An Approach for Minimizing Spurious Errors in Testing ADA Tasking Programs

We propose an approach for detecting deadlocks and race conditions in Ada tasking software. It is based on an extension to Petri net-based techniques, where a concurrent program is modeled as a Petri net and a reachability graph is then derived and analyzed for desired information. In this approach, Predicate-Action subnets representing Ada programming constructs are described, where predicates and actions are attached to transitions. Predicates are those found in decision statements. Actions involve updating the status of the variables that affect the tasking behavior of the program and updating the Read and Write sets of shared variables. The shared variables are those occurring in sections of the program, called concurrency zones, related to the transitions. Modeling of a tasking program is accomplished by using the basic subnets as building blocks in translating only tasking-related statements and connecting them to produce the total Predicate-Action net model augmented with sets of shared variables. An augmented reachability graph is then derived by executing the net model. Deadlocks and race conditions are detected by searching the nodes of this graph. The main advantage offered by this approach is that the Predicate-Action extension of the net leads to pruning infeasible paths in the reachability graph and, thus, reducing the spurious error reports encountered in previous approaches. Also, this approach enables a partial handling of loops in a practical way. Implementation issues are also discussed in the paper

Graph models for reachability analysis of concurrent programs

Reachability analysis is an attractive technique for analysis of concurrent programs because it is simple and relatively straightforward to automate, and can be used in conjunction with model-checking procedures to check for application-specific as well as general properties. Several techniques have been proposed differing mainly on the model used; some of these propose the use of flowgraph based models, some others of Petri nets.This paper addresses the question: What essential difference does it make, if any, what sort of finite-state model we extract from program texts for purposes of reachability analysis? How do they differ in expressive power, decision power, or accuracy? Since each is intended to model synchronization structure while abstracting away other features, one would expect them to be roughly equivalent.We confirm that there is no essential semantic difference between the most well known models proposed in the literature by providing algorithms for translation among these models. This implies that the choice of model rests on other factors, including convenience and efficiency.Since combinatorial explosion is the primary impediment to application of reachability analysis, a particular concern in choosing a model is facilitating divide-and-conquer analysis of large programs. Recently, much interest in finite-state verification systems has centered on algebraic theories of concurrency. Yeh and Young have exploited algebraic structure to decompose reachability analysis based on a flowgraph model. The semantic equivalence of graph and Petri net based models suggests that one ought to be able to apply a similar strategy for decomposing Petri nets. We show this is indeed possible through application of category theory

A Petri Net-Based Tool for Detecting Deadlocks and Race Conditions in Concurrent Programs

A static analysis tool for detecting deadlocks and potential race conditions on shared variables in concurrent programs is presented. It is based on Petri Net modeling and reachability analysis, where a concurrent program is modeled as an augmented Petri net and a reachability graph is then derived and analyzed for desired information. Place-Transition subnets representing programming language constructs are described. Transitions in these subnets are augmented with sets of shared variables that occur in sections of the program, called concurrency zones, related to the transitions. The tool consists of four modules. The modeling module employs the augmented subnets as building blocks in translating only the synchronization-related statements of a concurrent program and connects the subnets to yield the total model. The second module produces an augmented reachability graph for the augmented Petri net. The analyzer module searches the augmented reachability graph for deadlocks, race conditions and other useful analysis information requested by the user about the underlying program. The user interface is provided by an X-window based module. Ada is used as a representative of concurrent languages that adopt the rendezvous model of interprocess communication and synchronization. The validation of the tool, its applicability and limitations are also discussed

A Colored Petri Net-Based Approach for Automated Deadlock Detection in Parallel Programs

A static analysis approach is proposed for automated detection of deadlocks in a common class of parallel programs, referred to as Single Code Multiple Data (SCMD) programs. It is based on colored Petri net (CP-net) modeling and reachability analysis, where colors correspond to parallel processes. An SCMD program is first translated into a CP-net and a reachability tree is then derived and analyzed for deadlock information. CP-subnets representing basic programming language constructs are described. These subnets are employed as building blocks by an algorithm that translates synchronization-related statements of a process in an SCMD program and connects the resulting subnets. The connection technique makes use of the characteristics of SCMD programs to produce a unified and folded CP-net model. These characteristics are also used to introduce a notion, referred to as poset-covering, that leads to a reduced reachability tree for the Cp-net. The usual algorithm for generating and analyzing reachability trees of CP-nets is modified by including poset-covering and excluding notions that are irrelevant to our application. The compactness of the CP-net model and the reachability tree makes the proposed approach appealing for practical implementation

