Parameterised! Linearisability Andrea Cerone
|
|
- Daniella Haynes
- 5 years ago
- Views:
Transcription
1 ised! Linearisability Andrea Cerone Joint work with Alexey Gotsman and Hongseok Yang ICALP - Copenhagen, July 8th, 2014
2 A Simple Example Converting a sequential data structure into a concurrent one Trivial Solution:
3 A Simple Example Converting a sequential data structure into a concurrent one Trivial Solution: Works for any implementation of push but it s inefficient (we can do much better )
4 Flat Combiners (Hendler et al, 2010) Idea: let a single thread handle all requests
5 Flat Combiners (Hendler et al, 2010) Idea: let a single thread handle all requests Stack FC stack provides methods push, pop to clients : access to methods in Stack regulated by, do push do pop 0 1 t 1. push(5) t 1 do push (5) t 2 do push (7) t 2. push(7) t 3.
6 Flat Combiners (Hendler et al, 2010) Idea: let a single thread handle all requests Stack FC stack provides methods push, pop to clients : access to methods in Stack regulated by, do push do pop 0 1 t 1. push(5) t 1 do push (5) t 2 do push (7) t 2 t 3. push(7). t 2 wins
7 Flat Combiners (Hendler et al, 2010) Idea: let a single thread handle all requests Stack FC stack provides methods push, pop to clients : access to methods in Stack regulated by, do push do pop 0 1 t 1 do push (5) t 1. push(5) t 2 do push (7) push(5) push(7). t 2 push(7). t 2 wins t 3
8 Flat Combiners (Hendler et al, 2010) Idea: let a single thread handle all requests Stack FC stack provides methods push, pop to clients : access to methods in Stack regulated by, do push do pop 0 1 t 1 do push (5) t 1. push(5) t 2 do push (7) push(5) push(7). t 2 push(7) t 3. pop FC stack push, not implemented in (abstract methods)
9 Flat Combiners (Hendler et al, 2010) Idea: let a single thread handle all requests Stack FC stack provides methods push, pop to clients : access to methods in Stack regulated by, do push do pop 0 1 t 1 do push (5) t 1. push(5) t 2 do push (7) push(5) push(7). t 2 push(7) t 3. pop FC stack push, not implemented in (abstract methods) Guaranteed to have correct behaviour for (almost) any implementation of abstract methods
10 Flat Combiners (Hendler et al, 2010) Idea: let a single thread handle all requests Stack FC stack provides methods push, pop to clients : access to methods in Stack regulated by, do push do pop 0 1 t 1 do push (5) t 1. push(5) t 2 do push (7) push(5) push(7). t 2 push(7) t 3. It appears to behave as the naive push, not implemented solution in FC stack (abstract methods) pop Guaranteed to have correct behaviour for (almost) any implementation of abstract methods
11 Second Order Libraries Public methods define the operations made available to clients Abstract methods (without implementation) can be declared L : M 0! M call public method public method returns call abstract method abstract method returns call public abstract method public abstract method returns
12 Second Order Libraries Public methods define the operations made available to clients Abstract methods (without implementation) can be declared call public method L : M 0! M public method returns Code for methods declared here is defined call abstract method abstract method returns call public abstract method public abstract method returns
13 Second Order Libraries Public methods define the operations made available to clients Abstract methods (without implementation) can be declared call public method L : M 0! M public method returns Code for methods declared here is defined call public abstract method call abstract method abstract method returns public abstract method returns Methods with no code associated
14 Second Order Libraries Public methods define the operations made available to clients Abstract methods (without implementation) can be declared call public method L : M 0! M public method returns Code for methods declared here is defined call public abstract method call abstract method abstract method returns public abstract method returns Methods with no code associated
15 Second Order Libraries Public methods define the operations made available to clients Abstract methods (without implementation) can be declared call public method L : M 0! M public method returns Code for methods declared here is defined call public abstract method call abstract method abstract method returns public abstract method returns Methods with no code associated
16 Instantiation The implementation of abstract methods can be specified! by another library L 2 : M! M 0 L 1 : M 0! M 00
17 Instantiation The implementation of abstract methods can be specified! by another library L 1 L 2 : M! M 00
18 Observational Refinement Program: let L in C 1 k kc n only calls public methods implemented in L L has no abstract methods Observational Refinement: inclusion of client traces, for every possible client and every possible library parameter L 1 v obs L 2 : 8Cl.8L : ;!M.Obs(let ( L 1 L) in Cl) Obs(let ( L 2 L) in Cl)
19 Observational Refinement Program: let L in C 1 k kc n only calls public methods implemented in L L has no abstract methods Observational Refinement: inclusion of client traces, for every possible client and every possible library parameter L 1 v obs L 2 : 8Cl.8L : ;!M.Obs(let ( L 1 L) in Cl) Obs(let ( L 2 L) in Cl) Quantification over clients and library parameters A proof technique is needed
