42,738 research outputs found
Rely-Guarantee Based Reasoning for Message-Passing Programs
The difficulties of verifying concurrent programs lie in their inherent non-determinism and interferences. Rely-Guarantee reasoning is one useful approach to solve this problem for its capability in formally specifying inter- thread interferences. However, modern verification requires better locality and modularity. It is still a great challenge to verify a message-passing program in a modular and composable way. In this paper, we propose a new reasoning system for message-passing programs. It is a novel logic that supports Hoare style triples to specify and verify distributed programs modularly. We concretize the concept of event traces to represent interactions among distributed agents, and specify behav- iors of agents by their local traces with regard to environmental assumptions â an idea inspired by Rely-Guarantee reasoning. Based on trace semantics, the verification is compositional in both temporal and spatial dimensions. To show validity, we apply our logic to modularly prove several examples
Deriving Specifications of Dependable Systems: toward a Method
This paper proposes a method for deriving formal specifications of systems.
To accomplish this task we pass through a non trivial number of steps, concepts
and tools where the first one, the most important, is the concept of method
itself, since we realized that computer science has a proliferation of
languages but very few methods. We also propose the idea of Layered Fault
Tolerant Specification (LFTS) to make the method extensible to dependable
systems. The principle is layering the specification, for the sake of clarity,
in (at least) two different levels, the first one for the normal behavior and
the others (if more than one) for the abnormal. The abnormal behavior is
described in terms of an Error Injector (EI) which represents a model of the
erroneous interference coming from the environment. This structure has been
inspired by the notion of idealized fault tolerant component but the
combination of LFTS and EI using rely guarantee thinking to describe
interference can be considered one of the main contributions of this work. The
progress toward this method and the way to layer specifications has been made
experimenting on the Transportation and the Automotive Case Studies of the
DEPLOY project.Comment: Published in "12th European Workshop on Dependable Computing, EWDC
2009, Toulouse : France (2009)
A Configurable Transport Layer for CAF
The message-driven nature of actors lays a foundation for developing scalable
and distributed software. While the actor itself has been thoroughly modeled,
the message passing layer lacks a common definition. Properties and guarantees
of message exchange often shift with implementations and contexts. This adds
complexity to the development process, limits portability, and removes
transparency from distributed actor systems.
In this work, we examine actor communication, focusing on the implementation
and runtime costs of reliable and ordered delivery. Both guarantees are often
based on TCP for remote messaging, which mixes network transport with the
semantics of messaging. However, the choice of transport may follow different
constraints and is often governed by deployment. As a first step towards
re-architecting actor-to-actor communication, we decouple the messaging
guarantees from the transport protocol. We validate our approach by redesigning
the network stack of the C++ Actor Framework (CAF) so that it allows to combine
an arbitrary transport protocol with additional functions for remote messaging.
An evaluation quantifies the cost of composability and the impact of individual
layers on the entire stack
Future-based Static Analysis of Message Passing Programs
Message passing is widely used in industry to develop programs consisting of
several distributed communicating components. Developing functionally correct
message passing software is very challenging due to the concurrent nature of
message exchanges. Nonetheless, many safety-critical applications rely on the
message passing paradigm, including air traffic control systems and emergency
services, which makes proving their correctness crucial. We focus on the
modular verification of MPI programs by statically verifying concrete Java
code. We use separation logic to reason about local correctness and define
abstractions of the communication protocol in the process algebra used by
mCRL2. We call these abstractions futures as they predict how components will
interact during program execution. We establish a provable link between futures
and program code and analyse the abstract futures via model checking to prove
global correctness. Finally, we verify a leader election protocol to
demonstrate our approach.Comment: In Proceedings PLACES 2016, arXiv:1606.0540
Uniqueness typing for a higher-order language
We investigate type-based analysis for a higher-order channel passing language with strong update, whereby messages of a different kind are communicated over the same channel. In order to reason about such programs, our type system employs the concept of uniqueness to be able to assert when it is safe to change the object type a channel. We design a type system based on this concept and prove that our type system is sound, meaning that it only accepts programs that do not produce runtime errors.peer-reviewe
Issues about the Adoption of Formal Methods for Dependable Composition of Web Services
Web Services provide interoperable mechanisms for describing, locating and
invoking services over the Internet; composition further enables to build
complex services out of simpler ones for complex B2B applications. While
current studies on these topics are mostly focused - from the technical
viewpoint - on standards and protocols, this paper investigates the adoption of
formal methods, especially for composition. We logically classify and analyze
three different (but interconnected) kinds of important issues towards this
goal, namely foundations, verification and extensions. The aim of this work is
to individuate the proper questions on the adoption of formal methods for
dependable composition of Web Services, not necessarily to find the optimal
answers. Nevertheless, we still try to propose some tentative answers based on
our proposal for a composition calculus, which we hope can animate a proper
discussion
- âŠ