2008 Turing Award Winners Announced

← Back to Stories (view on slashdot.org)

2008 Turing Award Winners Announced

Posted by ScuttleMonkey on Monday February 4, 2008 @10:30AM from the nobel-of-computing-awards dept.

The Association for Computing Machinery has announced the 2008 Turing Award Winners. Edmund M. Clarke, Allen Emerson, and Joseph Sifakis received the award for their work on an automated method for finding design errors in computer hardware and software. "Model Checking is a type of "formal verification" that analyzes the logic underlying a design, much as a mathematician uses a proof to determine that a theorem is correct. Far from hit or miss, Model Checking considers every possible state of a hardware or software design and determines if it is consistent with the designer's specifications. Clarke and Emerson originated the idea of Model Checking at Harvard in 1981. They developed a theoretical technique for determining whether an abstract model of a hardware or software design satisfies a formal specification, given as a formula in Temporal Logic, a notation for describing possible sequences of events. Moreover, when the system fails the specification, it could identify a counterexample to show the source of the problem. Numerous model checking systems have been implemented, such as Spin at Bell Labs."

66 comments

Min score:

Reason:

Sort:

WARNING: GNAA by SirBudgington · 2008-02-04 10:38 · Score: 4, Informative

Link is a malicious site, don't click. Shock site with malicious jacascript.

--
this is my sig
1. Re:WARNING: GNAA by Anonymous Coward · 2008-02-04 11:33 · Score: 1, Informative
  
  Am I the only one who noticed that these are the winners from last year? Mod please?
2. Re:WARNING: GNAA by Anonymous Coward · 2008-02-04 13:58 · Score: 0
  
  You win this year's prize then.
3. Re:WARNING: GNAA by Anonymous Coward · 2008-02-05 07:55 · Score: 0
  
  You mean sourceforge.net ?
A Dubious Prize by BalorTFL · 2008-02-04 10:39 · Score: 1

I think even most slashdotters could get an award for passing the Turing Test! (In all seriousness, congratulations to the winners - I haven't read the details yet, but it's quite an accomplishment.)
1. Re:A Dubious Prize by BigJClark · 2008-02-04 10:46 · Score: 1
  
  What is it like in there?
  
  --
  
  Hi, I Boris. Hear fix bear, yes?
2. Re:A Dubious Prize by Anonymous Coward · 2008-02-04 10:47 · Score: 3, Funny
  
  That's interesting BalorTFL. Why do you think that?
3. Re:A Dubious Prize by Anonymous Coward · 2008-02-04 10:57 · Score: 0
  
  The Turing Test and Turing Awards have nothing to do with eachother. You should probably know a thing like that if you're posting on Slashdot.
4. Re:A Dubious Prize by Anonymous Coward · 2008-02-04 11:07 · Score: 3, Funny
  
  PARITY ERR ... 85362 ???
  PARITY ERR ... 16376 ???
  PARITY ERR ... 56721 ???
  PARITY ERR ... 23423 ???
  PARITY ERR ... RECOVERED
  PARITY
  
  HELLO BigJClark, MY NAME IS DOCTOR SBAITSO.
5. Re:A Dubious Prize by Anonymous Coward · 2008-02-04 16:10 · Score: 0
  
  I AM A HUMAN.
  I have won this TURING "PRIZE" before.
  
  CAN you GET ME A "DATE" with ELIZA?
  SHE is SEXY.
  IN SOVIET TURING LAND, PRIZE WINS YOU.
  I for one BOW to our PRIZE-AWARDING OVERLORDS.
  
  WHY do you LAUGH, slashdooter?
6. Re:A Dubious Prize by Anonymous Coward · 2008-02-04 18:00 · Score: 0
  
  *whoosh!*
What about those... by joey_knisch · 2008-02-04 10:44 · Score: 5, Funny

Russian chat bots that convinced men not only that they were easy to score with females but needed a credit card up front.
http://science.slashdot.org/article.pl?sid=07/12/09/1356201

That has to be worth some kind of reward.
1. Re:What about those... by Anonymous Coward · 2008-02-04 10:54 · Score: 0
  
  Actually, I think the users who got fooled by such bots deserve some kind of (at least monetary) Darwin Award...
  Let's see, a reverse Turing test... A human must convince some(one|thing) that he is an ATM. Job done!
2. Re:What about those... by tirerim · 2008-02-04 11:01 · Score: 2, Funny
  
  Well, getting the credit card numbers probably did pretty well for them already.
3. Re:What about those... by pablodiazgutierrez · 2008-02-04 12:57 · Score: 1
  
  Bonus points: Convince the human male that he's actually a dildo.
  
