From the AAR President, Larry Wos...
Welcome to the first palindrome year of the millennium! I trust this will mean not that we go backwards and forwards but that we neatly integrate developments--in theory, implementation, and applications--leading to startling new successes. Among the challenging areas of research in automated reasoning is program verification--particularly of parallel programs; Olga Shumsky Matlin has contributed an interesting article on this topic. Also in this issue are announcements for numerous conferences for the year 2002. It promises to be an exciting year, and I hope that you will contribute some of your research results to the AAR Newsletter and to its companion the Journal of Automated Reasoning.
Automated Theorem Proving in Software Engineering
Johann M. Schumann
has published a new book entitled
Automated Theorem Proving in Software Engineering.
Using case studies on verification of
communication and security protocols and logic-based component reuse,
the book demonstrates that state-of-the-art automated theorem provers can
handle important tasks automatically during the development
of high-quality software.
It also provides numerous techniques for
increasing practical usability of the automated theorem prover for
successful applications.
Handbook of Automated Reasoning
The Handbook of Automated Reasoning,
edited by J. Alan Robinson and Andrei Voronkov.
presents an overview of the fundamental ideas,
techniques, and methods in automated reasoning and its applications. The
material covers both theory and implementation. In addition to traditional
topics, the book covers material that bridges the gap between automated
reasoning and related areas. Examples include model checking, nonmonotonic
reasoning, numerical constraints, description logics, and implementation of
declarative programming languages.
Volume I
The Early History of Automated Deduction - Martin Davis, pp. 3-15
Volume II
For further information, please see the
Web page.
Reasoning about parallel programs is surprisingly difficult. Even
small parallel programs are difficult to write correctly, and an
incorrect parallel program is equally difficult to debug. This
characterization has been borne out in experiences with writing the
Multi-Purpose Daemon (MPD): despite MPD's small size and apparent
simplicity, errors have impeded progress toward correct code. Such a
situation led to exploration of program verification techniques.
MPD [1] is a process manager for parallel programs and is itself a
parallel program. Its function is to start the processes of a
parallel job, manage input and output, deal with faults, provide
services to the application, and cause jobs to terminate cleanly. MPD
is the sort of process manager needed to run applications that use the
standard MPI [3] library for parallelism, although it is not
MPI-specific.
Our attempt to use formal verification techniques to ensure
correctness of MPD algorithms employs the model checker SPIN [4],
which supports design and verification of asynchronous distributed
communicating systems. Models of such systems are recorded in a
special high-level verification language PROMELA, which can also be
used to state some correctness properties of the models. Additional
correctness properties are specified by using linear temporal logic
(LTL). The verification engine of SPIN is based on on-the-fly
reachability analysis with several optimizations and heuristics. The
system also includes a simulation environment and a graphical user
interface.
The MPD system consists of several types of processes (called daemon,
manager, console, and client) that communicate over Unix sockets and
pipes. Daemons and managers are connected in a ring. A typical setup of
the MPD system is shown in Figure 1.
Figure 1. Daemons with console process, managers, and clients
MPD algorithms execute on daemons and managers. Daemons and managers
execute in essentially infinite loop: they receive messages on their
connections and perform actions depending on the type of the received
message. The actions are relatively simple and typically involve
sending another message. Thus, daemons
and managers are viewed and modeled in three layers. On the first
layer is the main loop that allows to select a message from one of the
attached communication connections. The middle layer is the
collection of algorithms that are executed in response to each defined
message type. The bottom layer is the mechanism that allows messages
to travel from one process to another. The real MPD system relies on
Unix sockets for communication between the processes, and the
operating system provides all the necessary services.
The MPD algorithms that we would like to verify thus reside in the
middle layer of the three-tiered model. To proceed with verification,
we must model not only the algorithms of interest but also the
interprocess communication of the bottom level; that is, we have
to create a Promela model of Unix sockets. Success of verification
attempts depends on the efficiency of the underlying model, and so
creation of an efficient Promela model of sockets was important.
Several Promela models of socket handling functions were tried.
Finally, we created a reusable general-purpose library of Unix socket
functions. The library contains implementations of the socket
functions connect, accept, read, write,
close, and select. These functions provide the
interface between the interprocess communication layer of the
three-tiered model and the middle layer where the algorithms reside.
