An introduction to RGSep. Viktor Vafeiadis

Similar documents
Proving That Non-Blocking Algorithms Don t Block

Verifying Semantic of System Composition for an Aspect-Oriented Approach

Reasoning about Optimistic Concurrency Using a Program Logic for History

Specification and Analysis of Contracts Lecture 1 Introduction

Formal Verification and Linear-time Model Checking

Software Engineering Techniques

Rigorous Software Development CSCI-GA

CHAPTER 7 GENERAL PROOF SYSTEMS

3 Extending the Refinement Calculus

Algorithmic Software Verification

VDM vs. Programming Language Extensions or their Integration

Concurrent Programming

Logic in general. Inference rules and theorem proving

Using UML Part Two Behavioral Modeling Diagrams

Loop Invariants and Binary Search

CS510 Software Engineering

David Dye. Extract, Transform, Load

Inter-process Buffers in Separation Logic with Rely-Guarantee

MEN'S FASHION UK Items are ranked in order of popularity.

Sofware Requirements Engineeing

Modular Verification of Preemptive OS Kernels

Traffic Engineering Management Concepts

Regression Verification: Status Report

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Software testing. Objectives

PL/SQL Practicum #2: Assertions, Exceptions and Module Stability

Kirsten Sinclair SyntheSys Systems Engineers

Design Patterns in C++

Concurrency control. Concurrency problems. Database Management System

Software-platform-independent, Precise Action Specifications for UML. Stephen J. Mellor. Project Technology, Inc.

CSE 880. Advanced Database Systems. Active Database Design Issues

Transactions and ACID in MongoDB

Overview of Scalable Distributed Database System SD-SQL Server

Views: Compositional Reasoning for Concurrent Programs

How To Write A Test Engine For A Microsoft Microsoft Web Browser (Php) For A Web Browser For A Non-Procedural Reason)

Patterns of Information Management

DataBlitz Main Memory DataBase System

CASE STUDY: Oracle TimesTen In-Memory Database and Shared Disk HA Implementation at Instance level. -ORACLE TIMESTEN 11gR1

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

Revolutionized DB2 Test Data Management

A Case for Static Analyzers in the Cloud (Position paper)

Java SE 7 Programming

Static Program Transformations for Efficient Software Model Checking

Java SE 7 Programming

Simple Loop Patterns and Rich Loop Invariants

Java SE 7 Programming

Experience of so-ware engineers using TLA+, PlusCal and TLC

Introduction to Logic in Computer Science: Autumn 2006

SQL INJECTION ATTACKS By Zelinski Radu, Technical University of Moldova

PROPERTECHNIQUEOFSOFTWARE INSPECTIONUSING GUARDED COMMANDLANGUAGE

Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

ABET General Outcomes. Student Learning Outcomes for BS in Computing

Applications of formal verification for secure Cloud environments at CEA LIST

Hagit Attiya and Eshcar Hillel. Computer Science Department Technion

Professional Organization Checklist for the Computer Science Curriculum Updates. Association of Computing Machinery Computing Curricula 2008

Section of DBMS Selection & Evaluation Questionnaire

Introduction to Parallel and Distributed Databases

Chapter 19. Activity Diagrams

Validated Templates for Specification of Complex LTL Formulas

Lecture Notes on Linear Search

Oracle9i Data Guard: SQL Apply Best Practices. An Oracle White Paper September 2003

Java Bit Torrent Client

Smallfoot: Modular Automatic Assertion Checking With Separation Logic

Completing the Big Data Ecosystem:

A Comparison Of Shared Memory Parallel Programming Models. Jace A Mogill David Haglin

FIPA agent based network distributed control system

SSC - Concurrency and Multi-threading Java multithreading programming - Synchronisation (I)

logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?

