43,473 research outputs found
Verification of Shared-Reading Synchronisers
Synchronisation classes are an important building block for shared memory
concurrent programs. Thus to reason about such programs, it is important to be
able to verify the implementation of these synchronisation classes, considering
atomic operations as the synchronisation primitives on which the
implementations are built. For synchronisation classes controlling exclusive
access to a shared resource, such as locks, a technique has been proposed to
reason about their behaviour. This paper proposes a technique to verify
implementations of both exclusive access and shared-reading synchronisers. We
use permission-based Separation Logic to describe the behaviour of the main
atomic operations, and the basis for our technique is formed by a specification
for class AtomicInteger, which is commonly used to implement synchronisation
classes in java.util.concurrent. To demonstrate the applicability of our
approach, we mechanically verify the implementation of various synchronisation
classes like Semaphore, CountDownLatch and Lock.Comment: In Proceedings MeTRiD 2018, arXiv:1806.0933
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity
We present a lightweight approach to Hoare-style specifications for
fine-grained concurrency, based on a notion of time-stamped histories that
abstractly capture atomic changes in the program state. Our key observation is
that histories form a partial commutative monoid, a structure fundamental for
representation of concurrent resources. This insight provides us with a
unifying mechanism that allows us to treat histories just like heaps in
separation logic. For example, both are subject to the same assertion logic and
inference rules (e.g., the frame rule). Moreover, the notion of ownership
transfer, which usually applies to heaps, has an equivalent in histories. It
can be used to formally represent helping---an important design pattern for
concurrent algorithms whereby one thread can execute code on behalf of another.
Specifications in terms of histories naturally abstract granularity, in the
sense that sophisticated fine-grained algorithms can be given the same
specifications as their simplified coarse-grained counterparts, making them
equally convenient for client-side reasoning. We illustrate our approach on a
number of examples and validate all of them in Coq.Comment: 17 page
Completeness for a First-order Abstract Separation Logic
Existing work on theorem proving for the assertion language of separation
logic (SL) either focuses on abstract semantics which are not readily available
in most applications of program verification, or on concrete models for which
completeness is not possible. An important element in concrete SL is the
points-to predicate which denotes a singleton heap. SL with the points-to
predicate has been shown to be non-recursively enumerable. In this paper, we
develop a first-order SL, called FOASL, with an abstracted version of the
points-to predicate. We prove that FOASL is sound and complete with respect to
an abstract semantics, of which the standard SL semantics is an instance. We
also show that some reasoning principles involving the points-to predicate can
be approximated as FOASL theories, thus allowing our logic to be used for
reasoning about concrete program verification problems. We give some example
theories that are sound with respect to different variants of separation logics
from the literature, including those that are incompatible with Reynolds's
semantics. In the experiment we demonstrate our FOASL based theorem prover
which is able to handle a large fragment of separation logic with heap
semantics as well as non-standard semantics.Comment: This is an extended version of the APLAS 2016 paper with the same
titl
All-Path Reachability Logic
This paper presents a language-independent proof system for reachability
properties of programs written in non-deterministic (e.g., concurrent)
languages, referred to as all-path reachability logic. It derives
partial-correctness properties with all-path semantics (a state satisfying a
given precondition reaches states satisfying a given postcondition on all
terminating execution paths). The proof system takes as axioms any
unconditional operational semantics, and is sound (partially correct) and
(relatively) complete, independent of the object language. The soundness has
also been mechanized in Coq. This approach is implemented in a tool for
semantics-based verification as part of the K framework (http://kframework.org
Malleable Constitutions: Reflections on State Constitutional Reform
While the U.S. Constitution is difficult to amend, most states constitutions are much easier to amend. This essay explores the implications of easily amended constitutions on the nature and quality of government. Theoretically, malleable constitutions can be more innovative and responsive to changes in society; however, they also are more likely to become another venue in which interest-group policy conflicts are played out and less likely to reflect serious deliberation among both government officials and voters. Highly stable constitutions can provide more durable protection of individual rights and other benefits based on the stability of government institutions. Our review of the experiences of state governance under malleable constitutions concludes that states can capture the benefits of both stability and malleability, and thereby improve their quality of constitutional governance, by establishing a brighter line between easy to accomplish amendments and more difficult to accomplish constitutional revisions and replacements. In particular, we recommend that constitutional provisions that establish individual political and human rights should be changed only through the revision process, while provisions about the details of governance institutions should be subject to change by an easier amendment process.Constitutional Reform, Government Stability, Human Rights
Permission-Based Separation Logic for Multithreaded Java Programs
This paper presents a program logic for reasoning about multithreaded
Java-like programs with dynamic thread creation, thread joining and reentrant
object monitors. The logic is based on concurrent separation logic. It is the
first detailed adaptation of concurrent separation logic to a multithreaded
Java-like language. The program logic associates a unique static access
permission with each heap location, ensuring exclusive write accesses and
ruling out data races. Concurrent reads are supported through fractional
permissions. Permissions can be transferred between threads upon thread
starting, thread joining, initial monitor entrancies and final monitor exits.
In order to distinguish between initial monitor entrancies and monitor
reentrancies, auxiliary variables keep track of multisets of currently held
monitors. Data abstraction and behavioral subtyping are facilitated through
abstract predicates, which are also used to represent monitor invariants,
preconditions for thread starting and postconditions for thread joining.
Value-parametrized types allow to conveniently capture common strong global
invariants, like static object ownership relations. The program logic is
presented for a model language with Java-like classes and interfaces, the
soundness of the program logic is proven, and a number of illustrative examples
are presented
- …