Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Research inLaboratory for Foundations of Computer Science
David Aspinall, Deputy Director
[ For: Julian Bradfield, Director ]
http://www.lfcs.inf.ed.ac.uk
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
LFCS profile
I A community of researchers in theoretical computerscience, founded in 1986.
I People:I 23 academic staff,I 20 researchers,I 35 PhD students,I also support staff, visitors, associates.
I A variety of research areas, ranging from long term basicresearch to experimental and applied theory.
I Researchers work individually, with PhD students and RAs,and within groups.
LFCS profile
I A community of researchers in theoretical computerscience, founded in 1986.
I People:I 23 academic staff,I 20 researchers,I 35 PhD students,I also support staff, visitors, associates.
I A variety of research areas, ranging from long term basicresearch to experimental and applied theory.
I Researchers work individually, with PhD students and RAs,and within groups.
LFCS profile
I A community of researchers in theoretical computerscience, founded in 1986.
I People:I 23 academic staff,I 20 researchers,I 35 PhD students,I also support staff, visitors, associates.
I A variety of research areas, ranging from long term basicresearch to experimental and applied theory.
I Researchers work individually, with PhD students and RAs,and within groups.
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Areas of expertise and research
I Logic and proof theory
I Category theory
I Formal language semantics
I Algorithms and complexity
I Concurrency theory
I Model checking
I Database theory
I Programming languages
I Program logics
I Specification languages
I Theorem proving andhardware verification
I Software engineering
I Performance modelling andprocess algebra
I Security
I Systems biology
Research goups I
I Logic and SemanticsPlotkin, Fourman, Power, Simpson, Longley, Klin, Schroder
I Algorithms and Complexity GroupJerrum, Cryan, Kalorkoti
I Concurrency and Model CheckingStirling, Bradfield, Etessami, Jackson, Quickert
I Database GroupBuneman, Fan, Libkin, Viglas, Cheney, Bose, Cong,Fountoulaki, Geerts, Kementsietsidis, Ma
Research groups II
I PEPA (Performance Evaluation Process Algebra)
Hillston, Gilmore, Tribastone
I Links (Programming Languages for the Web)
Wadler, Lindley
I Mobility and Security GroupSannella, Stark, Aspinall, Pollack, MacKenzie, Momigliano,Maier, Atkey
I Software EngineeringAnderson, Stevens, Felici
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
Topological Models of Computation
[Alex Simpson, Matthias Schroder, Ingo Battenfeld]
I We can compute with infinite objects, e.g. real numbers
π = 3.1415926535897932384626433832795028841971693 . . .
presented (for example) as streams of data.
I Using this idea (but a different representation!), real numberarithmetic can be implemented so that the result isguaranteed correct to within any desired accuracy.
I The above is just one example of computing with infinitedata. The idea extends also to other types of datacorresponding to elements of other mathematical spaces.
I Infinite data carries a natural topology and all computableoperations are continuous.
I This leads to a fruitful interaction between programminglanguage datatype constructions (function types, recursive andpolymorphic types, monadic types, . . . ) and correspondingtopological constructions.
Topological Models of Computation
[Alex Simpson, Matthias Schroder, Ingo Battenfeld]
I We can compute with infinite objects, e.g. real numbers
π = 3.1415926535897932384626433832795028841971693 . . .
presented (for example) as streams of data.I Using this idea (but a different representation!), real number
arithmetic can be implemented so that the result isguaranteed correct to within any desired accuracy.
I The above is just one example of computing with infinitedata. The idea extends also to other types of datacorresponding to elements of other mathematical spaces.
I Infinite data carries a natural topology and all computableoperations are continuous.
I This leads to a fruitful interaction between programminglanguage datatype constructions (function types, recursive andpolymorphic types, monadic types, . . . ) and correspondingtopological constructions.
Topological Models of Computation
[Alex Simpson, Matthias Schroder, Ingo Battenfeld]
I We can compute with infinite objects, e.g. real numbers
π = 3.1415926535897932384626433832795028841971693 . . .
presented (for example) as streams of data.I Using this idea (but a different representation!), real number
arithmetic can be implemented so that the result isguaranteed correct to within any desired accuracy.
I The above is just one example of computing with infinitedata. The idea extends also to other types of datacorresponding to elements of other mathematical spaces.
I Infinite data carries a natural topology and all computableoperations are continuous.
I This leads to a fruitful interaction between programminglanguage datatype constructions (function types, recursive andpolymorphic types, monadic types, . . . ) and correspondingtopological constructions.
Topological Models of Computation
[Alex Simpson, Matthias Schroder, Ingo Battenfeld]
I We can compute with infinite objects, e.g. real numbers
π = 3.1415926535897932384626433832795028841971693 . . .
presented (for example) as streams of data.I Using this idea (but a different representation!), real number
arithmetic can be implemented so that the result isguaranteed correct to within any desired accuracy.
I The above is just one example of computing with infinitedata. The idea extends also to other types of datacorresponding to elements of other mathematical spaces.
I Infinite data carries a natural topology and all computableoperations are continuous.
I This leads to a fruitful interaction between programminglanguage datatype constructions (function types, recursive andpolymorphic types, monadic types, . . . ) and correspondingtopological constructions.
Topological Models of Computation
[Alex Simpson, Matthias Schroder, Ingo Battenfeld]
I We can compute with infinite objects, e.g. real numbers
π = 3.1415926535897932384626433832795028841971693 . . .
presented (for example) as streams of data.I Using this idea (but a different representation!), real number
arithmetic can be implemented so that the result isguaranteed correct to within any desired accuracy.
I The above is just one example of computing with infinitedata. The idea extends also to other types of datacorresponding to elements of other mathematical spaces.
I Infinite data carries a natural topology and all computableoperations are continuous.
I This leads to a fruitful interaction between programminglanguage datatype constructions (function types, recursive andpolymorphic types, monadic types, . . . ) and correspondingtopological constructions.
I Contribution: establishing the notion of quotient ofcountably-based (qcb) space, encompassing exactly thetopological spaces that are of computational interest.
I Contribution: finding unexpected interactions betweentopology and computation. In computation on real numbers,the datatype:
((R → R)→ R)→ R
includes examples of functional integration. It is not known ifthe two competing approaches to exact real-numbercomputation have the same notion of computability at theabove type. But this can be reduced to a question in puremathematical topology:
Open Question
Is the topology on the space of continuous functionals(N → N)→ N zero-dimensional?