10426: Large Scale Project Accounting Data Migration in E-Business Suite

Trust but Verify: Authorization for Web Services. The University of Vermont

Shared Parallel File System

2 nd Semester 2008/2009

TOWARDS AN AUTOMATED HEALING OF 3D URBAN MODELS

Model Checking based Software Verification

DIRECT PH.D. (POST B.S.) IN COMPUTER SCIENCE PROGRAM

REAL TERRACOTTA. Real-world scalability patterns with Terracotta. SERGIO BOSSA Pro-Netics / Sourcesense

R214 SPECIFIC REQUIREMENTS: INFORMATION TECHNOLOGY TESTING LABORATORY ACCREDITATION PROGRAM

CORBA and object oriented middleware. Introduction

The Classes P and NP

Online, Asynchronous Schema Change in F1

Software Modeling and Verification

Chapter 10: Distributed DBMS Reliability

Pattern Insight Clone Detection

In Memory Accelerator for MongoDB

A Systematic Approach. to Parallel Program Verication. Tadao TAKAOKA. Department of Computer Science. Ibaraki University. Hitachi, Ibaraki 316, JAPAN

IoT Security Platform

On the Relation between Design Contracts and Errors: A Software Development Strategy

Recovery System C H A P T E R16. Practice Exercises

Foundational Proof Certificates

Model Checking: An Introduction

How To Cluster Of Complex Systems

Artificial Intelligence

(LMCS, p. 317) V.1. First Order Logic. This is the most powerful, most expressive logic that we will examine.

Chapter 15 Basics of Functional Dependencies and Normalization for Relational Databases

Ambientes de Desenvolvimento Avançados

Boogie: A Modular Reusable Verifier for Object-Oriented Programs

A Note on Context Logic

How To Write A Program Verification And Programming Book

MPI and Hybrid Programming Models. William Gropp

Operatin g Systems: Internals and Design Principle s. Chapter 10 Multiprocessor and Real-Time Scheduling Seventh Edition By William Stallings

Transcription:

An introduction to RGSep Viktor Vafeiadis

Example: lock-coupling list 2 3 5 7 11 13 There is one lock per node; threads acquire locks in a hand over hand fashion. If a node is locked, we can insert a node just after it. If two adjacent nodes are locked, we can remove the second.

Example: lock-coupling list 2 3 5 7 11 13 There is one lock per node; threads acquire locks in a hand over hand fashion. If a node is locked, we can insert a node just after it. If two adjacent nodes are locked, we can remove the second.

Example: lock-coupling list 2 3 5 7 11 13 There is one lock per node; threads acquire locks in a hand over hand fashion. If a node is locked, we can insert a node just after it. If two adjacent nodes are locked, we can remove the second.

Example: lock-coupling list 2 3 5 7 11 13 There is one lock per node; threads acquire locks in a hand over hand fashion. If a node is locked, we can insert a node just after it. If two adjacent nodes are locked, we can remove the second.

Example: lock-coupling list 2 3 5 7 11 13 There is one lock per node; threads acquire locks in a hand over hand fashion. If a node is locked, we can insert a node just after it. If two adjacent nodes are locked, we can remove the second.

Example: lock-coupling list 2 3 5 7 11 13 There is one lock per node; threads acquire locks in a hand over hand fashion. If a node is locked, we can insert a node just after it. If two adjacent nodes are locked, we can remove the second.

Example: lock-coupling list 2 3 5 7 11 13 There is one lock per node; threads acquire locks in a hand over hand fashion. If a node is locked, we can insert a node just after it. If two adjacent nodes are locked, we can remove the second.

Example: lock-coupling list 2 3 5 7 11 13 There is one lock per node; threads acquire locks in a hand over hand fashion. If a node is locked, we can insert a node just after it. If two adjacent nodes are locked, we can remove the second.

Operations (actions) Lock-coupling list Lock Unlock Add node Delete node

Part I. Basic concepts Local & shared state Actions Program & environment Program specifications Stability

Local & shared state The total state is logically divided into two components: Shared: accessible by all threads via synchronisation Local: accessible only by one thread, its owner Shared 2 3 5 7 11 13 Local 6 Figure. State of the lock-coupling list just before inserting a new node. The node to be added is local because other threads cannot yet access it.

Actions (1/3) Actions describe minimal atomic changes to the shared state. Lock Unlock An action allows any part of the shared state that satisfies the LHS to be changed to a part satisfying the RHS, but the rest of the shared state must not be changed.

Actions (2/3) Actions can also adjust the boundary between local state and stared state. This is also known as tranfer of ownership. Add node This node becomes shared. Delete node This node becomes local.

