Verification of Shared-Reading Synchronisers

Synchronisation classes are an important building block for shared memory concurrent programs. Thus to reason about such programs, it is important to be able to verify the implementation of these synchronisation classes, considering atomic operations as the synchronisation primitives on which the implementations are built. For synchronisation classes controlling exclusive access to a shared resource, such as locks, a technique has been proposed to reason about their behaviour. This paper proposes a technique to verify implementations of both exclusive access and shared-reading synchronisers. We use permission-based Separation Logic to describe the behaviour of the main atomic operations, and the basis for our technique is formed by a specification for class AtomicInteger, which is commonly used to implement synchronisation classes in java.util.concurrent. To demonstrate the applicability of our approach, we mechanically verify the implementation of various synchronisation classes like Semaphore, CountDownLatch and Lock.Comment: In Proceedings MeTRiD 2018, arXiv:1806.0933

Provably Correct Control-Flow Graphs from Java Programs with Exceptions

We present an algorithm to extract flow graphs from Java bytecode, focusing on exceptional control flows. We prove its correctness, meaning that the behaviour of the extracted control-flow graph is an over-approximation of the behaviour of the original program. Thus any safety property that holds for the extracted control-flow graph also holds for the original program. This makes control-flow graphs suitable for performing different static analyses. For precision and efficiency, the extraction is performed in two phases. In the first phase the program is transformed into a BIR program, where BIR is a stack-less intermediate representation of Java bytecode; in the second phase the control-flow graph is extracted from the BIR representation. To prove the correctness of the two-phase extraction, we also define a direct extraction algorithm, whose correctness can be proven immediately. Then we show that the behaviour of the control-flow graph extracted via the intermediate representation is an over-approximation of the behaviour of the directly extracted graphs, and thus of the original program

Permission-Based Separation Logic for Multithreaded Java Programs

This paper presents a program logic for reasoning about multithreaded Java-like programs with dynamic thread creation, thread joining and reentrant object monitors. The logic is based on concurrent separation logic. It is the first detailed adaptation of concurrent separation logic to a multithreaded Java-like language. The program logic associates a unique static access permission with each heap location, ensuring exclusive write accesses and ruling out data races. Concurrent reads are supported through fractional permissions. Permissions can be transferred between threads upon thread starting, thread joining, initial monitor entrancies and final monitor exits. In order to distinguish between initial monitor entrancies and monitor reentrancies, auxiliary variables keep track of multisets of currently held monitors. Data abstraction and behavioral subtyping are facilitated through abstract predicates, which are also used to represent monitor invariants, preconditions for thread starting and postconditions for thread joining. Value-parametrized types allow to conveniently capture common strong global invariants, like static object ownership relations. The program logic is presented for a model language with Java-like classes and interfaces, the soundness of the program logic is proven, and a number of illustrative examples are presented

Specification and verification of synchronisation classes in Java:A practical approach

Digital services are becoming an essential part of our daily lives. To provide these services, efficient software plays an important role. Concurrent programming is a technique that developers can exploit to gain more performance. In a concurrent program several threads of execution simultaneously are being executed. Sometimes they have to compete to access shared resources, like memory. This race of accessing shared memories can cause unexpected errors. Programmers use synchronisation constructs to tame the concurrency and control the accesses. In order to develop reliable concurrent software, the correctness of these synchronisation constructs is crucial. In this thesis we use a program logic, called permission-based Separation Logic, to statically reason about the correctness of synchronisation constructs. The logic has the power to reason about correct ownership of threads regarding shared memory. A correctly functioning synchroniser is responsible for exchanging a correct permission when a thread requests access to the shared memory. We use our VERCORS verification tool-set to verify the correctness of various synchronisation constructs. In Chapter 1 we discuss the scope of the thesis. All the required technical background about permission-based Separation Logic and synchronisation classes is explained in Chapter 2. In Chapter 3 we discuss how threads' start and join as minimum synchronisation points can be verified. To verify correctness of the synchronisation classes we have to first specify expected behaviour of the classes. This is covered in Chapter 4. In this chapter we present a unified approach to abstractly describe the common behaviour of synchronisers. Using our specifications, one is able to reason about the correctness of the client programs that access the shared state through the synchronisers. The atomic classes of java.util.concurrent are the core element of every synchronisation construct implementation. In Chapter 5 and Chapter 6 we propose a specification for atomic classes. Using this contract, we verified the implementation of synchronisation constructs w.r.t to their specifications from Chapter 4. In our proposed contract the specification of the atomic classes is parameterized with the protocols and resource invariants. Based on the context, the parameters can be defined. In Chapter 7 we propose a verification stack where each layer of stack verifies one particular aspect of a specified concurrent program in which atomic operations are the main synchronisation constructs. We demonstrate how to verify that a non-blocking data structure is data-race free and well connected. Based on the result of the verification from the lower layers, upper layers can reason about the functional properties of the concurrent data structure. In Chapter 8 we present a sound specification and verification technique to reason about data race freedom and functional correctness of GPU kernels that use atomic operations as synchronisation mechanism. Finally, Chapter 9 concludes the thesis with future directions