I Contribution: establishing the notion of quotient ofcountably-based (qcb) space, encompassing exactly thetopological spaces that are of computational interest.
I Contribution: finding unexpected interactions betweentopology and computation. In computation on real numbers,the datatype:
((R → R)→ R)→ R
includes examples of functional integration. It is not known ifthe two competing approaches to exact real-numbercomputation have the same notion of computability at theabove type. But this can be reduced to a question in puremathematical topology:
Open Question
Is the topology on the space of continuous functionals(N → N)→ N zero-dimensional?
I Contribution: establishing the notion of quotient ofcountably-based (qcb) space, encompassing exactly thetopological spaces that are of computational interest.
I Contribution: finding unexpected interactions betweentopology and computation. In computation on real numbers,the datatype:
((R → R)→ R)→ R
includes examples of functional integration. It is not known ifthe two competing approaches to exact real-numbercomputation have the same notion of computability at theabove type. But this can be reduced to a question in puremathematical topology:
Open Question
Is the topology on the space of continuous functionals(N → N)→ N zero-dimensional?
Games Semantics for Object-Oriented Languages
[John Longley, Nicholas Wolverson]
I Idea: model “externally observable” behaviour of an object bya strategy specifying its interaction with the environment.
Object adder = new Object ( ) {p r i v a t e i n t t o t a l = 0 ;pub l i c i n t add ( i n t i ) {t o t a l += i ; re tu rn t o t a l }
}
3 4 5
7 8 9
3 4 5
3 4 5 Opponent
Player
Opponent
Player
}}}}
...
... ......
...
... ...
I A strategy hides the internal representation (data abstraction).I Goals: use rich structure of game models to:
I obtain non-trivial reasoning principles for OO languagesI inspire design of new languages, which are mathematically
cleaner and perhaps more powerful than existing ones.
I A game semantics is also naturally executable — we caninteractively play games against a given strategy: so we get aprototype animation of our languages “for free”.
Games Semantics for Object-Oriented Languages
[John Longley, Nicholas Wolverson]
I Idea: model “externally observable” behaviour of an object bya strategy specifying its interaction with the environment.
Object adder = new Object ( ) {p r i v a t e i n t t o t a l = 0 ;pub l i c i n t add ( i n t i ) {t o t a l += i ; re tu rn t o t a l }
}
3 4 5
7 8 9
3 4 5
3 4 5 Opponent
Player
Opponent
Player
}}}}
...
... ......
...
... ...
I A strategy hides the internal representation (data abstraction).I Goals: use rich structure of game models to:
I obtain non-trivial reasoning principles for OO languagesI inspire design of new languages, which are mathematically
cleaner and perhaps more powerful than existing ones.
I A game semantics is also naturally executable — we caninteractively play games against a given strategy: so we get aprototype animation of our languages “for free”.
Games Semantics for Object-Oriented Languages
[John Longley, Nicholas Wolverson]
I Idea: model “externally observable” behaviour of an object bya strategy specifying its interaction with the environment.
Object adder = new Object ( ) {p r i v a t e i n t t o t a l = 0 ;pub l i c i n t add ( i n t i ) {t o t a l += i ; re tu rn t o t a l }
}
3 4 5
7 8 9
3 4 5
3 4 5 Opponent
Player
Opponent
Player
}}}}
...
... ......
...
... ...
I A strategy hides the internal representation (data abstraction).I Goals: use rich structure of game models to:
I obtain non-trivial reasoning principles for OO languagesI inspire design of new languages, which are mathematically
cleaner and perhaps more powerful than existing ones.
I A game semantics is also naturally executable — we caninteractively play games against a given strategy: so we get aprototype animation of our languages “for free”.
Games Semantics for Object-Oriented Languages
[John Longley, Nicholas Wolverson]
I Idea: model “externally observable” behaviour of an object bya strategy specifying its interaction with the environment.
Object adder = new Object ( ) {p r i v a t e i n t t o t a l = 0 ;pub l i c i n t add ( i n t i ) {t o t a l += i ; re tu rn t o t a l }
}
3 4 5
7 8 9
3 4 5
3 4 5 Opponent
Player
Opponent
Player
}}}}
...
... ......
...
... ...
I A strategy hides the internal representation (data abstraction).
I Goals: use rich structure of game models to:
I obtain non-trivial reasoning principles for OO languagesI inspire design of new languages, which are mathematically
cleaner and perhaps more powerful than existing ones.
I A game semantics is also naturally executable — we caninteractively play games against a given strategy: so we get aprototype animation of our languages “for free”.
Games Semantics for Object-Oriented Languages
[John Longley, Nicholas Wolverson]
I Idea: model “externally observable” behaviour of an object bya strategy specifying its interaction with the environment.
Object adder = new Object ( ) {p r i v a t e i n t t o t a l = 0 ;pub l i c i n t add ( i n t i ) {t o t a l += i ; re tu rn t o t a l }
}
3 4 5
7 8 9
3 4 5
3 4 5 Opponent
Player
Opponent
Player
}}}}
...
... ......
...
... ...
I A strategy hides the internal representation (data abstraction).I Goals: use rich structure of game models to:
I obtain non-trivial reasoning principles for OO languagesI inspire design of new languages, which are mathematically
cleaner and perhaps more powerful than existing ones.
I A game semantics is also naturally executable — we caninteractively play games against a given strategy: so we get aprototype animation of our languages “for free”.
Games Semantics for Object-Oriented Languages
[John Longley, Nicholas Wolverson]
I Idea: model “externally observable” behaviour of an object bya strategy specifying its interaction with the environment.
Object adder = new Object ( ) {p r i v a t e i n t t o t a l = 0 ;pub l i c i n t add ( i n t i ) {t o t a l += i ; re tu rn t o t a l }
}
3 4 5
7 8 9
3 4 5
3 4 5 Opponent
Player
Opponent
Player
}}}}
...
... ......
...
... ...
I A strategy hides the internal representation (data abstraction).I Goals: use rich structure of game models to:
I obtain non-trivial reasoning principles for OO languages
I inspire design of new languages, which are mathematicallycleaner and perhaps more powerful than existing ones.
I A game semantics is also naturally executable — we caninteractively play games against a given strategy: so we get aprototype animation of our languages “for free”.
Games Semantics for Object-Oriented Languages
[John Longley, Nicholas Wolverson]
I Idea: model “externally observable” behaviour of an object bya strategy specifying its interaction with the environment.
