458 research outputs found
Formal Derivation of Concurrent Garbage Collectors
Concurrent garbage collectors are notoriously difficult to implement
correctly. Previous approaches to the issue of producing correct collectors
have mainly been based on posit-and-prove verification or on the application of
domain-specific templates and transformations. We show how to derive the upper
reaches of a family of concurrent garbage collectors by refinement from a
formal specification, emphasizing the application of domain-independent design
theories and transformations. A key contribution is an extension to the
classical lattice-theoretic fixpoint theorems to account for the dynamics of
concurrent mutation and collection.Comment: 38 pages, 21 figures. The short version of this paper appeared in the
Proceedings of MPC 201
REX: Recursive, Delta-Based Data-Centric Computation
In today's Web and social network environments, query workloads include ad
hoc and OLAP queries, as well as iterative algorithms that analyze data
relationships (e.g., link analysis, clustering, learning). Modern DBMSs support
ad hoc and OLAP queries, but most are not robust enough to scale to large
clusters. Conversely, "cloud" platforms like MapReduce execute chains of batch
tasks across clusters in a fault tolerant way, but have too much overhead to
support ad hoc queries.
Moreover, both classes of platform incur significant overhead in executing
iterative data analysis algorithms. Most such iterative algorithms repeatedly
refine portions of their answers, until some convergence criterion is reached.
However, general cloud platforms typically must reprocess all data in each
step. DBMSs that support recursive SQL are more efficient in that they
propagate only the changes in each step -- but they still accumulate each
iteration's state, even if it is no longer useful. User-defined functions are
also typically harder to write for DBMSs than for cloud platforms.
We seek to unify the strengths of both styles of platforms, with a focus on
supporting iterative computations in which changes, in the form of deltas, are
propagated from iteration to iteration, and state is efficiently updated in an
extensible way. We present a programming model oriented around deltas, describe
how we execute and optimize such programs in our REX runtime system, and
validate that our platform also handles failures gracefully. We experimentally
validate our techniques, and show speedups over the competing methods ranging
from 2.5 to nearly 100 times.Comment: VLDB201
Abstract Regular Model Checking
International audienceWe propose abstract regular model checking as a new generic technique for verification of parametric and infinite-state systems. The technique combines the two approaches of regular model checking and verification by abstraction. We propose a general framework of the method as well as several concrete ways of abstracting automata or transducers, which we use for modelling systems and encoding sets of their states as usual in regular model checking. The abstraction is based on collapsing states of automata (or transducers) and its precision is being incrementally adjusted by analysing spurious counterexamples. We illustrate the technique on verification of a wide range of systems including a novel application of automata-based techniques to an example of systems with dynamic linked data structure
Interaction Trees: Representing Recursive and Impure Programs in Coq
"Interaction trees" (ITrees) are a general-purpose data structure for
representing the behaviors of recursive programs that interact with their
environments. A coinductive variant of "free monads," ITrees are built out of
uninterpreted events and their continuations. They support compositional
construction of interpreters from "event handlers", which give meaning to
events by defining their semantics as monadic actions. ITrees are expressive
enough to represent impure and potentially nonterminating, mutually recursive
computations, while admitting a rich equational theory of equivalence up to
weak bisimulation. In contrast to other approaches such as relationally
specified operational semantics, ITrees are executable via code extraction,
making them suitable for debugging, testing, and implementing software
artifacts that are amenable to formal verification.
We have implemented ITrees and their associated theory as a Coq library,
mechanizing classic domain- and category-theoretic results about program
semantics, iteration, monadic structures, and equational reasoning. Although
the internals of the library rely heavily on coinductive proofs, the interface
hides these details so that clients can use and reason about ITrees without
explicit use of Coq's coinduction tactics.
To showcase the utility of our theory, we prove the termination-sensitive
correctness of a compiler from a simple imperative source language to an
assembly-like target whose meanings are given in an ITree-based denotational
semantics. Unlike previous results using operational techniques, our
bisimulation proof follows straightforwardly by structural induction and
elementary rewriting via an equational theory of combinators for control-flow
graphs.Comment: 28 pages, 4 pages references, published at POPL 202
- …