Donald I. Good’s research while affiliated with University of Texas at Austin and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (42)


Report on Gypsy 2.05 February 1, 1986 Donald I. Good Robert L. Akers Lawrence M. Smith
  • Article

May 2000

·

19 Reads

Donald I. Good

·

Robert L. Akers

·

Lawrence M. Smith

Gypsy is a collection of methods, languages, and tools for building formally verified computing systems. Gypsy provides capabilities specifying a system, implementing it, and for using formal, logical deduction to prove important properties about the specification and the implementation of the system. The Gypsy program description language is a single, unified language that is used to express both the specification and the implementation of a computing system. This report defines the Gypsy 2.05 program description language. Gypsy 2.05 includes almost all of Gypsy 2.0 with some extensions and minor modifications. Preface The development of Gypsy began late in 1974, and the first report on Gypsy 1.0 was issued in August 1976. Initial attempts to use Gypsy 1.0, to define its specification and proof methods and to implement it led to a number of significant language revisions. The report on Gypsy 2.0 was issued in September 1978. Although Gypsy 2.0 extended Gypsy 1.0 in some significant ...


Message Flow Modulator Final Report

May 2000

·

138 Reads

·

4 Citations

The message flow modulator is a formally specified and proved filter program that is applied continuously to a stream of messages flowing from one computer system to another. Messages that pass the filter are passed to their destination. Messages that do not are logged on an audit trail. The modulator has been designed specifically to monitor the flow of security sensitive message traffic from the Ocean Surveillance Information System of the United States Naval Electronic Systems Command. The modulator has been designed, specified, and implemented in the Gypsy language. All of the modulator, from the highest level of design to the lowest level of coding, has been formally specified and mechanically proved with the Gypsy Verification Environment. The modulator is specifically designed and intended for use in actual field operation. It has been tested in a simulated operational environment at the Patuxent River Naval Air Test Center with scenarios developed by an independent, external g...


General Message Flow Modulator

July 1997

·

8 Reads

·

4 Citations

The general message flow modulator is a high level design of a family of mechanisms for controlling the flow of messages from a source to a destination. This family of mechanisms has a wide variety of computer security applications. The general modulator has been formally specified and proved, and one member of the family has been implemented as a running prototype to give a concrete illustration of the kinds of control that can be provided. The general modulator has been specified and implemented in Gypsy, and the proofs have been done mechanically within the Gypsy Verification Environment. Acknowledgements The development of the general message flow modulator was sponsored by the U. S. Naval Electronic Systems Command under Contract N00039-81-C-0074. GENERAL MESSAGE FLOW MODULATOR 1 1.


The Role of Automated Reasoning in Integrated System Verification Environments
  • Article
  • Full-text available

January 1992

·

45 Reads

·

2 Citations

This paper focuses on "system verification," the activity of mechanically proving properties of computersystems. Distinguishing characteristics of systems include their large size, their multiple layers ofabstraction, and their frequent concern with multiple programming languages and, more generally,multiple models of computation. System verification systems require supreme integration of theircomponent parts. To reason formally about systems one must be able to reason about the relations...

Download


The Gypsy 2.0 and Gypsy 2.1 differences have been removed and placed in a separate document.) Report on Gypsy 2.05

January 1986

·

8 Reads

Gypsy is a collection of methods, languages, and tools for building formally verified computing systems. Gypsy provides capabilities specifying a system, implementing it, and for using formal, logical deduction to prove important properties about the specification and the implementation of the system. The Gypsy program description language is a single, unified language that is used to express both the specification and the implementation of a computing system. This report defines the Gypsy 2.05 program description language. Gypsy 2.05 includes almost all of Gypsy 2.0 with some extensions and minor modifications. Preface The development of Gypsy began late in 1974, and the first report on Gypsy 1.0 was issued in August 1976. Initial attempts to use Gypsy 1.0, to define its specification and proof methods and to implement it led to a number of significant language revisions. The report on Gypsy 2.0 was issued in September 1978. Although Gypsy 2.0 extended Gypsy 1.0 in some significant ways, Gypsy 2.0 primarily was a simplification of Gypsy 1.0. In order to provide a stable implementation target, the definition of Gypsy 2.0 has remain fixed until this time. Now, based on the experience of the last several years of using and implementing Gypsy 2.0, this report describes Gypsy 2.05. Again, Gypsy 2.05 primarily is a slightly extended subset of Gypsy 2.0.





Toward building verified, secure systems

July 1981

·

3 Reads

·

2 Citations

ACM SIGSOFT Software Engineering Notes

The constructive set theory of PL/CV3 is used to illustrate conditions that a formal system must satisfy if it is to feasibly represent the reasoning needed to solve sequential programming problems.


Citations (18)


... The Encrypted Packet Interface was an encryption system (using DES symmetric-key algorithms) that was tested (but never implemented) on the Arpanet and had the unique quality of being built from verifiable code, in precisely the same way as the efforts to create secure operating systems, like the Provably Secure Operating System. 49 However, these developments occurred largely after the critical developmental steps of the PLI. ...

