Abstract not found

We propose a grand challenge for the formal methods community: build and mechanically verify a practical embedded system, from transistors to software. We propose that each group within the formal methods community design and verify, by the methods appropriate to that group, an embedded system of their choice. The point is not to have just one integrated formal method or just one verified application, but to encourage groups to develop the techniques and methodologies necessary for system-level verification.

We describe a methodology for proving theorems mechanically about Java methods. The theorem prover used is the ACL2 system, an industrial-strength version of the Boyer-Moore theorem prover. An operational semantics for a substantial subset of the Java Virtual Machine (JVM) has been defined in ACL2. Theorems are proved about Java methods and classes by compiling them with javac and then proving the corresponding theorem about the JVM. Certain automatically applied strategies are implemented with rewrite rules (and other proof-guiding pragmas) in ACL2 “books” to control the theorem prover when operating on problems involving the JVM model. The Java Virtual Machine or JVM [27] is the basic abstraction Java [17] implementors are expected to respect. We speculate that the JVM is an appropriate level of abstraction at which to model Java programs with the intention of mechanically verifying their properties. The most complex features of the Java subset we handle – construction and initialization of new objects, synchronization, thread management, and virtual method invocation – are all supported directly and with full abstraction as single atomic instructions in the JVM. The complexity of verifying JVM bytecode program stems from the complexity of Java’s semantics, not

A concurrent data-structure implementation is considered nonblocking if it meets one of three following liveness criteria: waitfreedom, lock-freedom,orobstruction-freedom. Developers of nonblocking algorithms aim to meet these criteria. However, to date their proofs for non-trivial algorithms have been only manual pencil-and-paper semi-formal proofs. This paper proposes the first fully automatic tool that allows developers to ensure that their algorithms are indeed non-blocking. Our tool uses rely-guarantee reasoning while overcoming the technical challenge of sound reasoning in the presence of interdependent liveness properties.

Abstract. We describe an efficient procedure for proving stabilization of biological systems modeled as qualitative networks or genetic regulatory networks. For scalability, our procedure uses modular proof techniques, where state-space exploration is applied only locally to small pieces of the system rather than the entire system as a whole. Our procedure exploits the observation that, in practice, the form of modular proofs can be restricted to a very limited set. For completeness, our technique falls back on a non-compositional counterexample search. Using our new procedure, we have solved a number of challenging published examples, including: a 3-D model of the mammalian epidermis; a model of metabolic networks operating in type-2 diabetes; a model of fate determination of vulval precursor cells in the C. elegans worm; and a model of pair-rule regulation during segmentation in the Drosophila embryo. Our results show many orders of magnitude speedup in cases where previous stabilization proving techniques were known to succeed, and new results in cases where tools had previously failed. 1

In the tenure of a graduate student, one often has the distinct pleasure to interact and work with a number of different colleagues with different perspectives in general and on research problems in particular. This has certainly been the case with my time as a full-time and part-time graduate student. Unfortunately, while the length of my tenure has thankfully increased the number of colleagues whom I have had the opportunity to work with, it has also increased the likelihood that I will forget to acknowledge those whom I truly should. To those individuals whom I do not include here, I offer my apology. I wish to first acknowledge the members of my committee: Don Fussell, Adnan Aziz, Warren Hunt, J Strother Moore, and Jacob Abraham. I am thankful to each of the committee members for their consideration and examination of my work and in general, for their time and patience. I wish to thank J Moore for his continued interest and support. I have been truly inspired by J’s focus, energy, and standards in the his work on ACL2. I also wish to thank my supervisor Jacob Abraham. Jacob has demonstrated an impressive amount of patience and allowed me the freedom to explore areas which we may not have otherwise considered. I have always been impressed with Jacob’s imagination and he has provided keen insights and constructive advice on my work which have proven very useful over the years.

We describe a mechanically checked proof of a property of a system of small bytecoded programs involving an unbounded number of threads and synchronization via monitors. The bytecode programming language we study is modeled on that for the Java Virtual Machine. The formal semantics of our language is given by an operational model expressed in ACL2, a Lisp-based logic of recursive functions. Our proofs are checked with the ACL2 theorem prover. The proof involves reasoning about arithmetic, conditionals, infinite loops, the creation and modification of instance objects in the heap, including threads, the inheritance of fields from superclasses, pointer chasing and smashing, the invocation of instance methods (and the concomitant dynamic method resolution), use of the start method on thread objects, the use of monitors to attain synchronization between threads, and consideration of all possible interleavings or scheduling over an unbounded number of threads. This paper develops tech...

To the few people who believed I could do it even when I myself didn’t Acknowledgments This dissertation has been shaped by many people, including my teachers, collabo-rators, friends, and family. I would like to take this opportunity to acknowledge the influence they have had in my development as a person and as a scientist. First and foremost, I wish to thank my advisor J Strother Moore. J is an amazing advisor, a marvellous collaborator, an insightful researcher, an empathetic teacher, and a truly great human being. He gave me just the right balance of freedom, encouragement, and direction to guide the course of this research. My stimulating discussions with him made the act of research an experience of pure enjoyment, and helped pull me out of many low ebbs. At one point I used to believe that whenever I was stuck with a problem one meeting with J would get me back on track. Furthermore, my times together with J and Jo during Thanksgivings and other occasions always made me feel part of his family. There was no problem, technical or otherwise, that I could not discuss with J, and there was no time when