Steps in modular specifications for concurrent modules

© 2015 Published by Elsevier B.V.The specification of a concurrent program module is a difficult problem. The specifications must be strong enough to enable reasoning about the intended clients without reference to the underlying module implementation. We survey a range of verification techniques for specifying concurrent modules, in particular highlighting four key concepts: auxiliary state, interference abstraction, resource ownership and atomicity. We show how these concepts combine to provide powerful approaches to specifying concurrent modules

Locality refinement

We study re nement in the setting of local reasoning. In particular, we explore general translations that preserve and that break locality

Formalized Verification of Snapshotable Trees: Separation and Sharing

Abstract. We use separation logic to specify and verify a Java program that implements snapshotable search trees, fully formalizing the specification and verification in the Coq proof assistant. We achieve local and modular reasoning about a tree and its snapshots and their iterators, although the implementation involves shared mutable heap data structures with no separation or ownership relation between the various data. The paper also introduces a series of four increasingly sophisticated implementations and verifies the first one. The others are included as future work and as a set of challenge problems for full functional specification and verification, whether by separation logic or by other formalisms.

TaDA: A logic for time and data abstraction (extended version)

To avoid data races, concurrent operations should either be at distinct times or on distinct data. Atomicity is the abstraction that an operation takes effect at a single, discrete instant in time, with linearisability being a well known correctness condition which asserts that concurrent operations appear to behave atomically. Disjointness is the abstraction that operations act on distinct data resource, with concurrent separation logics enabling reasoning about threads that appear to operate independently on disjoint resources. We present TaDA, a program logic that combines the benefits of abstract atomicity and abstract disjointness. Our key contribution is the introduction of atomic triples, which offer an expressive approach to specifying program modules. By building up examples, we show that TaDA supports elegant modular reasoning in a way that was not previously possible

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity

We present a lightweight approach to Hoare-style specifications for fine-grained concurrency, based on a notion of time-stamped histories that abstractly capture atomic changes in the program state. Our key observation is that histories form a partial commutative monoid, a structure fundamental for representation of concurrent resources. This insight provides us with a unifying mechanism that allows us to treat histories just like heaps in separation logic. For example, both are subject to the same assertion logic and inference rules (e.g., the frame rule). Moreover, the notion of ownership transfer, which usually applies to heaps, has an equivalent in histories. It can be used to formally represent helping---an important design pattern for concurrent algorithms whereby one thread can execute code on behalf of another. Specifications in terms of histories naturally abstract granularity, in the sense that sophisticated fine-grained algorithms can be given the same specifications as their simplified coarse-grained counterparts, making them equally convenient for client-side reasoning. We illustrate our approach on a number of examples and validate all of them in Coq.Comment: 17 page

Trace Properties from Separation Logic Specifications

We propose a formal approach for relating abstract separation logic library specifications with the trace properties they enforce on interactions between a client and a library. Separation logic with abstract predicates enforces a resource discipline that constrains when and how calls may be made between a client and a library. Intuitively, this can enforce a protocol on the interaction trace. This intuition is broadly used in the separation logic community but has not previously been formalised. We provide just such a formalisation. Our approach is based on using wrappers which instrument library code to induce execution traces for the properties under examination. By considering a separation logic extended with trace resources, we prove that when a library satisfies its separation logic specification then its wrapped version satisfies the same specification and, moreover, maintains the trace properties as an invariant. Consequently, any client and library implementation that are correct with respect to the separation logic specification will satisfy the trace properties

Modular termination verification for non-blocking concurrency

© Springer-Verlag Berlin Heidelberg 2016.We present Total-TaDA, a program logic for verifying the total correctness of concurrent programs: that such programs both terminate and produce the correct result. With Total-TaDA, we can specify constraints on a thread’s concurrent environment that are necessary to guarantee termination. This allows us to verify total correctness for nonblocking algorithms, e.g. a counter and a stack. Our specifications can express lock- and wait-freedom. More generally, they can express that one operation cannot impede the progress of another, a new non-blocking property we call non-impedance. Moreover, our approach is modular. We can verify the operations of a module independently, and build up modules on top of each other

Health economic assessment tools (HEAT) for walking and for cycling

Physical inactivity is a significant public health problem in most regions of the world, which is unlikely to be solved by classical health promotion approaches alone. The promotion of active transport (cycling and walking) for everyday physical activity is a win-win approach; it not only promotes health but can also lead to positive environmental effects, especially if cycling and walking replace short car trips. Cycling and walking can also be more readily integrated into people’s busy schedules than, for example, leisure-time exercise. These forms of physical activity are also more practicable for groups of the population for which sport is either not feasible because of physical limitations or is not an accessible leisure activity for economic, social or cultural reasons. There is a large potential for active travel in European urban transport, as many trips are short and would be amenable to being undertaken on foot or by bicycle. This, however, requires effective partnerships with the transport and urban planning sectors, whose policies are key driving forces in providing appropriate conditions for such behavioural changes to take place. This has been recognized by a number of international policy frameworks, such as the Action Plan for implementation of the European Strategy for the Prevention and Control of Noncommunicable Diseases 2012–2016, adopted by the WHO Regional Committee for Europe (1). The strategy identifies the promotion of active mobility as one of the supporting interventions endorsed by WHO Member States to address this highpriority topic in the European Region, as do other international policy frameworks such as the Toronto Charter for Physical Activity launched in May 2010 as a global call for action (2)

Utilizing grass for the biological production of polyhydroxyalkanoates (PHAs) via green biorefining: Material and energy flows

The meat and dairy industry across Europe is dependent on the production of grass. However, faced with competing pressures to reduce the environmental impact of agriculture, a potential future reduction of meat and dairy consumption in western diets, and pressure to minimize food production costs, grass could be used to produce alternative products. The biological production of polyhydroxyalkanoates (PHA) by using grass as the primary carbon source in a novel mixed culture process has been studied. A total of 30,000 t of fresh grass would yield approximately 403.65 t of dried biopolymer granules. On the basis of this early stage, non-optimized process, the cumulative energy demand (CED) of PHA produced from waste grass and cultivated grass was found to be 248.4 MJ/kg and 271.8 MJ/kg, respectively, which is the same order of magnitude as fossil-carbon-based polymers. Improvements in volatile fatty acid yields, reduction in chemical and water inputs, and using residues to make other products will reduce the CED. Given the future requirement to produce polymers with little or no fossil-carbon feedstock, an optimized version of the process could provide a viable future production option that also contributes to the long-term sustainability of agricultural communities