A different implementation of the socket library can be used, if
desired, without making any changes to the model of the algorithms.
We considered algorithms that reside on different levels of the MPD
system. Two related daemon-level algorithms were modeled: an
algorithm for simultaneously inserting new members into a ring of
daemons and an algorithm for a recovery of the ring after a single
nondeterministic daemon failure. Each of the two algorithms was
verified against two correctness properties. The first property
(state) is a static check that the information contained in the
underlying data structures indeed represents a properly connected
ring. The second property (trace) is that a special purpose ring
traversal algorithm completes after having visited each member of the
ring. We also modeled a manager-level algorithm to provide a
synchronization service to the client application processes. A
correctness property, stating that no client is allowed to proceed
past the synchronization point until all clients have reached the
synchronization point, was proved for the algorithm with SPIN's aid.
As shown in Table 1, verification succeeded on models of only a
small size, especially compared with the real MPD system that can
involve hundreds if not thousands of processes. However, since even
the most difficult errors can be discovered on models comprising only
a few processes, the verification engine of SPIN enables us to verify
the algorithms on models that are sufficiently large for our purposes.
Currently we use SPIN to explore and verify individual MPD algorithms.
However, many things take place in parallel in a running MPD system.
Daemons enter and leave the ring, as do managers, different client
processes request different services from the managers, and several
instances of the same algorithm may be executing simultaneously.
Correct interaction of these algorithms is also important. We
hope to be able to reason formally about MPD models that consist of
several related and interdependent algorithms.
A long-term goal of this project is to model and verify MPD algorithms
and then translate them into C or another programming language, while
preserving the verified properties. Ideally, translation should be
automated. In order to allow this to happen, the Promela model must not be
overly abstract. We compared the C implementation of the barrier
algorithm with its specification in Promela. The comparison suggests that
the automated translation is feasible.
The Promela implementation of the the Unix socket library, models of
the verified MPD algorithms and a technical report [2] with a more
detailed description of the project are available at
on the
Web site.
1. R. Butler, W. Gropp, and E. Lusk. ``Components and interfaces of a
process management system for parallel programs.'' Parallel
Computing, 27:1417-1429, 2001.
2. O. S. Matlin, E. Lusk, W. McCune. ``SPINning Parallel Systems
Software.'' Preprint ANL/MCS-P921-1201. Argonne National
Laboratory, 2001.
3. Message Passing Interface Forum. ``MPI2: A message passing interface
standard.'' International Journal of High Performance Computing
Applications,12(1-2):1-299, 1998.
4. Spin Home Page. http://netlib.bell-labs.com/netlib/spin.
Workshop on Complexity in Automated Deduction
A workshop on "Complexity in Automated Deduction" will take place
in conjunction with CADE-18 on
July 25-26, 2002, in Copenhagen, Denmark.
The workshop will bring together researchers
interested in problems at the interface between
automated deduction and computational complexity.
If you are interested in giving a
contributed talk, please send an abstract, preferably as a
PostScript attachment, to Miki.Hermann@loria.fr no later than
Friday, May 17, 2002.
STRATEGIES 2002
The 5th International Workshop on Strategies in Automated Deduction
(STRATEGIES 2002)
will be held in conjunction with CADE at FLoC in
Copenhagen, Denmark, on July 26, 2002.
Strategies are almost ubiquitous in automated deduction and reasoning
systems, because the rules at the heart of such systems are nondeterministic
and need to be complemented by strategies, or search plans, responsible for
controlling them. The role that search plans play in making the resulting
procedures capable of solving efficiently interesting problems is no less
than that played by the inference systems themselves, since typical
deduction paradigms (e.g., generation of consequences, subgoal-reduction,
generation of instances, case analysis, enumeration) generate very large or
infinite spaces of choices.
These considerations apply to both fully automated systems (theorem provers,
model builders, rewriting engines, decision procedures) and interactive
ones (proof assistants and verification systems) and affect them at all
levels, from abstract definition to design and implementation.
The combination of automated components (e.g., theorem provers and
decision procedures) as well as their integration within interactive
systems to generate the reasoning environments of the future poses new
control problems and puts the study of strategies at the forefront.