Object adder = new Object ( ) {p r i v a t e i n t t o t a l = 0 ;pub l i c i n t add ( i n t i ) {t o t a l += i ; re tu rn t o t a l }
}
3 4 5
7 8 9
3 4 5
3 4 5 Opponent
Player
Opponent
Player
}}}}
...
... ......
...
... ...
I A strategy hides the internal representation (data abstraction).I Goals: use rich structure of game models to:
I obtain non-trivial reasoning principles for OO languagesI inspire design of new languages, which are mathematically
cleaner and perhaps more powerful than existing ones.
I A game semantics is also naturally executable — we caninteractively play games against a given strategy: so we get aprototype animation of our languages “for free”.
Games Semantics for Object-Oriented Languages
[John Longley, Nicholas Wolverson]
I Idea: model “externally observable” behaviour of an object bya strategy specifying its interaction with the environment.
Object adder = new Object ( ) {p r i v a t e i n t t o t a l = 0 ;pub l i c i n t add ( i n t i ) {t o t a l += i ; re tu rn t o t a l }
}
3 4 5
7 8 9
3 4 5
3 4 5 Opponent
Player
Opponent
Player
}}}}
...
... ......
...
... ...
I A strategy hides the internal representation (data abstraction).I Goals: use rich structure of game models to:
I obtain non-trivial reasoning principles for OO languagesI inspire design of new languages, which are mathematically
cleaner and perhaps more powerful than existing ones.
I A game semantics is also naturally executable — we caninteractively play games against a given strategy: so we get aprototype animation of our languages “for free”.
Logic and Semantics: other work
I Semantics of computational effects[Gordon Plotkin, John Power]
I Mathematical structural operational semantics[Gordon Plotkin, Bartek Klin]
I Reasoning with inductive definitions[Alex Simpson, James Brotherston]
Logic and Semantics: other work
I Semantics of computational effects[Gordon Plotkin, John Power]
I Mathematical structural operational semantics[Gordon Plotkin, Bartek Klin]
I Reasoning with inductive definitions[Alex Simpson, James Brotherston]
Logic and Semantics: other work
I Semantics of computational effects[Gordon Plotkin, John Power]
I Mathematical structural operational semantics[Gordon Plotkin, Bartek Klin]
I Reasoning with inductive definitions[Alex Simpson, James Brotherston]
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
An algorithmic task: sampling matchings
[Mark Jerrum]
A graph is an collection of vertices connected by edges.
A matching is a set of edges (in red) that don’t collide.
Problem
Efficiently sample a matching in the graph; all matchings are to beequally likely.
An algorithmic task: sampling matchings
[Mark Jerrum]
A graph is an collection of vertices connected by edges.
A matching is a set of edges (in red) that don’t collide.
Problem
Efficiently sample a matching in the graph; all matchings are to beequally likely.
Monte Carlo (Dart throwing)
All subsets of E
Matchings
Throw darts into a “nice” set (e.g., all subsets of edges) and seehow often you hit a matching.
Observation
Correct, but very inefficient.
Monte Carlo (Dart throwing)
All subsets of E
Matchings
Throw darts into a “nice” set (e.g., all subsets of edges) and seehow often you hit a matching.
Observation
Correct, but very inefficient.
Markov chain Monte Carlo
Simulate a random walk on matchings, starting from an arbitrarymatching. After sufficiently many steps, stop and return thecurrent matching.
Question
How many is “sufficiently many”?
Markov chain Monte Carlo
Simulate a random walk on matchings, starting from an arbitrarymatching. After sufficiently many steps, stop and return thecurrent matching.
Question
How many is “sufficiently many”?
Algorithms and Complexity Group
This is the sort of thorny interdisciplinary question that keeps usoff the streets.The members are:
I Paidı Creed (research student)
I Mary Cryan
I Mark Jerrum
I Kyriakos Kalorkoti
I James Matthews (research student)
Keywords
Combinatorics, Computer algebra, Computational complexity,Probability theory, Statistical physics.
Algorithms and Complexity Group
This is the sort of thorny interdisciplinary question that keeps usoff the streets.The members are:
I Paidı Creed (research student)
I Mary Cryan
I Mark Jerrum
I Kyriakos Kalorkoti
I James Matthews (research student)
Keywords
Combinatorics, Computer algebra, Computational complexity,Probability theory, Statistical physics.
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
Formal verification of digital hardware systems
[Paul Jackson, Daniel Sheridan]
I Focus on improving bounded model checking (BMC).BMC checks linear-temporal-logic (LTL) properties of infinitesequences of system states. Uses rapidly evolving SAT solvers.
I Formal verification is gaining acceptance with commercialBMC tools. LTL extensions are key in new simulation-basedverification methodologies. Research goals are:
I Performance. SAT encodings with faster solution times.I Rigour. Using denotational semantics approach to present
fixpoint-based encodings.
I Results so far:
I Sheridan’s PhD thesis presents encoding that is more compactthan best in public domain and has at least equal performance.
I Semantics approach enables unifying presentation of severalexisting encodings and highlights errors in published papers.
I Related interests: Verifying software using SAT solversextended to handle decidable theories, e.g. linear arithmeticand arrays.
Formal verification of digital hardware systems
[Paul Jackson, Daniel Sheridan]
I Focus on improving bounded model checking (BMC).BMC checks linear-temporal-logic (LTL) properties of infinitesequences of system states. Uses rapidly evolving SAT solvers.
I Formal verification is gaining acceptance with commercialBMC tools. LTL extensions are key in new simulation-basedverification methodologies. Research goals are:
I Performance. SAT encodings with faster solution times.I Rigour. Using denotational semantics approach to present
fixpoint-based encodings.I Results so far:
I Sheridan’s PhD thesis presents encoding that is more compactthan best in public domain and has at least equal performance.
I Semantics approach enables unifying presentation of severalexisting encodings and highlights errors in published papers.
I Related interests: Verifying software using SAT solversextended to handle decidable theories, e.g. linear arithmeticand arrays.
Formal verification of digital hardware systems
[Paul Jackson, Daniel Sheridan]
I Focus on improving bounded model checking (BMC).BMC checks linear-temporal-logic (LTL) properties of infinitesequences of system states. Uses rapidly evolving SAT solvers.
I Formal verification is gaining acceptance with commercialBMC tools. LTL extensions are key in new simulation-basedverification methodologies. Research goals are:
I Performance. SAT encodings with faster solution times.
I Rigour. Using denotational semantics approach to presentfixpoint-based encodings.