20 Specifying the behaviour of libraries Types for Libraries L : M 0! M (t,?call m(z)) M \ M 0 (t,!return m(z)) Actions: Observable behaviour of Libraries (Different entitities execute in different memory spaces) (t, call m 00 (z)) (t,!call m 0 (z)) (t,?return m 0 (z)) M 0 (t, return m 00 (z))
21 Specifying the behaviour of libraries Types for Libraries L : M 0! M (t,?call m(z)) M \ M 0 (t,!return m(z)) Actions: Observable behaviour of Libraries (Different entitities execute in different memory spaces) (t, call m 00 (z)) (t,!call m 0 (z)) (t,?return m 0 (z)) M 0 (t, return m 00 (z)) (t,?call m(z)) (t,!return m(z)) Interactions with the client m 2 M \ M 0
22 Specifying the behaviour of libraries Types for Libraries L : M 0! M (t,?call m(z)) M \ M 0 (t,!return m(z)) Actions: Observable behaviour of Libraries (Different entitities execute in different memory spaces) (t, call m 00 (z)) (t,!call m 0 (z)) (t,?return m 0 (z)) M 0 (t, return m 00 (z)) (t,?call m(z)) (t,!return m(z)) Interactions with the client m 2 M \ M 0 Interactions with the library parameter (t,!call m 0 (z)) (t,?return m 0 (z)) m 2 M 0
23 Specifying the behaviour of libraries Types for Libraries L : M 0! M (t,?call m(z)) M \ M 0 (t,!return m(z)) Actions: Observable behaviour of Libraries (Different entitities execute in different memory spaces) (t, call m 00 (z)) (t,!call m 0 (z)) (t,?return m 0 (z)) M 0 (t, return m 00 (z)) (t,?call m(z)) (t,!return m(z)) Interactions with the client m 2 M \ M 0 Interactions with the library parameter (t,!call m 0 (z)) (t,?return m 0 (z)) m 2 M 0 Abstract methods invoked by the client (not observable) m 2 M \ M 0
24 Specifying the behaviour of libraries Types for Libraries L : M 0! M (t,?call m(z)) M \ M 0 (t,!return m(z)) Actions: Observable behaviour of Libraries (Different entitities execute in different memory spaces) (t, call m 00 (z)) (t,!call m 0 (z)) (t,?return m 0 (z)) M 0 (t, return m 00 (z)) Histories: (t,?call m 1 (z)) (t,!call m 0 (z)) (t,?return m 0 (z)) (t 0,!return m 1 (z 0 1)) Implemented Code Running (t 2,?call m 2 (z 2 )) (t 2,!return m 2 (z 0 2)) Execution of Abstract Method
25 Denotational Semantics of Libraries JLK : histories generated by a library (arbitrary behaviour of client and library parameter) (t,?call m(z)) M \ M 0 (t,!return m(z)) (t,!call m 0 (z)) (t,?return m 0 (z)) (t, call m 00 (z)) M 0 (t, return m 00 (z))
26 Denotational Semantics of Libraries JLK : histories generated by a library (arbitrary behaviour of client and library parameter) Takes place! non-deterministically (t,?call m(z)) M \ M 0 (t,!return m(z)) (t,!call m 0 (z)) (t,?return m 0 (z)) Chosen! non-deterministically (t, call m 00 (z)) M 0 (t, return m 00 (z))
27 (General) Linearisability h 1 v h 2 : h 2 preserves thread-local subhistories of h 1 + the following order of pairs of actions: 1 (t 1,!return m 1 (z 1 )) (t 2,?call m 2 (z 2 )) (t 1,!return m 1 (z 1 )) x := z 1 arg t2 = x (t 2,?call m 2 (z 2 ))
28 (General) Linearisability h 1 v h 2 : h 2 preserves thread-local subhistories of h 1 + the following order of pairs of actions: 1 (t 1,!return m 1 (z 1 )) (t 2,?call m 2 (z 2 )) (t 1,!return m 1 (z 1 )) x := z 1 arg t2 = x (t 2,?call m 2 (z 2 )) 2 (t 2,?return m 2 (z 2 )) x := z 1 arg t2 = x (t 2,?return m 2 (z 2 )) (t 1,!call m 1 (z 1 )) (t 1,!call m 1 (z 1 )) 3 (t 2,?call m 2 (z 2 )) x := z 1 arg t1 = x (t 2,?call m 2 (z 2 )) (t 1,!call m 1 (z 1 )) (t 1,!call m 1 (z 1 )) (t 2,?return m 2 (z 2 )) arg t1 = x (t 2,?return m 2 (z 2 )) 4 x := z 1 (t 1,!return m 1 (z 1 )) (t 1,!return m 1 (z 1 ))
29 (General) Linearisability h 1 v h 2 : h 2 preserves thread-local subhistories of h 1 + the following order of pairs of actions: 1 (t 1,!return m 1 (z 1 )) (t 2,?call m 2 (z 2 )) (t 1,!return m 1 (z 1 )) x := z 1 arg t2 = x (t 2,?call m 2 (z 2 )) 2 (t 1,!call m 1 (z 1 )) (t 2,?return m 2 (z 2 )) (t 1,!call m 1 (z 1 )) x := z 1 arg t2 = x (t 2,?return m 2 (z 2 )) 3 4 (t 2,?call m 2 (z 2 )) (t 1,!call m 1 (z 1 )) (t 1,!return m 1 (z 1 )) (t 2,?return m 2 (z 2 )) (t 1,!call m 1 (z 1 )) (t 1,!return m 1 (z 1 )) x := z 1 arg t1 = x Needs to! x := z 1 arg t1 = x Call Abstract Methods (t 2,?call m 2 (z 2 )) (t 2,?return m 2 (z 2 ))
30 Encapsulated Linearisability L : M 0! M M 0 \ M = ; v e h 1 h 2 : h 2 preserves thread-local subhistories of h 1 + the following order of pairs of actions: 1 (t 1,!return m 1 (z 1 )) (t 2,?call m 2 (z 2 )) (t 1,!return m 1 (z 1 )) x := z 1 arg t2 = x (t 2,?call m 2 (z 2 )) 2 (t 2,?return m 2 (z 2 )) x := z 1 arg t2 = x (t 2,?return m 2 (z 2 )) (t 1,!call m 1 (z 1 )) (t 1,!call m 1 (z 1 ))
31 Contextuality of Linearisability Theorem: L L in : M! M 0 1, L 2 : M 0! M 00 L 1 v L 2 =) ( L 1 L in ) v ( L 2 L in ) L L 1 L 2 v
32 Contextuality of Linearisability Theorem: L L in : M! M 0 1, L 2 : M 0! M 00 L 1 v L 2 =) ( L 1 L in ) v ( L 2 L in ) L L 1 L 2 L in v L in
33 Contextuality of Linearisability Theorem: L L in : M! M 0 1, L 2 : M 0! M 00 L 1 v L 2 =) ( L 1 L in ) v ( L 2 L in ) L L 1 L 2 L in v L in =) Corollary: L 1 v L 2 L 1 v obs L 2
34 Contextuality of Encapsulated Linearisability Theorem: for libraries with no public abstract methods! encapsulated linearisability is preserved by! instantiation of library parameters Corollary: for libraries with no public abstract methods! encapsulated linearisability implies! observational refinement!