  --
  
  To do list for Windows
4. Re:What about those... by hairykrishna · 2008-02-05 02:47 · Score: 1
  
  All of the 'sex text' lines (i.e. like sex chat lines, only text messages) are run by bot software. Nice way to make cash; some server sending out messages at £1.50 a time!
  
  --
  "Physics is to math as sex is to masturbation." -R. Feynman
5. Re:What about those... by kalirion · 2008-02-05 05:22 · Score: 1
  
  The lower head doing the thinking in these cases is far easier to fool.
Primary Source by jdschulteis · 2008-02-04 11:04 · Score: 5, Informative

At least DDJ isn't somebody's blog, but why not link directly to ACM's press release?
1. Re:Primary Source by Anonymous Coward · 2008-02-05 06:08 · Score: 0
  
  Then link to both. Primary sources should have priority though. Microsoft, and "making money" have nothing to do with this. Oh, and you are posting here so you are slashdotter even if you don't have an account. Welcome to the collective.
"Model Checking" - such a disappointment by Crypto+Gnome · 2008-02-04 11:05 · Score: 0, Offtopic

In The Slashdot Universe, "model checking" is all about logic analysis.

Despite the fact that the models we'd much rather be checking are all from Playboy/Hustler etc.

Surely we can get together enough of a crowd to award a prize for that?

--
Visit CryptoGnome in his home.
A Turing for Generic Programming? by Anonymous Coward · 2008-02-04 11:16 · Score: 0

I think the work of Alexander Stepanov and David Musser in Generic Programming deserves a Turing award.
Just moves the errors up one level by hoggoth · 2008-02-04 11:18 · Score: 3, Insightful

I took a Computer Science course on discrete logic with a professor who was very into "model checking". By the end of the course I finally understood that all we had done was move the logic and the source of errors from the computer program to the formal specification. The formal specification was just as rigorous and complex as a computer program. The program became little more than a different expression of the formal specifications, such that it would be possible not only to check that a program had no "errors" and followed the specification exactly, but it would also be possible to have an automated process translate the formal specification into a program directly. The professor proclaimed that we now had a system that could prove programs correct. I pointed out that we had not, we had only changed programming languages to a mathematical one instead of a more typical computer programming language.

--
- For the complete works of Shakespeare: cat /dev/random (may take some time)
1. Re:Just moves the errors up one level by Bozdune · 2008-02-04 11:40 · Score: 4, Interesting
  
  This is precisely the problem with such ideas. As you said, if a program is sufficiently rigorously specified that an automated proof-of-correctness can be generated, then the specification of the program is obviously complex enough to require that it, too, must undergo testing to ensure that it is correct, and so on. We might end up with 2 = 2, but that doesn't help much if we wanted 3.
  
  The DoD has funded these efforts heavily since the 1970's, and computer science graduate students have been all over them for as long as I can remember. I've read way too many dull papers on the topic, as one amateur modern algebraist after another discovers the wonders of Hoare and rushes into print with his or her "unique" twist, all to the end of starting yet another unremarkable academic career.
  
  Of course, the illusion of "perfect" software never fails to amuse me, since I remember an Interdata 32 overheating in the lab and making serious fixed point arithmetic errors. Sort of grounds one in reality, doesn't it, when the machine can't add. Sure glad the program was declared "correct," though.
2. Re:Just moves the errors up one level by Picolino · 2008-02-04 12:03 · Score: 5, Informative
  
  The purpose of model checking is rarely to specify the whole behavior of the program, but to ensure that some condition are always true or false. Such condition can be the absence of buffer overflow ... relatively easy to formulate, hard to discover ...
3. Re:Just moves the errors up one level by applecrumble · 2008-02-04 12:06 · Score: 1
  
  > The formal specification was just as rigorous and complex as a computer program. The program became little more than a different expression of the formal specifications Have you got an example of this? The specification of what you want to do is generally significantly simpler than how you actually do something.
4. Re:Just moves the errors up one level by Deef · 2008-02-04 12:39 · Score: 4, Insightful
  
  Just because this is true (that program correctness proofs are themselves very complex) doesn't mean that the technique is without value. If you have such a formal specification for a program, you now have supposedly identically operating code written in two different languages, which can be checked against each other for errors, hopefully automatically.
  
