Higher-order linearisability

Linearisability is a central notion for verifying concurrent libraries: a library is proven correct if its operational history can be rearranged into a sequential one that satisfies a given specification. Until now, linearisability has been examined for libraries in which method arguments and method results were of ground type. In this paper we extend linearisability to the general higher-order setting, where methods of arbitrary type can be passed as arguments and returned as values, and establish its soundness

Simplifying proofs of linearisability using layers of abstraction

Linearisability has become the standard correctness criterion for concurrent data structures, ensuring that every history of invocations and responses of concurrent operations has a matching sequential history. Existing proofs of linearisability require one to identify so-called linearisation points within the operations under consideration, which are atomic statements whose execution causes the effect of an operation to be felt. However, identification of linearisation points is a non-trivial task, requiring a high degree of expertise. For sophisticated algorithms such as Heller et al's lazy set, it even is possible for an operation to be linearised by the concurrent execution of a statement outside the operation being verified. This paper proposes an alternative method for verifying linearisability that does not require identification of linearisation points. Instead, using an interval-based logic, we show that every behaviour of each concrete operation over any interval is a possible behaviour of a corresponding abstraction that executes with coarse-grained atomicity. This approach is applied to Heller et al's lazy set to show that verification of linearisability is possible without having to consider linearisation points within the program code

Higher-Order Linearisability

Linearisability is a central notion for verifying concurrent libraries: a library is proven correct if its operational history can be rearranged into a sequential one that satisfies a given specification. Until now, linearisability has been examined for libraries in which method arguments and method results were of ground type. In this paper we extend linearisability to the general higher-order setting, where methods of arbitrary type can be passed as arguments and returned as values, and establish its soundness

Deducing Operation Commutativity from Replicated Data Declaration

Distributed systems often resort to data replication not only to enhance their availability but also to reduce user-perceived latency by balancing the load between replicas and routing their requests accordingly. The choice of which consistency level that should be adopted by these replicated systems is critical for the fulfilment of their performance and correctness requirements. However, defining a strategy that strikes the right balance between these concerns in this type of environments is far from being a trivial task due to the related overheads that are amplified in distributed scenarios. Recognising the tension between latency and consistency, many systems allow multiple consistency levels to coexist. Nevertheless, the performance fine-tuning mechanisms supported by the existing hybrid solutions place a high burden on the programmer since the necessary input can be somehow complex requiring him to understand the semantics of each operation of the service he is developing in order to correctly instruct the system on how to handle concurrent updates. Thus, specifying operation dependencies, orderings and invariants to be preserved or even picking the right consistency level to be assigned to a certain data item is, generally, an error-prone task that hinders reasoning. To overcome this adversity, this work aims to reduce the effort spent by the programmer by only requiring the latter to introduce a simple and intuitive input at data declaration. Following this approach, reasoning is centralised and all accesses to replicated data are identified automatically. With all data accesses identified, it is then possible to deduce the side effects of each operation and determine, for each one of them, those with which it conflicts. In this context, this thesis also presents a compile-time analysis applied to the Java language able to evaluate operation pairwise commutativity from the input given at data declaration

Differentially flat nonlinear control systems

Differentially flat systems are underdetermined systems of (nonlinear) ordinary differential equations (ODEs) whose solution curves are in smooth one-one correspondence with arbitrary curves in a space whose dimension equals the number of equations by which the system is underdetermined. For control systems this is the same as the number of inputs. The components of the map from the system space to the smaller dimensional space are referred to as the flat outputs. Flatness allows one to systematically generate feasible trajectories in a relatively simple way. Typically the flat outputs may depend on the original independent and dependent variables in terms of which the ODEs are written as well as finitely many derivatives of the dependent variables. Flatness of systems underdetermined by one equation is completely characterised by Elie Cartan's work. But for general underdetermined systems no complete characterisation of flatness exists. In this dissertation we describe two different geometric frameworks for studying flatness and provide constructive methods for deciding the flatness of certain classes of nonlinear systems and for finding these flat outputs if they exist. We first introduce the concept of "absolute equivalence" due to Cartan and define flatness in this frame work. We provide a method of testing for the flatness of systems, which involves making a guess for all but one of the flat outputs after which the problem is reduced to the case solved by Cartan. Secondly we present an alternative geometric approach to flatness which uses "jet bundles" and present a theorem which partially characterises flat outputs that depend only on the original variables but not on their derivatives, for the case of systems described by two independent one-forms in arbitrary number of variables. Finally, for the class of Lagrangian mechanical systems whose number of control inputs is one less than the number of degrees of freedom, we provide a characterisation of flat outputs that depend only on the configuration variables, but not on their derivatives. This characterisation makes use of the Riemannian metric provided by the kinetic energy of the system

Verifying linearisability: A comparative survey

Linearisability is a key correctness criterion for concurrent data structures, ensuring that each history of the concurrent object under consideration is consistent with respect to a history of the corresponding abstract data structure. Linearisability allows concurrent (i.e., overlapping) operation calls to take effect in any order, but requires the real-time order of nonoverlapping to be preserved. The sophisticated nature of concurrent objects means that linearisability is difficult to judge, and hence, over the years, numerous techniques for verifying lineasizability have been developed using a variety of formal foundations such as data refinement, shape analysis, reduction, etc. However, because the underlying framework, nomenclature, and terminology for each method is different, it has become difficult for practitioners to evaluate the differences between each approach, and hence, evaluate the methodology most appropriate for verifying the data structure at hand. In this article, we compare the major of methods for verifying linearisability, describe the main contribution of each method, and compare their advantages and limitations