The workshop on Strategies in Automated Deduction is the primary forum
for the communication of new results on control strategies and search plans
in automated theorem proving, automated model building, decision procedures,
interactive proof assistants, proof planners, and logical frameworks
and in first-order (including propositional and purely equational as special
cases),, modal (e.g., temporal) and higher-order logics.
Sample topics include the following:
Theory:
Definition, design, implementation and application:
Specialization and integration:
Authors are invited to submit an extended abstract of up to 10 pages.
Researchers interested in attending the workshop without giving a talk
are invited to send a position paper of 1--2 pages.
All submissions should be sent to the Program Chairs
(strategies02@cs.uiowa.edu) in Postscript before April 22, 2002.
Accepted contributions will be included in the workshop proceedings,
which will be available at the workshop and on the Web.
Based on the submissions, the Program Chairs will consider the
possibility of a postworkshop publication (e.g., a special issue
of a journal or a volume in a series of electronic proceedings),
where authors may submit full versions of the workshop papers.
This may involve another call for papers and refereeing process.
Attendance is by invitation only but late requests for participation
will be considered.
For further information, please see the
STRATEGIES 2002
Web site
and the CADE 2002
Web site.
Advances in Modal Logic
Advances in Modal Logic
will be held September 30 - October 2, 2002, in Toulouse, France.
AiML 2002 is part of an initiative aimed at presenting
an up-to-date picture of the state of the art in modal logic
and its many applications.
Topics of interest include the following:
complexity and decidability of modal and temporal logics,
deontic logic,
description logics,
dynamic logic,
epistemic logic,
modal logic and game theory,
modal logic and grammar formalisms,
modal realism and antirealism,
modal and temporal logic programming and theorem proving,
model theory and proof theory of modal and temporal logic,
representation of time in natural language semantics,
nonmonotonic modal logics,
provability logic, and
common-sense temporal reasoning.
During the workshop there also will be a special session on modal
logics of space.
Authors are invited to submit a detailed abstract of a full
paper of at most 10 pages (a4paper, 11pt) by e-mail to one
of the program chairs
(Nobu-Yuki Suzuki, smnsuzu@ipc.shizuoka.ac.jp, or
Frank Wolter, wolter@informatik.uni-leipzig.de)
using `AiML Submission' as the subject line.
Submissions must be received no later than May 15, 2002.
Note that at least one author of each accepted paper is
required to register for and attend the conference to present
the paper.
Preliminary versions of the full papers should be made
available at the workshop; the proceedings volumes will be
submitted to CSLI Publications.
Information about AiML-2002 can be obtained at
the
Web site.
4th Workshop on Hybrid Logics
A workshop on "Hybrid Logics" will take place at
LICS 2002, on July 25, 2002, in Copenhagen, Denmark.
Hybrid logic is a branch of modal logic in which it is possible to
directly refer to worlds, times, states, or whatever the elements of the
(Kripke) model are meant to represent. Although they date back to the
late 1960s and have been sporadically investigated ever since, it is
only in the 1990s that work on them really got into its stride.
The workshop is relevant to a wide range of people,
including those interested in description logic, feature logic,
applied modal logics, temporal logic, and labeled deduction.
Moreover, the workshop is devoted to exploring ideas Prior first
introduced 30 years ago: it will be an ideal opportunity to see
how his ideas have been developed in the intervening period.
Contributions in the form of an extended abstract
(up to 10 A4 size pages) should be sent in
PostScript format to carlos@science.uva.nl before
April 26, 2002. Please note that all workshop contributors are required
by the LICS organizers to register for FLoC 2002.
Visit the
Web site for further information.
SAT2002
The 5th International Symposium on the Theory and
Applications of Satisfiability Testing
will take place on
May 6-9, 2001, in Cincinnati, Ohio, USA.
Several aspects of satisfiability testing will be explored
including propositional proof systems, search techniques,
relationship between BDDs and search, applications such as in formal
verification, probabilistic analysis of SAT algorithms and SAT
properties, upper bounds on SAT algorithm performance, specific
solvers, empirical results, and quantified Boolean formulas.
Extended abstracts are due February 6, 2002.
There will also be a mini-workshop on QBF.
In conjunction with the symposium, there will be an
SAT Solver Competition (BDD packages welcome).
SAT solvers and benchmarks are due March 6, 2002.
See the
symposium home page
for further details.
