Steps in modular specifications for concurrent modules

© 2015 Published by Elsevier B.V.The specification of a concurrent program module is a difficult problem. The specifications must be strong enough to enable reasoning about the intended clients without reference to the underlying module implementation. We survey a range of verification techniques for specifying concurrent modules, in particular highlighting four key concepts: auxiliary state, interference abstraction, resource ownership and atomicity. We show how these concepts combine to provide powerful approaches to specifying concurrent modules

Modular termination verification for non-blocking concurrency

© Springer-Verlag Berlin Heidelberg 2016.We present Total-TaDA, a program logic for verifying the total correctness of concurrent programs: that such programs both terminate and produce the correct result. With Total-TaDA, we can specify constraints on a thread’s concurrent environment that are necessary to guarantee termination. This allows us to verify total correctness for nonblocking algorithms, e.g. a counter and a stack. Our specifications can express lock- and wait-freedom. More generally, they can express that one operation cannot impede the progress of another, a new non-blocking property we call non-impedance. Moreover, our approach is modular. We can verify the operations of a module independently, and build up modules on top of each other

TaDA: A logic for time and data abstraction (extended version)

To avoid data races, concurrent operations should either be at distinct times or on distinct data. Atomicity is the abstraction that an operation takes effect at a single, discrete instant in time, with linearisability being a well known correctness condition which asserts that concurrent operations appear to behave atomically. Disjointness is the abstraction that operations act on distinct data resource, with concurrent separation logics enabling reasoning about threads that appear to operate independently on disjoint resources. We present TaDA, a program logic that combines the benefits of abstract atomicity and abstract disjointness. Our key contribution is the introduction of atomic triples, which offer an expressive approach to specifying program modules. By building up examples, we show that TaDA supports elegant modular reasoning in a way that was not previously possible

Abstract specifications for concurrent maps (extended version)

Despite recent advances in reasoning about concurrent data structure libraries, the largest implementations in java.util.concurrent have yet to be verified. The key issue lies in the development of modular specifications, which provide clear logical boundaries between clients and implementations. A solution is to use recent advances in fine-grained concurrency reasoning, in particular the introduction of abstract atomicity to concurrent separation logic reasoning. We present two specifications of concurrent maps, both providing the clear boundaries we seek. We show that these specifications are equivalent, in that they can be built from each other. We show how we can verify client programs, such as a concurrent set and a producer-consumer client. We also give a substantial first proof that the main operations of ConcurrentSkipListMap in java.util.concurrent satisfy the map specification. This work demonstrates that we now have the technology to verify the largest implementations in java.util.concurrent

Modular termination veri cation for non-blocking concurrency (extended version)

We present Total-TaDA, a program logic for verifying the total correctness of concurrent programs: that such programs both terminate and produce the correct result. With Total-TaDA, we can specify constraints on a thread's concurrent environment that are necessary to guarantee termination. This allows us to verify total correctness for nonblocking algorithms, e.g. a counter and a stack. Our speci cations can express lock- and wait-freedom. More generally, they can express that one operation cannot impede the progress of another, a new non-blocking property we call non-impedance. Moreover, our approach is modular. We can verify the operations of a module independently, and build up modules on top of each other

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity

We present a lightweight approach to Hoare-style specifications for fine-grained concurrency, based on a notion of time-stamped histories that abstractly capture atomic changes in the program state. Our key observation is that histories form a partial commutative monoid, a structure fundamental for representation of concurrent resources. This insight provides us with a unifying mechanism that allows us to treat histories just like heaps in separation logic. For example, both are subject to the same assertion logic and inference rules (e.g., the frame rule). Moreover, the notion of ownership transfer, which usually applies to heaps, has an equivalent in histories. It can be used to formally represent helping---an important design pattern for concurrent algorithms whereby one thread can execute code on behalf of another. Specifications in terms of histories naturally abstract granularity, in the sense that sophisticated fine-grained algorithms can be given the same specifications as their simplified coarse-grained counterparts, making them equally convenient for client-side reasoning. We illustrate our approach on a number of examples and validate all of them in Coq.Comment: 17 page

Diversity of harvestmen (Arachnida, Opiliones) in Parque da Onca Parda, southeastern Brazil

The environment most diverse in harvestmen species is the Atlantic Forest of Sao Paulo. However, there remains a lack of studies regarding their communities in certain regions. Among these regions is one south of the Paranapiacaba mountain range in the state of Sao Paulo, the Parque da Onca Parda (POP). Through nocturnal collections and pitfall traps, the region's harvestmen community has been studied. The observed richness of this site included 27 species, with dominance of three species: Holcobunus nigripalpis Roewer, 1910, Neosadocus maximus (Giltay, 1928) and Munequita sp., accounting for 68.4% of harvestmen abundance. This makes the diversity of POP more similar to the semideciduous Atlantic Forest communities of the interior than to those of the Coastal Atlantic Forest that contains the park. Its geographic location places it within the Southern Sao Paulo State (SSP) area of endemism, along with the Parque Turistico do Alto Ribeira (PETAR), with which it shares up to 12% similarity regarding harvestmen fauna. Richness and abundance of harvestmen were positively related to temperature and humidity. The period of animal activity (as measured by abundance and richness) varied throughout the night, being highest in the early hours during both studied seasons (summer and winter).FAPESPFAPESP [2008/06604-7, 2009/17206-5, 2010/06253-0

Diversity of harvestmen (Arachnida, Opiliones) in Parque da Onça Parda, southeastern Brazil

The environment most diverse in harvestmen species is the Atlantic Forest of São Paulo. However, there remains a lack of studies regarding their communities in certain regions. Among these regions is one south of the Paranapiacaba mountain range in the state of São Paulo, the Parque da Onça Parda (POP). Through nocturnal collections and pitfall traps, the region's harvestmen community has been studied. The observed richness of this site included 27 species, with dominance of three species: Holcobunus nigripalpis Roewer, 1910, Neosadocus maximus (Giltay, 1928) and Munequita sp., accounting for 68.4% of harvestmen abundance. This makes the diversity of POP more similar to the semideciduous Atlantic Forest communities of the interior than to those of the Coastal Atlantic Forest that contains the park. Its geographic location places it within the Southern São Paulo State (SSP) area of endemism, along with the Parque Turístico do Alto Ribeira (PETAR), with which it shares up to 12% similarity regarding harvestmen fauna. Richness and abundance of harvestmen were positively related to temperature and humidity. The period of animal activity (as measured by abundance and richness) varied throughout the night, being highest in the early hours during both studied seasons (summer and winter)