We propose a self-organizing archival Intermemory. That is, a noncommercial subscriber-provided distributed information storage service built on the existing Internet. Given an assumption of continued growth in the memory's total size, a subscriber's participation for only a finite time can nevertheless ensure archival preservation of the subscriber's data. Information disperses through the network over time and memories become more difficult to erase as they age. The probability of losing an old memory given random node failures is vanishingly small -- and an adversary would have to corrupt hundreds of thousands of nodes to destroy a very old memory. This paper presents a framework for the design of an Intermemory, and considers certain aspects of the design in greater detail. In particular, the aspects of addressing, space efficiency, and redundant coding are discussed. Keywords: Archival Storage, Distributed Redundant Databases, Electronic Publishing, Distributed Algorithms, Error ...

Abstract not found

In [Mis94], Misra introduced the powerlist data structure, which is well suited to express recursive, data-parallel algorithms. Moreover, Misra and other researchers have shown how powerlists can be used to prove the correctness of several algorithms. This success has encouraged some researchers to pursue automated proofs of theorems about powerlists[Kap96, KS94, KS95]. In this paper, we show how ACL2 can be used to verify theorems about powerlists. We depart from previous approaches in two significant ways. First, the powerlists we use are not the regular structures defined by Misra; that is, we do not require powerlists to be balanced trees. As we will see, this complicates some of the proofs, but on the other hand it allows us to state theorems that are otherwise beyond the language of powerlists. Second, we wish to prove the correctness of powerlist algorithms as much as possible within the logic of powerlists. Previous approaches have relied on intermediate lemmas wh...

In [10], Misra introduced the powerlist data structure, which is well suited to express recursive, data-parallel algorithms. In particular, Misra showed how powerlists could be used to give simple descriptions to very complex algorithms, such as the Fast Fourier Transform (FFT). Such simplicity in presentation facilitates reasoning about the resulting algorithms, and in fact Misra was able to give a stunningly simple proof of the correctness of the FFT. In this paper, we show how this proof can be verified using ACL2. This strengthens Misra's case that powerlists provide a suitable framework in which to define and reason about parallel algorithms, particularly using mechanical tools to aid in reasoning.

this paper, we explore this issue by focusing on the square root function. We begin by showing that this function does not exist in the ACL2 universe. In particular, we use the absence of the irrationals to prove that for all x, x

One of ACL2’s most interesting features is that it is executable, so users can run the programs that they verify, and debug them during verification. In fact, the ACL2 implementors have gone well out of their way to make sure ACL2 programs can be executed efficiently. Nevertheless, ACL2 does not provide a framework for reasoning about the cost of function invocations. This paper describes how such a framework can be added to ACL2, by using ACL2 macros and supporting code to access the prover state. The approach is illustrated with a cost analysis of red-black tree operations.

One of ACL2’s extensions over its predecessor Nqthm is the direct support for a richer set of numbers, including the rationals and complexrationals but not including the irrationals. The absence of the irrationals is strong, in the sense that ACL2’s typing mechanism asserts that all numbers are integers, rationals, or complex-rationals, and all other objects are indistinguishable from zero, as far as arithmetic operations are concerned. This is in contrast to an approach where the irrationals exist, but the axioms are simply too weak to prove much of anything about them that isn’t also true about all the real numbers; in other words, a logic roughly equivalent to our everyday understanding of the reals. This brings up the question of what is the proper way to reason about transcendental functions in ACL2, since strictly speaking ACL2 can only reason about rational functions. In this paper, we explore this issue by focusing on the square root function. We begin by showing that this function does not exist in the ACL2 universe. In particular, we use the absence of the irrationals to prove that for all x, x 2 ̸ = 2. This illustrates that when dealing with assertions about the real number line, one best remember that ACL2 can prove them only for the rationals — and the equivalent assertions about the reals may be false. One can argue, however, that to a computer scientist the rationals should be enough. After all, computers don’t support the irrational numbers, either, so we have to approximate any transcendental function by a rational equivalent. We show how this can be done for square root and use ACL2 to prove that our approximation is arbitrarily close to the square root function. Our technique is to prove that a specific function (namely a bisection algorithm) serves as an approximation. ∗ Author is supported by a salary from LIM International, Inc. 1 1