Ernie Cohen scite author profile

We describe a practical method for reasoning about realistic concurrent programs. Our method allows global two-state invariants that restrict update of shared state. We provide simple, sufficient conditions for checking those global invariants modularly. The method has been implemented in VCC 1 , an automatic, sound, modular verifier for concurrent C programs. VCC has been used to verify functional correctness of tens of thousands of lines of Microsoft's Hyper-V virtualization platform 2 and of SYSGO's embedded real-time operating system PikeOS.1 VCC is available in source for academic use at http://vcc.codeplex.com/ 2 The Hypervisor verification is part of the Verisoft XT project supported by BMBF under grant 01IS07008. 3 Objects mean collections of closely related data, e.g., regions of memory interpreted as structs in C.

show abstract

Reduction in TLA

Cohen¹,

Lamport

1998

View full text Add to dashboard Cite

TAPS: A First-Order Verifier for Cryptographic Protocols

Cohen¹

2000

View full text Add to dashboard Cite

A Precise Yet Efficient Memory Model For C

Cohen

Moskal

Tobies

et al. 2009

Electronic Notes in Theoretical Computer Science

View full text Add to dashboard Cite

Using Probabilistic Kleene Algebra for Protocol Verification

McIver

Cohen

Morgan

2006

View full text Add to dashboard Cite

We describe pKA, a probabilistic Kleene-style algebra, based on a well known model of probabilistic/demonic computation [3, 16, 10]. Our technical aim is to express probabilistic versions of Cohen's separation theorems[1]. Separation theorems simplify reasoning about distributed systems, where with purely algebraic reasoning they can reduce complicated interleaving behaviour to "separated" behaviours each of which can be analysed on its own. Until now that has not been possible for probabilistic distributed systems. Algebraic reasoning in general is very robust, and easy to check: thus an algebraic approach to probabilistic distributed systems is attractive because in that "doubly hostile" environment (probability and interleaving) the opportunities for subtle error abound. Especially tricky is the interaction of probability and the demonic or "adversarial" scheduling implied by concurrency. Our case study-based on Rabin's Mutual exclusion with bounded waiting [6]-is one where just such problems have already occurred: the original presentation was later shown to have subtle flaws [15]. It motivates our interest in algebras, where assumptions relating probability and secrecy are clearly exposed and, in some cases, can be given simple characterisations in spite of their intricacy.

show abstract

12 3 4 5

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ernie Cohen

VCC: A Practical System for Verifying Concurrent C

Separation and Reduction

The 1st Verified Software Competition: Experience Report

Local Verification of Global Invariants in Concurrent Programs

Reduction in TLA

TAPS: A First-Order Verifier for Cryptographic Protocols

A Precise Yet Efficient Memory Model For C

Using Probabilistic Kleene Algebra for Protocol Verification

Contact Info

Product

Resources

About