Proving opacity of a pessimistic STM

Transactional Memory (TM) is a high-level programming abstraction for concurrency control that provides programmers with the illusion of atomically executing blocks of code, called transactions. TMs come in two categories, optimistic and pessimistic, where in the latter transactions never abort. While this simplifies the programming model, high-performing pessimistic TMs can complex. In this paper, we present the first formal verification of a pessimistic software TM algorithm, namely, an algorithm proposed by Matveev and Shavit. The correctness criterion used is opacity, formalising the transactional atomicity guarantees. We prove that this pessimistic TM is a refinement of an intermediate opaque I/O-automaton, known as TMS2. To this end, we develop a rely-guarantee approach for reducing the complexity of the proof. Proofs are mechanised in the interactive prover Isabelle

Verifying linearizability on TSO architectures

Linearizability is the standard correctness criterion for fine-grained, non-atomic concurrent algorithms, and a variety of methods for verifying linearizability have been developed. However, most approaches assume a sequentially consistent memory model, which is not always realised in practice. In this paper we define linearizability on a weak memory model: the TSO (Total Store Order) memory model, which is implemented in the x86 multicore architecture. We also show how a simulation-based proof method can be adapted to verify linearizability for algorithms running on TSO architectures. We demonstrate our approach on a typical concurrent algorithm, spinlock, and prove it linearizable using our simulation-based approach. Previous approaches to proving linearizabilty on TSO architectures have required a modification to the algorithm's natural abstract specification. Our proof method is the first, to our knowledge, for proving correctness without the need for such modification

Characterizing low-frequency artifacts during transcranial temporal interference stimulation (tTIS)

Transcranial alternating current stimulation (tACS) is a well-established brain stimulation technique to modulate human brain oscillations. However, due to the strong electro-magnetic artifacts induced by the stimulation current, the simultaneous measurement of tACS effects during neurophysiological recordings in humans is challenging. Recently, transcranial temporal interference stimulation (tTIS) has been introduced to stimulate neurons at depth non-invasively. During tTIS, two high-frequency sine waves are applied, that interfere inside the brain, resulting in amplitude modulated waveforms at the target frequency. Given appropriate hardware, we show that neurophysiological data during tTIS may be acquired without stimulation artifacts at low-frequencies. However, data must be inspected carefully for possible low-frequency artifacts. Our results may help to design experimental setups to record brain activity during tTIS, which may foster our understanding of its underlying mechanisms.</p

Non-invasive imaging methods applied to neo- and paleo-ontological cephalopod research

Several non-invasive methods are common practice in natural sciences today. Here we present how they can be applied and contribute to current topics in cephalopod (paleo-) biology. Different methods will be compared in terms of time necessary to acquire the data, amount of data, accuracy/resolution, minimum/maximum size of objects that can be studied, the degree of post-processing needed and availability. The main application of the methods is seen in morphometry and volumetry of cephalopod shells. In particular we present a method for precise buoyancy calculation. Therefore, cephalopod shells were scanned together with different reference bodies, an approach developed in medical sciences. It is necessary to know the volume of the reference bodies, which should have similar absorption properties like the object of interest. Exact volumes can be obtained from surface scanning. Depending on the dimensions of the study object different computed tomography techniques were applied

Revision of the Cretaceous shark Protoxynotus (Chondrichthyes, Squaliformes) and early evolution of somniosid sharks

Due to the peculiar combination of dental features characteristic for different squaliform families, the position of the Late Cretaceous genera Protoxynotus and Paraphorosoides within Squaliformes has long been controversial. In this study, we revise these genera based on previously known fossil teeth and new dental material. The phylogenetic placement of Protoxynotus and Paraphorosoides among other extant and extinct squaliforms is discussed based on morphological characters combined with DNA sequence data of extant species. Our results suggest that Protoxynotus and Paraphorosoides should be included in the Somniosidae and that Paraphorosoides is a junior synonym of Protoxynotus. New dental material from the Campanian of Germany and the Maastrichtian of Austria enabled the description of a new species Protoxynotus mayrmelnhofi sp. nov. In addition, the evolution and origin of the characteristic squaliform tooth morphology are discussed, indicating that the elongated lower jaw teeth with erected cusp and distinct dignathic heterodonty of Protoxynotus represents a novel functional adaptation in its cutting-clutching type dentition among early squaliform sharks. Furthermore, the depositional environment of the tooth bearing horizons allows for an interpretation of the preferred habitat of this extinct dogfish shark, which exclusively occupied shelf environments of the Boreal- and northern Tethyan realms during the Late Cretaceous.publishedVersio

