of program actions are distinguished: "closure" actions and "convergence " actions. Closure actions are the actions that perform the intended computation of the program when all of the constraints are satisfied. Convergence actions are the actions that reestablish the constraints when they have been violated. Sufficient conditions for the validation of closure and convergence actions are formalized in terms of a "constraint graph". These conditions are illustrated by designing nonmasking fault-tolerant programs for diffusing computations, ...

A framework is developed for studying the implementation process, as a stepwise process in which an abstract specification is successively transformed to reach a final compilable specification adapted to the computer environment. In this context, an implementation relation is referred to as the relation which should link any "valid" implementation to its abstract formal specification. In other words, the implementation relation is intended to express formally the notion of validity. Our framework allows the exact characterization of the transformations which may take place at each step for a given implementation relation. This framework is essential for dealing with non-transitive implementation relations. In the second part of the paper, these results are exemplified in LOTOS on some existing relations, and an apparent paradox is presented. Some new results about these relations are also derived. Keywords LOTOS, implementation relation, refinement, implementation process, transforma...

this paper we will extend the Turing machine paradigm to include several key features of contemporary information processing systems.

We present a compositional method for the verification of component-based systems described in a subset of the BIP language encompassing multi-party interaction without data transfer. The method is based on the use of two kinds of invariants. Component invariants are over-approximations of components ’ reachability sets. Interaction invariants are global constraints on the states of components involved in interactions. The method has been implemented in the D-Finder tool and has been applied for checking deadlock-freedom. The experimental results on non-trivial examples show that our method allow either to prove deadlock-freedom or to identify very few deadlock configurations that can be analyzed by using state space exploration. 1

Since Pnueli's seminal paper in 1977, Temporal Logic has been used as a formalism for specifying and verifying the correctness of reactive systems. In this paper, we show that, besides its expressive power, Temporal Logic enjoys a very strong structural property: it is categorical on processes.

It is suggested that Category Theory provides the right level of mathematical abstraction to address languages for describing software architectures. Contrarily to most other formalisations of SA concepts, Category Theory does not promote any particular formalism for component and connector description but provides instead the very semantics of the concepts that are related to the gross modularisation of complex systems like "interconnection", "configuration", "instantiation" and "composition". Two examples, a category of programs for a parallel program design language and a category of temporal logic specifications, together with comparisons with other work, namely by Allen and Garlan, and Moriconi and Qian, are adduced to justify this claim. 1. Introduction In a particularly stimulating panel introduction, Garlan and Perry present an overview of current research issues in Software Architecture (SA) [11]. They characterise SA to be "emerging as a significant and different design lev...

In this paper we present a novel approach to the specification and verification of system-level hardware designs. It is based on Timing Diagrams, a graphical specification language with an intuitive semantics, which is especially appropriate for the description of asynchronous distributed systems such as hardware designs. Timing Diagrams and their semantics are formally defined based on a translation to Temporal Logic. It is shown that for the resulting type of formulas there is an efficient model checking procedure, thus allowing fully automatic verification of hardware designs.