Topological analysis of metabolic and regulatory networks by decomposition methods

Die lebenden Organismen sind für eine wissenschaftliche Analyse zu kompliziert, wenn man sie als Ganzes und in ihrer vollen Komplexität betrachtet. Die vorliegende Arbeit behandelt die topologischen Eigenschaften von zwei wichtigen Teilen der lebenden Organismen: die metabolischen und die regulatorischen Systeme. Topolgische Eigenschaften sind solche, die durch die Netwerkstruktur bedingt werden. Ein Signalsystem ist eine spezielle Art von regulatorischem System. Zwischen den metabolischen und Signalnetzen gibt es wichtige Unterschiede, die ihre Behandlung in unterschiedlicher Weise erfordert. In der metabolischen Pfadanalyse ist das Konzept der elementaren Flussmoden bereits als ein passendes Instrument für die Charakterisierung der einfachsten essentiellen Wege in biochemischen Systemen etabliert. Wir untersuchen die Eigenschaften und Vorteile dieses Konzepts in einigen besonderen Fällen. Zuerst untersuchen wir die vielfach vorkommenden Enzyme mit niedriger Spezifität (z.B. Nukleosiddiphosphokinase, Uridinkinase, Transketolase, Transaldolase). Sie können parallel verschiedene Substrate und Produkte umwandeln. Auch die Enzym-Mechanismen sind vielfältig, wie wir mit dem Reaktionsschema für bifunktionelle Enzyme veranschaulichen. Wir betrachten dabei nur den Fall, dass ein bestimmtes aktives Zentrum mehrere Reaktionen katalysiert. Der Fall, dass das studierte Enzym mehrere solche aktiven Zentren hat, kann in den Fall mehrerer Enzyme transformiert werden, die nur ein aktives Zentrum haben. Wenn eine Krankheit das Ausgangsenzym ändert, werden dann in der Analyse auch alle ersetzenden Enzyme geändert. Es gibt zwei unterschiedliche Betrachtungsweisen, um multifunktionelle Enzyme zu beschreiben. Zum einen kann man die Gesamtreaktionen betrachten und zum anderen die elementaren Reaktionsschritte (Hemireaktionen, Halbreaktionen). Für Enzyme mit zwei oder mehr Funktionen ist es wichtig, nur linear unabhängige Funktionen zu betrachten, weil sonst zyklische elementare Moden auftreten würden, die keine Nettoumwandlung durchführen. Jedoch ist die Wahl der linear unabhängigen Funktionen nicht a priori eindeutig. Wir stellen eine Methode für das Treffen dieser Wahl vor, indem wir die konvexe Basis des Hemireaktions-Systems betrachten. Eine formale Anwendung des Algorithmus für das Berechnen der elementaren Flussmoden (Routen) erbringt das Resultat, dass die Zahl solcher Moden manchmal vom Niveau der Beschreibung abhängt, wenn einige Reaktionen reversibel sind und die Produkte der multifunktionellen Enzyme externe Metabolite sind, oder einige multifunktionelle Enzyme zum Teil die gleichen Stoffwechselprodukte umwandeln. Jedoch kann dieses Problem durch eine geeignete Deutung der Definition der elementaren Moden und die korrekte Wahl der unabhängigen Funktionen der Multifunktionsenzyme gelöst werden. Die Analyse wird durch einige kleinere Beispiele und ein größeres biochemisches Beispiel veranschaulicht, das aus dem Nukleotidmetabolismus stammt und die zwei Arten der Beschreibung für Nukleosiddiphosphokinase und Adenylatekinase vergleicht. Der Nukleotidmetabolismus spielt eine wichtige Rolle in lebenden Organismen und ist gegenüber allen möglichen Störungen in seiner internen Balance sehr empfindlich. Gefährliche Krankheiten können auftreten, wenn einige Enzyme nicht richtig funktionieren. Mit Hilfe des Konzeptes des elementaren Flussmodus erklären wir das Auftreten und den Schweregrad von Krankheiten, die auf Enzymdefizienzen basieren. Wenn ein Enzym vollständig gehemmt wird, werden einige metabolische Wege blockiert. Wenn jedoch einige alternative Wege noch bestehen, ist die Krankheit weniger gefährlich. Unsere Analyse ist darauf gerichtet, alternative Wege, wesentliche Enzyme und solche Enzyme, die immer zusammenarbeiten zu finden. Der letzte Begriff ist auch als "Enzyme subset" bekannt und stellt einen intermediären Schritt im Algorithmus zur Berechnung der elementaren Flussmoden dar. Wir diskutieren bereits bekannte und bisher nur hypothetische Mechanismen einiger Krankheiten (proliferative Krankheiten, Immundefizienzen), die auf Störungen des Nukleotidmetabolismus oder seiner Ausbeutung durch Viren und Parasiten beruhen. Die meisten Strategien, die für das Bekämpfen solcher Krankheiten eingesetzt werden, basieren auf der Unterbrechung des Nukleotidmetabolismus an bestimmten Stellen. Diese Strategien können aber auch zur Akkumulation toxischer Stoffe führen und dadurch Nebenwirkungen hervorrufen. Deswegen hilft ein besseres Verständnis dieses Systems, wirkungsvollere Medikamente zu entwickeln, und eine gute strukturelle Analyse kann viele experimentelle Bemühungen ersparen. Konzepte aus der Theorie der Petri-Netze liefern zusätzliche Werkzeuge für das Modellieren metabolischer Netzwerke. In Kapitel 4 werden die ähnlichkeiten zwischen einigen Konzepten in der traditionellen biochemischen Modellierung und analogen