21,846 research outputs found

    Modular termination verification for non-blocking concurrency

    Get PDF
    © Springer-Verlag Berlin Heidelberg 2016.We present Total-TaDA, a program logic for verifying the total correctness of concurrent programs: that such programs both terminate and produce the correct result. With Total-TaDA, we can specify constraints on a thread’s concurrent environment that are necessary to guarantee termination. This allows us to verify total correctness for nonblocking algorithms, e.g. a counter and a stack. Our specifications can express lock- and wait-freedom. More generally, they can express that one operation cannot impede the progress of another, a new non-blocking property we call non-impedance. Moreover, our approach is modular. We can verify the operations of a module independently, and build up modules on top of each other

    Almost Wait-free Resizable Hashtables

    Get PDF

    Almost Wait-free Resizable Hashtables

    Get PDF

    Modular termination veri cation for non-blocking concurrency (extended version)

    Get PDF
    We present Total-TaDA, a program logic for verifying the total correctness of concurrent programs: that such programs both terminate and produce the correct result. With Total-TaDA, we can specify constraints on a thread's concurrent environment that are necessary to guarantee termination. This allows us to verify total correctness for nonblocking algorithms, e.g. a counter and a stack. Our speci cations can express lock- and wait-freedom. More generally, they can express that one operation cannot impede the progress of another, a new non-blocking property we call non-impedance. Moreover, our approach is modular. We can verify the operations of a module independently, and build up modules on top of each other

    Reasoning with time and data abstractions

    Get PDF
    In this thesis, we address the problem of verifying the functional correctness of concurrent programs, with emphasis on fine-grained concurrent data structures. Reasoning about such programs is challenging since data can be concurrently accessed by multiple threads: the reasoning must account for the interference between threads, which is often subtle. To reason about interference, concurrent operations should either be at distinct times or on distinct data. We present TaDA, a sound program logic for verifying clients and implementations that use abstract specifications that incorporate both abstract atomicity—the abstraction that operations take effect at a single, discrete instant in time—and abstract disjointness—the abstraction that operations act on distinct data resources. Our key contribution is the introduction of atomic triples, which offer an expressive approach for specifying program modules. We also present Total-TaDA, a sound extension of TaDA with which we can verify total correctness of concurrent programs, i.e. that such programs both produce the correct result and terminate. With Total-TaDA, we can specify constraints on a thread’s concurrent environment that are necessary to guarantee termination. This allows us to verify total correctness for nonblocking algorithms and express lock- and wait-freedom. More generally, the abstract specifications can express that one operation cannot impede the progress of another, a new non-blocking property that we call non-impedance. Finally, we describe how to extend TaDA for proving abstract atomicity for data structures that make use of helping—where one thread is performing an abstract operation on behalf of another—and speculation—where an abstract operation is determined by future behaviour.Open Acces

    Efficient almost wait-free parallel accesible dynamic hashtables

    Get PDF
    Abstract In multiprogrammed systems, synchronization often turns out to be a performance bottleneck and the source of poor fault-tolerance. Wait-free and lock-free algorithms can do without locking mechanisms, and therefore do not suffer from these problems. We present an efficient almost wait-free algorithm for parallel accessible hashtables, which promises more robust performance and reliability than conventional lock-based implementations. Our solution is as efficient as sequential hashtables. It can easily be implemented using C-like languages and requires on average only constant time for insertion, deletion or accessing of elements. Apart from that, our new algorithm allows the hashtables to grow and shrink dynamically when needed. A true problem of lock-free algorithms is that they are hard to design correctly, even when apparently straightforward. Ensuring the correctness of the design at the earliest possible stage is a major challenge in any responsible system development. Our algorithm contains 81 atomic statements. In view of the complexity of the algorithm and its correctness properties, we turned to the interactive theorem prover PVS for mechanical support. We employ standard deductive verification techniques to prove around 200 invariance properties of our almost wait-free algorithm, and describe how this is achieved using the theorem prover PVS. CR Subject Classification (1991): D.1 Programming techniques AMS Subject Classification (1991): 68Q22 Distributed algorithms, 68P20 Information storage and retrieval Keywords & Phrases: Hashtables, Distributed algorithms, Lock-free, Wait-fre

    Worst Case Scenario and Stakeholder Group Decision: A 5-6 Meter Sea Level Rise in the Rhone Delta, France