35 Linearisability does not suffice for Flat Combiners FC : {m i } i2i! {do mi } i2i a single thread handles all concurrent requests FC # : {m i } i2i! {do mi } i2i calls to abstract methods regulated by a global lock Instantiating the library parameter int m i (){return gettid(); } Instantiating the t 1 : do mi (); k t 2 : do mi ();
36 Linearisability does not suffice for Flat Combiners FC : {m i } i2i! {do mi } i2i a single thread handles all concurrent requests FC # : {m i } i2i! {do mi } i2i calls to abstract methods regulated by a global lock Instantiating the library parameter int m i (){return gettid(); } Instantiating the t 1 : do mi (); k t 2 : do mi (); using FC # : t 1 : do mi (); k t 2 : do mi (); always returns t 1 always returns t 2 using FC : t 1 : do mi (); k t 2 : do mi (); can return t 2 can return t 1
37 Linearisability does not suffice for Flat Combiners FC : {m i } i2i! {do mi } i2i a single thread handles all concurrent requests FC # : {m i } i2i! {do mi } i2i calls to abstract methods regulated by a global lock Instantiating the library parameter int m i (){return gettid(); } Instantiating the t 1 : do mi (); k t 2 : do mi (); FC 6v Obs FC # =) FC 6v FC # using FC # : t 1 : do mi (); k t 2 : do mi (); always returns t 1 always returns t 2 using FC : t 1 : do mi (); k t 2 : do mi (); can return t 2 can return t 1
38 Properties Satisfied by Flat Combiners FC # linearises FC if the library parameter does not use thread local information 1 (t 1,!return m 1 (z 1 )) (t 2,?call m 2 (z 2 )) (t 1,!return m 1 (z 1 )) x := z 1 arg t2 = x (t 2,?call m 2 (z 2 )) 2 t 1 (,!call m(z)) ( t 1,?return m(z 0 )) =) t2 ( t 2,?return m(z 0 )) (,!call m(z))
39 Up-to Linearisability and Observational Refinement M 0! M,M 0 \ M = ; R : binary relation between sequences of calls and returns to methods in M 0 h 1 v R h 2 : h 1 ClAct v h 2 ClAct h 1 AbsAct R h 2 AbsAct
40 Up-to Linearisability and Observational Refinement M 0! M,M 0 \ M = ; R : binary relation between sequences of calls and returns to methods in M 0 h 1 v R h 2 : h 1 ClAct v h 2 ClAct h 1 AbsAct R h 2 AbsAct (a variant of contextuality holds for v R ) Soundness: L v R 1 v R L =) 2 L 1 obsl 2 only R- closed library parameters are considered
41 Up-to Linearisability and Observational Refinement M 0! M,M 0 \ M = ; R : binary relation between sequences of calls and returns to methods in M 0 h 1 v R h 2 : h 1 ClAct v h 2 ClAct h 1 AbsAct R h 2 AbsAct (a variant of contextuality holds for v R ) Soundness: L v R 1 v R L =) 2 L 1 obsl 2 only R- closed library parameters are considered FC v Rt FC # =) FC v R t obs FC# R t : equivalence of histories up-to thread identifiers
42 Flat Combiners (Hendler et al, 2010) Idea: let a single thread handle all requests Stack FC stack provides methods push, pop to clients : access to methods in Stack regulated by, do push do pop 0 1 t 1 do push (5) t 1. push(5) t 2 do push (7) push(5) push(7). t 2 push(7) t 3. It appears to behave as the naive push, not implemented solution in FC stack (abstract methods) pop Guaranteed to have correct behaviour for (almost) any implementation of abstract methods
43 Flat Combiners (Hendler et al, 2010) Idea: let a single thread handle all requests Stack FC stack provides methods push, pop to clients : access to methods in Stack regulated by, do push do pop 0 1 t 1 do push (5) t 1. push(5) t 2 do push (7) Theorem: push(5) push(7) t 2 t 3. push(7). pop FC v R obs FC # FC stack push, not implemented in (abstract methods) Guaranteed to have correct behaviour for (almost) any implementation of abstract methods
44 Conclusions Future Research: Other applications (Joins, Iterators, ) STM and Transactional Boosting Linearisability for Higher Order Objects Connections with other forms of HO-reasoning (e.g. CaReSL)
45 Conclusions Future Research: Other applications (Joins, Iterators, ) STM and Transactional Boosting Linearisability for Higher Order Objects Connections with other forms of HO-reasoning (e.g. CaReSL)
46 Verification of Flat Combiners Goal: FC v Rt FC #
47 Verification of Flat Combiners Goal: FC v Rt FC # Construct the set of histories JFCK Code analysis =) State Transition System Individuation of properties satisfied by h 2 JFCK
48 Verification of Flat Combiners Goal: FC v Rt FC # Construct the set of histories JFCK Code analysis =) State Transition System Individuation of properties satisfied by h 2 JFCK h 2 JFCK! h 0 Changing threads in abstract calls and returns to match corresponding requests from client
49 Verification of Flat Combiners Goal: FC v Rt FC # Construct the set of histories JFCK Code analysis =) State Transition System Individuation of properties satisfied by h 2 JFCK h 2 JFCK! h 0 Changing threads in abstract calls and returns to match corresponding requests from client h 0 7! h 00 h 0 ClAct v h 00 ClAct h 0 AbsAct = h 00 AbsAct
50 Verification of Flat Combiners Goal: FC v Rt FC # Construct the set of histories JFCK Code analysis =) State Transition System Individuation of properties satisfied by h 2 JFCK h 2 JFCK! h 0 Changing threads in abstract calls and returns to match corresponding requests from client h 0 7! h 00 h 0 ClAct v h 00 ClAct h 0 AbsAct = h 00 AbsAct Show that h 00 2 JFC # K
51 Contextuality of Up-to Linearisability L in : M! M 0 rearranging this part of a history! L in according to R causes this part of the history to be rearranged according to G R relates sequences of actions belonging to M 0 \ M G relates sequences of actions belonging to M R G -closure: defines how closure properties of library parameters have to be changed when a inner library is instantiated
52 Contextuality of Up-to Linearisability Theorem L 1 L 2, : M 0! M 00 v R L 1 L 2 L in : M! M 0 L in is R G -closed =) R L in v R G
53 Contextuality of Up-to Linearisability Theorem L 1 L 2 L 1 L 2, : M 0! M 00 v R L in : M! M 0 L in is R G -closed =) M 0 \ M 00 = ; ^ M \ M 0 = ; =) ( L 1 L in ) v G ( L 2 L in ) R L in R R G G v G G
54 Contextuality of Up-to Linearisability Theorem L 1 L 2 L 1 L 2, : M 0! M 00 v R L in : M! M 0 L in is R G -closed =) M 0 \ M 00 = ; ^ M \ M 0 = ; =) ( L 1 L in ) v G ( L 2 L in ) R L in R R G G v G G
55 Remarks on Observational Refinement Observational Refinement! =! May-Testing General Linearisability = Histories Inclusion Bonus Slide!