Konzepten aus der Petri-Netztheorie besprochen. Zum Beispiel entspricht die stochiometrische Matrix eines metabolischen Netzwerkes der Inzidenzmatrix des Petri-Netzes. Die Flussmoden und die Erhaltungs-Relationen haben die T-Invarianten beziehungsweise P-Invarianten als Gegenstücke. Wir decken die biologische Bedeutung einiger weiterer Begriffe aus der Theorie der Petri-Netze auf, nämlich "traps", "{siphons", "deadlocks" und "Lebendigkeit". Wir konzentrieren uns auf der topologischen Analyse anstatt auf die Analyse des dynamischen Verhaltens. Die geeignete Behandlung der externen Stoffwechselprodukte wird ebenfalls besprochen. Zur Illustration werden einige einfache theoretische Beispiele vorgestellt. Außerdem werden einige Petri-Netze präsentiert, die konkreten biochemischen Netzen entsprechen, um unsere Resultate zu belegen. Zum Beispiel wird die Rolle der Triosephosphatisomerase (TPI) im Metabolismus von Trypanosoma brucei ausgewertet, indem "traps" und "siphons" ermittelt werden. Alle behandelten Eigenschaften von Petri-Netzen werden anhand eines Systems illustriert, das aus dem Nukleotidmetabolismus stammt. Während viele Bemühungen für das Zerlegen metabolischer Systeme, (elementare Flußmoden, extreme Wege) erfolgt sind, sind bisher unseres Wissens keine Versuche in dieser Richtung für Signalübertragungssysteme unternommen worden. Eine spezielle Eigenschaft von Signalnetzwerken in lebenden Zellen ist, dass Aktivierungen, Hemmungen und biochemische Reaktionen normalerweise gleichzeitig anwesend sind. Selbst wenn sie nicht Reaktionen enthalten, machen Mehrfach-Aktivierungen oder Mehrfach-Hemmungen die Netzwerke in hohem Grade verzweigt. Es ist eine schwierige und sehr zeitraubende Aufgabe, alle Faktoren, die einen Einfluss auf ein gegebenes Ziel haben, ohne eine automatische Methode zu ermitteln. Bereits in Kapitel 1 heben wir die ähnlichkeiten und Unterschiede zwischen den metabolischen und Signal-Netzwerken hervor. In Kapitel 5 errichten wir einen Rahmen und präsentieren einen Algorithmus für die Zerlegung von Signalnetzwerken in kleinere Einheiten, die einfacher zu studieren und zu verstehen sind. Zwei Fälle werden untersucht: ein einfacheres, wenn nur monomolekulare Aktivierungen oder Reaktionen anwesend sind, und ein komplizierterer Fall, wenn die Aktivierungen und die Reaktionen multimolekular sein können. Ihre Beschreibung erfordert unterschiedliche Methoden: klassische Graphen bzw. Petrinetze. Wir besprechen die Probleme, die in unserem Modell wegen des Vorhandenseins von Hemmungen oder von unbekannten Effekten im Netz auftreten. Der vorgeschlagene Algorithmus ermittelt die Faktoren, die zusammenwirken und die Zielsubstanzen, die auf dem gleichen Weg beeinflusst werden. Die Zyklen, die im System auftreten, und mögliche fehlende Reaktionen werden ebenfalls ermittelt . Theoretische Beispiele veranschaulichen unsere Resultate. Anhand der T-Zell-Antigen-Rezeptor-Signalkaskade zeigen wir, wie die Methoden in realen Systemen angewendet werden können.The living organisms are too complex when considering them as a whole. The present thesis deals with the topological properties of two important parts of living organisms: the metabolic and the regulatory systems. The topological properties are those features that are determined by the network structure. A classification in metabolic and regulatory systems is often used. A signalling system is a special kind of regulatory system. Between metabolic and signalling networks, there are important differences that impose their treatment in different ways. In metabolic pathway analysis, the elementary flux mode concept is already established as a proper tool for identifying the smallest essential routes in biochemical systems. We examine its features and advantages in some particular cases. Firstly, many enzymes operate with low specificity (e.g. nucleoside diphosphokinase, uridine kinase, transketolase, transaldolase), so that various substrates and products can be converted. Also the enzymatic mechanisms are diverse, as we have illustrated with reaction schemes for bifunctional enzymes. Therefore, there are two different approaches to describe multifunctional enzymes (We considered only the case when a certain active site hosts several reactions. The case when the studied enzyme has several such active sites can be transformed into that of several enzymes having only one active site. If a disease alters the initial enzyme, also all substituting enzymes are altered.): in terms of overall reactions and in terms of reactions steps (hemi-reactions, half-reactions). For enzymes with two or more functions, it is important to consider only linearly independent functions, because otherwise cyclic elementary modes would occur which do not perform any net transformation. However, the choice of linearly independent functions is not a priori unique. In Chapter 2, we give a method for making this choice unique by considering the convex basis of