    Get PDF
    Risk policy and public attitudes appear disconnected from research predicting warmer climate partially due to human activity. To step out of this stalled situation, a worst case scenario of a 5-6m sea level rise (SLR) induced by the collapse of the WAIS and occurring during the period 2030-2130 is constructed and applied to the Rhone delta. Physical and socio-economic scenarios developed with data from the Rhone delta context are developed and submitted to stakeholders for a day-long workshop. Group process analysis shows a high level of trust and cooperation mobilized to face the 5-6m SLR issue, despite potentially diverging interests. Two sets of recommendations stem from the scenario workshop. A conservative "wait and see" option is decided when the risk of the WAIS collapse is announced in 2030. After WAIS collapse generates an effective 1m SLR rise by 2050, decisions are taken for total retreat and rendering of the Rhone delta to its hydrological function. The transposition of these results into present times policy decisions could be considered. The methodology developed here could be applied to other risk objects and situations, and serve for policy exercises and crisis prevention.Sea level rise, France, Camargue, scenario, extreme climate, stakeholder workshop

    Rely-guarantee protocols for safe interference over shared memory

    Get PDF
    Mutable state can be useful in certain algorithms, to structure programs, or for efficiency purposes. However, when shared mutable state is used in non-local or nonobvious ways, the interactions that can occur via aliases to that shared memory can be a source of program errors. Undisciplined uses of shared state may unsafely interfere with local reasoning as other aliases may interleave their changes to the shared state in unexpected ways. We propose a novel technique, rely-guarantee protocols, that structures the interactions between aliases and ensures that only safe interference is possible. We present a linear type system outfitted with our novel sharing mechanism that enables controlled interference over shared mutable resources. Each alias is assigned separate, local roles encoded in a protocol abstraction that constrains how an alias can legally use that shared state. By following the spirit of rely-guarantee reasoning, our rely-guarantee protocols ensure that only safe interference can occur but still allow many interesting uses of shared state, such as going beyond invariant and monotonic usages. This thesis describes the three core mechanisms that enable our type-based technique to work: 1) we show how a protocol models an alias’s perspective on how the shared state evolves and constrains that alias’s interactions with the shared state; 2) we show how protocols can be used while enforcing the agreed interference contract; and finally, 3) we show how to check that all local protocols to some shared state can be safely composed to ensure globally safe interference over that shared memory. The interference caused by shared state is rooted at how the uses of di↔erent aliases to that state may be interleaved (perhaps even in non-deterministic ways) at run-time. Therefore, our technique is mostly agnostic as to whether this interference was the result of alias interleaving caused by sequential or concurrent semantics. We show implementations of our technique in both settings, and highlight their di↔erences. Because sharing is “first-class” (and not tied to a module), we show a polymorphic procedure that enables abstract compositions of protocols. Thus, protocols can be specialized or extended without requiring specific knowledge of the interference produce by other protocols to that state. We show that protocol composition can ensure safety even when considering abstracted protocols. We show that this core composition mechanism is sound, decidable (without the need for manual intervention), and provide an algorithm implementation

    Mechanism design for distributed task and resource allocation among self-interested agents in virtual organizations

    Get PDF
    The aggregate power of all resources on the Internet is enormous. The Internet can be viewed as a massive virtual organization that holds tremendous amounts of information and resources with different ownerships. However, little is known about how to run this organization efficiently. This dissertation studies the problems of distributed task and resource allocation among self-interested agents in virtual organizations. The developed solutions are not allocation mechanisms that can be imposed by a centralized designer, but decentralized interaction mechanisms that provide incentives to self-interested agents to behave cooperatively. These mechanisms also take computational tractability into consideration due to the inherent complexity of distributed task and resource allocation problems. Targeted allocation mechanisms can achieve global task allocation efficiency in a virtual organization and establish stable resource-sharing communities based on agentsñÃÂàown decisions about whether or not to behave cooperatively. This high level goal requires solving the following problems: synthetic task allocation, decentralized coalition formation and automated multiparty negotiation. For synthetic task allocation, in which each task needs to be accomplished by a virtual team composed of self-interested agents from different real organizations, my approach is to formalize the synthetic task allocation problem as an algorithmic mechanism design optimization problem. I have developed two approximation mechanisms that I prove are incentive compatible for a synthetic task allocation problem. This dissertation also develops a decentralized coalition formation mechanism, which is based on explicit negotiation among self-interested agents. Each agent makes its own decisions about whether or not to join a candidate coalition. The resulting coalitions are stable in the core in terms of coalition rationality. I have applied this mechanism to form resource sharing coalitions in computational grids and buyer coalitions in electronic markets. The developed negotiation mechanism in the decentralized coalition formation mechanism realizes automated multilateral negotiation among self-interested agents who have symmetric authority (i.e., no mediator exists and agents are peers). In combination, the decentralized allocation mechanisms presented in this dissertation lay a foundation for realizing automated resource management in open and scalable virtual organizations
    • 

    corecore