56 Remarks on Observational Refinement Observational Refinement! =! May-Testing General Linearisability = Histories Inclusion So What About Must Testing? Bonus Slide! Gotsman et al. 2012: Liveness Preserving Atomicity Abstraction Observational Refinement for Liveness Properties (1st order) Sound Proof Technique via a Variant of Linearisability Main Observables: calls/returns, divergence, deadlocks It remains to be seen whether the results scale to 2nd order
Parameterised Linearisability
Parameterised Linearisability Andrea Cerone 1, Alexey Gotsman 1, and Hongseok Yang 2 1 IMDEA Software Institute 2 University of Oxford Abstract Many concurrent libraries are parameterised, meaning that
More informationThe State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationA Programming Language Perspective on Transactional Memory Consistency
Hagit Attiya Technion ABSTRACT A Programming Language Perspective on Transactional Memory Consistency Alexey Gotsman IMDEA Software Institute Transactional memory (TM) has been hailed as a paradigm for
More informationAsynchronous Communication 2
Asynchronous Communication 2 INF4140 22.11.12 Lecture 11 INF4140 (22.11.12) Asynchronous Communication 2 Lecture 11 1 / 37 Overview: Last time semantics: histories and trace sets specification: invariants
More informationAbstraction for Concurrent Objects
Abstraction for Concurrent Objects Ivana Filipović, Peter O Hearn, Noam Rinetzky 1, Hongseok Yang Queen Mary University of London, UK Abstract Concurrent data structures are usually designed to satisfy
More informationViews: Compositional Reasoning for Concurrent Programs
Views: Compositional Reasoning for Concurrent Programs Thomas Dinsdale-Young Imperial College td202@doc.ic.ac.uk Lars Birkedal IT University of Copenhagen birkedal@itu.dk Philippa Gardner Imperial College
More informationClojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014
Clojure Concurrency Constructs, Part Two CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014 1 Goals Cover the material presented in Chapter 4, of our concurrency textbook In particular,
More informationModular Termination Verification for Non-blocking Concurrency
Modular Termination Verification for Non-blocking Concurrency Pedro da Rocha Pinto 1, Thomas Dinsdale-Young 2, Philippa Gardner 1, and Julian Sutherland 1 1 Imperial College London pmd09,pg,jhs110@doc.ic.ac.uk
More informationThe L Machines are very high-level, in two senses:
What is a Computer? State of the machine. CMPSCI 630: Programming Languages An Abstract Machine for Control Spring 2009 (with thanks to Robert Harper) Internal registers, memory, etc. Initial and final
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationStates and Actions: An Automata-theoretic Model of Objects
States and Actions: An Automata-theoretic Model of Objects Uday S. Reddy 1 Brian P. Dunphy 2 1 University of Birmingham 2 University of Illinois at Urbana-Champaign Portland, Oct 2011 Uday S. Reddy (Univ
More informationMulticore Semantics and Programming
Multicore Semantics and Programming Peter Sewell Tim Harris University of Cambridge Oracle October November, 2015 p. 1 These Lectures Part 1: Multicore Semantics: the concurrency of multiprocessors and
More informationFormal Avenue for Chasing Metamorphic Malware
Formal Avenue for Chasing Metamorphic Malware Mila Dalla Preda University of Verona, Italy Joint work with Roberto Giacobazzi, Saumya Debray, Arun Lakhotia presented by Isabella Mastroeni CREST, May 30th
More informationProving that programs eventually do something good. Byron Cook
Proving that programs eventually do something good Byron Cook 1 Collaborators Domagoj Babic, Josh Berdine, Aziem Chawdhary, Dino Distefano, Alexey Gotsman, Sumit Gulwani, Alan Hu, Samin Ishtiaq, Eric Koskinen,
More informationAlgorithmic verification
Algorithmic verification Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2018 Outline Overview Model checking Symbolic execution Outline Overview Model checking Symbolic execution Program verification
More informationA Enforceable Security Policies Revisited
A Enforceable Security Policies Revisited DAVID BASIN, ETH Zurich VINCENT JUGÉ, MINES ParisTech FELIX KLAEDTKE, ETH Zurich EUGEN ZĂLINESCU, ETH Zurich We revisit Schneider s work on policy enforcement
More informationProgram Analysis Part I : Sequential Programs
Program Analysis Part I : Sequential Programs IN5170/IN9170 Models of concurrency Program Analysis, lecture 5 Fall 2018 26. 9. 2018 2 / 44 Program correctness Is my program correct? Central question for
More informationDirected Topology and Concurrency Theory.
