344 research outputs found
A Machine-Checked, Type-Safe Model of Java Concurrency : Language, Virtual Machine, Memory Model, and Verified Compiler
The Java programming language provides safety and security guarantees such as type safety and its security architecture. They distinguish it from other mainstream programming languages like C and C++. In this work, we develop a machine-checked model of concurrent Java and the Java memory model and investigate the impact of concurrency on these guarantees. From the formal model, we automatically obtain an executable verified compiler to bytecode and a validated virtual machine
All Linear-Time Congruences for Familiar Operators
The detailed behaviour of a system is often represented as a labelled
transition system (LTS) and the abstract behaviour as a stuttering-insensitive
semantic congruence. Numerous congruences have been presented in the
literature. On the other hand, there have not been many results proving the
absence of more congruences. This publication fully analyses the linear-time
(in a well-defined sense) region with respect to action prefix, hiding,
relational renaming, and parallel composition. It contains 40 congruences. They
are built from the alphabet, two kinds of traces, two kinds of divergence
traces, five kinds of failures, and four kinds of infinite traces. In the case
of finite LTSs, infinite traces lose their role and the number of congruences
drops to 20. The publication concentrates on the hardest and most novel part of
the result, that is, proving the absence of more congruences
Process algebra with conditionals in the presence of epsilon
In a previous paper, we presented several extensions of ACP with conditional
expressions, including one with a retrospection operator on conditions to allow
for looking back on conditions under which preceding actions have been
performed. In this paper, we add a constant for a process that is only capable
of terminating successfully to those extensions of ACP, which can be very
useful in applications. It happens that in all cases the addition of this
constant is unproblematic.Comment: 41 page
Specification and verification issues in a process language
PhD ThesisWhile specification formalisms for reactive concurrent systems are now reasonably
well-understood theoretically, they have not yet entered common, widespread
design practice. This motivates the attempt made in this work to enhance the
applicability of an important and popular formal framework: the CSP language,
endowed with a failure-based denotational semantics and a logic for describing
failures of processes.
The identification of behaviour with a set of failures is supported by a convincing
intuitive reason: processes with different failures can be distinguished by easily
realizable experiments. But, most importantly, many interesting systems can be
described and studied in terms of their failures. The main technique employed
for this purpose is a logic in which process expressions are required to satisfy an
assertion with each failure of the behaviour they describe. The theory of complete
partial orders, with its elegant treatment of recursion and fixpoint-based verification,
can be applied to this framework. However, in spite of the advantages
illustrated, the practical applicability of standard failure semantics is impaired by
two weaknesses.
The first is its inability to describe many important systems, constructed by
connecting modules that can exchange values of an infinite set across ports invisible
to the environment. This must often be assumed for design and verification
purposes (e.g. for the many protocols relying upon sequence numbers to cope with
out-of-sequence received messages). Such a deficiency is due to the definition of the
hiding operator in standard failure semantics. This thesis puts forward a solution
based on an interesting technical result about infinite sets of sequences.
Another difficulty with standard failure semantics is its treatment of divergence,
the phenomenon in which some components of a system interact by performing
an infinite, uninterrupted sequence of externally invisible actions. Within failure
semantics, divergence cannot be abstracted from on the basis of the implicit fairness
assumption that, if there is a choice leading out of divergence, it will eventually
be made. This 'fair abstraction' is essential for the verification of many important
systems, including communication protocols. The solution proposed in this thesis is
an extended failure semantics which records refused traces, rather than just actions.
Not only is this approach compatible with fair abstraction, but it also permits, like
ordinary failure semantics, verification in a compositional calculus with fixpoint
induction. Rather interestingly, these results can be obtained outside traditional
fixpoint theory, which cannot be applied in this case. The theory developed is
based on the novel notion of 'trace-based' process functions. These can be shown to
possess a particular fixpoint that, unlike the least fixpoint of traditional treatments,
is compatible with fair abstraction. Moreover, they form a large class, sufficient to
give a compositional denotational semantics to a useful eSP-like process language.
Finally, a logic is proposed in which the properties of a process' extended failures
can be expressed and analyzed; the methods developed are applied to the
verification of two example communication protocols: a toy one and a large case
study inspired by a real transport protocol
- …