Verifying correctness of persistent concurrent data structures: a sound and complete method

Non-volatile memory (NVM), aka persistent memory, is a new memory paradigm that preserves its contents even after power loss. The expected ubiquity of NVM has stimulated interest in the design of persistent concurrent data structures, together with associated notions of correctness. In this paper, we present a formal proof technique for durable linearizability, which is a correctness criterion that extends linearizability to handle crashes and recovery in the context ofNVM.Our proofs are based on refinement of Input/Output automata (IOA) representations of concurrent data structures. To this end, we develop a generic procedure for transforming any standard sequential data structure into a durable specification and prove that this transformation is both sound and complete. Since the durable specification only exhibits durably linearizable behaviours, it serves as the abstract specification in our refinement proof. We exemplify our technique on a recently proposed persistentmemory queue that builds on Michael and Scott’s lock-free queue. To support the proofs, we describe an automated translation procedure from code to IOA and a thread-local proof technique for verifying correctness of invariants

Brief announcement: On strong observational refinement and forward simulation

Hyperproperties are correctness conditions for labelled transition systems that are more expressive than traditional trace properties, with particular relevance to security. Recently, Attiya and Enea studied a notion of strong observational refinement that preserves all hyperproperties. They analyse the correspondence between forward simulation and strong observational refinement in a setting with finite traces only. We study this correspondence in a setting with both finite and infinite traces. In particular, we show that forward simulation does not preserve hyperliveness properties in this setting. We extend the forward simulation proof obligation with a progress condition, and prove that this progressive forward simulation does imply strong observational refinement

Early-season movement dynamics of phytophagous pest and natural enemies across a native vegetation-crop ecotone

There is limited understanding about how insect movement patterns are influenced by landscape features, and how landscapes can be managed to suppress pest phytophage populations in crops. Theory suggests that the relative timing of pest and natural enemy arrival in crops may influence pest suppression. However, there is a lack of data to substantiate this claim. We investigate the movement patterns of insects from native vegetation (NV) and discuss the implications of these patterns for pest control services. Using bi-directional interception traps we quantified the number of insects crossing an NV/crop ecotone relative to a control crop/crop interface in two agricultural regions early in the growing season. We used these data to infer patterns of movement and net flux. At the community-level, insect movement patterns were influenced by ecotone in two out of three years by region combinations. At the functional-group level, pests and parasitoids showed similar movement patterns from NV very soon after crop emergence. However, movement across the control interface increased towards the end of the early-season sampling period. Predators consistently moved more often from NV into crops than vice versa, even after crop emergence. Not all species showed a significant response to ecotone, however when a response was detected, these species showed similar patterns between the two regions. Our results highlight the importance of NV for the recruitment of natural enemies for early season crop immigration that may be potentially important for pest suppression. However, NV was also associated with crop immigration by some pest species. Hence, NV offers both opportunities and risks for pest management. The development of targeted NV management may reduce the risk of crop immigration by pests, but not of natural enemies

Relational Concurrent Refinement II: Internal Operations and Outputs

Two styles of description arise naturally in formal specification: state-based and behavioural. In state-based notations, a system is characterised by a collection of variables, and their values determine which actions may occur throughout a system history. Behavioural specifications describe the chronologies of actions -- interactions between a system and its environment. The exact nature of such interactions is captured in a variety of semantic models with corresponding notions of refinement; refinement in state based systems is based on the semantics of sequential programs and is modelled relationally. Acknowledging that these viewpoints are complementary, substantial research has gone into combining the paradigms. The purpose of this paper is to do three things. First, we survey recent results linking the relational model of refinement to the process algebraic models. Specifically, we detail how variations in the relational framework lead to relational data refinement being in correspondence with traces-divergences, singleton failures and failures-divergences refinement in a process semantics. Second, we generalise these results by providing a general flexible scheme for incorporating the two main ''erroneous'' concurrent behaviours: deadlock and divergence, into relational refinement. This is shown to subsume previous characterisations. In doing this we derive relational refinement rules for specifications containing both internal operations and outputs that corresponds to failures-divergences refinement. Third, the theory has been formally specified and verified using the interactive theorem prover KIV

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac