Properties of Concurrent Programs

A program property is a predicate on programs. In this paper we explore program properties of the form U -> V where U and V are either predicates on states of a program or program properties, and -> satisfies three rules that are also used in reasoning about sequential programs and safety properties of parallel programs. We show how such properties can be used to reason about concurrent programs

Weakest Preconditions for Progress

Predicate transformers that map the postcondition and all intermediate conditions of a command to a precondition are introduced. They can be used to specify certain progress properties of sequential programs

Extending the theory of Owicki and Gries with a logic of progress

This paper describes a logic of progress for concurrent programs. The logic is based on that of UNITY, molded to fit a sequential programming model. Integration of the two is achieved by using auxiliary variables in a systematic way that incorporates program counters into the program text. The rules for progress in UNITY are then modified to suit this new system. This modification is however subtle enough to allow the theory of Owicki and Gries to be used without change

A Fixpoint Semantics of Event Systems with and without Fairness Assumptions

We present a fixpoint semantics of event systems. The semantics is presented in a general framework without concerns of fairness. Soundness and completeness of rules for deriving "leads-to" properties are proved in this general framework. The general framework is instantiated to minimal progress and weak fairness assumptions and similar results are obtained. We show the power of these results by deriving sufficient conditions for "leads-to" under minimal progress proving soundness of proof obligations without reasoning over state-traces

Solving Commutative Relaxations of Word Problems

We present an algebraic characterization of the standard commutative relaxation of the word problem in terms of a polynomial equality. We then consider a variant of the commutative word problem, referred to as the “Zero-to-All reachability” problem. We show that this problem is equivalent to a finite number of commutative word problems, and we use this insight to derive necessary conditions for Zero-to-All reachability. We conclude with a set of illustrative examples

The Sloan Lens ACS Survey. VIII. The relation between environment and internal structure of early-type galaxies

We study the relation between the internal structure of early-type galaxies and their environment using 70 strong gravitational lenses from the Sloan ACS Lens Survey. The Sloan database is used to determine two measures of overdensity of galaxies around each lens: the projected number density of galaxies inside the tenth nearest neighbor (\Sigma_{10}) and within a cone of radius one h^{-1} Mpc (D_1). Our main results are: 1) The average overdensity is somewhat larger than unity, consistent with lenses preferring overdense environments as expected for massive early-type galaxies (12/70 lenses are in known groups/clusters). 2) The distribution of overdensities is indistinguishable from that of "twin" non-lens galaxies selected from SDSS to have the same redshift and stellar velocity dispersion \sigma_*. Thus, within our errors, lens galaxies are an unbiased population, and the SLACS results can be generalized to the overall population of early-type galaxies. 3) Typical contributions from external mass distribution are no more than a few per cent, reaching 10-20% (~0.05-0.10 external convergence) only in the most extreme overdensities. 4) No significant correlation between overdensity and slope of the mass density profile of the lens is found. 5) Satellite galaxies (those with a more luminous companion) have marginally steeper mass density profiles than central galaxies (those without). This result suggests that tidal stripping may affect the mass structure of early-type galaxies down to kpc scales probed by strong lensing, when they fall into larger structures [ABRIDGED].Comment: ApJ, in press; minor changes with respect to v

On model checking data-independent systems with arrays without reset

A system is data-independent with respect to a data type X iff the operations it can perform on values of type X are restricted to just equality testing. The system may also store, input and output values of type X. We study model checking of systems which are data-independent with respect to two distinct type variables X and Y, and may in addition use arrays with indices from X and values from Y . Our main interest is the following parameterised model-checking problem: whether a given program satisfies a given temporal-logic formula for all non-empty nite instances of X and Y . Initially, we consider instead the abstraction where X and Y are infinite and where partial functions with finite domains are used to model arrays. Using a translation to data-independent systems without arrays, we show that the u-calculus model-checking problem is decidable for these systems. From this result, we can deduce properties of all systems with finite instances of X and Y . We show that there is a procedure for the above parameterised model-checking problem of the universal fragment of the u-calculus, such that it always terminates but may give false negatives. We also deduce that the parameterised model-checking problem of the universal disjunction-free fragment of the u-calculus is decidable. Practical motivations for model checking data-independent systems with arrays include verification of memory and cache systems, where X is the type of memory addresses, and Y the type of storable values. As an example we verify a fault-tolerant memory interface over a set of unreliable memories.Comment: Appeared in Theory and Practice of Logic Programming, vol. 4, no. 5&6, 200

Dynamic UNITY

Dynamic distributed systems, where a changing set of communicating processes must interoperate to accomplish particular computational tasks, are becoming extremely important. Designing and implementing these systems, and verifying the correctness of the designs and implementations, are difficult tasks. The goal of this thesis is to make these tasks easier. This thesis presents a specification language for dynamic distributed systems, based on Chandy and Misra's UNITY language. It extends the UNITY language to enable process creation, process deletion, and dynamic communication patterns. The thesis defines an execution model for systems specified in this language, which leads to a proof logic similar to that of UNITY. While extending UNITY logic to correctly handle systems with dynamic behavior, this logic retains the familiar UNITY operators and most of the proof rules associated with them. The thesis presents specifications for three example dynamic distributed systems to demonstrate the use of the specification language, and full correctness proofs for two of these systems and a partial correctness proof for the third to demonstrate the use of the proof logic. The thesis details a method for determining whether a system in the specification language can be transformed into an implementation in a standard programming language, as well as a method for performing this transformation on those specifications that can. This guarantees a correct implementation for any specification that can be so transformed