I Results so far:
I Sheridan’s PhD thesis presents encoding that is more compactthan best in public domain and has at least equal performance.
I Semantics approach enables unifying presentation of severalexisting encodings and highlights errors in published papers.
I Related interests: Verifying software using SAT solversextended to handle decidable theories, e.g. linear arithmeticand arrays.
Formal verification of digital hardware systems
[Paul Jackson, Daniel Sheridan]
I Focus on improving bounded model checking (BMC).BMC checks linear-temporal-logic (LTL) properties of infinitesequences of system states. Uses rapidly evolving SAT solvers.
I Formal verification is gaining acceptance with commercialBMC tools. LTL extensions are key in new simulation-basedverification methodologies. Research goals are:
I Performance. SAT encodings with faster solution times.I Rigour. Using denotational semantics approach to present
fixpoint-based encodings.
I Results so far:
I Sheridan’s PhD thesis presents encoding that is more compactthan best in public domain and has at least equal performance.
I Semantics approach enables unifying presentation of severalexisting encodings and highlights errors in published papers.
I Related interests: Verifying software using SAT solversextended to handle decidable theories, e.g. linear arithmeticand arrays.
Formal verification of digital hardware systems
[Paul Jackson, Daniel Sheridan]
I Focus on improving bounded model checking (BMC).BMC checks linear-temporal-logic (LTL) properties of infinitesequences of system states. Uses rapidly evolving SAT solvers.
I Formal verification is gaining acceptance with commercialBMC tools. LTL extensions are key in new simulation-basedverification methodologies. Research goals are:
I Performance. SAT encodings with faster solution times.I Rigour. Using denotational semantics approach to present
fixpoint-based encodings.I Results so far:
I Sheridan’s PhD thesis presents encoding that is more compactthan best in public domain and has at least equal performance.
I Semantics approach enables unifying presentation of severalexisting encodings and highlights errors in published papers.
I Related interests: Verifying software using SAT solversextended to handle decidable theories, e.g. linear arithmeticand arrays.
Formal verification of digital hardware systems
[Paul Jackson, Daniel Sheridan]
I Focus on improving bounded model checking (BMC).BMC checks linear-temporal-logic (LTL) properties of infinitesequences of system states. Uses rapidly evolving SAT solvers.
I Formal verification is gaining acceptance with commercialBMC tools. LTL extensions are key in new simulation-basedverification methodologies. Research goals are:
I Performance. SAT encodings with faster solution times.I Rigour. Using denotational semantics approach to present
fixpoint-based encodings.I Results so far:
I Sheridan’s PhD thesis presents encoding that is more compactthan best in public domain and has at least equal performance.
I Semantics approach enables unifying presentation of severalexisting encodings and highlights errors in published papers.
I Related interests: Verifying software using SAT solversextended to handle decidable theories, e.g. linear arithmeticand arrays.
Formal verification of digital hardware systems
[Paul Jackson, Daniel Sheridan]
I Focus on improving bounded model checking (BMC).BMC checks linear-temporal-logic (LTL) properties of infinitesequences of system states. Uses rapidly evolving SAT solvers.
I Formal verification is gaining acceptance with commercialBMC tools. LTL extensions are key in new simulation-basedverification methodologies. Research goals are:
I Performance. SAT encodings with faster solution times.I Rigour. Using denotational semantics approach to present
fixpoint-based encodings.I Results so far:
I Sheridan’s PhD thesis presents encoding that is more compactthan best in public domain and has at least equal performance.
I Semantics approach enables unifying presentation of severalexisting encodings and highlights errors in published papers.
I Related interests: Verifying software using SAT solversextended to handle decidable theories, e.g. linear arithmeticand arrays.
Formal verification of digital hardware systems
[Paul Jackson, Daniel Sheridan]
I Focus on improving bounded model checking (BMC).BMC checks linear-temporal-logic (LTL) properties of infinitesequences of system states. Uses rapidly evolving SAT solvers.
I Formal verification is gaining acceptance with commercialBMC tools. LTL extensions are key in new simulation-basedverification methodologies. Research goals are:
I Performance. SAT encodings with faster solution times.I Rigour. Using denotational semantics approach to present
fixpoint-based encodings.I Results so far:
I Sheridan’s PhD thesis presents encoding that is more compactthan best in public domain and has at least equal performance.
I Semantics approach enables unifying presentation of severalexisting encodings and highlights errors in published papers.
I Related interests: Verifying software using SAT solversextended to handle decidable theories, e.g. linear arithmeticand arrays.
Concurrency and model checking: some other work
I Modal Logic with Fixpoints[Stirling, Bradfield]
I exact complexity of model checking (in NP ∩ co-NP)I independence-friendly modal logic with fixpoints
I Decision procedures for infinite-state systems[Stirling, Etessami]
I Decidability of bisimulation equiv over classes of infinite graphsI Algorithmic analysis of infinite-state probabilistic systems
I The GAMES network[Bradfield, Etessami, Stirling, Stevens, Jan Obdrzalek]
Foundations for specification and validation methodologiesthat are based on games and automata.
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
Links: Web programming without tiers
[Philip Wadler, Samuel Lindley, Ezra Cooper, Jeremy Yallop]
Today
BrowserJavaScript
?
XMLHttpRequest6callback
ServerPHP
6query string
?result set
DatabaseSQL
Tomorrow
BrowserLinks
?call
6return
ServerLinks
6call
?
return
DatabaseLinks
Links: Web programming without tiers
[Philip Wadler, Samuel Lindley, Ezra Cooper, Jeremy Yallop]
Today
BrowserJavaScript
?