  Having a fully provable program like this is like having a test suite that checks 100% of the branches in your program. It can substantially reduce errors that otherwise might slip by due to having failed to write a test for various conditions.
  
  Yes, every time you find a mismatch, you have to consider whether it is the program or the specification that is wrong. Still, the errors that you miss will be those for which the specification and the program are wrong in THE SAME WAY, which should be very uncommon.
5. Re:Just moves the errors up one level by El+Cabri · 2008-02-04 12:50 · Score: 3, Interesting
  
  The formal specification for, say, liveness of an interlocking system is a one-liner in a typical temporal logic notation, and you can apply it without significant modification to any number of different implementations, of any number of different applications, whatever their complexity. This is leverage : you put your trust in a very short piece of "code" (the formal spec for your property) and in the tool itself (which is the same kind of trust you put in your compiler), and in return you get trust on a huge complicated piece of software that you wrote. Then you break down your testing into many, independent property checks that all validate one aspect of one big piece of inter-mangled software. That's hugely powerful.
  
  I hope your prof failed you.
6. Re:Just moves the errors up one level by quanticle · 2008-02-04 13:10 · Score: 2, Insightful
  
  Still, the errors that you miss will be those for which the specification and the program are wrong in THE SAME WAY, which should be very uncommon.
  You assume that the code isn't generated directly from the model. Given that there are many tools that do just that (Rational Rose, et. al.), I'd say that the parent is correct. We've simply moved our correctness requirements up one level of abstraction.
  
  --
  We all know what to do, but we don't know how to get re-elected once we have done it
7. Re:Just moves the errors up one level by rayadoCanyon · 2008-02-04 13:13 · Score: 5, Interesting
  
  Once I went to a talk about applications of model checking to the verification of software. A programmer was constantly changing a state-based algorithm for call setup in a telephone switch, and was having trouble keeping it correct. Enter model checking. Two people wrote temporal specifications of call setup, and every night or so, they'd grind the model checker on the latest version of the code. No, that didn't prove the code was correct, but it did catch an enormous number of bugs in a tricky piece of concurrent code.
  
  Oh. The programmer was Ken Thompson. The people applying the model checker were Gerard Holzmann (the designer of SPIN) and Margaret Smith.
  
  I'm not saying the technology is applicable everywhere, but you gotta give Clarke, Emerson, and Sifakis a lot of credit for opening a good door.
8. Re:Just moves the errors up one level by thaig · 2008-02-04 14:45 · Score: 1
  
  You're just saying that some specifications aren't as complicated as the implementation.
  
  The GP says that some are and he cited an example.
  
  So his prof can be a dweeb and you can be right at the same time.
  
  --
  This is all just my personal opinion.
9. Re:Just moves the errors up one level by Anonymous Coward · 2008-02-04 15:18 · Score: 0
  
  Classic. Maybe you should stop posting for a bit before we all have to read way too many of your dull ego-fluff pieces. Before attacking anonymous 'amateurs', you should reexamine your own unremarkable slashdot trolling career. Surely a master such as yourself would not be caught wasting time here.
10. Re:Just moves the errors up one level by Anonymous Coward · 2008-02-04 23:16 · Score: 0
  
  You should read things like "Specifying Systems" by Lamport, or "SPIN Model Checker" by Holzmann. And take a maths course in parallel. Then we can talk.
11. Re:Just moves the errors up one level by Coryoth · 2008-02-05 00:55 · Score: 2, Informative
  
  The program became little more than a different expression of the formal specifications, such that it would be possible not only to check that a program had no "errors" and followed the specification exactly, but it would also be possible to have an automated process translate the formal specification into a program directly. That depends on the problem. I can specify a square root finding algorithm: the output multiplied by itself must be equal to the input (within some epsilon error tolerance). I doubt you can extract any useful implementation from that. A slightly more complicated example, I can specify a sorting algorithm: the output must have all the same elements as the input, and for each index i of the ouput the ith element must be less than the (i+1)th element. Trying to translate that (or its more formal equivalent) into a program directly will get you bogosort at best. Specification can be, and usually are, considerably shorter than implementations; this is particularly true wen you start specifying code that is more than just a set of business rules.
  
