Some Challenges of Specifying Concurrent Program Components

The purpose of this paper is to address some of the challenges of formally specifying components of shared-memory concurrent programs. The focus is to provide an abstract specification of a component that is suitable for use both by clients of the component and as a starting point for refinement to an implementation of the component. We present some approaches to devising specifications, investigating different forms suitable for different contexts. We examine handling atomicity of access to data structures, blocking operations and progress properties, and transactional operations that may fail and need to be retried.Comment: In Proceedings Refine 2018, arXiv:1810.0873

Permission-Based Separation Logic for Multithreaded Java Programs

This paper presents a program logic for reasoning about multithreaded Java-like programs with dynamic thread creation, thread joining and reentrant object monitors. The logic is based on concurrent separation logic. It is the first detailed adaptation of concurrent separation logic to a multithreaded Java-like language. The program logic associates a unique static access permission with each heap location, ensuring exclusive write accesses and ruling out data races. Concurrent reads are supported through fractional permissions. Permissions can be transferred between threads upon thread starting, thread joining, initial monitor entrancies and final monitor exits. In order to distinguish between initial monitor entrancies and monitor reentrancies, auxiliary variables keep track of multisets of currently held monitors. Data abstraction and behavioral subtyping are facilitated through abstract predicates, which are also used to represent monitor invariants, preconditions for thread starting and postconditions for thread joining. Value-parametrized types allow to conveniently capture common strong global invariants, like static object ownership relations. The program logic is presented for a model language with Java-like classes and interfaces, the soundness of the program logic is proven, and a number of illustrative examples are presented

Sparticle Spectra and LHC Signatures for Large Volume String Compactifications

We study the supersymmetric particle spectra and LHC collider observables for the large-volume string models with a fundamental scale of 10^{11} GeV that arise in moduli-fixed string compactifications with branes and fluxes. The presence of magnetic fluxes on the brane world volume, required for chirality, perturb the soft terms away from those previously computed in the dilute-flux limit. We use the difference in high-scale gauge couplings to estimate the magnitude of this perturbation and study the potential effects of the magnetic fluxes by generating many random spectra with the soft terms perturbed around the dilute flux limit. Even with a 40% variation in the high-scale soft terms the low-energy spectra take a clear and predictive form. The resulting spectra are broadly similar to those arising on the SPS1a slope, but more degenerate. In their minimal version the models predict the ratios of gaugino masses to be M_1 : M_2 : M_3=(1.5 - 2) : 2 : 6, different to both mSUGRA and mirage mediation. Among the scalars, the squarks tend to be lighter and the sleptons heavier than for comparable mSUGRA models. We generate 10 fb^{-1} of sample LHC data for the random spectra in order to study the range of collider phenomenology that can occur. We perform a detailed mass reconstruction on one example large-volume string model spectrum. 100 fb^{-1} of integrated luminosity is sufficient to discriminate the model from mSUGRA and aspects of the sparticle spectrum can be accurately reconstructed.Comment: 42 pages, 21 figures. Added references and discussion for section 3. Slight changes in the tex

The Weak Gravity Conjecture in three dimensions

We study weakly coupled $U(1)$ theories in $AdS_3$, their associated charged BTZ solutions, and their charged spectra. We find that modular invariance of the holographic dual two-dimensional CFT and compactness of the gauge group together imply the existence of charged operators with conformal dimension significantly below the black hole threshold. We regard this as a form of the Weak Gravity Conjecture (WGC) in three dimensions. We also explore the constraints posed by modular invariance on a particular discrete $\mathbb{Z}_N$ symmetry which arises in our discussion. In this case, modular invariance does not guarantee the existence of light $\mathbb{Z}_N$-charged states. We also highlight the differences between our discussion and the usual heuristic arguments for the WGC based on black hole remnants.Comment: 44 page