XMLHttpRequest6callback
ServerPHP
6query string
?result set
DatabaseSQL
Tomorrow
BrowserLinks
?call
6return
ServerLinks
6call
?
return
DatabaseLinks
Links builds on successes of functional programming
I Databases Kleisli, LINQCompile Links into SQL, XQuery
I XML Xduce, XQueryXML support with regular expression types
I Continuations PLT Scheme, Yahoo storesContinuations for web dialogue
I Distribution Erlang, JoCamlReliablity as in Erlang/OTP
I Javascript AJAXCompile Links into Javascript
Links builds on successes of functional programming
I Databases Kleisli, LINQCompile Links into SQL, XQuery
I XML Xduce, XQueryXML support with regular expression types
I Continuations PLT Scheme, Yahoo storesContinuations for web dialogue
I Distribution Erlang, JoCamlReliablity as in Erlang/OTP
I Javascript AJAXCompile Links into Javascript
Links builds on successes of functional programming
I Databases Kleisli, LINQCompile Links into SQL, XQuery
I XML Xduce, XQueryXML support with regular expression types
I Continuations PLT Scheme, Yahoo storesContinuations for web dialogue
I Distribution Erlang, JoCamlReliablity as in Erlang/OTP
I Javascript AJAXCompile Links into Javascript
Links builds on successes of functional programming
I Databases Kleisli, LINQCompile Links into SQL, XQuery
I XML Xduce, XQueryXML support with regular expression types
I Continuations PLT Scheme, Yahoo storesContinuations for web dialogue
I Distribution Erlang, JoCamlReliablity as in Erlang/OTP
I Javascript AJAXCompile Links into Javascript
Links builds on successes of functional programming
I Databases Kleisli, LINQCompile Links into SQL, XQuery
I XML Xduce, XQueryXML support with regular expression types
I Continuations PLT Scheme, Yahoo storesContinuations for web dialogue
I Distribution Erlang, JoCamlReliablity as in Erlang/OTP
I Javascript AJAXCompile Links into Javascript
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
Why code signing isn’t enough
I Current model for mobile/downloaded code: trust accordingto cryptographic entity/origin authentication. I trust updatesto IE only if signed by Microsoft.
I Better than trusting unauthenticated code. But fallible:
1. Microsoft’s signing scheme may be compromised.This actually happened, by a infamous social engineeringattack on Verisign in 2001.
2. More seriously, code may be insecure anyway, if vendor fails toprogram well, or virus/corruption occurs before signing.Sony “rootkit” in 2005, Visual Studio .NET DVDsshrinkwrapped complete with Nimda virus in Korea, 2002.
I Problem: we delegate trust rather than examining codeourselves. Ideally we would examine code to prove that it issecure for us. But is this really feasible?
Why code signing isn’t enough
I Current model for mobile/downloaded code: trust accordingto cryptographic entity/origin authentication. I trust updatesto IE only if signed by Microsoft.
I Better than trusting unauthenticated code. But fallible:
1. Microsoft’s signing scheme may be compromised.
This actually happened, by a infamous social engineeringattack on Verisign in 2001.
2. More seriously, code may be insecure anyway, if vendor fails toprogram well, or virus/corruption occurs before signing.Sony “rootkit” in 2005, Visual Studio .NET DVDsshrinkwrapped complete with Nimda virus in Korea, 2002.
I Problem: we delegate trust rather than examining codeourselves. Ideally we would examine code to prove that it issecure for us. But is this really feasible?
Why code signing isn’t enough
I Current model for mobile/downloaded code: trust accordingto cryptographic entity/origin authentication. I trust updatesto IE only if signed by Microsoft.
I Better than trusting unauthenticated code. But fallible:
1. Microsoft’s signing scheme may be compromised.This actually happened, by a infamous social engineeringattack on Verisign in 2001.
2. More seriously, code may be insecure anyway, if vendor fails toprogram well, or virus/corruption occurs before signing.Sony “rootkit” in 2005, Visual Studio .NET DVDsshrinkwrapped complete with Nimda virus in Korea, 2002.
I Problem: we delegate trust rather than examining codeourselves. Ideally we would examine code to prove that it issecure for us. But is this really feasible?
Why code signing isn’t enough
I Current model for mobile/downloaded code: trust accordingto cryptographic entity/origin authentication. I trust updatesto IE only if signed by Microsoft.
I Better than trusting unauthenticated code. But fallible:
1. Microsoft’s signing scheme may be compromised.This actually happened, by a infamous social engineeringattack on Verisign in 2001.
2. More seriously, code may be insecure anyway, if vendor fails toprogram well, or virus/corruption occurs before signing.
Sony “rootkit” in 2005, Visual Studio .NET DVDsshrinkwrapped complete with Nimda virus in Korea, 2002.
I Problem: we delegate trust rather than examining codeourselves. Ideally we would examine code to prove that it issecure for us. But is this really feasible?
Why code signing isn’t enough
I Current model for mobile/downloaded code: trust accordingto cryptographic entity/origin authentication. I trust updatesto IE only if signed by Microsoft.
I Better than trusting unauthenticated code. But fallible:
1. Microsoft’s signing scheme may be compromised.This actually happened, by a infamous social engineeringattack on Verisign in 2001.
2. More seriously, code may be insecure anyway, if vendor fails toprogram well, or virus/corruption occurs before signing.Sony “rootkit” in 2005, Visual Studio .NET DVDsshrinkwrapped complete with Nimda virus in Korea, 2002.
I Problem: we delegate trust rather than examining codeourselves. Ideally we would examine code to prove that it issecure for us. But is this really feasible?
Why code signing isn’t enough
I Current model for mobile/downloaded code: trust accordingto cryptographic entity/origin authentication. I trust updatesto IE only if signed by Microsoft.
I Better than trusting unauthenticated code. But fallible:
1. Microsoft’s signing scheme may be compromised.This actually happened, by a infamous social engineeringattack on Verisign in 2001.
2. More seriously, code may be insecure anyway, if vendor fails toprogram well, or virus/corruption occurs before signing.Sony “rootkit” in 2005, Visual Studio .NET DVDsshrinkwrapped complete with Nimda virus in Korea, 2002.
I Problem: we delegate trust rather than examining codeourselves. Ideally we would examine code to prove that it issecure for us. But is this really feasible?
Proof-carrying code (PCC)
I The idea: equip a program with evidence that it satisfies asecurity policy. The evidence may be hard to produce, butshould be easy to check.
CertifyingCompiler
Source Code Program
SecurityManager
Published Security Policy
VirtualMachine
Is certificate valid for program and policy?
Run Error
Proof Certificate
Object Code
I The PCC notion and security viewpoint is due to Necula butthe underlying idea and techniques owe much to LFCS workof 80s/90s.
Proof-carrying code (PCC)
I The idea: equip a program with evidence that it satisfies asecurity policy. The evidence may be hard to produce, butshould be easy to check.
CertifyingCompiler
Source Code Program
SecurityManager
Published Security Policy
VirtualMachine
Is certificate valid for program and policy?
Run Error
Proof Certificate
Object Code
I The PCC notion and security viewpoint is due to Necula butthe underlying idea and techniques owe much to LFCS workof 80s/90s.
Proof-carrying code (PCC)
I The idea: equip a program with evidence that it satisfies asecurity policy. The evidence may be hard to produce, butshould be easy to check.
