developing programs by splitting atoms rely guarantee
play

Developing programs by Splitting atoms (rely/guarantee conditions, - PowerPoint PPT Presentation

Jul 12, 2023 •225 likes •603 views

Developing programs by Splitting atoms (rely/guarantee conditions, data reification, . . . ) Cliff B Jones Computing Science Newcastle University FMCO 2008-10-22 Cliff B Jones (Newcastle) Developing programs by Splitting atoms

  1. Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) Cliff B Jones Computing Science Newcastle University FMCO 2008-10-22 Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 1 / 36

  2. Contents Design as abstraction layers 1 ACMs 2 Where to start – a specification Splitting atoms (gently) in abstract state Retaining less history The four-slot representation Conclusions 3 Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 2 / 36

  3. Key abstractions Pre/post-conditions (as in VDM/B/. . . ) ◮ design by sequential “operation decomposition rules” ◮ Floyd/Hoare-like rules (coping with relational post-conditions) Rely/Guarantee “thinking” ◮ not (just) a specific set of rules ◮ show importance of “frames” (cf. Separation Logic) ◮ using “auxiliary variables” Abstract objects ◮ choice of abstract data objects key for specifications ◮ data “reification” (classic-VDM / Nipkow’s rule) ◮ link with R/G development “fiction of atomicity” ◮ “splitting (software) atoms safely” [Jon07] ◮ cf. database transactions [JLRW05], . . . Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 3 / 36

  4. While (operation decomposition) rule S sat ( P ∧ b, P ∧ W ) P ⇒ δ l ( b ) While - I mk - While ( b, S ) sat ( P, P ∧ ¬ b ∧ W ∗ ) Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 4 / 36

  5. An R/G picture Q G G G Program Environment R R R R P Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 5 / 36

  6. One R/G rule cf. [CJ07] { P, R ∨ Gr } ⊢ sl sat ( Gl, Ql ) { P, R ∨ Gl } ⊢ sr sat ( Gr, Qr ) Gl ∨ Gr ⇒ G ↼ − P ∧ Ql ∧ Qr ∧ ( R ∨ Gl ∨ Gr ) ∗ ⇒ Q Par - I { P, R } ⊢ mk - Par ( sl, sr ) sat ( G, Q ) Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 6 / 36

  7. Subtle link between R/G and data reification cf. [Jon07] in FINDP ◮ we have t ← min ( t , local ) in n parallel processes ◮ assuming we don’t want to “lock” t ◮ need a representation that helps us to preserve R/G conditions ◮ (simple to) represent as t as min ( et , ot ) SIEVE ◮ we have to remove an element from a set s ◮ assuming we don’t want to “lock” s (big!) ◮ need a representation that helps preserve R/G conditions s ⊆ ↼ − s ◮ (less obvious) represent s as a bit vector Simpson ◮ extremely interesting ◮ my claim: this is the essence of Simpson’s contribution Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 7 / 36

  8. Contents Design as abstraction layers 1 ACMs 2 Where to start – a specification Splitting atoms (gently) in abstract state Retaining less history The four-slot representation Conclusions 3 Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 8 / 36

  9. ACMs: topic of [JP08] Communication (Atomic?) Write(42)
 x
:=
Read()
 Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 9 / 36

  10. ACMs Atomic and (trying for) Asynchronous Write
 Read()
 Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 10 / 36

  11. Simpson’s algorithm Simpson’s algorithm ◮ ingenious algorithm ◮ difficult to prove correct ◮ actually, all proofs make assumptions ◮ different verification methods give different insights ◮ but, even then, lack of explanation several other folk still working on this ◮ come back to at end run through our “rational reconstruction” ◮ “explanation” via layers of abstraction essential to get the big steps right before detailed proof apologies for so much argument about eight lines of code . . . Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 11 / 36

