Static Application-Level Race Detection in STM Haskell using Contracts

Writing concurrent programs is a hard task, even when using high-level synchronization primitives such as transactional memories together with a functional language with well-controlled side-effects such as Haskell, because the interferences generated by the processes to each other can occur at different levels and in a very subtle way. The problem occurs when a thread leaves or exposes the shared data in an inconsistent state with respect to the application logic or the real meaning of the data. In this paper, we propose to associate contracts to transactions and we define a program transformation that makes it possible to extend static contract checking in the context of STM Haskell. As a result, we are able to check statically that each transaction of a STM Haskell program handles the shared data in a such way that a given consistency property, expressed in the form of a user-defined boolean function, is preserved. This ensures that bad interference will not occur during the execution of the concurrent program.Comment: In Proceedings PLACES 2013, arXiv:1312.2218. [email protected]; [email protected]

Development and update of aerospace applications in partitioned architectures

Tese de mestrado em Engenharia Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011Para enfrentar os desafios e requisitos impostos por missões espaciais futuras, a indústria aeroespacial tem vindo a seguir uma tendência para adoptar arquitecturas computacionais inovadoras e avançadas, cumprindo requisitos estritos de tamanho, peso e consumo energético (SWaP) e assim diminuir o custo total da missão assegurando a segurança na operação e a pontualidade do sistema. A arquitectura AIR (ARINC 653 in Space Real-Time Operating System), desenvolvida para responder ao interesse da indústria aeroespacial, particularmente da Agência Espacial Europeia (ESA), fornece um ambiente compartimentado para o desenvolvimento e execução de aplicações aeroespaciais, seguindo a noção de compartimentação temporal e espacial, preservando os requisitos temporais das aplicações e a segurança na operação. Durante uma missão espacial, a ocorrência de eventos inesperados ou alterações aos planos da missão introduz novas restrições. Assim, é de grande importância ter a possibilidade de alojar novas aplicações na plataforma computacional de veículos espaciais ou modificar aplicações já existentes em tempo de execução e, deste modo, cumprir os novos requisitos ou melhorar as funções do veículo espacial. O presente trabalho introduz na arquitectura AIR o suporte à inclusão e actualização de novas funcionalidades ao plano de missão durante o funcionamento do sistema. Estas funcionalidades podem ser formadas por componentes de software modificados ou pelos requisitos temporais correspondentes. O melhoramento da arquitectura AIR com a possibilidade de realizar actualizações de software requer um ambiente e ferramentas de desenvolvimento adequados. Neste sentido, a metodologia para o desenvolvimento de software em sistemas baseados na arquitectura AIR é revisitada.To face the challenges and requirements imposed by future space missions, the aerospace industry has been following the trend of adopting innovative and advanced computing system architectures fulfilling strict requisites of size, weight and power consumption (SWaP) thus decreasing the mission overall cost and ensuring the safety and timeliness of the system. The AIR (ARINC 653 in Space Real-Time Operating System) architecture has been defined dependent on the interest of the aerospace industry, especially the European Space Agency (ESA). AIR provides a partitioned environment for the development and execution of aerospace applications, based on the idea of time and space partitioning (TSP), aiming the preservation of the application requirements, timing and safety. During a space mission, the occurrence of unexpected events or the change of the mission plans introduces new constraints to the mission. Therefore, it is paramount to have the possibility to host new applications in spacecraft onboard computer platform, or modify the existing ones in execution time, thus fulfilling new requirements or enhancing spacecraft functions. The work described on this thesis introduces in the AIR architecture the support for the inclusion of new features to the mission plan during the system operation. These new features may be composed of modified software components or the corresponding timing requirements. The improvement of the AIR architecture with the ability to perform software updates requires a suitable development environment and tools. Therefore, the methodology for software development in AIR-based systems, regarding the build and integration process, is reexamined

PrIC3: Property Directed Reachability for MDPs

IC3 has been a leap forward in symbolic model checking. This paper proposes PrIC3 (pronounced pricy-three), a conservative extension of IC3 to symbolic model checking of MDPs. Our main focus is to develop the theory underlying PrIC3. Alongside, we present a first implementation of PrIC3 including the key ingredients from IC3 such as generalization, repushing, and propagation

Proceedings of International Workshop "Global Computing: Programming Environments, Languages, Security and Analysis of Systems"