the hemi-reactions system. The set of linearly independent functions provided by our algorithm coincides, in the case of transketolase in pentose phosphate pathway, with the set of linearly independent functions mentioned in literature. A formal application of the algorithm for computing elementary flux modes (pathways) yields the result that the number of such modes sometimes depends on the level of description if some reactions are reversible and the products of the multifunctional enzymes are external metabolites or some multifunctional enzymes partly share the same metabolites. However, this problem can be solved by appropriate interpretation of the definition of elementary modes and the correct choice of independent functions of multifunctional enzymes. The analysis is illustrated by a biochemical example taken from nucleotide metabolism, comparing the two ways of description for nucleoside diphosphokinase and adenylate kinase, and by several smaller examples. The nucleotide metabolism plays an important role in living organisms and is very sensitive to any perturbations in its internal balance. Dangerous diseases may occur if some enzymes do not work properly. With the help of elementary flux mode concept, we explain the occurrence and severity of diseases based on enzyme deficiencies. If an enzyme is completely inhibited, some metabolic routes are blocked. If, however, some alternative routes still exist, the disease is less dangerous. In Chapter 3, we focus on finding alternative routes, essential enzymes and enzymes operating together. The latter notion is also known as ,,enzyme subset`` and represents an intermediary step in calculating the elementary flux modes. The known or hypothesised mechanisms of several disorders, occurred due to the malfunctioning of nucleotide metabolism (proliferative diseases, immunodeficiency diseases) or due to its hijacking by viruses and parasites, are given. Most strategies adopted for curing such diseases are based on nucleotide metabolism interruption. Therefore, a better understanding of this system helps developing more effective drugs and a good structural analysis can spare many experimental efforts. Petri net concepts provide additional tools for the modelling of metabolic networks. In Chapter 4, the similarities between the counterparts in traditional biochemical modelling and Petri net theory are discussed. For example, the stoichiometry matrix of a metabolic network corresponds to the incidence matrix of the Petri net. The flux modes and conservation relations have the T-invariants, respectively, P-invariants as counterparts. We reveal the biological meaning of some notions specific to the Petri net framework (traps, siphons, deadlocks, liveness). We focus on the topological analysis rather than on the analysis of the dynamic behaviour. The treatment of external metabolites is discussed. Some simple theoretical examples are presented for illustration. Also the Petri nets corresponding to some biochemical networks are built to support our results. For example, the role of triose phosphate isomerase (TPI) in Trypanosoma brucei metabolism is evaluated by detecting siphons and traps. All Petri net properties treated in above-mentioned chapter (4) are exemplified on a system extracted from nucleotide metabolism. While for decomposing metabolic systems, many efforts have been done (elementary flux modes, convex basis, extreme pathways), for signalling maps, as far as we know, no attempt in this direction has been made. A special characteristic of signalling networks is that activations, inhibitions, and biochemical reactions are normally present in parallel. Even if they do not contain reactions, multi-part activations or inhibitions make them highly branched. To detect all factors that have an influence on a given target, without using an automatic method, is a difficult and very time-consuming effort. Already in Chapter 1 (Backgrounds), we highlight the similarities and differences between metabolic and signalling networks. In Chapter 5, we build a framework and algorithm for decomposing signalling networks in smaller units, which are easier to study and understand. Two cases are investigated: a simpler one, when only monomolecular activations or reactions are present, and a more complex case, when the activations and reactions can be multimolecular. Their description requires different instruments: classical graphs and Petri nets, respectively. We discuss the problems that occur in our model due to the presence of some inhibitions or unknown effects in the network. The algorithm that we propose detects the factors that are acting together and the targets that are affected on the same route. The cycles that occur in the system are also highlighted. We point out possible missing reactions. Theoretical examples illustrate out findings. Using the T cell antigen-receptor signalling cascade, we show how it can be applied to real systems