  12. Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 12 / 36

  13. Specification Σ a :: data - w : Value ∗ fresh - w : N hold - r : N inv ( mk -Σ a ( data - w , fresh - w , hold - r )) △ fresh - w , hold - r ∈ { 1 .. len data - w } ∧ hold - r ≤ fresh - w σ a 0 = mk -Σ a ([ x ] , 1 , 1) while true do start - Write ( v : Value ): data - w ← data - w � [ v ]; commit - Write (): fresh - w ← len data - w od while true do start - Read (): hold - r ← fresh - w ; end - Read () r : Value : r ← data - w ( i ) for some i ∈ { hold - r .. fresh - w } od Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 13 / 36

  14. Examples 1, 2 mk -Σ a ([ x , y ] , 1 , 1) start - Write ( y ) .. mk -Σ a ([ x , y ] , 2 , 1) commit - Write () .. mk -Σ a ([ x , y ] , 2 , 2) start - Read () .. end - Read () .. r = y mk -Σ a ([ x , y ] , 1 , 1) start - Write ( y ) .. mk -Σ a ([ x , y ] , 1 , 1) start - Read () .. end - Read () .. r = x mk -Σ a ([ x , y ] , 2 , 1) commit - Write () .. Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 14 / 36

  15. Example 3 mk -Σ a ([ x ] , 1 , 1) start - Read () .. mk -Σ a ([ x , y ] , 1 , 1) start - Write ( y ) .. mk -Σ a ([ x , y ] , 2 , 1) commit - Write () .. mk -Σ a ([ x , y , z ] , 2 , 1) start - Write ( z ) .. mk -Σ a ([ x , y , z ] , 3 , 1) commit - Write () .. end - Read () .. r ∈ { x , y , z } mk -Σ a ([ x , y , z ] , 3 , 3) start - Read () .. end - Read () .. r = z Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 15 / 36

  16. Specification in terms of four sub-operations ( Write ) Atomic operations — therefore pure pre/post specification while true do start - Write ( v : Value ): data - w ← data - w � [ v ]; commit - Write (): fresh - w ← len data - w od || . . . Write ( v : Value ) start - Write ( v : Value ) wr data - w − − − − post data - w = ↼ data - w � [ v ] commit - Write ( v : Value ) rd data - w wr fresh - w pre data - w ( len data - w ) = v post fresh - w = len data - w Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 16 / 36

  17. Specification in terms of four sub-operations ( Read ) . . . || while true do start - Read (): hold - r ← fresh - w ; end - Read () r : Value : r ← data - w ( i ) for some i ∈ { hold - r .. fresh - w } od Read () r : Value local hold - r : N start - Read () wr hold - r rd fresh - w post hold - r = fresh - w end - Read () r : Value rd data - w , fresh - w post ∃ i ∈ { hold - r .. fresh - w } · r = data - w ( i ) Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 17 / 36

  18. General messages note “algorithmic” specification “fiction of atomicity” ◮ but single “atomic” variable does not cover all behaviour “frames” (for rd/wr access) ◮ plus “local” data abstraction Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 18 / 36

  19. Splitting atoms in Σ a ( Write ) Accept overlap (only read/write) — therefore rely/guarantee Write ( v : Value ) start - Write ( v : Value ) rd fresh - w wr data - w rely fresh - w = ↼ fresh - w ∧ data - w = ↼ − − − − − − − − data - w guar { 1 .. fresh - w } ✁ data - w = { 1 .. fresh - w } ✁ ↼ − − − − data - w post data - w = ↼ − − − − data - w � [ v ] commit - Write ( v : Value ) rd data - w wr fresh - w pre data - w ( len data - w ) = v rely fresh - w = ↼ fresh - w ∧ data - w = ↼ − − − − − − − − data - w post fresh - w = len data - w Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 19 / 36

