Verification of Shared-Reading Synchronisers

Synchronisation classes are an important building block for shared memory concurrent programs. Thus to reason about such programs, it is important to be able to verify the implementation of these synchronisation classes, considering atomic operations as the synchronisation primitives on which the implementations are built. For synchronisation classes controlling exclusive access to a shared resource, such as locks, a technique has been proposed to reason about their behaviour. This paper proposes a technique to verify implementations of both exclusive access and shared-reading synchronisers. We use permission-based Separation Logic to describe the behaviour of the main atomic operations, and the basis for our technique is formed by a specification for class AtomicInteger, which is commonly used to implement synchronisation classes in java.util.concurrent. To demonstrate the applicability of our approach, we mechanically verify the implementation of various synchronisation classes like Semaphore, CountDownLatch and Lock.Comment: In Proceedings MeTRiD 2018, arXiv:1806.0933

Provably Correct Control-Flow Graphs from Java Programs with Exceptions

We present an algorithm to extract flow graphs from Java bytecode, focusing on exceptional control flows. We prove its correctness, meaning that the behaviour of the extracted control-flow graph is an over-approximation of the behaviour of the original program. Thus any safety property that holds for the extracted control-flow graph also holds for the original program. This makes control-flow graphs suitable for performing different static analyses. For precision and efficiency, the extraction is performed in two phases. In the first phase the program is transformed into a BIR program, where BIR is a stack-less intermediate representation of Java bytecode; in the second phase the control-flow graph is extracted from the BIR representation. To prove the correctness of the two-phase extraction, we also define a direct extraction algorithm, whose correctness can be proven immediately. Then we show that the behaviour of the control-flow graph extracted via the intermediate representation is an over-approximation of the behaviour of the directly extracted graphs, and thus of the original program

Permission-Based Separation Logic for Multithreaded Java Programs

This paper presents a program logic for reasoning about multithreaded Java-like programs with dynamic thread creation, thread joining and reentrant object monitors. The logic is based on concurrent separation logic. It is the first detailed adaptation of concurrent separation logic to a multithreaded Java-like language. The program logic associates a unique static access permission with each heap location, ensuring exclusive write accesses and ruling out data races. Concurrent reads are supported through fractional permissions. Permissions can be transferred between threads upon thread starting, thread joining, initial monitor entrancies and final monitor exits. In order to distinguish between initial monitor entrancies and monitor reentrancies, auxiliary variables keep track of multisets of currently held monitors. Data abstraction and behavioral subtyping are facilitated through abstract predicates, which are also used to represent monitor invariants, preconditions for thread starting and postconditions for thread joining. Value-parametrized types allow to conveniently capture common strong global invariants, like static object ownership relations. The program logic is presented for a model language with Java-like classes and interfaces, the soundness of the program logic is proven, and a number of illustrative examples are presented

Formal specifications for Java’s synchronisation classes

Abstract—This paper discusses formal specification and verification of the synchronisation classes of the Java API. In many verification systems for concurrent programs, synchronisation is treated as a primitive operation. As a result, verification rules for synchronisation are hard-coded in the logic, and not verified. These rules describe the concrete semantics of the given synchronisation primitive, and manage how resources are protected by synchronisation. In contrast, this paper describes several synchronisation primitives at the specification level, by specifying the behaviour of synchronisation routines from the Java API at method level using permission-based Separation Logic. This gives a generalised, high-level, and easily extendable approach to formalisation of arbitrary synchronisation mechanisms, which allows for modular treatment of synchronisation in verification. Notably, our approach does not only apply to locks, but also to other synchronisation mechanisms such as semaphores and latches that we also discuss in the paper. Finally, we used the verification tool that we are developing and successfully verified (so far simplified) reference implementations of all presented synchronisers; the paper discusses the verification of one of them. I

Verification of Shared-Reading Synchronisers

Synchronisation classes are an important building block for shared memory concurrent programs. Thus to reason about such programs, it is important to be able to verify the implementation of these synchronisation classes, considering atomic operations as the synchronisation primitives on which the implementations are built. For synchronisation classes controlling exclusive access to a shared resource, such as locks, a technique has been proposed to reason about their behaviour. This paper proposes a technique to verify implementations of both exclusive access and shared-reading synchronisers. We use permission-based Separation Logic to describe the behaviour of the main atomic operations and the basis for our technique is formed by a specification for class AtomicInteger, which is commonly used to implement synchronisation classes in Java.util.concurrent. To demonstrate the applicability of our approach, we mechanically verify the implementation of various synchronisation classes like Semaphore, CountDownLatch and Lock