Perturbative Stability along the Supersymmetric Directions of the Landscape

We consider the perturbative stability of non-supersymmetric configurations in N=1 supergravity models with a spectator sector not involved in supersymmetry breaking. Motivated by the supergravity description of complex structure moduli in Large Volume Compactifications of type IIB-superstrings, we concentrate on models where the interactions are consistent with the supersymmetric truncation of the spectator fields, and we describe their couplings by a random ensemble of generic supergravity theories. We characterise the mass spectrum of the spectator fields in terms of the statistical parameters of the ensemble and the geometry of the scalar manifold. Our results show that the non-generic couplings between the spectator and the supersymmetry breaking sectors can stabilise all the tachyons which typically appear in the spectator sector before including the supersymmetry breaking effects, and we find large regions of the parameter space where the supersymmetric sector remains stable with probability close to one. We discuss these results about the stability of the supersymmetric sector in two physically relevant situations: non-supersymmetric Minkowski vacua, and slow-roll inflation driven by the supersymmetry breaking sector. For the class of models we consider, we have reproduced the regimes in which the KKLT and Large Volume Scenarios stabilise all supersymmetric moduli. We have also identified a new regime in which the supersymmetric sector is stabilised at a very robust type of dS minimum without invoking a large mass hierarchy.Comment: 44+11 pages, 10 figures, references added, minor corrections and clarifications, added comments by the refere

Linear Encodings of Bounded LTL Model Checking

We consider the problem of bounded model checking (BMC) for linear temporal logic (LTL). We present several efficient encodings that have size linear in the bound. Furthermore, we show how the encodings can be extended to LTL with past operators (PLTL). The generalised encoding is still of linear size, but cannot detect minimal length counterexamples. By using the virtual unrolling technique minimal length counterexamples can be captured, however, the size of the encoding is quadratic in the specification. We also extend virtual unrolling to Buchi automata, enabling them to accept minimal length counterexamples. Our BMC encodings can be made incremental in order to benefit from incremental SAT technology. With fairly small modifications the incremental encoding can be further enhanced with a termination check, allowing us to prove properties with BMC. Experiments clearly show that our new encodings improve performance of BMC considerably, particularly in the case of the incremental encoding, and that they are very competitive for finding bugs. An analysis of the liveness-to-safety transformation reveals many similarities to the BMC encodings in this paper. Using the liveness-to-safety translation with BDD-based invariant checking results in an efficient method to find shortest counterexamples that complements the BMC-based approach.Comment: Final version for Logical Methods in Computer Science CAV 2005 special issu

Initialisation Problems in Feature Composition

Composing features that have inconsistent requirements may lead to feature interactions that violate requirements satisfied by each feature in isolation. These interactions manifest themselves as conflicts on shared resources. Arbitration is a common approach to resolving such conflicts that uses prioritisation to decide which feature has access to resources when there is a conflict. However, arbitration alone does not guarantee satisfaction of the requirement of the feature that eventually gains access to a resource. This is because arbitration does not take into account that the resource may be in a state that is inconsistent with that expected by the feature. We call this the initialisation problem. In this thesis we propose an approach to addressing the initialisation problem which combines arbitration with contingencies. Contingency means having several specifications per feature satisfying the same requirement, depending on the current resource state. We illustrate and validate our approach by applying it to resolving conflicts between features in smart home and automotive domains. The validation shows that contingencies complement arbitration by enabling satisfaction of the requirement of the feature that eventually gains access to a shared resource, regardless of the current state of the resource. The main contribution of this thesis is an approach to analysing initialisation concerns in feature composition. At the core of our approach is an explicit consideration of all possible states of a resource as potential initial states. Given each initial state we then derive corresponding specifications that would enable a feature to satisfy its requirement in those states. We show that our approach to initialisation problems is relevant to addressing the feature interaction problem by characterising some types of conflicts as initialisation concerns

Type IIA Flux Vacua with Mobile D6-branes

We analyse type IIA Calabi-Yau orientifolds with background fluxes and D6-branes. The presence of D6-brane deformation moduli redefines the 4d dilaton and complex structure fields and complicates the analysis of such vacua in terms of the effective Kahler potential and superpotential. One may however formulate the F-term scalar potential as a bilinear form on the flux-axion polynomials $\rho_A$ invariant under the discrete shift symmetries of the 4d effective theory. We express the conditions for Minkoswki and AdS flux vacua in terms of such polynomials, which allow to extend the analysis to include vacua with mobile D6-branes. We find a new, more general class of N = 0 Minkowski vacua, which nevertheless present a fairly simple structure of (contravariant) F-terms. We compute the soft-term spectrum for chiral models of intersecting D6-branes in such vacua, finding a quite universal pattern.Comment: 77 pages, 3 figures; v2: minor corrections and references adde