  20. Splitting atoms in Σ a ( Read ) Read () r : Value start - Read () rd fresh - w wr hold - r rely hold - r = ↼ − − − hold - r post hold - r ∈ { ↼ − − − − fresh - w , fresh - w } end - Read () r : Value rd data - w , fresh - w , hold - r rely hold - r = ↼ hold - r ∧∀ i ∈ { hold - r ..↼ − − − fresh - w }· data - w ( i ) = ↼ − − − − − − − − data - w ( i ) post ∃ i ∈ { hold - r ..↼ fresh - w } · r = ↼ − − − − − − − − data - w ( i ) Cliff B Jones (Newcastle) Developing programs by “Splitting atoms” (rely/guarantee conditions, data reification, . . . ) FMCO 2008-10-22 20 / 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On Rely-Guarantee Reasoning Stephan van Staden June 29, 2015 1 / 15 Overview Introduction

On Rely-Guarantee Reasoning Stephan van Staden June 29, 2015 1 / 15 Overview Introduction

On Rely-Guarantee Reasoning Stephan van Staden June 29, 2015 1 / 15 Overview Introduction Basics of Rely-Guarantee Overview of the paper Two techniques for constructing Rely-Guarantee models Soundness results The traditional

272 views • 23 slides
Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL

Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL

Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL Leonor Prensa Nieto TU M unchen Marseille, 7 January 2002 Isabelle HOL = Overview Motivation. Hoare logic for

263 views • 23 slides
Rely/Guarantee Reasoning for Asynchronous Programs Ivan Gavran 1 , Filip Niksic 1 , Aditya Kanade

Rely/Guarantee Reasoning for Asynchronous Programs Ivan Gavran 1 , Filip Niksic 1 , Aditya Kanade

Rely/Guarantee Reasoning for Asynchronous Programs Ivan Gavran 1 , Filip Niksic 1 , Aditya Kanade 2 , Rupak Majumdar 1 , Viktor Vafeiadis 1 1 Max Planck Institute for Software Systems (MPI-SWS), Germany 2 Indian Institute of Science, Bangalore,

672 views • 52 slides
Rely-Guarantee References for Refinement Types over Aliased Mutable Data Colin S. Gordon,

Rely-Guarantee References for Refinement Types over Aliased Mutable Data Colin S. Gordon,

Rely-Guarantee References for Refinement Types over Aliased Mutable Data Colin S. Gordon, Michael D. Ernst, and Dan Grossman University of Washington PLDI 2013 Static Verification Meets Aliasing 2 3 x:ref y:ref x := !x+1; m(y);

739 views • 26 slides
Rely-Guarantee Protocols Filipe Milito 1,2 Jonathan Aldrich 1 Lus Caires 2 1 Carnegie Mellon

Rely-Guarantee Protocols Filipe Milito 1,2 Jonathan Aldrich 1 Lus Caires 2 1 Carnegie Mellon

ECOOP 2014 Rely-Guarantee Protocols Filipe Milito 1,2 Jonathan Aldrich 1 Lus Caires 2 1 Carnegie Mellon University, Pittsburgh, USA 2 Universidade Nova de Lisboa, Lisboa, Portugal Motivation Mutable state can be useful in certain cases.

1.45k views • 109 slides
Cuesta College Night Oct. 30, 2017 Transfer Admission Guarantee Programs in the CSU and UC

Cuesta College Night Oct. 30, 2017 Transfer Admission Guarantee Programs in the CSU and UC

Cuesta College Night Oct. 30, 2017 Transfer Admission Guarantee Programs in the CSU and UC Blake Reed, Counselor Thea Labrenz, Counselor Types of Guarantee Programs In the UC system they are refers to them as Transfer Admission

285 views • 14 slides
Computation theory with atoms I. Sets with atoms II. Computation models with atoms S awomir

Computation theory with atoms I. Sets with atoms II. Computation models with atoms S awomir

Computation theory with atoms I. Sets with atoms II. Computation models with atoms S awomir Lasota University of Warsaw FoPSS School 2019: Nominal Techniques 1 II. Computation models with atoms automata with atoms Turing

599 views • 59 slides
Cr Crea eating ing som omet ething hing en entirel rely y ne new Developing loping a

Cr Crea eating ing som omet ething hing en entirel rely y ne new Developing loping a