Directed Topology and Concurrency Theory. Lisbeth Fajstrup Department of Mathematics alborg University Denmark Sapporo 2017 Directed Topology/Concurrency Take home message: Models of concurrency geometry/topology
More informationStatic Program Analysis using Abstract Interpretation
Static Program Analysis using Abstract Interpretation Introduction Static Program Analysis Static program analysis consists of automatically discovering properties of a program that hold for all possible
More informationA Thread Algebra with Multi-level Strategic Interleaving
Theory of Computing Systems manuscript No. (will be inserted by the editor) A Thread Algebra with Multi-level Strategic Interleaving J.A. Bergstra 1,2, C.A. Middelburg 3,1 1 Programming Research Group,
More informationOutline F eria AADL behavior 1/ 78
Outline AADL behavior Annex Jean-Paul Bodeveix 2 Pierre Dissaux 3 Mamoun Filali 2 Pierre Gaufillet 1 François Vernadat 2 1 AIRBUS-FRANCE 2 FéRIA 3 ELLIDIS SAE AS2C Detroit Michigan April 2006 FéRIA AADL
More informationCS 6112 (Fall 2011) Foundations of Concurrency
CS 6112 (Fall 2011) Foundations of Concurrency 29 November 2011 Scribe: Jean-Baptiste Jeannin 1 Readings The readings for today were: Eventually Consistent Transactions, by Sebastian Burckhardt, Manuel
More informationCommunication and Concurrency: CCS
Communication and Concurrency: CCS R. Milner, A Calculus of Communicating Systems, 1980 cours SSDE Master 1 Why calculi? Prove properties on programs and languages Principle: tiny syntax, small semantics,
More informationOn Reducing Linearizability to State Reachability 1
On Reducing Linearizability to State Reachability 1 Ahmed Bouajjani a, Michael Emmi b, Constantin Enea a, Jad Hamza a a LIAFA, Université Paris Diderot b IMDEA Software Institute, Spain Abstract Ecient
More informationProblem. Problem Given a dictionary and a word. Which page (if any) contains the given word? 3 / 26
Binary Search Introduction Problem Problem Given a dictionary and a word. Which page (if any) contains the given word? 3 / 26 Strategy 1: Random Search Randomly select a page until the page containing
More informationMarwan Burelle. Parallel and Concurrent Programming. Introduction and Foundation
and and marwan.burelle@lse.epita.fr http://wiki-prog.kh405.net Outline 1 2 and 3 and Evolutions and Next evolutions in processor tends more on more on growing of cores number GPU and similar extensions
More informationCIS 842: Specification and Verification of Reactive Systems. Lecture Specifications: Specification Patterns
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: Specification Patterns Copyright 2001-2002, Matt Dwyer, John Hatcliff, Robby. The syllabus and all lectures for this
More informationTimed Automata. Semantics, Algorithms and Tools. Zhou Huaiyang
Timed Automata Semantics, Algorithms and Tools Zhou Huaiyang Agenda } Introduction } Timed Automata } Formal Syntax } Operational Semantics } Verification Problems } Symbolic Semantics & Verification }
More informationCS 6110 Lecture 21 The Fixed-Point Theorem 8 March 2013 Lecturer: Andrew Myers. 1 Complete partial orders (CPOs) 2 Least fixed points of functions
CS 6110 Lecture 21 The Fixed-Point Theorem 8 March 2013 Lecturer: Andrew Myers We saw that the semantics of the while command are a fixed point. We also saw that intuitively, the semantics are the limit
More informationCommunicating Parallel Processes. Stephen Brookes
Communicating Parallel Processes Stephen Brookes Carnegie Mellon University Deconstructing CSP 1 CSP sequential processes input and output as primitives named parallel composition synchronized communication
More informationAbstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
More informationCausal Dataflow Analysis for Concurrent Programs
Causal Dataflow Analysis for Concurrent Programs Azadeh Farzan P. Madhusudan Department of Computer Science, University of Illinois at Urbana-Champaign. {afarzan,madhu}@cs.uiuc.edu Abstract. We define
More informationInterface Automata with Complex Actions - Extended Version
Interface Automata with Complex Actions - Extended Version Shahram Esmaeilsabzali Nancy A. Day Farhad Mavaddat David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, Canada
More informationTowards abstract and executable multivariate polynomials in Isabelle
Towards abstract and executable multivariate polynomials in Isabelle Florian Haftmann Andreas Lochbihler Wolfgang Schreiner Institute for Informatics Institute of Information Security RISC TU Munich ETH
More informationLiveness of Communicating Transactions
(joint work with Vasileios Koutavas and Matthew Hennessy) TRINITY COLLEGE DUBLIN COLÁISTE NA TRÍONÓIDE, BAILE ÁTHA CLIATH Dublin Concurrency Workshop 2011 Traditional Transactions Transactions provide
More informationSpeculative Parallelism in Cilk++
Speculative Parallelism in Cilk++ Ruben Perez & Gregory Malecha MIT May 11, 2010 Ruben Perez & Gregory Malecha (MIT) Speculative Parallelism in Cilk++ May 11, 2010 1 / 33 Parallelizing Embarrassingly Parallel
More informationFORMALIZING CONCURRENT STACKS WITH HELPING: A CASE STUDY IN IRIS
FORMALIZING CONCURRENT STACKS WITH HELPING: A CASE STUDY IN IRIS DANIEL GRATZER, MATHIAS HØIER, ALE S BIZJAK, AND LARS BIRKEDAL Abstract. Iris is an expressive higher-order separation logic designed for
More informationSémantique des jeux asynchrones et réécriture 2-dimensionnelle
