Refinement and verification of concurrent systems specified in Object-Z and CSP

The formal development of large or complex systems can often be facilitated by the use of more than one formal specification language. Such a combination of languages is particularly suited to the specification of concurrent or distributed systems, where both the modelling of processes and state is necessary. This paper presents an approach to refinement and verification of specifications written using a combination of Object-Z and CSP. A common semantic basis for the two languages enables a unified method of refinement to be used, based upon CSP refinement. To enable state-based techniques to be used for the Object-Z components of a specification we develop state-based refinement relations which are sound and complete with respect to CSP refinement. In addition, a verification method for static and dynamic properties is presented. The method allows us to verify properties of the CSP system specification in terms of its component Object-Z classes by using the laws of the CSP operators together with the logic for Object-Z

Defining correctness conditions for concurrent objects in multicore architectures

Correctness of concurrent objects is defined in terms of conditions that determine allowable relationships between histories of a concurrent object and those of the corresponding sequential object. Numerous correctness conditions have been proposed over the years, and more have been proposed recently as the algorithms implementing concurrent objects have been adapted to cope with multicore processors with relaxed memory architectures. We present a formal framework for defining correctness conditions for multicore architectures, covering both standard conditions for totally ordered memory and newer conditions for relaxed memory, which allows them to be expressed in uniform manner, simplifying comparison. Our framework distinguishes between order and commitment properties, which in turn enables a hierarchy of correctness conditions to be established. We consider the Total Store Order (TSO) memory model in detail, formalise known conditions for TSO using our framework, and develop sequentially consistent variations of these. We present a work-stealing deque for TSO memory that is not linearizable, but is correct with respect to these new conditions. Using our framework, we identify a new non-blocking compositional condition, fence consistency, which lies between known conditions for TSO, and aims to capture the intention of a programmer-specified fence

QCD Structure of Leptons

The QCD structure of the electron is defined and calculated. The leading order splitting functions are extracted, showing an important contribution from $\gamma$-$Z$ interference. Leading logarithmic QCD evolution equations are constructed and solved in the asymptotic region where log$^2$ behaviour of the parton densities is observed. Corrections to the naive evolution procedure are demonstrated. Possible applications with clear manifestation of 'resolved' photon and weak bosons are discussed.Comment: 10 pages, 5 figures, revised versio

The African American Nuclear Family: Investigating the Healthy Habits of Successful Long-Term Marriages in The African American Community

This phenomenological study sought to understand what contributed to the success of long-term marriages in the African American community. Long-term marriage was defined as those lasting 20 years or more. The family systems theory developed by Dr. Murray Bowen guided this study. The study employed a phenomenological approach to qualitative inquiry. Due to the national health crisis, all interviews were conducted through a Zoom conferencing platform. Nine married couples who have been married for at least 20 years or more participated in the study. The following criteria had to be met to participate in the study: race, length of the marriage, and religious importance. Data collection methods included interviewing, direct observation, and journaling. The researcher analyzed data using Moustakas’ transcendental phenomenological data analysis. Four major themes emerged from the data: collaboration, communication, commitment, and religiosity

Incompleteness of relational simulations in the blocking paradigm

Refinement is the notion of development between formal specifications For specifications given in a relational formalism downward and upward simulations are the standard method to verify that a refinement holds their usefulness based upon their soundness and joint completeness This is known to be true for total relational specifications and has been claimed to hold for partial relational specifications in both the non-blocking and blocking interpretations In this paper we show that downward and upward simulations in the blocking interpretation where domains are guards are not Jointly complete This contradicts earlier claims in the literature We illustrate this with an example (based on one recently constructed by Reeves and Streader) and then construct a proof to show why Joint completeness fails in general (C) 2010 Elsevier B V All rights reserve

Invariant generation for linearizability proofs

Linearizability is a widely recognised correctness criterion for concurrent objects. A number of proof methods for verifying linearizability exist. In this paper, we simplify one such method with a systematic approach for invariant generation. Although this existing refinement-based method is itself systematic and fully tool-supported, it requires the verifier to provide a specific invariant over the implementation. While a chosen invariant may suffice for some proof obligations of the method, it may not for others resulting in a new, stronger invariant to be chosen and the previously completed proof steps to be redone. Our approach avoids such wasted proof effort by generating an invariant which is guaranteed to be sufficient for all proof obligations

Total annual and seasonal DM production of improved and unimproved resident pastures at three farms in Canterbury

Yield differences between resident and improved pastures were quantified over a 3-4 yr period on three rainfed farms located in North Canterbury (Stockgrove, north of Amberley), Banks Peninsula (Willesden Farm) and the Mid-Canterbury foothills (Inverary Station). Improved pastures produced two- to three-times more feed annually than unimproved resident pastures at each property. At Stockgrove, improved chicory/white clover-based pastures produced 14.1±0.66 t DM/ha/yr compared with 4.36±0.41 t DM/ha/yr from unimproved pastures. Spring accounted for 85% (improved) and 72% (unimproved) of total annual DM production. At Willesden, lucerne monocultures produced 11.5±0.97 t DM/ha/yr, which was more than the 4.44±0.45 t DM/ha/yr produced from resident pastures. Improved pastures at Inverary yielded 7.31±0.59 t DM/ha in summer/autumn of 2018/19, which was more than double the 3.34±0.43 t DM/ha from unimproved pastures. In 2019/2020, improved pastures produced 11.7±1.45 t DM/ha compared with 4.45±0.73 t DM/ha. In the third growth season (2020/2021) improved pastures produced 14.1±1.76 t DM/ha compared with 6.67±1.38 t DM/ha from unimproved pastures. In Year 4 (2021/22) the 12.6±1.29 t DM/ha from improved pastures was 56% more than the 8.07±0.85 t DM/ha from the unimproved pastures. Substantial increases in annual and seasonal feed supply patterns can be achieved through hill country pasture improvement

Modelling concurrent objects running on the TSO and ARMv8 memory models

Hardware weak memory models, such as TSO and ARM, are used to increase the performance of concurrent programs by allowing program instructions to be executed on the hardware in a different order to that specified by the software. This places a challenge on the verification of concurrent objects used in these programs since the variations in the executions need to be considered. Many approaches exist for verifying concurrent objects along with associated tool support. In particular, we focus on a thread-local approach to checking linearizability, the standard correctness condition for concurrent objects, using a model checker. This approach, like most others, does not support weak memory models. In order to reuse this existing approach, therefore, we show how to use the semantics of a weak memory model to directly derive a transition system of concurrent objects running under it. We do this for both TSO and the latest version of ARM, ARMv8. Since there is a straightforward implementation of TSO, we reflect this in our transition system which includes a buffer of writes to memory mirroring the store buffer of TSO. We illustrate linearizability checking using model checking on a transition system generated by this approach. The implementation of the significantly more complex ARMv8 architecture is less obvious. We derive our transition system in this case from an exisiting operational semantics that is consistent with the results of thousands of litmus test run on ARM hardware

Building a refinement checker for Z

In previous work we have described how refinements can be checked using a temporal logic based model-checker, and how we have built a model-checker for Z by providing a translation of Z into the SAL input language. In this paper we draw these two strands of work together and discuss how we have implemented refinement checking in our Z2SAL toolset. The net effect of this work is that the SAL toolset can be used to check refinements between Z specifications supplied as input files written in the LaTeX mark-up. Two examples are used to illustrate the approach and compare it with a manual translation and refinement check.Comment: In Proceedings Refine 2011, arXiv:1106.348