CertifyingCompiler
Source Code Program
SecurityManager
Published Security Policy
VirtualMachine
Is certificate valid for program and policy?
Run Error
Proof Certificate
Object Code
I The PCC notion and security viewpoint is due to Necula butthe underlying idea and techniques owe much to LFCS workof 80s/90s.
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .
I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:
I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing base
I Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:
I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security properties
I Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:
I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security properties
I Tradeoff: size of evidence vs time to checkI Our approach:
I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:
I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:
I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:I Use type systems and static analysis to construct proofs;
I Proofs are in a low-level program logic which is has a formalcorrectness proof w.r.t. a machine model;
I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;
I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Implementing Proof-Carrying Code
I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check
I Our approach:I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal
correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.
I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).
I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:
I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)
I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)
I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.
I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.
I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.
I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.
I Plans: a generic tactic language with hiproof semantics andcorrect refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering Electronic Proof
[David Aspinall, Hua Yang]
I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.
I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:
I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and
correct refactoring transformations; mechanisms for managingand manipulating views of proofs.
Engineering: other topics
I Theoretical underpinnings of software design tools[Perdita Stevens]
I Application of formal games to the development of UMLmodels
I Bidirectional transformations (Harmony, Pierce) applied tomodel driven development
I Software Engineering for Service-Oriented Overlay Computers[Stephen Gilmore, Perdita Stevens]
I Use process algebras to analyse service architectures (e.g. webservices).
Engineering: other topics
I Theoretical underpinnings of software design tools[Perdita Stevens]
I Application of formal games to the development of UMLmodels
I Bidirectional transformations (Harmony, Pierce) applied tomodel driven development
I Software Engineering for Service-Oriented Overlay Computers[Stephen Gilmore, Perdita Stevens]
I Use process algebras to analyse service architectures (e.g. webservices).
Engineering: other topics
I Theoretical underpinnings of software design tools[Perdita Stevens]
I Application of formal games to the development of UMLmodels
I Bidirectional transformations (Harmony, Pierce) applied tomodel driven development
I Software Engineering for Service-Oriented Overlay Computers[Stephen Gilmore, Perdita Stevens]
I Use process algebras to analyse service architectures (e.g. webservices).
Engineering: other topics
I Theoretical underpinnings of software design tools[Perdita Stevens]
I Application of formal games to the development of UMLmodels
I Bidirectional transformations (Harmony, Pierce) applied tomodel driven development
I Software Engineering for Service-Oriented Overlay Computers[Stephen Gilmore, Perdita Stevens]
I Use process algebras to analyse service architectures (e.g. webservices).
Engineering: other topics
I Theoretical underpinnings of software design tools[Perdita Stevens]
I Application of formal games to the development of UMLmodels
I Bidirectional transformations (Harmony, Pierce) applied tomodel driven development
I Software Engineering for Service-Oriented Overlay Computers[Stephen Gilmore, Perdita Stevens]
I Use process algebras to analyse service architectures (e.g. webservices).
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
Performance Evaluation Process Algebra (PEPA)Background on the PEPA project
I The PEPA project started in Edinburgh in 1991.
I It was motivated by problems encountered when carrying outperformance analysis of large computer and communicationsystems, based on numerical analysis of Markov processes.
I Process algebras offered a compositional description techniquesupported by apparatus for formal reasoning.
I Performance Evaluation Process Algebra (PEPA) sought toaddress these problems by the introduction of a suitableprocess algebra.
I We have sought to investigate and exploit the interplaybetween the process algebra and the continuous time Markovchain (CTMC).
Performance Evaluation Process Algebra (PEPA)Background on the PEPA project
I The PEPA project started in Edinburgh in 1991.
I It was motivated by problems encountered when carrying outperformance analysis of large computer and communicationsystems, based on numerical analysis of Markov processes.
I Process algebras offered a compositional description techniquesupported by apparatus for formal reasoning.
I Performance Evaluation Process Algebra (PEPA) sought toaddress these problems by the introduction of a suitableprocess algebra.
I We have sought to investigate and exploit the interplaybetween the process algebra and the continuous time Markovchain (CTMC).
Performance Evaluation Process Algebra (PEPA)Background on the PEPA project
I The PEPA project started in Edinburgh in 1991.
I It was motivated by problems encountered when carrying outperformance analysis of large computer and communicationsystems, based on numerical analysis of Markov processes.
I Process algebras offered a compositional description techniquesupported by apparatus for formal reasoning.
I Performance Evaluation Process Algebra (PEPA) sought toaddress these problems by the introduction of a suitableprocess algebra.
I We have sought to investigate and exploit the interplaybetween the process algebra and the continuous time Markovchain (CTMC).
Performance Evaluation Process Algebra (PEPA)Background on the PEPA project
I The PEPA project started in Edinburgh in 1991.
I It was motivated by problems encountered when carrying outperformance analysis of large computer and communicationsystems, based on numerical analysis of Markov processes.
I Process algebras offered a compositional description techniquesupported by apparatus for formal reasoning.
I Performance Evaluation Process Algebra (PEPA) sought toaddress these problems by the introduction of a suitableprocess algebra.
I We have sought to investigate and exploit the interplaybetween the process algebra and the continuous time Markovchain (CTMC).
Performance Evaluation Process Algebra (PEPA)Background on the PEPA project
I The PEPA project started in Edinburgh in 1991.
I It was motivated by problems encountered when carrying outperformance analysis of large computer and communicationsystems, based on numerical analysis of Markov processes.
I Process algebras offered a compositional description techniquesupported by apparatus for formal reasoning.
I Performance Evaluation Process Algebra (PEPA) sought toaddress these problems by the introduction of a suitableprocess algebra.
I We have sought to investigate and exploit the interplaybetween the process algebra and the continuous time Markovchain (CTMC).
PEPA Workbench(Gilmore, Clark, Hunter, Haenel, Benoit, Birse, Tribastone, Li, . . . ; LFCS)
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
I The PEPA Workbench has been used to make schedulingdecisions for structured parallel programs running oncomputational grids.
I Objective is to predict the best mapping of processes toprocessors (leading to the shortest run-time).
I Processor usage is measured so analysis must be efficient inorder to compute the mapping while the measurement data isstill relevant.
I Prediction is for a real program (C and MPI) running on realhardware (Beowulf cluster).
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
I The PEPA Workbench has been used to make schedulingdecisions for structured parallel programs running oncomputational grids.
I Objective is to predict the best mapping of processes toprocessors (leading to the shortest run-time).
