Dissolving four-manifolds and positive scalar curvature

We prove that many simply connected symplectic four-manifolds dissolve after connected sum with only one copy of $S^{2}\times S^{2}$. For any finite group G that acts freely on the three-sphere we construct closed smooth four-manifolds with fundamental group G which do not admit metrics of positive scalar curvature, but whose universal covers do admit such metrics.Comment: 13 pages; to appear in Mathematische Zeitschrif

Perturbed geodesics on the moduli space of flat connections and Yang-Mills theory

If we consider the moduli space of flat connections of a non trivial principal SO(3)-bundle over a surface, then we can define a map from the set of perturbed closed geodesics, below a given energy level, into families of perturbed Yang-Mills connections depending on a small parameter. In this paper we show that this map is a bijection and maps perturbed geodesics into perturbed Yang-Mills connections with the same Morse index.Comment: 58 pages, 3 figure

Proving opacity of a pessimistic STM

Transactional Memory (TM) is a high-level programming abstraction for concurrency control that provides programmers with the illusion of atomically executing blocks of code, called transactions. TMs come in two categories, optimistic and pessimistic, where in the latter transactions never abort. While this simplifies the programming model, high-performing pessimistic TMs can complex. In this paper, we present the first formal verification of a pessimistic software TM algorithm, namely, an algorithm proposed by Matveev and Shavit. The correctness criterion used is opacity, formalising the transactional atomicity guarantees. We prove that this pessimistic TM is a refinement of an intermediate opaque I/O-automaton, known as TMS2. To this end, we develop a rely-guarantee approach for reducing the complexity of the proof. Proofs are mechanised in the interactive prover Isabelle

Verifying correctness of persistent concurrent data structures: a sound and complete method

Non-volatile memory (NVM), aka persistent memory, is a new memory paradigm that preserves its contents even after power loss. The expected ubiquity of NVM has stimulated interest in the design of persistent concurrent data structures, together with associated notions of correctness. In this paper, we present a formal proof technique for durable linearizability, which is a correctness criterion that extends linearizability to handle crashes and recovery in the context ofNVM.Our proofs are based on refinement of Input/Output automata (IOA) representations of concurrent data structures. To this end, we develop a generic procedure for transforming any standard sequential data structure into a durable specification and prove that this transformation is both sound and complete. Since the durable specification only exhibits durably linearizable behaviours, it serves as the abstract specification in our refinement proof. We exemplify our technique on a recently proposed persistentmemory queue that builds on Michael and Scott’s lock-free queue. To support the proofs, we describe an automated translation procedure from code to IOA and a thread-local proof technique for verifying correctness of invariants

Brief announcement: On strong observational refinement and forward simulation

Hyperproperties are correctness conditions for labelled transition systems that are more expressive than traditional trace properties, with particular relevance to security. Recently, Attiya and Enea studied a notion of strong observational refinement that preserves all hyperproperties. They analyse the correspondence between forward simulation and strong observational refinement in a setting with finite traces only. We study this correspondence in a setting with both finite and infinite traces. In particular, we show that forward simulation does not preserve hyperliveness properties in this setting. We extend the forward simulation proof obligation with a progress condition, and prove that this progressive forward simulation does imply strong observational refinement

Mechanized proofs of opacity: A comparison of two techniques

Software transactional memory (STM) provides programmers with a high-level programming abstraction for synchronization of parallel processes, allowing blocks of codes that execute in an interleaved manner to be treated as atomic blocks. This atomicity property is captured by a correctness criterion called opacity, which relates the behaviour of an STM implementation to those of a sequential atomic specification. In this paper, we prove opacity of a recently proposed STM implementation: the Transactional Mutex Lock (TML) by Dalessandro et al. For this, we employ two different methods: the first method directly shows all histories of TML to be opaque (proof by induction), using a linearizability proof of TML as an assistance; the second method shows TML to be a refinement of an existing intermediate specification called TMS2 which is known to be opaque (proof by simulation). Both proofs are carried out within interactive provers, the first with KIV and the second with both Isabelle and KIV. This allows to compare not only the proof techniques in principle, but also their complexity in mechanization. It turns out that the second method, already leveraging an existing proof of opacity of TMS2, allows the proof to be decomposed into two independent proofs in the way that the linearizability proof does not

In-situ Mössbauer Spectroscopy with MIMOS II at Rio Tinto, Spain

The Rio Tinto, located in southwest Spain, exhibits a nearly constant, acidic pHvalue along its course. Due to the formation of sulfate minerals, Rio Tinto is considered a potential analogue site for sulfate-rich regions on Mars, in particular at the landing site of the Mars Exploration Rover Opportunity, where the ferric sulfate mineral jarosite was identified with Opportunity's Mössbauer spectrometer. Primary and secondary mineralogy was investigated in situ with portable Raman and Mössbauer spectrometers at four different Rio Tinto sampling sites. The two techniques analyse different sample portions due to their specific field of view and sampling depth and provide complementary mineralogical information

The behavioural semantics of Event-B refinement

Event-B provides a flexible framework for stepwise system development via re finement. The framework supports steps for (a) re fining events (one-by-one), (b) splitting events (one-by-many), and (c) introducing new events. In each of the steps events can be indicated as convergent (to be made internal) or anticipated (treatment deferred to a later refi nement step). All such steps are accompanied with precise proof obligations. However, no behavioural semantics has been provided to validate the proof obligations, and no formal justifi cation has previously been given for the application of these rules in a re finement chain. Behavioural semantics expresses a clear relationship between the first and last machines in a re finement chain. The framework we present provides a coherent justi fication for Abrial's approach to re finement in Event-B, and its generalisation to interface extension: adding events to the interface. In this paper, we give a behavioural semantics for Event-B refi nement, with a treatment for the first time of splitting events and of anticipated events, adding to the well-understood treatment of convergent events. To this end, we de fine a CSP semantics for Event-B and show how the di fferent forms of Event-B refi nement can be captured as CSP re finement. It turns out that the appropriate CSP refi nement relationship is influenced by the particular Event-B development strategy taken. We present two such strategies, one allowing, the other disallowing interface extensions

A Sound and Complete Proof Technique for Linearizability of Concurrent Data Structures

Efficient implementations of data structures such as queues, stacks or hash-tables allow for concurrent access by many processes at the same time. To increase concurrency, these algorithms often completely dispose with locking, or only lock small parts of the structure. Linearizability is the standard correctness criterion for such a scenario—where a concurrent object is linearizable if all of its operations appear to take effect instantaneously some time between their invocation and return. The potential concurrent access to the shared data structure tremendously increases the complexity of the verification problem, and thus current proof techniques for showing linearizability are all tailored to specific types of data structures. In previous work, we have shown how simulation-based proof conditions for linearizability can be used to verify a number of subtle concurrent algorithms. In this article, we now show that conditions based on backward simulation can be used to show linearizability of every linearizable algorithm, that is, we show that our proof technique is both sound and complete. We exemplify our approach by a linearizability proof of a concurrent queue, introduced in Herlihy and Wing's landmark paper on linearizability. Except for their manual proof, none of the numerous other approaches have successfully treated this queue. Our approach is supported by a full mechanisation: both the linearizability proofs for case studies like the queue, and the proofs of soundness and completeness have been carried out with an interactive prover, which is KIV