Sémantique des jeux asynchrones et réécriture 2-dimensionnelle Soutenance de thèse de doctorat Samuel Mimram Laboratoire PPS (CNRS Université Paris Diderot) 1 er décembre 2008 1 / 64 A program is a text
More informationA Short Introduction to Hoare Logic
A Short Introduction to Hoare Logic Supratik Chakraborty I.I.T. Bombay June 23, 2008 Supratik Chakraborty (I.I.T. Bombay) A Short Introduction to Hoare Logic June 23, 2008 1 / 34 Motivation Assertion checking
More informationMonitoring Hyperproperties
none.png Monitoring Hyperproperties Bernd Finkbeiner, Christopher Hahn, Marvin Stenger, and Leander Tentrup Reactive Systems Group, Saarland University, Germany The 17th International Conference on Runtime
More informationA Propositional Dynamic Logic for Instantial Neighborhood Semantics
A Propositional Dynamic Logic for Instantial Neighborhood Semantics Johan van Benthem, Nick Bezhanishvili, Sebastian Enqvist Abstract We propose a new perspective on logics of computation by combining
More informationCS 6110 Lecture 28 Subtype Polymorphism 3 April 2013 Lecturer: Andrew Myers
CS 6110 Lecture 28 Subtype Polymorphism 3 April 2013 Lecturer: Andrew Myers 1 Introduction In this lecture, we make an attempt to extend the typed λ-calculus for it to support more advanced data structures
More informationCommunication and Concurrency: CCS. R. Milner, A Calculus of Communicating Systems, 1980
Communication and Concurrency: CCS R. Milner, A Calculus of Communicating Systems, 1980 Why calculi? Prove properties on programs and languages Principle: tiny syntax, small semantics, to be handled on
More informationEfficient Verification of Multi-Threaded Programs
FAKULTÄT FÜR INFORMATIK DER TECHNISCHEN UNIVERSITÄT MÜNCHEN Master s Thesis in Informatics Efficient Verification of Multi-Threaded Programs Andreas Johannes Wilhelm FAKULTÄT FÜR INFORMATIK DER TECHNISCHEN
More informationBounded Stacks, Bags and Queues
Bounded Stacks, Bags and Queues J.C.M. Baeten 1 and J.A. Bergstra 2,3 1 Department of Mathematics and Computing Science, Eindhoven University of Technology, P.O. Box 513, NL-5600 MB Eindhoven, The Netherlands,
More informationA Uniformization Theorem for Nested Word to Word Transductions
A Uniformization Theorem for Nested Word to Word Transductions Dmitry Chistikov and Rupak Majumdar Max Planck Institute for Software Systems (MPI-SWS) Kaiserslautern and Saarbrücken, Germany {dch,rupak}@mpi-sws.org
More informationTemporal logics and explicit-state model checking. Pierre Wolper Université de Liège
Temporal logics and explicit-state model checking Pierre Wolper Université de Liège 1 Topics to be covered Introducing explicit-state model checking Finite automata on infinite words Temporal Logics and
More informationTowards a Mechanised Denotational Semantics for Modelica
Towards a Mechanised Denotational Semantics for Modelica Simon Foster Bernhard Thiele Jim Woodcock Peter Fritzson Department of Computer Science, University of York PELAB, Linköping University 3rd February
More informationAn Alternative Construction in Symbolic Reachability Analysis of Second Order Pushdown Systems
An Alternative Construction in Symbolic Reachability Analysis of Second Order Pushdown Systems Anil Seth CSE Department, I.I.T. Kanpur, Kanpur 208016, INDIA. seth@cse.iitk.ac.in Abstract. Recently, it
More informationParametric Trace Slicing and Monitoring
Parametric Trace Slicing and Monitoring Grigore Roşu and Feng Chen Department of Computer Science, University of Illinois at Urbana-Champaign {grosu,fengchen}@cs.uiuc.edu Abstract Trace analysis plays
More informationTrace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University
Trace semantics: towards a unification of parallel paradigms Stephen Brookes Department of Computer Science Carnegie Mellon University MFCSIT 2002 1 PARALLEL PARADIGMS State-based Shared-memory global
More informationControl-Flow Residual Analysis for Symbolic Automata
TECHNICAL REPORT Report No. CS2017-01 Date: April 2017 Control-Flow Residual Analysis for Symbolic Automata Shaun Azzopardi Christian Colombo Gordon J. Pace University of Malta Department of Computer Science
More informationAbstraction for Concurrent Objects
Abstraction for Concurrent Objects Ivana Filipović, Peter O Hearn, Noam Rinetzky, and Hongseok Yang Queen Mary University of London, UK Abstract. Concurrent data structures are usually designed to satisfy
More informationMonotonic Abstraction in Parameterized Verification
Monotonic Abstraction in Parameterized Verification Parosh Aziz Abdulla 1 Department of Information Technology Uppsala University Sweden Giorgio Delzanno 2 Dipartimento Informatica e Scienze dell Informazione
More informationChapter 1. Formal Definition and View. Lecture Formal Pushdown Automata on the 28th April 2009
Chapter 1 Formal and View Lecture on the 28th April 2009 Formal of PA Faculty of Information Technology Brno University of Technology 1.1 Aim of the Lecture 1 Define pushdown automaton in a formal way
More information10:00 12:30. Do not open this problem booklet until the start of the examination is announced.
21 I 20 8 26 10:00 12:30 (1),. Do not open this problem booklet until the start of the examination is announced. (2) 4.. Answer the following 4 problems. Use the designated answer sheet for each problem.
More informationOperational semantics for disintegration
Operational semantics for disintegration Chung-chieh Shan (Indiana University) Norman Ramsey (Tufts University) Mathematical Foundations of Programming Semantics 2016-05-25 1 What is semantics for? 1.
