21,846 research outputs found
Modular termination verification for non-blocking concurrency
© Springer-Verlag Berlin Heidelberg 2016.We present Total-TaDA, a program logic for verifying the total correctness of concurrent programs: that such programs both terminate and produce the correct result. With Total-TaDA, we can specify constraints on a threadâs concurrent environment that are necessary to guarantee termination. This allows us to verify total correctness for nonblocking algorithms, e.g. a counter and a stack. Our specifications can express lock- and wait-freedom. More generally, they can express that one operation cannot impede the progress of another, a new non-blocking property we call non-impedance. Moreover, our approach is modular. We can verify the operations of a module independently, and build up modules on top of each other
Modular termination veri cation for non-blocking concurrency (extended version)
We present Total-TaDA, a program logic for verifying the total correctness of concurrent programs: that such programs both terminate and produce the correct result. With Total-TaDA, we can specify constraints on a thread's concurrent environment that are necessary to guarantee termination. This allows us to verify total correctness for nonblocking algorithms, e.g. a counter and a stack. Our speci cations can express lock- and wait-freedom. More generally, they can express that one operation cannot impede the progress of another, a new non-blocking property we call non-impedance. Moreover, our approach is modular. We can verify the operations of a module independently, and build up modules on top of each other
Reasoning with time and data abstractions
In this thesis, we address the problem of verifying the functional correctness of concurrent programs, with emphasis on fine-grained concurrent data structures. Reasoning about such programs is challenging since data can be concurrently accessed by multiple threads: the reasoning must account for the interference between threads, which is often subtle. To reason about interference, concurrent operations should either be at distinct times or on distinct data.
We present TaDA, a sound program logic for verifying clients and implementations that use abstract specifications that incorporate both abstract atomicityâthe abstraction that operations take effect at a single, discrete instant in timeâand abstract disjointnessâthe abstraction that operations act on distinct data resources. Our key contribution is the introduction of atomic triples, which offer an expressive approach for specifying program modules.
We also present Total-TaDA, a sound extension of TaDA with which we can verify total correctness of concurrent programs, i.e. that such programs both produce the correct result and terminate. With Total-TaDA, we can specify constraints on a threadâs concurrent environment that are necessary to guarantee termination. This allows us to verify total correctness for nonblocking algorithms and express lock- and wait-freedom. More generally, the abstract specifications can express that one operation cannot impede the progress of another, a new non-blocking property that we call non-impedance.
Finally, we describe how to extend TaDA for proving abstract atomicity for data structures that make use of helpingâwhere one thread is performing an abstract operation on behalf of anotherâand speculationâwhere an abstract operation is determined by future behaviour.Open Acces
Efficient almost wait-free parallel accesible dynamic hashtables
Abstract In multiprogrammed systems, synchronization often turns out to be a performance bottleneck and the source of poor fault-tolerance. Wait-free and lock-free algorithms can do without locking mechanisms, and therefore do not suffer from these problems. We present an efficient almost wait-free algorithm for parallel accessible hashtables, which promises more robust performance and reliability than conventional lock-based implementations. Our solution is as efficient as sequential hashtables. It can easily be implemented using C-like languages and requires on average only constant time for insertion, deletion or accessing of elements. Apart from that, our new algorithm allows the hashtables to grow and shrink dynamically when needed. A true problem of lock-free algorithms is that they are hard to design correctly, even when apparently straightforward. Ensuring the correctness of the design at the earliest possible stage is a major challenge in any responsible system development. Our algorithm contains 81 atomic statements. In view of the complexity of the algorithm and its correctness properties, we turned to the interactive theorem prover PVS for mechanical support. We employ standard deductive verification techniques to prove around 200 invariance properties of our almost wait-free algorithm, and describe how this is achieved using the theorem prover PVS. CR Subject Classification (1991): D.1 Programming techniques AMS Subject Classification (1991): 68Q22 Distributed algorithms, 68P20 Information storage and retrieval Keywords & Phrases: Hashtables, Distributed algorithms, Lock-free, Wait-fre
Worst Case Scenario and Stakeholder Group Decision: A 5-6 Meter Sea Level Rise in the Rhone Delta, France
Risk policy and public attitudes appear disconnected from research predicting warmer climate partially due to human activity. To step out of this stalled situation, a worst case scenario of a 5-6m sea level rise (SLR) induced by the collapse of the WAIS and occurring during the period 2030-2130 is constructed and applied to the Rhone delta. Physical and socio-economic scenarios developed with data from the Rhone delta context are developed and submitted to stakeholders for a day-long workshop. Group process analysis shows a high level of trust and cooperation mobilized to face the 5-6m SLR issue, despite potentially diverging interests. Two sets of recommendations stem from the scenario workshop. A conservative "wait and see" option is decided when the risk of the WAIS collapse is announced in 2030. After WAIS collapse generates an effective 1m SLR rise by 2050, decisions are taken for total retreat and rendering of the Rhone delta to its hydrological function. The transposition of these results into present times policy decisions could be considered. The methodology developed here could be applied to other risk objects and situations, and serve for policy exercises and crisis prevention.Sea level rise, France, Camargue, scenario, extreme climate, stakeholder workshop
Rely-guarantee protocols for safe interference over shared memory
Mutable state can be useful in certain algorithms, to structure programs, or for
efficiency purposes. However, when shared mutable state is used in non-local or nonobvious
ways, the interactions that can occur via aliases to that shared memory can be
a source of program errors. Undisciplined uses of shared state may unsafely interfere
with local reasoning as other aliases may interleave their changes to the shared state
in unexpected ways. We propose a novel technique, rely-guarantee protocols, that
structures the interactions between aliases and ensures that only safe interference is
possible.
