12,110 research outputs found
Deriving Specifications of Dependable Systems: toward a Method
This paper proposes a method for deriving formal specifications of systems.
To accomplish this task we pass through a non trivial number of steps, concepts
and tools where the first one, the most important, is the concept of method
itself, since we realized that computer science has a proliferation of
languages but very few methods. We also propose the idea of Layered Fault
Tolerant Specification (LFTS) to make the method extensible to dependable
systems. The principle is layering the specification, for the sake of clarity,
in (at least) two different levels, the first one for the normal behavior and
the others (if more than one) for the abnormal. The abnormal behavior is
described in terms of an Error Injector (EI) which represents a model of the
erroneous interference coming from the environment. This structure has been
inspired by the notion of idealized fault tolerant component but the
combination of LFTS and EI using rely guarantee thinking to describe
interference can be considered one of the main contributions of this work. The
progress toward this method and the way to layer specifications has been made
experimenting on the Transportation and the Automotive Case Studies of the
DEPLOY project.Comment: Published in "12th European Workshop on Dependable Computing, EWDC
2009, Toulouse : France (2009)
Permission-Based Separation Logic for Multithreaded Java Programs
This paper motivates and presents a program logic for reasoning about multithreaded Java-like programs with concurrency primitives such as dynamic thread creation, thread joining and reentrant object monitors. The logic is based on concurrent separation logic. It is the first detailed adaptation of concurrent separation logic to a multithreaded Java-like language. The program logic associates a unique static access permission with each heap location, ensuring exclusive write accesses and ruling out data races. Concurrent reads are supported through fractional permissions. Permissions can be transferred between threads upon thread starting, thread joining, initial monitor entrancies and final monitor exits.\ud
This paper presents the basic principles to reason about thread creation and thread joining. It finishes with an outlook how this logic will evolve into a full-fledged verification technique for Java (and possibly other multithreaded languages)
Some Challenges of Specifying Concurrent Program Components
The purpose of this paper is to address some of the challenges of formally
specifying components of shared-memory concurrent programs. The focus is to
provide an abstract specification of a component that is suitable for use both
by clients of the component and as a starting point for refinement to an
implementation of the component. We present some approaches to devising
specifications, investigating different forms suitable for different contexts.
We examine handling atomicity of access to data structures, blocking operations
and progress properties, and transactional operations that may fail and need to
be retried.Comment: In Proceedings Refine 2018, arXiv:1810.0873
From sanctions to summits: Belarus after the Ukraine crisis
Belarus is concerned by Russian actions in Ukraine and is trying to distance itself from Russia, including by not recognising the annexation of Crimea and calling for a peacekeeping mission. It is also suffering
the effects of Russiaās economic downturn.
President Lukashenka has taken steps to promote the Belarusian language and identity to counter Russian influence. But he is not moving towards greater engagement with the political opposition.
The Ukraine crisis has reinforced the risk-averse instincts of the Belarusian people and reduced the likelihood of protests tied to elections scheduled for this year. Minsk is not likely to shift from its broadly proRussian orientation, but it has made tentative
diplomatic overtures to the EU.
The EUās pro-democracy sanctions policy toward Belarus has failed to promote political reform and arguably pushed Belarus closer to Russia. Now the EU has to focus not just on fostering democracy but on strengthening Belarusian society, which will help European interests in the long term.
The EU should aim to help Belarus with a modernised form of nation building, engaging with civil society, offering assistance on economic reform, lowering the visa barrier, promoting knowledge of the EU and
countering Russian propaganda
Simplifying proofs of linearisability using layers of abstraction
Linearisability has become the standard correctness criterion for concurrent
data structures, ensuring that every history of invocations and responses of
concurrent operations has a matching sequential history. Existing proofs of
linearisability require one to identify so-called linearisation points within
the operations under consideration, which are atomic statements whose execution
causes the effect of an operation to be felt. However, identification of
linearisation points is a non-trivial task, requiring a high degree of
expertise. For sophisticated algorithms such as Heller et al's lazy set, it
even is possible for an operation to be linearised by the concurrent execution
of a statement outside the operation being verified. This paper proposes an
alternative method for verifying linearisability that does not require
identification of linearisation points. Instead, using an interval-based logic,
we show that every behaviour of each concrete operation over any interval is a
possible behaviour of a corresponding abstraction that executes with
coarse-grained atomicity. This approach is applied to Heller et al's lazy set
to show that verification of linearisability is possible without having to
consider linearisation points within the program code
The composition of Event-B models
The transition from classical B [2] to the Event-B language and method [3] has seen the removal of some forms of model structuring and composition, with the intention of reinventing them in future. This work contributes to thatreinvention. Inspired by a proposed method for state-based decomposition and refinement [5] of an Event-B model, we propose a familiar parallel event composition (over disjoint state variable lists), and the less familiar event fusion (over intersecting state variable lists). A brief motivation is provided for these and other forms of composition of models, in terms of feature-based modelling. We show that model consistency is preserved under such compositions. More significantly we show that model composition preserves refinement
- ā¦