Specification and verification of synchronisation classes in Java:A practical approach

Digital services are becoming an essential part of our daily lives. To provide these services, efficient software plays an important role. Concurrent programming is a technique that developers can exploit to gain more performance. In a concurrent program several threads of execution simultaneously are being executed. Sometimes they have to compete to access shared resources, like memory. This race of accessing shared memories can cause unexpected errors. Programmers use synchronisation constructs to tame the concurrency and control the accesses. In order to develop reliable concurrent software, the correctness of these synchronisation constructs is crucial. In this thesis we use a program logic, called permission-based Separation Logic, to statically reason about the correctness of synchronisation constructs. The logic has the power to reason about correct ownership of threads regarding shared memory. A correctly functioning synchroniser is responsible for exchanging a correct permission when a thread requests access to the shared memory. We use our VERCORS verification tool-set to verify the correctness of various synchronisation constructs. In Chapter 1 we discuss the scope of the thesis. All the required technical background about permission-based Separation Logic and synchronisation classes is explained in Chapter 2. In Chapter 3 we discuss how threads' start and join as minimum synchronisation points can be verified. To verify correctness of the synchronisation classes we have to first specify expected behaviour of the classes. This is covered in Chapter 4. In this chapter we present a unified approach to abstractly describe the common behaviour of synchronisers. Using our specifications, one is able to reason about the correctness of the client programs that access the shared state through the synchronisers. The atomic classes of java.util.concurrent are the core element of every synchronisation construct implementation. In Chapter 5 and Chapter 6 we propose a specification for atomic classes. Using this contract, we verified the implementation of synchronisation constructs w.r.t to their specifications from Chapter 4. In our proposed contract the specification of the atomic classes is parameterized with the protocols and resource invariants. Based on the context, the parameters can be defined. In Chapter 7 we propose a verification stack where each layer of stack verifies one particular aspect of a specified concurrent program in which atomic operations are the main synchronisation constructs. We demonstrate how to verify that a non-blocking data structure is data-race free and well connected. Based on the result of the verification from the lower layers, upper layers can reason about the functional properties of the concurrent data structure. In Chapter 8 we present a sound specification and verification technique to reason about data race freedom and functional correctness of GPU kernels that use atomic operations as synchronisation mechanism. Finally, Chapter 9 concludes the thesis with future directions

Separation Logic

Separation logic is a key development in formal reasoning about programs, opening up new lines of attack on longstanding problems

Actes des Sixièmes journées nationales du Groupement De Recherche CNRS du Génie de la Programmation et du Logiciel

National audienceCe document contient les actes des Sixièmes journées nationales du Groupement De Recherche CNRS du Génie de la Programmation et du Logiciel (GDR GPL) s'étant déroulées au CNAM à Paris du 11 au 13 juin 2014. Les contributions présentées dans ce document ont été sélectionnées par les différents groupes de travail du GDR. Il s'agit de résumés, de nouvelles versions, de posters et de démonstrations qui correspondent à des travaux qui ont déjà été validés par les comités de programmes d'autres conférences et revues et dont les droits appartiennent exclusivement à leurs auteurs

Kiel Declarative Programming Days 2013

This report contains the papers presented at the Kiel Declarative Programming Days 2013, held in Kiel (Germany) during September 11-13, 2013. The Kiel Declarative Programming Days 2013 unified the following events: * 20th International Conference on Applications of Declarative Programming and Knowledge Management (INAP 2013) * 22nd International Workshop on Functional and (Constraint) Logic Programming (WFLP 2013) * 27th Workshop on Logic Programming (WLP 2013) All these events are centered around declarative programming, an advanced paradigm for the modeling and solving of complex problems. These specification and implementation methods attracted increasing attention over the last decades, e.g., in the domains of databases and natural language processing, for modeling and processing combinatorial problems, and for high-level programming of complex, in particular, knowledge-based systems

Well-Formed and Scalable Invasive Software Composition

Software components provide essential means to structure and organize software effectively. However, frequently, required component abstractions are not available in a programming language or system, or are not adequately combinable with each other. Invasive software composition (ISC) is a general approach to software composition that unifies component-like abstractions such as templates, aspects and macros. ISC is based on fragment composition, and composes programs and other software artifacts at the level of syntax trees. Therefore, a unifying fragment component model is related to the context-free grammar of a language to identify extension and variation points in syntax trees as well as valid component types. By doing so, fragment components can be composed by transformations at respective extension and variation points so that always valid composition results regarding the underlying context-free grammar are yielded. However, given a language’s context-free grammar, the composition result may still be incorrect. Context-sensitive constraints such as type constraints may be violated so that the program cannot be compiled and/or interpreted correctly. While a compiler can detect such errors after composition, it is difficult to relate them back to the original transformation step in the composition system, especially in the case of complex compositions with several hundreds of such steps. To tackle this problem, this thesis proposes well-formed ISC—an extension to ISC that uses reference attribute grammars (RAGs) to specify fragment component models and fragment contracts to guard compositions with context-sensitive constraints. Additionally, well-formed ISC provides composition strategies as a means to configure composition algorithms and handle interferences between composition steps. Developing ISC systems for complex languages such as programming languages is a complex undertaking. Composition-system developers need to supply or develop adequate language and parser specifications that can be processed by an ISC composition engine. Moreover, the specifications may need to be extended with rules for the intended composition abstractions. Current approaches to ISC require complete grammars to be able to compose fragments in the respective languages. Hence, the specifications need to be developed exhaustively before any component model can be supplied. To tackle this problem, this thesis introduces scalable ISC—a variant of ISC that uses island component models as a means to define component models for partially specified languages while still the whole language is supported. Additionally, a scalable workflow for agile composition-system development is proposed which supports a development of ISC systems in small increments using modular extensions. All theoretical concepts introduced in this thesis are implemented in the Skeletons and Application Templates framework SkAT. It supports “classic”, well-formed and scalable ISC by leveraging RAGs as its main specification and implementation language. Moreover, several composition systems based on SkAT are discussed, e.g., a well-formed composition system for Java and a C preprocessor-like macro language. In turn, those composition systems are used as composers in several example applications such as a library of parallel algorithmic skeletons