Growth monitoring in children with low and normal birth weight up to two years: A retrospective cohort study

Objective: This study was conducted aimed to compare the growth indices in 2 years old children with a history of low birth weight with normal birth weight children.Methods: Current retrospective cohort study on all two-year children with low birth weight and three times the normal weight children covered by health centers of Kahnooj, was conducted in 2015. Cares at birth, 1, 2, 4, 6, 7, 9, 12, 15, 18 and 24 months of age were studied and, child growth indices (weight, height, head circumference), along with some demographic variables were studied. Information were entered SPSS version 20 and the analysis was performed.Results: There were significant differences in children's growth of both groups in all periods of care. Despite the same slope, growth pattern in children showed a significant difference. Young mother, girl sex of baby and preterm birth are predictor factors of low birth weight.Conclusion: Trends and growth patterns of weight, height and head circumference in underweight children have significant difference with normal children and, despite the same slope, these children can not compensate for the backwardness of its growth to the age of two. So you need to plot separate growth curves for these children and, possible preventive measures should be taken to prevent bearing underweight baby

A History of BlockingQueues

This paper describes a way to formally specify the behaviour of concurrent data structures. When specifying concurrent data structures, the main challenge is to make specifications stable, i.e., to ensure that they cannot be invalidated by other threads. To this end, we propose to use history-based specifications: instead of describing method behaviour in terms of the object's state, we specify it in terms of the object's state history. A history is defined as a list of state updates, which at all points can be related to the actual object's state. We illustrate the approach on the BlockingQueue hierarchy from the java.util.concurrent library. We show how the behaviour of the interface BlockingQueue is specified, leaving a few decisions open to descendant classes. The classes implementing the interface correctly inherit the specifications. As a specification language, we use a combination of JML and permission-based separation logic, including abstract predicates. This results in an abstract, modular and natural way to specify the behaviour of concurrent queues. The specifications can be used to derive high-level properties about queues, for example to show that the order of elements is preserved. Moreover, the approach can be easily adapted to other concurrent data structures.Comment: In Proceedings FLACOS 2012, arXiv:1209.169

Through the Kinesthetic Lens : Observation of Social Attunement in Autism Spectrum Disorders

© 2017 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).This paper will present a movement-informed perspective to social attunement in Autism Spectrum Disorders (ASD). BACKGROUND: Dance movement therapy (DMT) is a psychotherapeutic intervention that is used with participants with ASD in various settings. Regular clinical outcome monitoring in an outpatient setting in the Netherlands had shown positive effects on social attunement capacities in young people with ASD. However, a systematic study of the development of social attunement movement behaviors of participants with ASD throughout a DMT intervention was not yet available. METHODS: A series of individual cases of DMT with young people with ASD (mean age 12.2 years.) were analyzed for changes in interpersonal movement behaviors employing video-based retrospective observation. RESULTS: The findings were summarized in an observation scale for interpersonal movement behaviors. This scale was then tested for its applicability for the monitoring of social attunement behaviors throughout therapy. DISCUSSION: A movement-informed perspective may be helpful to inventory changes in social attunement behaviors in participants with ASD. The relevance of a movement-informed perspective for the concept of social attunement in ASD will be discussed.Peer reviewedFinal Published versio

Piercing A Liquid Droplet By A Gas Jet

Paper presented at 2018 Canadian Society of Mechanical Engineers International Congress, 27-30 May 2018.Impingement of a gas jet on a suspended water droplet is studied experimentally. The jet penetration process depends on the jet velocity and jet to droplet diameter ratio. At small jet to diameter ratios and large enough jet velocities, the jet penetrated through the droplet. At larger jet to droplet diameter, the droplet fragmentation becomes more significant, with large droplet deformation. For this experiment, different types of breakup process are categorized, and theoretical explanations are provided