More informationProgram Analysis and Verification
Program Analysis and Verification 0368-4479 Noam Rinetzky Lecture 4: Axiomatic Semantics Slides credit: Tom Ball, Dawson Engler, Roman Manevich, Erik Poll, Mooly Sagiv, Jean Souyris, Eran Tromer, Avishai
More informationEfficient Computation of Causal Behavioural Profiles using Structural Decomposition
Efficient Computation of Causal Behavioural Profiles using Structural Decomposition Matthias Weidlich 1, Artem Polyvyanyy 1, Jan Mendling 2, and Mathias Weske 1 1 Hasso Plattner Institute at the University
More informationReasoning About Imperative Programs. COS 441 Slides 10b
Reasoning About Imperative Programs COS 441 Slides 10b Last time Hoare Logic: { P } C { Q } Agenda If P is true in the initial state s. And C in state s evaluates to s. Then Q must be true in s. Program
More informationNontrivial and Universal Helping for Wait-Free Queues and Stacks
Nontrivial and Universal Helping for Wait-Free Queues and Stacks Hagit Attiya 1, Armando Castañeda 2, and Danny Hendler 3 1 Technion 2 UNAM 3 BGU Abstract This paper studies two approaches to formalize
More informationCASPA - A Tool for Symbolic Performance Evaluation and Stochastic Model Checking
CASPA - A Tool for Symbolic Performance Evaluation and Stochastic Model Checking Boudewijn R. Haverkort 1, Matthias Kuntz 1, Martin Riedl 2, Johann Schuster 2, Markus Siegle 2 1 : Universiteit Twente 2
More informationIntelligent Agents. Formal Characteristics of Planning. Ute Schmid. Cognitive Systems, Applied Computer Science, Bamberg University
Intelligent Agents Formal Characteristics of Planning Ute Schmid Cognitive Systems, Applied Computer Science, Bamberg University Extensions to the slides for chapter 3 of Dana Nau with contributions by
More informationModel Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies
Model Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies Tom Henzinger EPFL Three Verification Communities Model checking: -automatic, but inefficient
More informationScalable Asynchronous Gradient Descent Optimization for Out-of-Core Models
Scalable Asynchronous Gradient Descent Optimization for Out-of-Core Models Chengjie Qin 1, Martin Torres 2, and Florin Rusu 2 1 GraphSQL, Inc. 2 University of California Merced August 31, 2017 Machine
More informationBringing class diagrams to life
Bringing class diagrams to life Luis S. Barbosa & Sun Meng DI-CCTC, Minho University, Braga & CWI, Amsterdam UML & FM Workshop 2009 Rio de Janeiro 8 December, 2009 Formal Methods proofs problems structures
More informationEquivalence of dynamical systems by bisimulation
Equivalence of dynamical systems by bisimulation Arjan van der Schaft Department of Applied Mathematics, University of Twente P.O. Box 217, 75 AE Enschede, The Netherlands Phone +31-53-4893449, Fax +31-53-48938
More informationCommunicating Multi-Stack Visibly Pushdown Processes
Communicating Multi-Stack Visibly Pushdown Processes by Davidson Madudu A thesis submitted to the Department of Computer Science in conformity with the requirements for the degree of Master of Science
More informationFlow Interfaces Compositional Abstractions of Concurrent Data Structures. Siddharth Krishna, Dennis Shasha, and Thomas Wies
Flow Interfaces Compositional Abstractions of Concurrent Data Structures Siddharth Krishna, Dennis Shasha, and Thomas Wies Background Verifying programs, separation logic, inductive predicates Verifying
More informationBounded Retransmission in Event-B CSP: a Case Study
Available online at www.sciencedirect.com Electronic Notes in Theoretical Computer Science 280 (2011) 69 80 www.elsevier.com/locate/entcs Bounded Retransmission in Event-B CSP: a Case Study Steve Schneider
More informationValentin Goranko Stockholm University. ESSLLI 2018 August 6-10, of 29
ESSLLI 2018 course Logics for Epistemic and Strategic Reasoning in Multi-Agent Systems Lecture 5: Logics for temporal strategic reasoning with incomplete and imperfect information Valentin Goranko Stockholm
More informationBalancing and Control of a Freely-Swinging Pendulum Using a Model-Free Reinforcement Learning Algorithm
Balancing and Control of a Freely-Swinging Pendulum Using a Model-Free Reinforcement Learning Algorithm Michail G. Lagoudakis Department of Computer Science Duke University Durham, NC 2778 mgl@cs.duke.edu
More informationLecture 11: Generalized Lovász Local Lemma. Lovász Local Lemma
Lecture 11: Generalized Recall We design an experiment with independent random variables X 1,..., X m We define bad events A 1,..., A n where) the bad event A i depends on the variables (X k1,..., X kni
More informationReal Time Operating Systems
Real Time Operating ystems Luca Abeni luca.abeni@unitn.it Interacting Tasks Until now, only independent tasks... A job never blocks or suspends A task only blocks on job termination In real world, jobs
More informationContextual equivalence
Techniques 16/22 ACS L16, lecture 2 4/10 Contextual equivalence Two phrases of a programming language are ( Morris style ) contextually equivalent ( = ctx ) if occurrences of the first phrase in any program
More informationEE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016
EE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016 Discrete Event Simulation Stavros Tripakis University of California, Berkeley Stavros Tripakis (UC Berkeley)
More informationHoare Logic and Model Checking
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the
More informationA framework based on implementation relations for implementing LOTOS specifications
Published in: Computer Networks and ISDN Systems, 25 (1992), 23-41 A framework based on implementation relations for implementing LOTOS specifications Guy Leduc Research Associate of the National Fund
More informationAn Operational Semantics for the Dataflow Algebra. A. J. Cowling
Verification and Testing Research Group, Department of Computer Science, University of Sheffield, Regent Court, 211, Portobello Street, Sheffield, S1 4DP, United Kingdom Email: A.Cowling @ dcs.shef.ac.uk
More informationAn Operational Semantics for Model Checking Long Running Transactions
An Operational Semantics for Model Checking Long Running Transactions Hengbiao Yu, Zhenbang Chen, Ji Wang zbchen@nudt.edu.cn School of Computer, National University of Defense Technology, Changsha, China
More informationSynthesis of Winning Strategies for Interaction under Partial Information
Synthesis of Winning Strategies for Interaction under Partial Information Oberseminar Informatik Bernd Puchala RWTH Aachen University June 10th, 2013 1 Introduction Interaction Strategy Synthesis 2 Main
More informationDenotational semantics
Denotational semantics Semantics and Application to Program Verification Antoine Miné École normale supérieure, Paris year 2015 2016 Course 4 4 March 2016 Course 4 Denotational semantics Antoine Miné p.
