27,713 research outputs found
Rely-guarantee Reasoning about Concurrent Reactive Systems: The PiCore Framework, Languages Integration and Applications
The rely-guarantee approach is a promising way for compositional verification
of concurrent reactive systems (CRSs), e.g. concurrent operating systems,
interrupt-driven control systems and business process systems. However,
specifications using heterogeneous reaction patterns, different abstraction
levels, and the complexity of real-world CRSs are still challenging the
rely-guarantee approach. This article proposes PiCore, a rely-guarantee
reasoning framework for formal specification and verification of CRSs. We
design an event specification language supporting complex reaction structures
and its rely-guarantee proof system to detach the specification and logic of
reactive aspects of CRSs from event behaviours. PiCore parametrizes the
language and its rely-guarantee system for event behaviour using a
rely-guarantee interface and allows to easily integrate 3rd-party languages via
rely-guarantee adapters. By this design, we have successfully integrated two
existing languages and their rely-guarantee proof systems without any change of
their specification and proofs. PiCore has been applied to two real-world case
studies, i.e. formal verification of concurrent memory management in Zephyr
RTOS and a verified translation for a standardized Business Process Execution
Language (BPEL) to PiCore.Comment: Submission to ACM Transactions on Programming Languages and Systems
in 202
Causality in concurrent systems
Concurrent systems identify systems, either software, hardware or even
biological systems, that are characterized by sets of independent actions that
can be executed in any order or simultaneously. Computer scientists resort to a
causal terminology to describe and analyse the relations between the actions in
these systems. However, a thorough discussion about the meaning of causality in
such a context has not been developed yet. This paper aims to fill the gap.
First, the paper analyses the notion of causation in concurrent systems and
attempts to build bridges with the existing philosophical literature,
highlighting similarities and divergences between them. Second, the paper
analyses the use of counterfactual reasoning in ex-post analysis in concurrent
systems (i.e. execution trace analysis).Comment: This is an interdisciplinary paper. It addresses a class of causal
models developed in computer science from an epistemic perspective, namely in
terms of philosophy of causalit
Towards Practical Graph-Based Verification for an Object-Oriented Concurrency Model
To harness the power of multi-core and distributed platforms, and to make the
development of concurrent software more accessible to software engineers,
different object-oriented concurrency models such as SCOOP have been proposed.
Despite the practical importance of analysing SCOOP programs, there are
currently no general verification approaches that operate directly on program
code without additional annotations. One reason for this is the multitude of
partially conflicting semantic formalisations for SCOOP (either in theory or
by-implementation). Here, we propose a simple graph transformation system (GTS)
based run-time semantics for SCOOP that grasps the most common features of all
known semantics of the language. This run-time model is implemented in the
state-of-the-art GTS tool GROOVE, which allows us to simulate, analyse, and
verify a subset of SCOOP programs with respect to deadlocks and other
behavioural properties. Besides proposing the first approach to verify SCOOP
programs by automatic translation to GTS, we also highlight our experiences of
applying GTS (and especially GROOVE) for specifying semantics in the form of a
run-time model, which should be transferable to GTS models for other concurrent
languages and libraries.Comment: In Proceedings GaM 2015, arXiv:1504.0244
A Graph-Based Semantics Workbench for Concurrent Asynchronous Programs
A number of novel programming languages and libraries have been proposed that
offer simpler-to-use models of concurrency than threads. It is challenging,
however, to devise execution models that successfully realise their
abstractions without forfeiting performance or introducing unintended
behaviours. This is exemplified by SCOOP---a concurrent object-oriented
message-passing language---which has seen multiple semantics proposed and
implemented over its evolution. We propose a "semantics workbench" with fully
and semi-automatic tools for SCOOP, that can be used to analyse and compare
programs with respect to different execution models. We demonstrate its use in
checking the consistency of semantics by applying it to a set of representative
programs, and highlighting a deadlock-related discrepancy between the principal
execution models of the language. Our workbench is based on a modular and
parameterisable graph transformation semantics implemented in the GROOVE tool.
We discuss how graph transformations are leveraged to atomically model
intricate language abstractions, and how the visual yet algebraic nature of the
model can be used to ascertain soundness.Comment: Accepted for publication in the proceedings of FASE 2016 (to appear
An Algebraic Characterisation of Concurrent Composition
We give an algebraic characterization of a form of synchronized parallel
composition allowing for true concurrency, using ideas based on Peter Landin's
"Program-Machine Symmetric Automata Theory".Comment: This is an old technical report from 1981. I submitted it to a
special issue of HOSC in honour of Peter Landin, as explained in the Prelude,
added in 2008. However, at an advanced stage, the handling editor became
unresponsive, and the paper was never published. I am making it available via
the arXiv for the same reasons given in the Prelud
Algebraic Structure of Combined Traces
Traces and their extension called combined traces (comtraces) are two formal
models used in the analysis and verification of concurrent systems. Both models
are based on concepts originating in the theory of formal languages, and they
are able to capture the notions of causality and simultaneity of atomic actions
which take place during the process of a system's operation. The aim of this
paper is a transfer to the domain of comtraces and developing of some
fundamental notions, which proved to be successful in the theory of traces. In
particular, we introduce and then apply the notion of indivisible steps, the
lexicographical canonical form of comtraces, as well as the representation of a
comtrace utilising its linear projections to binary action subalphabets. We
also provide two algorithms related to the new notions. Using them, one can
solve, in an efficient way, the problem of step sequence equivalence in the
context of comtraces. One may view our results as a first step towards the
development of infinite combined traces, as well as recognisable languages of
combined traces.Comment: Short variant of this paper, with no proofs, appeared in Proceedings
of CONCUR 2012 conferenc
A Note on the Expressiveness of BIP
We extend our previous algebraic formalisation of the notion of
component-based framework in order to formally define two forms, strong and
weak, of the notion of full expressiveness. Our earlier result shows that the
BIP (Behaviour-Interaction-Priority) framework does not possess the strong full
expressiveness. In this paper, we show that BIP has the weak form of this
notion and provide results detailing weak and strong full expressiveness for
classical BIP and several modifications, obtained by relaxing the constraints
imposed on priority models.Comment: In Proceedings EXPRESS/SOS 2016, arXiv:1608.0269
Algebraic Principles for Rely-Guarantee Style Concurrency Verification Tools
We provide simple equational principles for deriving rely-guarantee-style
inference rules and refinement laws based on idempotent semirings. We link the
algebraic layer with concrete models of programs based on languages and
execution traces. We have implemented the approach in Isabelle/HOL as a
lightweight concurrency verification tool that supports reasoning about the
control and data flow of concurrent programs with shared variables at different
levels of abstraction. This is illustrated on two simple verification examples
To boldly go:an occam-π mission to engineer emergence
Future systems will be too complex to design and implement explicitly. Instead, we will have to learn to engineer complex behaviours indirectly: through the discovery and application of local rules of behaviour, applied to simple process components, from which desired behaviours predictably emerge through dynamic interactions between massive numbers of instances. This paper describes a process-oriented architecture for fine-grained concurrent systems that enables experiments with such indirect engineering. Examples are presented showing the differing complex behaviours that can arise from minor (non-linear) adjustments to low-level parameters, the difficulties in suppressing the emergence of unwanted (bad) behaviour, the unexpected relationships between apparently unrelated physical phenomena (shown up by their separate emergence from the same primordial process swamp) and the ability to explore and engineer completely new physics (such as force fields) by their emergence from low-level process interactions whose mechanisms can only be imagined, but not built, at the current time
- …