We present a linear type system outfitted with our novel sharing mechanism that
enables controlled interference over shared mutable resources. Each alias is assigned
separate, local roles encoded in a protocol abstraction that constrains how an alias can
legally use that shared state. By following the spirit of rely-guarantee reasoning, our
rely-guarantee protocols ensure that only safe interference can occur but still allow
many interesting uses of shared state, such as going beyond invariant and monotonic
usages.
This thesis describes the three core mechanisms that enable our type-based technique
to work: 1) we show how a protocol models an aliasâs perspective on how the
shared state evolves and constrains that aliasâs interactions with the shared state; 2) we
show how protocols can be used while enforcing the agreed interference contract; and
finally, 3) we show how to check that all local protocols to some shared state can be
safely composed to ensure globally safe interference over that shared memory. The
interference caused by shared state is rooted at how the uses of diâ”erent aliases to that
state may be interleaved (perhaps even in non-deterministic ways) at run-time. Therefore,
our technique is mostly agnostic as to whether this interference was the result
of alias interleaving caused by sequential or concurrent semantics. We show implementations
of our technique in both settings, and highlight their diâ”erences. Because
sharing is âfirst-classâ (and not tied to a module), we show a polymorphic procedure
that enables abstract compositions of protocols. Thus, protocols can be specialized or
extended without requiring specific knowledge of the interference produce by other
protocols to that state. We show that protocol composition can ensure safety even
when considering abstracted protocols. We show that this core composition mechanism
is sound, decidable (without the need for manual intervention), and provide an
algorithm implementation
Mechanism design for distributed task and resource allocation among self-interested agents in virtual organizations
The aggregate power of all resources on the Internet is enormous. The Internet can
be viewed as a massive virtual organization that holds tremendous amounts of information
and resources with different ownerships. However, little is known about how to run this
organization efficiently.
This dissertation studies the problems of distributed task and resource allocation
among self-interested agents in virtual organizations. The developed solutions are not
allocation mechanisms that can be imposed by a centralized designer, but decentralized
interaction mechanisms that provide incentives to self-interested agents to behave
cooperatively. These mechanisms also take computational tractability into consideration
due to the inherent complexity of distributed task and resource allocation problems.
Targeted allocation mechanisms can achieve global task allocation efficiency in a
virtual organization and establish stable resource-sharing communities based on agentsĂĂÂąĂĂĂĂ
own decisions about whether or not to behave cooperatively. This high level goal requires
solving the following problems: synthetic task allocation, decentralized coalition formation
and automated multiparty negotiation. For synthetic task allocation, in which each task needs to be accomplished by a
virtual team composed of self-interested agents from different real organizations, my
approach is to formalize the synthetic task allocation problem as an algorithmic mechanism
design optimization problem. I have developed two approximation mechanisms that I prove
are incentive compatible for a synthetic task allocation problem.
This dissertation also develops a decentralized coalition formation mechanism,
which is based on explicit negotiation among self-interested agents. Each agent makes its
own decisions about whether or not to join a candidate coalition. The resulting coalitions
are stable in the core in terms of coalition rationality. I have applied this mechanism to
form resource sharing coalitions in computational grids and buyer coalitions in electronic
markets.
The developed negotiation mechanism in the decentralized coalition formation
mechanism realizes automated multilateral negotiation among self-interested agents who
have symmetric authority (i.e., no mediator exists and agents are peers).
In combination, the decentralized allocation mechanisms presented in this
dissertation lay a foundation for realizing automated resource management in open and
scalable virtual organizations
- âŠ