More informationType-Based Information Flow Analysis for the Pi-Calculus
Acta Informatica manuscript No. (will be inserted by the editor) Naoki Kobayashi Type-Based Information Flow Analysis for the Pi-Calculus Received: date / Revised: date Abstract We propose a new type system
More informationTechniques. Contextual equivalence
Techniques 16/22 Contextual equivalence Two phrases of a programming language are ( Morris style ) contextually equivalent ( = ctx )if occurrences of the first phrase in any program can be replaced by
More informationLab Course: distributed data analytics
Lab Course: distributed data analytics 01. Threading and Parallelism Nghia Duong-Trung, Mohsan Jameel Information Systems and Machine Learning Lab (ISMLL) University of Hildesheim, Germany International
More informationUpper Bounds on the Time and Space Complexity of Optimizing Additively Separable Functions
Upper Bounds on the Time and Space Complexity of Optimizing Additively Separable Functions Matthew J. Streeter Computer Science Department and Center for the Neural Basis of Cognition Carnegie Mellon University
More informationZone-Based Reachability Analysis of Dense-Timed Pushdown Automata
IT 12 034 Examensarbete 15 hp Juli 2012 Zone-Based Reachability Analysis of Dense-Timed Pushdown Automata Kristiina Ausmees Institutionen för informationsteknologi Department of Information Technology
More informationTIME BOUNDS FOR SHARED OBJECTS IN PARTIALLY SYNCHRONOUS SYSTEMS. A Thesis JIAQI WANG
TIME BOUNDS FOR SHARED OBJECTS IN PARTIALLY SYNCHRONOUS SYSTEMS A Thesis by JIAQI WANG Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements for
More informationConcurrency theory. proof-techniques for syncronous and asynchronous pi-calculus. Francesco Zappa Nardelli. INRIA Rocquencourt, MOSCOVA research team
Concurrency theory proof-techniques for syncronous and asynchronous pi-calculus Francesco Zappa Nardelli INRIA Rocquencourt, MOSCOVA research team francesco.zappa nardelli@inria.fr together with Frank
More informationVerifying Concurrent Programs Against Sequential Specifications
Verifying Concurrent Programs Against Sequential Specifications Ahmed Bouajjani, Michael Emmi, Constantin Enea, and Jad Hamza LIAFA, Université Paris Diderot {abou,mje,cenea,jhamza}@liafa.univ-paris-diderot.fr
More informationTowards a Practical Secure Concurrent Language
Towards a Practical Secure Concurrent Language Stefan Muller and Stephen Chong TR-05-12 Computer Science Group Harvard University Cambridge, Massachusetts Towards a Practical Secure Concurrent Language
More informationIS VALIANT VAZIRANI S ISOLATION PROBABILITY IMPROVABLE? Holger Dell, Valentine Kabanets, Dieter van Melkebeek, and Osamu Watanabe December 31, 2012
IS VALIANT VAZIRANI S ISOLATION PROBABILITY IMPROVABLE? Holger Dell, Valentine Kabanets, Dieter van Melkebeek, and Osamu Watanabe December 31, 2012 Abstract. The Isolation Lemma of Valiant & Vazirani (1986)
More informationAutomated Circular Assume-Guarantee Reasoning with N-way Decomposition and Alphabet Refinement
Automated Circular Assume-Guarantee Reasoning with N-way Decomposition and Alphabet Refinement Karam Abd Elkader 1, Orna Grumberg 1, Corina S. Păsăreanu 2, and Sharon Shoham 3 1 Technion Israel Institute
More informationEE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories. Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo
EE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories 1 Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo Outline: Contracts and compositional methods for system design Where and why using
More informationEnhancing Active Automata Learning by a User Log Based Metric
Master Thesis Computing Science Radboud University Enhancing Active Automata Learning by a User Log Based Metric Author Petra van den Bos First Supervisor prof. dr. Frits W. Vaandrager Second Supervisor
More informationSymbolic Trajectory Evaluation (STE): Orna Grumberg Technion, Israel
Symbolic Trajectory Evaluation (STE): Automatic Refinement and Vacuity Detection Orna Grumberg Technion, Israel Marktoberdort 2007 1 Agenda Model checking Symbolic Trajectory Evaluation Basic Concepts
More informationA Polynomial-Time Algorithm for Checking Consistency of Free-Choice Signal Transition Graphs
Fundamenta Informaticae XX (2004) 1 23 1 IOS Press A Polynomial-Time Algorithm for Checking Consistency of Free-Choice Signal Transition Graphs Javier Esparza Institute for Formal Methods in Computer Science
More informationBilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)
Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft) Jayadev Misra December 18, 2015 Contents 1 Introduction 3 2 Program and Execution Model 4 2.1 Program Structure..........................
More informationVerifying Concurrent Memory Reclamation Algorithms with Grace
Verifying Concurrent Memory Reclamation Algorithms with Grace Alexey Gotsman, Noam Rinetzky, and Hongseok Yang 1 IMDEA Software Institute 2 Tel-Aviv University 3 University of Oxford Abstract. Memory management
More informationAn integration testing method that is proved to find all faults
An integration testing method that is proved to find all faults Florentin Ipate & Mike Holcombe Formal Methods and Software Engineering (FORMSOFT) Group Department of Computer Science University of Sheffield,
More information