According to the IST/ FET proactive initiative on GLOBAL COMPUTING, the goal is to obtain techniques (models, frameworks, methods, algorithms) for constructing systems that are flexible, dependable, secure, robust and efficient. The dominant concerns are not those of representing and manipulating data efficiently but rather those of handling the co-ordination and interaction, security, reliability, robustness, failure modes, and control of risk of the entities in the system and the overall design, description and performance of the system itself. Completely different paradigms of computer science may have to be developed to tackle these issues effectively. The research should concentrate on systems having the following characteristics: • The systems are composed of autonomous computational entities where activity is not centrally controlled, either because global control is impossible or impractical, or because the entities are created or controlled by different owners. • The computational entities are mobile, due to the movement of the physical platforms or by movement of the entity from one platform to another. • The configuration varies over time. For instance, the system is open to the introduction of new computational entities and likewise their deletion. The behaviour of the entities may vary over time. • The systems operate with incomplete information about the environment. For instance, information becomes rapidly out of date and mobility requires information about the environment to be discovered. The ultimate goal of the research action is to provide a solid scientific foundation for the design of such systems, and to lay the groundwork for achieving effective principles for building and analysing such systems. This workshop covers the aspects related to languages and programming environments as well as analysis of systems and resources involving 9 projects (AGILE , DART, DEGAS , MIKADO, MRG, MYTHS, PEPITO, PROFUNDIS, SECURE) out of the 13 founded under the initiative. After an year from the start of the projects, the goal of the workshop is to fix the state of the art on the topics covered by the two clusters related to programming environments and analysis of systems as well as to devise strategies and new ideas to profitably continue the research effort towards the overall objective of the initiative. We acknowledge the Dipartimento di Informatica and Tlc of the University of Trento, the Comune di Rovereto, the project DEGAS for partially funding the event and the Events and Meetings Office of the University of Trento for the valuable collaboration

An Approach for Minimizing Spurious Errors in Testing ADA Tasking Programs

We propose an approach for detecting deadlocks and race conditions in Ada tasking software. It is based on an extension to Petri net-based techniques, where a concurrent program is modeled as a Petri net and a reachability graph is then derived and analyzed for desired information. In this approach, Predicate-Action subnets representing Ada programming constructs are described, where predicates and actions are attached to transitions. Predicates are those found in decision statements. Actions involve updating the status of the variables that affect the tasking behavior of the program and updating the Read and Write sets of shared variables. The shared variables are those occurring in sections of the program, called concurrency zones, related to the transitions. Modeling of a tasking program is accomplished by using the basic subnets as building blocks in translating only tasking-related statements and connecting them to produce the total Predicate-Action net model augmented with sets of shared variables. An augmented reachability graph is then derived by executing the net model. Deadlocks and race conditions are detected by searching the nodes of this graph. The main advantage offered by this approach is that the Predicate-Action extension of the net leads to pruning infeasible paths in the reachability graph and, thus, reducing the spurious error reports encountered in previous approaches. Also, this approach enables a partial handling of loops in a practical way. Implementation issues are also discussed in the paper

Putting the Semantics into Semantic Versioning

The long-standing aspiration for software reuse has made astonishing strides in the past few years. Many modern software development ecosystems now come with rich sets of publicly-available components contributed by the community. Downstream developers can leverage these upstream components, boosting their productivity. However, components evolve at their own pace. This imposes obligations on and yields benefits for downstream developers, especially since changes can be breaking, requiring additional downstream work to adapt to. Upgrading too late leaves downstream vulnerable to security issues and missing out on useful improvements; upgrading too early results in excess work. Semantic versioning has been proposed as an elegant mechanism to communicate levels of compatibility, enabling downstream developers to automate dependency upgrades. While it is questionable whether a version number can adequately characterize version compatibility in general, we argue that developers would greatly benefit from tools such as semantic version calculators to help them upgrade safely. The time is now for the research community to develop such tools: large component ecosystems exist and are accessible, component interactions have become observable through automated builds, and recent advances in program analysis make the development of relevant tools feasible. In particular, contracts (both traditional and lightweight) are a promising input to semantic versioning calculators, which can suggest whether an upgrade is likely to be safe.Comment: to be published as Onward! Essays 202

RacerD: compositional static race detection

Automatic static detection of data races is one of the most basic problems in reasoning about concurrency. We present RacerD—a static program analysis for detecting data races in Java programs which is fast, can scale to large code, and has proven effective in an industrial software engineering scenario. To our knowledge, RacerD is the first inter-procedural, compositional data race detector which has been empirically shown to have non-trivial precision and impact. Due to its compositionality, it can analyze code changes quickly, and this allows it to perform continuous reasoning about a large, rapidly changing codebase as part of deployment within a continuous integration ecosystem. In contrast to previous static race detectors, its design favors reporting high-confidence bugs over ensuring their absence. RacerD has been in deployment for over a year at Facebook, where it has flagged over 2500 issues that have been fixed by developers before reaching production. It has been important in enabling the development of new code as well as fixing old code: it helped support the conversion of part of the main Facebook Android app from a single-threaded to a multi-threaded architecture. In this paper we describe RacerD’s design, implementation, deployment and impact