Variation in resting metabolic rate and energy substrate oxidation during menstrual cycle in young adult women

Sievietes menstruālais cikls pakļauj fizioloģiskām izmaiņām organisma orgānu sistēmu darbību un funkcijas, kā piemēram, cirkulāciju, vielmaiņu, termoregulāciju u.c. Zinātniskās literatūras dati par vielmaiņas intensitātes svārstību dinamiku un lielumu menstruālā cikla laikā ir pretrunīgi. Tādēļ darba mērķis bija novērtēt vielmaiņu un to raksturojošo parametru variabilitāti menstruālā ciklā laikā jaunām sievietēm. Pētījumā piedalījās 8 jaunas, klīniski veselas sievietes vecumā no 20 līdz 34 gadiem, kurām ar netiešās kalorimetrijas metodi tika noteikti gāzu maiņas dati, pēc kuriem tika iegūtas miera metabolisma intensitātes un enerģētisko substrātu - ogļhidrātu un lipīdu, oksidācijas intensitātes vērtības menstruālā cikla laikā. Rezultāti rāda, ka jaunām pieaugušām sievietēm vielmaiņas intensitāte menstruālā cikla laikā svārstās 6-19% robežās, visaugstāko vērtību sasniedzot luteālajā fāzē. Metabolisma intensitātes individuālo svārstību lielums nav atkarīgs no miera metabolisma absolūtās vērtības. Lipīdu un ogļhidrātu oksidācijas dinamika svārstās attiecīgi 26-131% un 23-65% robežās, kur visintensīvākā lipīdu oksidācija ir novērojama agrīnā luteālā fāzē, bet ogļhidrātiem – ovulācijas un vēlīnā luteālā fāzē. Iegūtie dati ļauj secināt, ka vielmaiņu raksturojošo parametru svārstību lielums ir individuāls, un tas nav atkarīgs ne no personas antropometriskajiem un ķermeņa svaru raksturojošiem parametriem, ne arī individuālās absolūtās vielmaiņas un enerģētisko substrātu oksidācijas intensitātes.Women menstrual cycle influence physiological changes in organism organ system work and functions, for example, circulation, metabolism, thermoregulation. Scientific data about metabolic rate and it’s variation dynamics is inconsistent. That’s the reason why as a purpose for this study was to determine variation of metabolism and it’s parameters during menstrual cycle in young adult women. In current study were participated 8 joung, clinically healthy woman in age from 20 to 34, with indirect calorimetry were determined gas changes data, which were used to determine resting metabolic rate and energy substrate - carbohydrates and lipids, oxidation rate during menstrual cycle. The results demonstrate that variations in resting metabolic rate during menstrual cycle in young adult women variates from 6% to 19%, the maximal resting metabolic rate is during menstrual cycle luteal phase. Individual variation value is independent from resting metabolic rate absolute value. Dinamics ir energy substrate oxidation variates from 26% to 131% for lipids and from 23% to 65% for carbohydrates. Maximal lipid oxidation is shortlu afret ovulacion at early luteal phase, maximal carbohydrate oxidation is while ovulation and also at late luteal phase. Obtained data let to conclude, that metabolic parameter variation value is individual, and it is independent from persons anthropometric and body mass parameters, or from individual metabolic absolute rate and energetic substrate oxidation rate

Provably Correct Control-Flow Graphs from Java Programs with Exceptions

We present an algorithm to extract flow graphs from Java bytecode, including exceptional control flows. We prove its correctness, meaning that the behavior of the extracted control-flow graph is a sound over-approximation of the behavior of the original program. Thus any safety property that holds for the extracted control-flow graph also holds for the original program. This makes control-flow graphs suitable for performing various static analyses, such as model checking.The extraction is performed in two phases. In the first phase the program is transformed into a BIR program, a stack-less intermediate representation of Java bytecode, from which the control-flow graph is extracted in the second phase. We use this intermediate format because it results in compact flow graphs, with provably correct exceptional control flow. To prove the correctness of the two-phase extraction, we also define an idealized extraction algorithm, whose correctness can be proven directly. Then we show that the behavior of the control-flow graph extracted via the intermediate representation is an over-approximation of the behavior of the directly extracted graphs, and thus of the original program. We implemented the indirect extraction as the CFGEx tool and performed several test-cases to show the efficiency of the algorithm.QC 20120116CVP