WRS 2002
The second international workshop on "Reduction Strategies
in Rewriting and Programming"
will be held in conjunction with RTA 2002
in Copenhagen, Denmark, on July 21, 2002.
Reduction strategies bridge the gap between unrestricted general
rewriting (computation) and (more deterministic) rewriting with
particular strategies (programming). Moreover, reduction strategies
provide a natural way to go from operational principles (e.g., graph
and term rewriting, narrowing, lambda-calculus) and semantics (e.g.,
normalization, computation of values, infinitary normalization,
head-normalization) to implementations of programming languages.
Therefore, progress in this area is likely to be of interest not
only to the rewriting community, but also to neighboring fields like
functional programming, functional-logic programming, and termination
proofs of algorithms.
The workshop seeks to provide a forum for the presentation
of recent developments and new research directions
(max. 10 pages)
as well as discussion of surveys on existing knowledge in this
area (no page limit).
Topics of interest include
theoretical foundations for reduction strategies;
strategies in different frameworks (e.g., term rewriting,
lambda calculi, constraint solving) and their application
in programming;
properties of reduction strategies and computation under
strategies (e.g., completeness, computability, decidability);
interrelations, combinations, and applications of
reduction under different strategies;
program analysis and other semantics-based optimization techniques
dealing with reduction strategies;
rewrite systems, tools, and implementations with
programmable strategies as an essential concept;
specification of reduction strategies in (real) languages; and
data structures and implementation techniques for reduction strategies.
Submissions
should be sent in PostScript format to
the following e-mail address wrs02@dsic.upv.es
before April 15, 2002.
Accepted papers will be included in the workshop proceedings that
will be available at the workshop, and electronically on the web.
A special issue of the Journal of Symbolic Computation on
will be designated for revised and extended versions of selected
contributions from both WRS 2001 (Utrecht, May 2001) and WRS 2002.
For further information, please see the
Web site.
TPHOLs 2002
The 2002 International Conference on Theorem Proving in Higher Order
Logics will be held August 20-23, 2002, in Hampton, Virginia, USA. It is being
organized jointly by NASA Langley Research Center, ICASE, and Concordia
University.
The program committee welcomes submissions on all aspects of theorem
proving in higher-order logics and on related topics in theorem proving
and verification.
Topics of interest include the following:
Submissions are invited in two categories:
(A) full research paper, and (B)
work in progress report.
Submissions under category A
are due February 22, 2002; they
will be fully refereed, and accepted papers
will be published as a volume of Springer-Verlag's Lecture Notes in
Computer Science series. Submissions under category B
are due May 17, 2002; they
will not be
formally refereed, but their content and relevance will be reviewed.
Those submissions accepted will be published in a NASA technical report.
Unless otherwise requested, submissions rejected under category A will
also be considered for inclusion under category B.
Papers should be no more than 16 pages. Details are
available from the
Web page.
ADG
The fourth international workshop
on ``Automated Deduction in Geometry'' will be held in
Hagenberg, Austria, on September 4-6, 2002.
The ADG workshop provides
a forum to exchange ideas and views, to present research results,
and to demonstrate software tools.
Specific topics for ADG 2002 include
the following:
Potential participants of ADG 2002 are invited to submit an extended abstract
(3 or more pages) or a full paper by June 3, 2002.
Electronic submissions are preferred, and should be sent to the chairman
Franz.Winkler@risc.uni-linz.ac.at.
Authors of the extended abstracts and full papers accepted for presentation
at the workshop will be invited to submit their full or revised papers
for publication in the proceedings of ADG 2002 after the workshop.
It is expected that the accepted papers will be published as a
volume in the LNAI series by Springer-Verlag.
For further details, please see the
Web site.
Amy Felty has issued a call for papers for a special issue
of the Journal of Aumated Reasoning on proof-carrying code
and related approaches that use formal
reasoning to enhance safety and reliability of software.
Topics of interest include
original results and study of tools and methods for proof generation, proof
checking, and their integration with code generation/compilation.
Manuscripts should be unpublished works and not
submitted elsewhere. Revised and enhanced versions of papers
published in conference proceedings that have not appeared in
archival journals are eligible for submission. All submissions will
be reviewed according to the usual standards of scholarship and
originality. The deadline for submissions is February 22, 2002.