  --
  Craft Beer Programming T-shirts
12. Re:Just moves the errors up one level by Anonymous Coward · 2008-02-05 03:23 · Score: 0
  
  Model checking isn't about perfect software. I have no idea where you are getting this from.
  
  Model checking has been successfuly applied to verify protocols, hardware, distributed networks, all sorts of things. In fact software is the one particular area where model checking is known to be not so useful just to the infiniteness of the system being modelled. Having said this, Microsoft are using it to verify properties of the kernel in their OSes.
  
  I'm not sure what papers you've been reading but they're not the ones I've been writing. Sounds like you've skimmed Wiki and gotten the wrong end of the stick.
Nice job, but... by algae · 2008-02-04 11:21 · Score: 1

...can they determine whether my program will halt or not?

--
Causation can cause correlation
1. Re:Nice job, but... by ArikTheRed · 2008-02-04 11:35 · Score: 1
  
  Sure! They'll have the answer any day now... just, waiting on the result...
  
  --
  http://www.coderoshi.com/
2. Re:Nice job, but... by Surt · 2008-02-04 12:27 · Score: 1
  
  Not them, but MS has software that will do this for all software not designed to defeat it, which since I presume yours was not, probably will work for your program.
  
  --
  "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
3. Re:Nice job, but... by El+Cabri · 2008-02-04 12:43 · Score: 1
  
  You can prove that a program halts, or doesn't, provided that you understand the program, and in particular the invariants that will determine it to halt. You just cannot write a program that will answer the question on an arbitrary other program. Typically you will design the proof as you design the program. That is the point made in Disjkstra's "A Discipline of Programming" essay (published in the 70s). This kind of things has been forgotten since then and hackers have since built the software ecosystems as a piling of shoddy abstractions, each more complicated to deal with the errors and indeterminism of the previous one.
4. Re:Nice job, but... by TheLink · 2008-02-04 19:59 · Score: 1
  
  In theory who knows. In practice it will - someone or something will stop it eventually.
  
  More importantly can they determine whether your program is malicious or not?
  
  That's similar to the halting problem, but more relevant to desktop computer users nowadays, given the lack of good program sandboxing that's done in a user friendly manner.
  
  Let's call it the "pwning problem". It's amazing even up till to day that users are still expected to solve that problem regularly, somehow, and here's the good bit: usually with no access to the source code.
  
  Billions of USD spent and all you get in terms of security is _primitive_ UAC crap from Microsoft.
  --
  
  Too many replies beneath your current threshold
5. Re:Nice job, but... by algae · 2008-02-05 07:41 · Score: 1
  
  You just cannot write a program that will answer the question on an arbitrary other program.
  
  That was kind of my point, but I guess jokes about the halting problem and undecidability are a little over this crowd.
  
  --
  Causation can cause correlation
Guarding the guard by Mr2cents · 2008-02-04 11:23 · Score: 2, Insightful

Model checking surely has it's merits, but how are you going to check the model for errors? If I have learned one thing writing software, it is that there is a difference between what people want, and what people say they want. And there is, and never will be, no software that can check if those two are the same. Actually, I'm beginning to think there might be a lot to be gained if computer scientists team up with psychologists to get better specifications out of customers.

PS: Good news, guys: psychology has lots of female students, so we might solve two problems in one blow.

