A Study of Concurrency Bugs and Advanced Development Support for Actor-based Programs

The actor model is an attractive foundation for developing concurrent applications because actors are isolated concurrent entities that communicate through asynchronous messages and do not share state. Thereby, they avoid concurrency bugs such as data races, but are not immune to concurrency bugs in general. This study taxonomizes concurrency bugs in actor-based programs reported in literature. Furthermore, it analyzes the bugs to identify the patterns causing them as well as their observable behavior. Based on this taxonomy, we further analyze the literature and find that current approaches to static analysis and testing focus on communication deadlocks and message protocol violations. However, they do not provide solutions to identify livelocks and behavioral deadlocks. The insights obtained in this study can be used to improve debugging support for actor-based programs with new debugging techniques to identify the root cause of complex concurrency bugs.Comment: - Submitted for review - Removed section 6 "Research Roadmap for Debuggers", its content was summarized in the Future Work section - Added references for section 1, section 3, section 4.3 and section 5.1 - Updated citation

Verifying Class Invariants in Concurrent Programs

Class invariants are a highly useful feature for the verification of object-oriented programs, because they can be used to capture all valid object states. In a sequential program setting, the validity of class invariants is typically described in terms of a visible state semantics, i.e., invariants only have to hold whenever a method begins or ends execution, and they may be broken inside a method body. However, in a concurrent setting, this restriction is no longer usable, because due to thread interleavings, any program state is potentially a visible state. In this paper we present a new approach for reasoning about class invariants in multithreaded programs. We allow a thread to explicitly break an invariant at specific program locations, while ensuring that no other thread can observe the broken invariant. We develop our technique in a permission-based separation logic environment. However, we deviate from separation logic's standard rules and allow a class invariant to express properties over shared memory locations (the invariant footprint), independently of the permissions on these locations. In this way, a thread may break or reestablish an invariant without holding permissions to all locations in its footprint. To enable modular verification, we adopt the restrictions of Muller's ownership-based type system

Deciding to enter tertiary education and taking on debt : a longitudinal perspective

This thesis describes a program of research designed to investigate longitudinally the role of debt in a cohort of 1232 final-year New Zealand secondary school students, their tertiary entry decisions and their attitudes towards tertiary education and student debt. It follows some of these students into their first year out of school into tertiary education or otherwise. Two surveys were conducted that employed the Attitude to Debt Scale (Davies and Lea, 1995) to address students’ debt and savings behaviour and estimates, tertiary education entry decisions, and attitudes to tertiary education and term-time working. Debt attitudes are found to be more complex than previously proposed, and this has significant ramifications for debt attitude theory and research. Longitudinal comparisons suggest students’ views regarding debt necessity does not change but their attitude to avoiding does. Students become more or less avoidant of debt depending on their circumstances. However, debt attitude results still support many of the findings of earlier research such as debt acquisition preceding a more tolerant attitude change. Debt and tertiary education attitudes are not well predicted. Students report engaging in term-time working to limit their student loans, but engaging in term-time working results in lower grades in their studies. Those from the middle and higher socio-economic classes are more likely to be positive towards tertiary education, and thus entrants, compared with the lower socio-economic classes. However, the results do not suggest this is due to debt attitudes or fear of debt

A foundation for runtime monitoring

Runtime Verification is a lightweight technique that complements other verification methods in an effort to ensure software correctness. The technique poses novel questions to software engineers: it is not easy to identify which specifications are amenable to runtime monitor-ing, nor is it clear which monitors effect the required runtime analysis correctly. This exposition targets a foundational understanding of these questions. Particularly, it considers an expressive specification logic (a syntactic variant of the modal μ-calculus) that is agnostic of the verification method used, together with an elemental framework providing an operational semantics for the runtime analysis performed by monitors. The correspondence between the property satisfactions in the logic on the one hand, and the verdicts reached by the monitors performing the analysis on the other, is a central theme of the study. Such a correspondence underpins the concept of monitorability, used to identify the subsets of the logic that can be adequately monitored for by RV. Another theme of the study is that of understanding what should be expected of a monitor in order for the verification process to be correct. We show how the monitor framework considered can constitute a basis whereby various notions of monitor correctness may be defined and investigated.peer-reviewe

A Foundation for Runtime Monitoring

Runtime Verification is a lightweight technique that complements other verification methods in an effort to ensure software correctness. The technique poses novel questions to software engineers: it is not easy to identify which specifications are amenable to runtime monitoring, nor is it clear which monitors effect the required runtime analysis correctly. This exposition targets a foundational understanding of these questions. Particularly, it considers an expressive specification logic (a syntactic variant of the mmucalc) that is agnostic of the verification method used, together with an elemental framework providing an operational semantics for the runtime analysis performed by monitors. The correspondence between the property satisfactions in the logic on the one hand, and the verdicts reached by the monitors performing the analysis on the other, is a central theme of the study. Such a correspondence underpins the concept of monitorability, used to identify the subsets of the logic that can be adequately monitored for by RV. Another theme of the study is that of understanding what should be expected of a monitor in order for the verification process to be correct. We show how the monitor framework considered can constitute a basis whereby various notions of monitor correctness may be defined and investigated

Unaufmerksamkeit und Ablenkung: Was macht der Mensch am Steuer?

Im Hinblick auf die Prävention von Unfällen, welche aufgrund der in der Schweiz häufigsten Unfallursache 'Unaufmerksamkeit & Ablenkung' zustande kommen, untersucht dieses Projekt, welche Kategorien von Unaufmerksamkeit & Ablenkung' unterschieden werden müssen und wie häufig diese Kategorien im Schweizer Strassenverkehr vorkommen. Dadurch entsteht erstmalig eine flächendeckende Bestandesaufnahme der Ursachen von Unaufmerksamkeit & Ablenkung am Steuer im realen Strassenverkehr. Durch die Verbindung dieser Daten mit in- und ausländischen Unfallstatistiken und mit experimentellen Studien lassen sich Rückschlüsse auf das mit den einzelnen Kategorien von Unaufmerksamkeit & Ablenkung verbundene Unfallrisiko ziehen. Die Daten werden mittels Mini-Videokameras in Autos erhoben und mit einem auf der Basis nationaler und internationaler Unfallstatistiken und Studien zu entwickelnden Kategoriensystems codiert. Bei jeder Fahrt werden Zusatzdaten wie z.B. Strassenkategorie erhoben. Ergänzt werden diese Daten durch eine Befragung, welche audio-visuell nicht erfassbare Kategorie von U&A, sowie fahrtübergreifende Merkmale (z.B. Geschlecht, Autotyp) abdecken