Formal methods for concurrency

Free download. Book file PDF easily for everyone and every device. You can download and read online Formal methods for concurrency file PDF Book only if you are registered here. And also you can download or read online all Book PDF file that related with Formal methods for concurrency book. Happy reading Formal methods for concurrency Bookeveryone. Download file Free Book PDF Formal methods for concurrency at Complete PDF Library. This Book have some digital formats such us :paperbook, ebook, kindle, epub, fb2 and another formats. Here is The CompletePDF Book Library. It's free to register here to get Book file PDF Formal methods for concurrency Pocket Guide.

We introduce SAGA, a general framework that provides a smooth integration of the specification and the run-time checking of both data- and protocol-oriented properties of Java classes and interfaces. In earlier work, we developed a variant of permission-based separation logic that is particularly suited to reason about multithreaded Java programs with dynamic thread creation and termination, and reentrant locks.

This talk discusses how within the context of the VerCors project, we extend this approach to make it suitable to specify and verify concurrent data structures. In particular, we will discuss the following topics:. Finally, we will also present how permission-based separation logic is also suitable to reason about programs in a different concurrency setting, such as GPU kernels written in OpenCL.

Submission history

Download the presentation Verification of Concurrent Datastructures. Safety-Critical Java SCJ is a novel version of Java that addresses issues related to real-time programming and certification of safety-critical applications. Occasionally, more than two concurrent components can form a deadlocked ring.

Livelock is the failure condition that exists when a concurrent component repeatedly obtains a needed resource but never completes its execution before losing that resource e. Starvation is the failure condition that exists when a concurrent component is ready to execute, but is indefinitely delayed because other components have the necessary resources. Suspension is the failure condition that exists when a concurrent component is forced to wait too long before it can access a shared resource i.

Race Condition a. A race condition can occur if the correct ordering of the operations is not enforced or if shared resources are not protected from simultaneous access. For example, one thread or process writes to an unprotected memory location, while another simultaneously accesses it, thereby corrupting the stored data. Priority Inversion is the failure condition that exists when a higher priority operation of one concurrent component is forced to wait on the execution of a lower priority operation of another concurrent operation.

  • The Concept of a University?
  • Financing Your Small Business: From SBA Loans and Credit Cards to Common Stock and Partnership Interests.
  • Recent Publications.
  • Abstraction as a Unifying Link for Formal Approaches to Concurrency.
  • Other VU-programmes for you.
  • Abstraction as a Unifying Link for Formal Approaches to Concurrency;
  • FME Annual General Meeting - A Celebration of Formal Methods ยท Formal Methods Europe.

Atomicity Violation is the failure event that occurs when the execution of one concurrent component interrupts another concurrent component's execution that must run to completion without disruption. The interruption could be caused by a higher-priority task or an unexpected message, exception, timeout, hardware interrupt, crash, or reboot. The following three additional types of concurrency-related defects may overlap with the previous ones or each other: Isolation Failure is any failure event during which two concurrently executing components unexpectedly access a shared resource simultaneously via an interference path, thereby violating the components' spatial or temporal isolation.

FME Annual General Meeting 2013 - A Celebration of Formal Methods

These shared resources can be processor-internal e. Note that a temporal isolation failure can lead to the failure of hard-real-time requirements e. Synchronization Failure is any failure event involving the synchronization of two or more concurrently executing components. Examples include 1 unexpected message, 2 expected message that fails to arrive, arrives too early, arrives too late, or 3 multiple messages that arrive in an incorrect order.

Deep Dive: Formal Methods - Hedera18

Lack of Tolerance is any concurrency-related fault or failure condition that is not mitigated by an appropriate fault or failure tolerance mechanism such as exception handling or redundancy with voting. In practice, concurrency defects typically share the following properties: Concurrency defects tend to cause intermittent faults or failures that only occur rarely, often after prolonged execution. Concurrency defects cause faults and failures that are hard to both reproduce and analyze to identify their root causes.

The same test inputs may produce different test results due to the nondeterministic nature of concurrent systems and software.

The fault or failure may not reoccur when the software under test executes in debug mode. Concurrency defects can cause violations of both functional requirements and quality e. For example, accidental violations of temporal isolation in real-time systems may cause a violation of response time, jitter, and latency requirements.

Concurrency defects are often not explicitly addressed during test planning e. The different types of concurrency defects are only rarely used to drive the selection of test cases specifically designed to uncover them. Correcting concurrency defects often require specialized rearchitecting or redesign rather than simple, software code changes. August This lack of awareness and use has many reasons: Many concurrency testing techniques do not scale well to match the size and complexity of current systems.

Because complexity increases exponentially as the number of concurrently-executing components increases, it is not practical to exhaustively test all possible interleavings and synchronization orders. This complexity could lead to enormous test suites, and some of the proposed approaches concentrate on minimizing test suite size without unduly decreasing test effectiveness. Still, most of the proposed approaches do not necessarily scale well to address today's large and complex software applications, systems, and systems of systems.

Most developers and testers are relatively unfamiliar with explicitly dealing with concurrency. They lack adequate training in concurrency, concurrency-related defects, and concurrency-related testing.

Sound Re-Engineering of Code (Postdoc Position)

Developers and testers tend to be comfortable using the testing techniques they are familiar with, even though these techniques were not designed for testing concurrent systems and software. For example, Junit is a popular Java testing unit testing framework and tool that does not support concurrency testing out-of-the-box. Most of the concurrency testing techniques have been developed for testing software.

There has been relatively little research into addressing concurrency at the subsystem, system, and system of systems levels. According to literature surveys, the majority of concurrency testing techniques are academic proposals rather than mature methods that have been demonstrated to be effective under real-world circumstances.

Many concurrency testing techniques require the use of tools that are currently immature and not widely known. In terms of practicality and actual use, the most important concurrency testing approaches appear to be: Structural Whitebox Unit and Integration Testing Methods. These approaches concentrate on using architectural and design information to identify points of communication and synchronization, followed by creating sufficient test cases to provide adequate coverage.

Concurrency and Protocol Verification

His research interests are in the verification and control of reactive, real-time, hybrid, and probabilistic systems, software verification and programming languages, logic, and automata theory. He received the B. Sanjit A. He received an M. His research interests are in dependable computing and computational logic, with a current focus on applying automated formal methods to problems in cyber-physical systems, computer security, electronic design automation, and synthetic biology.

His Ph.

Formal methods - Wikipedia

He is co-author of a widely-used textbook on embedded, cyber-physical systems and has led the development of technologies for cyber-physical systems education based on formal methods. Logic and proof theory are probably have proved to be the most effective mathematical tools to help modularly engineering correct software, and this since the introduction of type inference, upto fantastic progresses of SAT-SMT solvers and provers. In this talk, I will focus on past experience of my former project-team ESPRESSO in manipulating such tools in the design, implementation, proof and test-case of Polychrony: an open-source synchronous modeling environment hosted on the Polarsys industry working group of the Eclipse foundation. I will highlight the compositionality and scalability of its concepts by considering two major case studies with Polychrony and its commercial implementation, RT-Builder in developing functional and real-time simulators, in avionics and automotive, and the integration of these concepts in the AADL standard.