Reference:

Edge Cryptography and the Codevelopment of Computer Networks and Cybersecurity
A verified encrypted packet interface
  • Citing Article
  • July 1981

ACM SIGSOFT Software Engineering Notes

... Classical Hoare-style specification and verification techniques [18] work well for simple first-order imperative languages. Specification languages adapted these techniques to imperative languages with procedural abstractions, writing contracts for procedures in the form of pre-and postconditions plus frame axioms [1,16,19,35]. The design by contract methodology [23,24] is a well-known popularization of these ideas. ...

Gypsy: A language for specification and implementation of verifiable programs
  • Citing Article
  • April 1977

ACM SIGOPS Operating Systems Review

Allen L. Ambler

·

Donald I. Good

·

·

[...]

·

Robert E. Wells

... Yet, it proves to be a very challenging task, both for students and educators. Formal concepts are much harder to assimilate 3 normally in the form of method pre and postconditions, loop and class invariants, etc. Verifyingcompilers generate verification conditions (VCs) from the annotated sources, which are fed into automated provers [23]. ...

An interactive program verification system
  • Citing Article
  • June 1975

ACM SIGPLAN Notices

... The first language for specification and verification was Gypsy, introduced by Ambler et al. (1977). Later, Meyer (1992) introduced the term software contract with the language Eiffel, along with our moderns notions of pre-and post-condition contract enforcement, and Findler & Felleisen (2002) brought software contracts into functional languages. ...

Gypsy
  • Citing Conference Paper
  • January 1977

... The operational semantics of Micro-Gypsy is an interpreter written as a recursive function (called MG-MEANING) in the Boyer-Moore theorem prover. As the focus of this paper was on the code generator and its veri cation, the MG-MEANING function is taken for granted and is not described in depth; however, it is indicated in GSY90] that the semantics of Micro-Gypsy is similar to the mathematical semantics for Middle Gypsy. ...

Middle Gypsy 2.05 Definition

... However, since that time, continued, subsequent research in classrooms continues to demonstrate that teachers do make a tangible and indelible difference in student academic performance and achievement. Variegation in student achievement, for example, has been systematically related to variations in the classroom behaviors of teachers (Good, London, & Bledsoe, 1975). Connected to these findings, King and Newman (2000) state, "since teachers have the most direct, sustained contact with students and considerable control over what is taught and the climate for learning, improving teachers' knowledge, skills, and dispositions through professional development is a critical step in improving student achievement" (p. ...

An interactive program verification system
  • Citing Article
  • March 1975

IEEE Transactions on Software Engineering

... In addition, since the semantics of Micro-Gypsy is guaranteed by the entire veri ed computing system, this work can also be viewed as an implementation veri cation for the high-level programming language through the layered veri cation of the computing system. By changing the component layer FM8502 to FM9001 in the short stack, CLI has also demonstrated that the speci cation and veri cation for the upper layers in the original stack can be reused to compose a system veri cation for the changed or new stack (Good, Kaufmann, and Moore, 1992). ...

The Role of Automated Reasoning in Integrated System Verification Environments

... Unfortunately, few mechanical tools directly support formal reasoning about such systems. The Gypsy Verification Environment [8] is useful for the verification of a variety of concurrent applications, but limits on the form of the specification and implementation of concurrent programs make it awkward to use for the repeater. At this writing, it is difficult, for example to specify in Gypsy program exit conditions of the form "at the time a message is received over channel A, the history of channel B satisfies property P." ...

Report on gypsy 2. 05
  • Citing Article
  • January 1986

... The Encrypted Packet Interface was an encryption system (using DES symmetric-key algorithms) that was tested (but never implemented) on the Arpanet and had the unique quality of being built from verifiable code, in precisely the same way as the efforts to create secure operating systems, like the Provably Secure Operating System. 49 However, these developments occurred largely after the critical developmental steps of the PLI. ...

A verified encrypted packet interface
  • Citing Article
  • July 1981

ACM SIGSOFT Software Engineering Notes

... Languages for functional properties rely heavily on one or two-state assertions, including pre-and postconditions, as well as invariants. This style of specification language is typified by Eiffel [Eiffel 2005] and includes languages such as Gypsy [Ambler et al. 1977], Anna [Luckham and von Henke 1985; Luckham 1990], SPARK [Barnes 1997; Chapman 2000], VDM [Andrews 1996; Fitzgerald and Larsen 1998; Fitzgerald 2008; Jones 1990], VDM++ [Fitzgerald et al. 2005; Mitra 1994], Larch interface specification languages [Guttag et al. 1993; Guttag et al. 1985; Wing 1987], the RESOLVE family [Ogden et al. 1994; Edwards et al. 1994], Spec# [Barnett et al. 2005; Barnett et al. 2006], and JML [Burdy et al. 2005;. The Object Constraint Language of the UML [ In this survey, we focus on code interface specification languages for functional behavior properties. ...

Gypsy: A language for specification and implementation of verifiable programs
  • Citing Article
  • March 1977

ACM SIGSOFT Software Engineering Notes