79 research outputs found
Dissolving four-manifolds and positive scalar curvature
We prove that many simply connected symplectic four-manifolds dissolve after
connected sum with only one copy of .
For any finite group G that acts freely on the three-sphere we construct
closed smooth four-manifolds with fundamental group G which do not admit
metrics of positive scalar curvature, but whose universal covers do admit such
metrics.Comment: 13 pages; to appear in Mathematische Zeitschrif
Proving opacity of a pessimistic STM
Transactional Memory (TM) is a high-level programming abstraction for concurrency control that provides
programmers with the illusion of atomically executing blocks of code, called transactions. TMs come in
two categories, optimistic and pessimistic, where in the latter transactions never abort. While this simplifies
the programming model, high-performing pessimistic TMs can complex.
In this paper, we present the first formal verification of a pessimistic software TM algorithm, namely,
an algorithm proposed by Matveev and Shavit. The correctness criterion used is opacity, formalising the
transactional atomicity guarantees. We prove that this pessimistic TM is a refinement of an intermediate
opaque I/O-automaton, known as TMS2. To this end, we develop a rely-guarantee approach for reducing
the complexity of the proof. Proofs are mechanised in the interactive prover Isabelle
Perturbed geodesics on the moduli space of flat connections and Yang-Mills theory
If we consider the moduli space of flat connections of a non trivial
principal SO(3)-bundle over a surface, then we can define a map from the set of
perturbed closed geodesics, below a given energy level, into families of
perturbed Yang-Mills connections depending on a small parameter. In this paper
we show that this map is a bijection and maps perturbed geodesics into
perturbed Yang-Mills connections with the same Morse index.Comment: 58 pages, 3 figure
Verifying correctness of persistent concurrent data structures: a sound and complete method
Non-volatile memory (NVM), aka persistent memory, is a new memory paradigm that preserves its contents even after power loss. The expected ubiquity of NVM has stimulated interest in the design of persistent concurrent data structures, together with associated notions of correctness. In this paper, we present a formal proof technique for durable linearizability, which is a correctness criterion that extends linearizability to handle crashes and recovery in the context ofNVM.Our proofs are based on refinement of Input/Output automata (IOA) representations of concurrent data structures. To this end, we develop a generic procedure for transforming any standard sequential data structure into a durable specification and prove that this transformation is both sound and complete. Since the durable specification only exhibits durably linearizable behaviours, it serves as the abstract specification in our refinement proof. We exemplify our technique on a recently proposed persistentmemory queue that builds on Michael and Scott’s lock-free queue. To support the proofs, we describe an automated translation procedure from code to IOA and a thread-local proof technique for verifying correctness of invariants
Brief announcement: On strong observational refinement and forward simulation
Hyperproperties are correctness conditions for labelled transition systems that are more expressive than traditional trace properties, with particular relevance to security. Recently, Attiya and Enea studied a notion of strong observational refinement that preserves all hyperproperties. They analyse the correspondence between forward simulation and strong observational refinement in a setting with finite traces only. We study this correspondence in a setting with both finite and infinite traces. In particular, we show that forward simulation does not preserve hyperliveness properties in this setting. We extend the forward simulation proof obligation with a progress condition, and prove that this progressive forward simulation does imply strong observational refinement
Mechanized proofs of opacity: A comparison of two techniques
Software transactional memory (STM) provides programmers with a high-level programming abstraction
for synchronization of parallel processes, allowing blocks of codes that execute in an interleaved manner to be treated
as atomic blocks. This atomicity property is captured by a correctness criterion called opacity, which relates the
behaviour of an STM implementation to those of a sequential atomic specification. In this paper, we prove opacity of
a recently proposed STM implementation: the Transactional Mutex Lock (TML) by Dalessandro et al. For this, we
employ two different methods: the first method directly shows all histories of TML to be opaque (proof by induction),
using a linearizability proof of TML as an assistance; the second method shows TML to be a refinement of an existing
intermediate specification called TMS2 which is known to be opaque (proof by simulation).
Both proofs are carried out within interactive provers, the first with KIV and the second with both Isabelle and
KIV. This allows to compare not only the proof techniques in principle, but also their complexity in mechanization.
It turns out that the second method, already leveraging an existing proof of opacity of TMS2, allows the proof to be
decomposed into two independent proofs in the way that the linearizability proof does not
In-situ Mössbauer Spectroscopy with MIMOS II at Rio Tinto, Spain
The Rio Tinto, located in southwest Spain, exhibits a nearly constant, acidic pHvalue along its course. Due to the formation of sulfate minerals, Rio Tinto is considered a potential analogue site for sulfate-rich regions on Mars, in particular at the landing site of the Mars Exploration Rover Opportunity, where the ferric sulfate mineral jarosite was identified with Opportunity's Mössbauer spectrometer. Primary and secondary mineralogy was investigated in situ with portable Raman and Mössbauer spectrometers at four different Rio Tinto sampling sites. The two techniques analyse different sample portions due to their specific field of view and sampling depth and provide complementary mineralogical information
A Sound and Complete Proof Technique for Linearizability of Concurrent Data Structures
Efficient implementations of data structures such as queues, stacks or hash-tables allow for concurrent access by many processes at the same time. To increase concurrency, these algorithms often completely dispose with locking, or only lock small parts of the structure. Linearizability is the standard correctness criterion for such a scenario—where a concurrent object is linearizable if all of its operations appear to take effect instantaneously some time between their invocation and return.
The potential concurrent access to the shared data structure tremendously increases the complexity of the verification problem, and thus current proof techniques for showing linearizability are all tailored to specific types of data structures. In previous work, we have shown how simulation-based proof conditions for linearizability can be used to verify a number of subtle concurrent algorithms. In this article, we now show that conditions based on backward simulation can be used to show linearizability of every linearizable algorithm, that is, we show that our proof technique is both sound and complete. We exemplify our approach by a linearizability proof of a concurrent queue, introduced in Herlihy and Wing's landmark paper on linearizability. Except for their manual proof, none of the numerous other approaches have successfully treated this queue.
Our approach is supported by a full mechanisation: both the linearizability proofs for case studies like the queue, and the proofs of soundness and completeness have been carried out with an interactive prover, which is KIV
Weak Sequential Composition in Process Algebras
n this paper we study a special operator for sequential composition, which is defined relative to a dependency relation over the actions of a given system. The idea is that actions which are not dependent (intuitively because they share no common resources) do not have to wait for one another to proceed, even if they are composed sequentially. Such a notion has been studied before in a linear-time setting, but until recently there has been no systematic investigation in the context of process algebras.
We give a structural operational semantics for a process algebraic language containing such a sequential composition operator, which shows some interesting interplay with choice. We give a complete axiomatisation of strong bisimilarity and we show consistency of the operational semantics with an event-based denotational semantics developed recently by the second author. The axiom system allows to derive the communication closed layers law, which in the linear time setting has been shown to be a very useful instrument in correctness preserving transformations. We conclude with a couple of examples
- …