Actions (3/3) Example: Lock coupling list Shared 2 3 5 7 11 13 Local 6 Add node

Actions (3/3) Example: Lock coupling list Shared 2 3 5 7 11 13 6 Local Add node

Actions (3/3) Example: Lock coupling list Shared 2 3 5 7 11 13 6 Local Lock node

Actions (3/3) Example: Lock coupling list Shared 2 3 5 7 11 13 6 Local Lock node

Actions (3/3) Example: Lock coupling list Shared 2 3 5 7 11 13 6 Local Delete node

Actions (3/3) Example: Lock coupling list Shared 2 3 5 7 11 13 Local 6 Delete node

Actions (3/3) Example: Lock coupling list Shared 2 3 5 7 11 13 Local 6 Now, the node is local; we can safely dispose it.

Actions (3/3) Example: Lock coupling list Shared 2 3 5 7 11 13 Local Now, the node is local; we can safely dispose it.

Program & environment Program: the current thread being verified. Environment: all other threads of the system that execute in parallel with the thread being verified. Interference. The program interferes with the environment by modifying the shared state. Conversely, the environment interferes with the program by modifying the shared state.

Program specifications The specification of a program consists of two assertions (precondition & postcondition), and two sets of actions: Rely: Describes the interference that the program can tolerate from the environment; i.e. specifies how the environment can change the shared state. Guarantee: Describes the interference that the program imposes on its environment; i.e. specifies how the program can change the shared state.

Stability (1/2) Definition. An assertion is stable if and only if it is preserved under interference by other threads. Example 1. The following assertion is not stable. 2 3 5 7 11 13 A A For instance, another thread could remove node 3 or add a node after node 11.

Stability (1/2) Definition. An assertion is stable if and only if it is preserved under interference by other threads. Example 1. The following assertion is not stable. 2 5 7 11 13 A A For instance, another thread could remove node 3 or add a node after node 11.

Stability (1/2) Definition. An assertion is stable if and only if it is preserved under interference by other threads. Example 1. The following assertion is not stable. 2 5 7 11 13 A For instance, another thread could remove node 3 or add a node after node 11. A 12

Stability (2/2) Example 2. The following assertion, however, is stable. A 5 A 7 Lock B Unlock B

Stability (2/2) Example 2. The following assertion, however, is stable. A 5 A 7 Add node B B Delete node B B B

Part II. Program logic Syntax & semantics of assertions Syntax & semantics of actions Syntax & semantics of judgements Some proof rules Checking stability

Assertion syntax Separation Logic Extended logic P, Q ::= false emp e = e e e x. P P Q P Q P Q h SL P Q h SL (P Q) h. (h SL P ) (h h SL Q) p, q ::= P P p q p q p q x. p x. p local shared

Assertion semantics l, s P l SL P l, s P l = (s SL P ) l, s p 1 p 2 l 1, l 2. (l = l 1 l 2 ) (l 1, s p 1 ) (l 2, s p 2 ) Split local state; share global state.

Actions x 0, v, t x tid, v, t x tid, v, t x 0, v, t x tid, v, t x tid, v, y y 0, v, t x tid, v, y y tid, v, t x tid, v, t

Judgements C sat (p, R, G, q) (precondition, rely, guarantee, postcondition)

Parallel rule C 1 sat (p 1, R G 2, G 1, q 1 ) C 2 sat (p 2, R G 1, G 2, q 2 ) (C 1 C 2 ) sat (p 1 p 2, R, G 1 G 2, q 1 q 2 ) Splits local state; Shares global state.

Atomic commands p, q stable under R (atomic C) sat (p,, G, q) (atomic C) sat (p, R, G, q) P 2, Q 2 precise (P 2 Q 2 ) G C sat ( (P 1 P 2,,, Q 1 Q 2 ) (atomic C) sat P 1 P 2 F,, G, Q 1 Q 2 F ) Local state Shared state

Stability S stable under P Q iff ((P S) Q) S

The End Further topics: Automation (SmallfootRG) Local guards & provided clauses Modular reasoning about memory allocators Proving linearisability of concurrent algorithms

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information