Safe Parallelism: Compiler Analysis Techniques for Ada and OpenMP

There is a growing need to support parallel computation in Ada to cope with the performance requirements of the most advanced functionalities of safety-critical systems. In that regard, the use of parallel programming models is paramount to exploit the benefits of parallelism. Recent works motivate the use of OpenMP for being a de facto standard in high-performance computing for programming shared memory architectures. These works address two important aspects towards the introduction of OpenMP in Ada: the compatibility of the OpenMP syntax with the Ada language, and the interoperability of the OpenMP and the Ada runtimes, demonstrating that OpenMP complements and supports the structured parallelism approach of the tasklet model. This paper addresses a third fundamental aspect: functional safety from a compiler perspective. Particularly, it focuses on race conditions and considers the fine-grain and unstructured capabilities of OpenMP. Hereof, this paper presents a new compiler analysis technique that: (1) identifies potential race conditions in parallel Ada programs based on OpenMP or Ada tasks or both, and (2) provides solutions for the detected races.This work was supported by the Spanish Ministry of Science and Innovation under contract TIN2015-65316-P, and by the FCT (Portuguese Foundation for Science and Technology) within the CISTER Research Unit (CEC/04234).Peer ReviewedPostprint (author's final draft

Modelling and analysis of parallel information systems.

This thesis presents an investigation of modelling and analysis of parallel information systems. The research was motivated by the recent developments in networks and powerful, low-cost, desk top multiprocessors. An integrated approach for the construction of parallel information systems was developed which focussed on modelling, verification and simulation of such systems. The thesis demonstrates how Petri nets can be used for the modelling and analysis of entity life histories and parallel information systems, place transition nets for the modelling and analysis of entity life histories and coloured Petri nets for the modelling and analysis of complex parallel information systems. These tools were integrated into a comprehensive framework which allowed for the modelling and analysis of complex parallel information systems and the framework was tested using a comprehensive case study. The thesis concludes that Petri nets are an ideal tool for the modelling and analysis of complex parallel systems. Verification is possible with deadlocks and similar properties being easily identified. Further the transformation rules proved to be beneficial to the process of moving from one model to another. Finally simulation of parallel behaviour was possible because the underlying models captured the notion of parallelism