I Processor usage is measured so analysis must be efficient inorder to compute the mapping while the measurement data isstill relevant.
I Prediction is for a real program (C and MPI) running on realhardware (Beowulf cluster).
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
I The PEPA Workbench has been used to make schedulingdecisions for structured parallel programs running oncomputational grids.
I Objective is to predict the best mapping of processes toprocessors (leading to the shortest run-time).
I Processor usage is measured so analysis must be efficient inorder to compute the mapping while the measurement data isstill relevant.
I Prediction is for a real program (C and MPI) running on realhardware (Beowulf cluster).
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
I The PEPA Workbench has been used to make schedulingdecisions for structured parallel programs running oncomputational grids.
I Objective is to predict the best mapping of processes toprocessors (leading to the shortest run-time).
I Processor usage is measured so analysis must be efficient inorder to compute the mapping while the measurement data isstill relevant.
I Prediction is for a real program (C and MPI) running on realhardware (Beowulf cluster).
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)
A simple example: processors and resourcesBattling the state-space explosion problem to analyse scalability
Proc0def= (task1,>).Proc1
Proc1def= (task2, r2).Proc0
Res0def= (task1, r1).Res1
Res1def= (reset, s).Res0
Proc0[P] BC{task1}
Res0[R]
A simple example: processors and resourcesBattling the state-space explosion problem to analyse scalability
Proc0def= (task1,>).Proc1
Proc1def= (task2, r2).Proc0
Res0def= (task1, r1).Res1
Res1def= (reset, s).Res0
Proc0[P] BC{task1}
Res0[R]
Markovian interpretationProcessors (P) Resources (R) States (2P+R )1 1 42 1 82 2 163 2 323 3 644 3 1284 4 2565 4 5125 5 10246 5 20486 6 40967 6 81927 7 163848 7 327688 8 655369 8 1310729 9 26214410 9 52428810 10 1048576
A simple example: processors and resourcesBattling the state-space explosion problem to analyse scalability
Proc0def= (task1,>).Proc1
Proc1def= (task2, r2).Proc0
Res0def= (task1, r1).Res1
Res1def= (reset, s).Res0
Proc0[P] BC{task1}
Res0[R]
ODE interpretationdProc0
dt = −r1 min(Proc0,Res0)
+r2 Proc1dProc1
dt = r1 min(Proc0,Res0)
−r2 Proc1dRes0
dt = −r1 min(Proc0,Res0)
+s Res1dRes1
dt = r1 min(Proc0,Res0)
−s Res1
Internet worm infection model (N = 250 network channels)(Hillston, Gilmore, LFCS; Bradley, Imperial College)
0
200
400
600
800
1000
0 5 10 15 20 25 30 35 40
Num
ber
Time, t
Worm infection dynamics for N=250
Infected machinesNetwork connections
Susceptible machines
Internet worm infection model (N = 200 network channels)(Hillston, Gilmore, LFCS; Bradley, Imperial College)
0
200
400
600
800
1000
0 10 20 30 40 50
Num
ber
Time, t
Worm infection dynamics for N=200
Infected machinesNetwork connections
Susceptible machines
Internet worm infection model (N = 50 network channels)(Hillston, Gilmore, LFCS; Bradley, Imperial College)
0
200
400
600
800
1000
0 10 20 30 40 50
Num
ber
Time, t
Worm infection dynamics for N=50
Infected machinesNetwork connections
Susceptible machines
Internet worm infection model (N = 20 network channels)(Hillston, Gilmore, LFCS; Bradley, Imperial College)
0
200
400
600
800
1000
0 10 20 30 40 50
Num
ber
Time, t
Worm infection dynamics for N=20
Infected machinesNetwork connections
Susceptible machines
Choreographer Design Platform(Valentin Haenel and Adam Duguid; Edinburgh)
Application of Choreographer in Systems Biology(Calder, Duguid, Gilmore and Hillston; SIGNAL project)
0
2000
4000
6000
8000
10000
12000
14000
16000
18000
0 2 4 6 8 10
Mol
ecul
es p
er C
ell
Time (min)
Ras-GTP
Original Schoeberl et al. Matlab modelPEPA derived Tau-leap simulation
Schoeberl et al. model - smaller steps
Performance Evaluation Process Algebra (PEPA)Membership of the PEPA group: staff, researchers, students and collaborators
At Edinburgh
I Adam Duguid
I Nil Geisweiller
I Stephen Gilmore
I Jane Hillston
I Marco Stenico
I Michael Smith
I Mirco Tribastone
Outside Edinburgh
I Ashok Argent-Katwala
I Jeremy Bradley
I Muffy Calder
I Peter Harrison
I Leıla Kloul
I Marina Ribaudo
I Nigel Thomas
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
Databases and Digital Curation
I LFCS database research supports the Digital Curation Centre
I What is digitital curation?Most scientific, scholarly and reference information nowresides in databases.
I Digital curation is about the maintenance, publishing andpreservation of these databases.
I Curated databases are:
I increasing in number ( > 800 in molecular biology alone)I expensive (> 100 biologists curating one major database)I now a standard vehicle for publication of data.I copied (they re-organise and annotate data in other databases)
Dissemination and preservation used to be done by libraries
A change for the better!
Dissemination and preservation used to be done by libraries
A change for the better!
Or is it?
Dissemination and preservation used to be done by libraries
I Storage:Redundant, Persistent,Distributed, Readable bypeople.
I Clear standards for citationI Historical recordI Well understood
ownership/IP
Dissemination and preservation used to be done by libraries
I Storage:Redundant, Persistent,Distributed, Readable bypeople.
I Clear standards for citationI Historical recordI Well understood
ownership/IP
I Storage: Single-source,Volatile, Centralised,Internal DBMS format.
I No standards for citation
I No historical record
I Mind-boggling legal issues
Some topics in Digital Curation
I Data publishing: how do you export data in an agreedformat?
I Data integration: how do you bring together data fromvarious sources?
I Archiving: how do you archive a database? (It keepschanging!)
I Provenance: how do you know where your data has comefrom?
I Annotation: how do you annotate a database?
I Citation: how do you cite data in a database?
I Efficiency: how do you do all of the above in a way thatscales?