For further information, please see
the
Web site.
prepared by Gail W. Pieper
January 2002
New Books
Springer Verlag, 2001, ISBN 3-540-67989-8
XIV+228 pp.
Web site
Resolution Theorem Proving - Leo Bachmair and Harald Ganzinger, pp. 19-99
Tableaux and Related Methods - Reiner Hähnle, pp. 100-178
The Inverse Method - Anatoli Degtyarev and Andrei Voronkov, pp. 179-272
Normal Form Transformations - Matthias Baaz, Uwe Egly, and Alexander Leitsch, pp. 273-333
Computing Small Clause Normal Forms - Andreas Nonnengart and Christoph Weidenbach, pp. 335-367
Paramodulation-Based Theorem Proving - Robert Nieuwenhuis and Albert Rubio, pp. 371-443
Unification Theory - Franz Baader and Wayne Snyder, pp. 445-532
Rewriting - Nachum Dershowitz and David A. Plaisted, pp. 535-610
Equality Reasoning in Sequent-Based Calculi - Anatoli Degtyarev and Andrei Voronkov, pp. 611-706
Automated Reasoning in Geometry - Shang-Ching Chou and Xiao-Shan Gao, pp. 707-749
Solving Numerical Constraints - Alexander Bockmayr and Volker Weispfenning, pp. 751-842
The Automation of Proof by Mathematical Induction - Alan Bundy, pp. 845-911
Inductionless Induction - Hubert Comon, pp. 913-962
Classical Type Theory - Peter B. Andrews, pp. 965-1007
Higher-Order Unification and Matching - Gilles Dowek, pp. 1009-1062
Logical Frameworks - Frank Pfenning, pp. 1063-1147
Proof-Assistants Using Dependent Type Systems - Henk Barendregt and Herman Geuvers, pp. 1149-1238
Nonmonotonic Reasoning: Towards Efficient Calculi and Implementations - Jürgen Dix, Ulrich Furbach, and Ilkka Niemelä, pp. 1241-1354
Automated Deduction for Many-Valued Logics - Matthias Baaz, Christian G. Fermüller, and Gernot Salzer, pp. 1355-1402
Encoding Two-Valued Nonclassical Logics in Classical Logic - Hans Jürgen Ohlbach, Andreas Nonnengart, Maarten de Rijke, and Dov M. Gabbay, pp. 1403-1486
Connections in Nonclassical Logics - Arild Waaler, pp. 1487-1578
Reasoning in Expressive Description Logics - Diego Calvanese, Giuseppe De Giacomo, Maurizio Lenzerini, and Daniele Nardi, pp. 1581-1634
Model Checking - Edmund M. Clarke and Bernd-Holger Schlingloff, pp. 1635-1790
Resolution Decision Procedures - Christian G. Fermüller, Alexander Leitsch, Ullrich Hustadt, and Tanel Tammet, pp. 1791-1849
Term Indexing - I. V. Ramakrishnan, R. Sekar, and Andrei Voronkov, pp. 1853-1964
Combining Superposition, Sorts and Splitting - Christoph Weidenbach, pp. 1965-2013
Model Elimination and Connection Tableau Procedures - Reinhold Letz and Gernot Stenz, pp. 2015-2114
Elsevier Science and
MIT Press, 2001
two-volume set cloth ISBN 0-262-18223-8
Vol. 1, 981 pp., ISBN 0-262-18221-1
Vol. 2, 1169 pp., ISBN 0-262-18222-X
Modeling and Verification of Parallel Systems Software
Olga Shumsky Matlin
Argonne National Laboratory
matlin@mcs.anl.gov
1. Introduction
2. Modeling Components of the MPD System
3. Verification of MPD Algorithms
Correctness
Maximum
Algorithm
Property
Model Size
Ring insert
state
4
Ring insert
trace
4
Ring recovery
state
12
Ring recovery
trace
9
Synchronization
14
4. Future Plans
Acknowledgments
This project is a joint work with E. Lusk and W. McCune. This work
was supported by the Mathematical, Information, and Computational
Sciences Division subprogram of the Office of Advanced Scientific
Computing Research, U.S. Department of Energy, under Contract
W-31-109-Eng-38.
References
Call for Papers
CADE Workshops
Proof-Carrying Code:
Special Issue of the Journal of Automated Reasoning