Fifty years of Hoare's Logic

We present a history of Hoare's logic.Comment: 79 pages. To appear in Formal Aspects of Computin

Empirical Study of Concurrent Programming Paradigms

Various concurrent programming paradigms have been proposed by language designers in an effort to simplify some of the unique constructs required to handle concurrent programming tasks. Despite these different approaches, however, there has been no general clear winner accepted by software developers and different paradigms are regarded to have strengths and weaknesses in certain areas. This thesis was motivated by the desire to investigate the question of whether or not there are measurable differences between two widely differing paradigms for concurrent programming: Threads vs. Communicating Sequential Processes. The mechanism for observing and comparing these paradigms was a randomized controlled trial of two groups of participants who completed identical tasks in one of the two paradigms. The study was run in Fall 2015 with 88 student participants primarily from the Department of Computer Science at UNLV. I examined programming accuracy and comprehension rates among participants in three different common shared memory problem areas introduced by concurrent programming. The results were measured using a token accuracy map algorithm which matches the token strings of a participants answer compared to a correct solution. The overall results show that for two relatively straightforward tasks using shared processes and memory, both paradigms were reasonably well understood, with a possible small learning advantage in favor of CSP in two of the tasks. In a more complex example combining task co-ordination and memory sharing, however, the participants in the CSP group struggled to grasp the guarded blocking and communication channels needed in the CSP model and performed measurably worse

Causal reasoning about distributed programs

We present an integrated approach to the specification, verification and testing of distributed programs. We show how global properties defined by transition axiom specifications can be interpreted as definitions of causal relationships between process states. We explain why reasoning about causal rather than global relationships yields a clearer picture of distributed processing.;We present a proof system for showing the partial correctness of CSP programs that places strict restrictions on assertions. It admits no global assertions. A process annotation may reference only local state. Glue predicates relate pairs of process states at points of interprocess communication. No assertion references auxiliary variables; appropriate use of control predicates and vector clock values eliminates the need for them. Our proof system emphasizes causality. We do not prove processes correct in isolation. We instead track causality as we write our annotations. When we come to a send or receive, we consider all the statements that could communicate with it, and use the semantics of CSP message passing to derive its postcondition. We show that our CSP proof system is sound and relatively complete, and that we need only recursive assertions to prove that any program in our fragment of CSP is partially correct. Our proof system is, therefore, as powerful as other proof systems for CSP.;We extend our work to develop proof systems for asynchronous communication. For each proof system, our motivation is to be able to write proofs that show that code satisfies its specification, while making only assertions we can use to define the aspects of process state that we should trace during test runs, and check during postmortem analysis. We can trace the assertions we make without having to modify program code or add synchronization or message passing.;Why, if we verify correctness, would we want to test? We observe that a proof, like a program, is susceptible to error. By tracing and analyzing program state during testing, we can build our confidence that our proof is valid

A distributed object-oriented graphical programming system

technical reportThis report presents the design of a distributed parallel object system (DPOS) and its implementation using a graphical editing interface. DPOS brings together concepts of object-oriented programming and graphical programming with aspects of modern functional languages. Programs are defined as networks of active processes called "Process Objects" and interconnecting communications lines. These active objects are independent single threaded programs that employ much of the modularity, encapsulation of function, and encapsulation of data found in sequential object-oriented programming. The system defines a clear and simple approach to generating and managing parallelism and interprocess communication in a distributed parallel environment. DPOS contributes several new solutions to the problems of distributed parallel programming that are improvements over existing systems. The key improvements of this system include: a more complete and versatile means of dynamic process creation; the specification of complex network topologies in an intuitively clear and understandable way; seperation of the management of parallelism from the definition of computation; automatic resolution of low level critical section issues; the ability to design and develop separate processes as traditional single threaded programs; the encapsulation and incremental development of programs subnetworks; application of graphical programming concepts to high level programming

CPL: A Core Language for Cloud Computing -- Technical Report

Running distributed applications in the cloud involves deployment. That is, distribution and configuration of application services and middleware infrastructure. The considerable complexity of these tasks resulted in the emergence of declarative JSON-based domain-specific deployment languages to develop deployment programs. However, existing deployment programs unsafely compose artifacts written in different languages, leading to bugs that are hard to detect before run time. Furthermore, deployment languages do not provide extension points for custom implementations of existing cloud services such as application-specific load balancing policies. To address these shortcomings, we propose CPL (Cloud Platform Language), a statically-typed core language for programming both distributed applications as well as their deployment on a cloud platform. In CPL, application services and deployment programs interact through statically typed, extensible interfaces, and an application can trigger further deployment at run time. We provide a formal semantics of CPL and demonstrate that it enables type-safe, composable and extensible libraries of service combinators, such as load balancing and fault tolerance.Comment: Technical report accompanying the MODULARITY '16 submissio

Causal distributed assert statements

Monitoring a program\u27s execution is fundamental to the debugging, testing and maintenance phases of program development. This research addresses the issue of monitoring the execution of a distributed program. In particular, we are concerned with efficient techniques for evaluating global state predicates for distributed programs. The global state of a distributed program is not well-defined, making the monitoring task complex compared to that of a sequential programs. Processes of a distributed program execute concurrently, and the events of the program cannot be totally ordered. Each process has its own local memory, and the local memories are physically separate.;Despite the difficulties of defining a distributed computation\u27s states, monitoring a distributed program requires reasoning about constituent processes\u27 execution as a single collective entity. We have extrapolated the semantics of the sequential program\u27s assert statement into the distributed context. A distributed assert statement is a global predicate that is anchored at a control point of one processes, and that is evaluated when that process executes the assert.;We have developed a runtime method for monitoring both stable and unstable properties that does not disrupt the computation of the distributed system. A distributed assert statement is evaluated with that statement\u27s causal global state which incorporates the state of the system as a whole as it may have causal impact upon the assert statement. A runtime protocol has been implemented that constructs the causal global state and evaluates the assert statement. No additional synchronization or message passing is imposed on the distributed application although some message sizes are increased to propagate state information. The causal global state is immediately available providing real-time feedback

Protocol modelling : synchronous composition of data and behaviour

This thesis develops and explores a technique called Protocol Modelling, a mathematics for the description of orderings. Protocol Modelling can be viewed as a hybrid of object orientation, as it supports ideas of data encapsulation and object instantiation; and process algebra, as it supports a formally defined idea of process and process composition. The first half of the thesis focuses on describing and defining the Protocol Modelling technique. A formal denotational semantics for protocol machines is developed and used to establish various properties; in particular that composition is closed and preserves type safety. The formal semantics is extended to cover instantiation of objects. Comparison is made with other process algebras and an approach to unification of different formulations of the semantics of process composition is proposed. The second half of the thesis explores three applications of Protocol Modelling: Object Modelling. This explores the use of Protocol Modelling as a medium for object modelling, and the facility to execute protocol models is described. Protocol Modelling is compared with other object modelling techniques; in particular by contrasting its compositional style with traditional hierarchical inheritance. Protocol Contracts. This proposes the use of protocol models as a medium for expressing formal behavioural contracts. This is compared with more traditional forms of software contract in the generalization of the notion of contractual obligation as a mechanism for software specification. Choreographed Collaborations. In this application Protocol Modelling is used as a medium to describe choreographies for asynchronous multiparty collaborations. A compositional approach to choreography engineering, enabled by the synchronous semantics of Protocol Modelling, is explored and results established concerning sufficient conditions for choreography realizability. The results are extended to address choreographies that employ behavioural rules based on data