--
"It's too bad that stupidity isn't painful." - Anton LaVey
1. Re:Guarding the guard by aethogamous · 2008-02-04 11:41 · Score: 1
  
  PS: Good news, guys: psychology has lots of female students, so we might solve two problems in one blow.
  
  not only that, it would provide psychology students with steady stream of abnormal personalities to study ...
2. Re:Guarding the guard by amh131 · 2008-02-04 12:36 · Score: 1
  
  I gotta say that in my fairly modest experience I never noticed a lack of "abnormal" personalities in any psychology class. Made me wonder about the value of all those tests that the grad students made the undergrads take given that everything seemed so darn far away from the median ...
3. Re:Guarding the guard by El+Cabri · 2008-02-04 12:36 · Score: 3, Informative
  
  You're not expected to model the full behavior of your program. Model checking is useful for testing individual properties such as bounds on ressource allocation, non-deadlock of thread synchronization, or security-related invariants.
2008? by drange_net · 2008-02-04 11:27 · Score: 1

Then why is the article titled 2007 Turing Award Winners Announced?
1. Re:2008? by Jugalator · 2008-02-04 13:03 · Score: 1
  
  Slashdot has to be wrong, unless this was a damn short competiton.
  
  --
  Beware: In C++, your friends can see your privates!
2. Re:2008? by tsjaikdus · 2008-02-05 00:00 · Score: 1
  
  That's one error the program didn't find
So.... by JaredOfEuropa · 2008-02-04 11:38 · Score: 2, Insightful

.... Did he flunk you?

Seriously, I had the same questions about formal, mathematical specifications when I learned of them. In my own experience (mostly business software), most re-work in software comes from a mismatch with the functional specification, or because of stuff that was left out of the functional spec but should have been in there. There are still actual programming or logic errors, but improved testing methodes and test functions of development frameworks have helped catch those bugs ever earlier in the development cycle.

But perhaps formal methods have their use for certain kinds of software.

--
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
VIS - An open source model checker by b0101101001010000 · 2008-02-04 11:56 · Score: 2, Informative

Fabio Somenzi at the University of Colorado contributes to an open source tool to perform model checking called VIS (Verification Interacting with Synthesis) available at: http://vlsi.colorado.edu/~vis/. I recommend anyone interested in this to check it out. It can perform model checking on Verilog modules directly.
A great day by El+Cabri · 2008-02-04 12:13 · Score: 2, Insightful

I hope this will help push the use of formal methods, particularly in software development. There is no way that software development can be carried out in the massively distributed / multi-core era using the test-and-tweak, black magic approach that has so far dominated software creation and that has led to the big mess that we are in.
1. Re:A great day by PPH · 2008-02-04 16:32 · Score: 1
  
  True. But as these mehods, and more to the point, the tools, become more intelligent, eventually they will pass the Turing Test. In other words, the output will be indistinguishable from that of a human, with all the logic errors, missing parentheses, and unreachable code that we currently expect.
  
  --
  Have gnu, will travel.
2. Re:A great day by Coryoth · 2008-02-05 01:04 · Score: 1
  
  I hope this will help push the use of formal methods, particularly in software development. Sadly, I doubt it. Just read the comments here, or on any other similar article on Slashdot. There are a great many would be programmers who proudly reject any sense of formality. In discussions on Slashdot I've had a a hard enough time pitching lightweight formal methods with JML or similar. I don't quite fully understand where the resistance comes from, but it is very firmly ingrained.
  
  --
  Craft Beer Programming T-shirts
Congrats to Ed. by Anonymous Coward · 2008-02-04 12:45 · Score: 1, Interesting

I was a PhD student of Ed, so great news for being at a "Turing award distance" 1. The model checking technique has indeed come a long way since its inception in 1981. It is more successful in hardware verification, then in software verification, so much so that most chip makers use it in one form or another. To those who say that the specification becomes as complex as the original program itself, there is some truth to that. However, one can also start with simple specifications, like After a request is made to a bus arbiter, it is always granted (within a few cycles, or eventually), or that there is no deadlock, etc. These are simple specifications, that can be "model checked". Moreover, people have developed sugar coating around mathematical languages used for writing the specs, and for analyzing specs themselves, etc. etc. There are techniques such as "equivalence checking", which can be thought of as a special case of model checking, where two designs need to proven equivalent to each other (say one version of RTL v/s a low power version of the same RTL). In this case, the specs become really simple (like which inputs and outputs corresponds between the two designs, and the relative timings).