And there are many more problems when we consider databases inspecific domains (biology, astronomy, geography, linguistics, . . . )
Data publishing, transformation and integration
I Schema-directed XML publishing: a single relational DB →XML, guaranteeing conformance to a predefined DTD
I Schema-directed XML integration: multiple distributedrelational DBs → XML, satisfying both DTD and constraints
I Composible XML integration: multiple distributedheterogeneous sources → XML, satisfying schema
I Incremental publishing: efficient propagation of updates fromsources to the target
I Information preserving XML integration: multiple XMLsources → XML target, automatically generated, guaranteeingtype safety and information preservation
I Working system: PRATA, supporting publishing andincremental maintenance. Similar approaches later adopted byMicrosoft SQL 2005, IBM DB2 XML Extender, Oracle XMLDB.
Schema-directed XML publishing
DB1 DB2
XML XML
DTD Web
Q: XML view
I Data exchange: members of a community/industry fix a DTDand then exchange data w.r.t. that DTD.
I Schema-directed XML publishing: Attribute TransformationGrammar (ATG)
I mapping relational data to XMLI conforming to the predefined DTD
Schema-directed integration
DB
DB
DB
Integration
XML View
DTD
Constraintsmultiple distributed sources
I Attribute Integration GrammarI Distributed, multiple source databases
I multi-source queriesI scheduling of query evaluation
I Schema-directed: XML view conforming to a schema (D,Σ)I D: a DTDI Σ: a set of XML integrity constraints (e.g., keys, foreign keys)
XML data management
I Integrity constraints: specification languages, reasoningsystems, static analysis
I XML query languages: structural properties, satisfiabilityanalysis
I Query processing: query translation from XML to SQL,optimization techniques
I XML security: access control, querying rewriting for securityviews
I Data dissemination: content-based XML dissemination,distributed Boolean query processing based on partialevaluation
I Advanced architectures: on-the-fly compression,multi-threaded asynchronous I/O, distributed storage andquerying; native storage models for XML.
I Working system: SMOQE for XML security
Secure XML querying
I Data in XML formatI Business information: confidentialI Health-care data: the Patient Privacy Act, . . .
I Access-controlI multiple groups simultaneously query the same XML databaseI each user group has a different access privilege (access policy)
I Enforcement:
inaccessible
accessibleXML Query Engine
User group 1
User group 1
A security model for XML
I Security administrator: specifies an access policy for eachgroup by annotating the document DTD with XPath qualifiers
I Derivation module: automatically derives a security-viewdefinition from a specification: view DTD and mapping viaXPath
I Query translation module: rewrite and optimize queries overviews to equivalent queries over the underlying document
specification 1
specification k
specification n
derivation module
Security view 1(view DTD, xpath())
Security view k(view DTD, xpath())
Security view n(view DTD, xpath())
rewriter
optimizer query translation module
XML document
query query query
XML Query evaluation
I Processing XML streams or in-memory representations is allfine, but at the end of the day you still have to go to disk inunpredictable ways and over multiple gigabytes of data
I So what is the most efficient way of natively storing andquerying XML?
I VectorisationI Separate document structure from dataI Instead of keeping the structure in main memory, serialise it in
a query-friendly wayI Provide fast access methods (indexes) on top of the serialised
structureI Build a query evaluation framework on top of the new
representation
Database Group at Edinburgh
I History: established in 2002, now probably the top databasegroup in Europe.
I Research: leading in the areas ofI scientific data archiving, publishing, preservation, . . .I data exchange, integration, information-preserving migration,
cleaningI XML data management: integrity constraints, query
processing, update management, securityI Web databases, . . .
I People: Peter Buneman, Wenfei Fan, Leonid Libkin,Stratis Viglas, James Cheney, Rajendra Bose, Gao Cong,Eirini Fountoulaki, Floris Geerts, Anastasios Kementsietsidis,Shuai Ma, Robert Hutchison, Savvas Makalias, JosephSpadavecchia, Vasileios Vasaitis.
Contents
Introduction
Logic and Semantics
Algorithms and Complexity
Concurrency and model checking
Languages
Mobility and Security
Engineering: software, hardware, proof
Performance Evaluation Process Algebra (PEPA)
Databases
Summary
Other LFCS Activities
I The LFCS Lab Lunch weekly on Tuesdays.Informal talks given over lunch, theoretical or not. You’rewelcome to join us on Tuesdays at 1pm in JCMB 2510.
I The Theory Postgraduate CourseAimed primarily at 1st-year LFCS PhDs, but open to all.Graduate level lecture courses in basic LFCS research areasand recent topics.13 courses offered in 2005/6.
I The LFCS Barbecue.Traditionally to celebrate the end of the TPG course,organised by >2nd year PhD students.
I Organising the annual Milner Lecture.please send 2007 nominations to me...
Other LFCS Activities
I The LFCS Lab Lunch weekly on Tuesdays.Informal talks given over lunch, theoretical or not. You’rewelcome to join us on Tuesdays at 1pm in JCMB 2510.
I The Theory Postgraduate CourseAimed primarily at 1st-year LFCS PhDs, but open to all.Graduate level lecture courses in basic LFCS research areasand recent topics.13 courses offered in 2005/6.
I The LFCS Barbecue.Traditionally to celebrate the end of the TPG course,organised by >2nd year PhD students.
I Organising the annual Milner Lecture.please send 2007 nominations to me...
Other LFCS Activities
I The LFCS Lab Lunch weekly on Tuesdays.Informal talks given over lunch, theoretical or not. You’rewelcome to join us on Tuesdays at 1pm in JCMB 2510.
I The Theory Postgraduate CourseAimed primarily at 1st-year LFCS PhDs, but open to all.Graduate level lecture courses in basic LFCS research areasand recent topics.13 courses offered in 2005/6.
I The LFCS Barbecue.Traditionally to celebrate the end of the TPG course,organised by >2nd year PhD students.
I Organising the annual Milner Lecture.please send 2007 nominations to me...
Other LFCS Activities
I The LFCS Lab Lunch weekly on Tuesdays.Informal talks given over lunch, theoretical or not. You’rewelcome to join us on Tuesdays at 1pm in JCMB 2510.
I The Theory Postgraduate CourseAimed primarily at 1st-year LFCS PhDs, but open to all.Graduate level lecture courses in basic LFCS research areasand recent topics.13 courses offered in 2005/6.
I The LFCS Barbecue.Traditionally to celebrate the end of the TPG course,organised by >2nd year PhD students.
I Organising the annual Milner Lecture.please send 2007 nominations to me...
Acknowledgement
Thanks to everyone in LFCS who helped me by providing slidesand explaining about their research for this talk.Apologies to those whose work I didn’t mention.