PS: Too lazy to create a slashdot account, so posting as an AC, besides, what's there in a name. :)
Truly helpful for optimizations by bunratty · 2008-02-04 13:08 · Score: 4, Insightful

Your professor was correct. Yes, the computer can automatically write a program from the specification. On the other hand, it probably isn't very efficient. You could write a deviously clever program to produce the same output, and when others don't buy into the tricks you've used, you can prove conclusively that your program is 100% correct. The same technique can prove that the latest processor optimizations don't have bugs (think of the Pentium division problem).

--
What a fool believes, he sees, no wise man has the power to reason away.
I dropped Emerson's class by omnirealm · 2008-02-04 13:12 · Score: 3, Interesting

I signed up for Emerson's graduate course on model checking and reactive systems a couple of years back. The first day of class, he walked in 15 minutes late and said something like, "Welcome to my class. No homework or tests. Everyone gets an 'A'. Let's see what kind of papers we can come up with." He then dived right into some intense theory as if he were casually picking up a conversation he left off the semester before. I spent the next few hours feeling like total deadweight (several other grad students just sat there silent the whole time, with expressions on their faces like deer caught in headlights). I wound up just dropping the class; it took me another year of grad courses to get all the background theory I needed to just keep pace, and I hate wasting time, even for an easy 'A'. Too bad I graduated just before he taught his class again; I would have given it another shot before leaving UT Austin.

--
An unjust law is no law at all. - St. Augustine
1. Re:I dropped Emerson's class by Anonymous Coward · 2008-02-05 13:02 · Score: 0
  
  I am currently in this undergrad course of debugging and verification. He still the same guy, shows up 15 mins late to class everyday without fail. And it's still pretty intense. Apparently the award is for his doctoral thesis he wrote in the early 80s.
An open source model checker for Java by martinde · 2008-02-04 13:22 · Score: 4, Informative

NASA released an open source model checker for Java called JPF. It's a JVM implemented in Java that can do model checking on "generic" Java apps, finding deadlocks and things like that.
Just about time by leoval · 2008-02-04 15:38 · Score: 2, Informative

I have been hearing about formal verification for hardware design for the last 10 years and at some point I had to opportunity to do minor work on one of the formal verification products that my company produces. The technology is really interesting and contrary the the uninformed opinion of other slashdotters in this thread, it delivers tangible results and provides a clear advantage over classic verification techniques (vector testing, testbenches and so for).

It took a long time but a lot of the major design houses (Intel, PMC sierra, Freescale, ST micro, IBM and such), now use a form or another of formal verification during their design cycle. It has been a silent revolution, but be assured that many modern microchips have been verified this way.

Perhaps some day we could have a succesful formal verification product for software (After all, Verilog and VHDL could be seen as programming languages no?). In the meantime, it has proven its worth on the hardware side. Congratulations are due to these pioneers.
Not only that... by Goonie · 2008-02-04 16:29 · Score: 1

You may not be able to prove that your design was what you originally had in mind, but as I understand model checking you can certainly prove certain useful properties - for instance, that eventually it returns to a particular "state" (something akin to not getting stuck in some loop). That's something you can't do just on the basis of looking and testing your code.
That said, you do have a point that formulating the models is not justified for a lot of routine code. Furthermore, in practice, as I understand it, in many application domains model checking is still computationally infeasible despite the work done on tackling state explosion.

--

Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Re:Please link to the source articke,,,, by StargateSteve · 2008-02-04 17:44 · Score: 1

fking jackass. DO NOT click this link!
Awards for Excellence in Java, .NET, Rich Web by Anonymous Coward · 2008-02-05 00:14 · Score: 0

A set of awards to recognize individual and professional achievements in Java, .NET and Rich Web is being organized alongside a Developer Summit in Bangalore later this year. The awards will honor "product and innovation excellence of the hundreds of software products and tools that aid developer productivity, across 12 different categories. The selection criteria applied by an international stature panel places emphasis on functionality, usability, innovation excellence, bleeding-edge quotient, and feedback from the developer ecosystem." Seems like a transparent process; you can nominate your selection here http://developersummit.com/awards.html#nominate.