Cr Crea eating ing som omet ething hing en entirel rely y ne new Developing loping a new modular ar archi hite tect cture re for world-cla class ss cars Gothenburg, January 2015 Who o We Are CEVT China Euro Vehicle

412 views • 24 slides
A marriage of rely/guarantee & separation logic Viktor V afeiadis MPI - SWS Coarse - grain

A marriage of rely/guarantee & separation logic Viktor V afeiadis MPI - SWS Coarse - grain

A marriage of rely/guarantee & separation logic Viktor V afeiadis MPI - SWS Coarse - grain locking 2 3 5 7 11 13 Coarse - grain locking 2 3 5 7 11 13 Fine - grain locking Pessimistic: lock - coupling 2 3 5 7 11 13 Fine -

743 views • 57 slides
ATOMS ATI TEAS SCIENCE ATOMS Questions related to atoms test your understanding of the

ATOMS ATI TEAS SCIENCE ATOMS Questions related to atoms test your understanding of the

ATI TEAS SCIENCE REVIEW ATOMS ATI TEAS SCIENCE ATOMS Questions related to atoms test your understanding of the components of an atom. You may be asked to identify parts of atoms based on their atomic number and mass number, and to calculate

461 views • 5 slides
Stack and Queue ADT Stack Queue 2 ADT Example All main programs rely on concept of

Stack and Queue ADT Stack Queue 2 ADT Example All main programs rely on concept of

Advanced Programming Stack - Queue Summary Stack and Queue ADT Stack Queue 2 ADT Example All main programs rely on concept of Abstract It is possible to define an ADT corresponding Data Type (ADT). to a generic set of elements,

350 views • 7 slides
New Foreign Tax Credit and FTC Splitting Regulations and FTC Splitting Regulations Mastering

New Foreign Tax Credit and FTC Splitting Regulations and FTC Splitting Regulations Mastering

Presenting a live 110 minute teleconference with interactive Q&A New Foreign Tax Credit and FTC Splitting Regulations and FTC Splitting Regulations Mastering Section 909 and 901 Rules to Maximize Efficiencies in Complex FTC Planning

915 views • 66 slides
Rethinking Federal Credit: Managing Loan and Loan Guarantee Programs in a Changing Environment

Rethinking Federal Credit: Managing Loan and Loan Guarantee Programs in a Changing Environment

Rethinking Federal Credit: Managing Loan and Loan Guarantee Programs in a Changing Environment Thursday, May 17, 2018 Changing Economic and Policy Environments for the Worlds Largest Financial Institution Doug Criscitello , Executive Director,

538 views • 29 slides
Precision Laser Spectroscopy of the Ground State Hyperfine Splitting in Muonic Hydrogen 1

Precision Laser Spectroscopy of the Ground State Hyperfine Splitting in Muonic Hydrogen 1

Precision Laser Spectroscopy of the Ground State Hyperfine Splitting in Muonic Hydrogen 1 Sohtaro Kanda / sohtaro.kanda@riken.jp 2017/09/27 Exotic Atoms Involving Muon 2 Muon is the 2nd generation particle of charged leptons. It is 200

475 views • 29 slides
TYPES OF IMPERFECTIONS Vacancy atoms Interstitial atoms Point defects

TYPES OF IMPERFECTIONS Vacancy atoms Interstitial atoms Point defects

TYPES OF IMPERFECTIONS Vacancy atoms Interstitial atoms Point defects Substitutional atoms Line defects Dislocations Area defects Grain Boundaries Stacking faults 2 No longer perfect: Thermal Energy Lattice

479 views • 18 slides
With Splitting Steepest Descent Splitting yields adaptive net structure optimization Questions

With Splitting Steepest Descent Splitting yields adaptive net structure optimization Questions

Energy-Aware Neural Architecture Optimization With Splitting Steepest Descent Splitting yields adaptive net structure optimization Questions Why splitting? What neurons should be split first? How to split a neuron optimally?

197 views • 6 slides
LL(1) predictive parsing Informatics 2A: Lecture 10 Alex Simpson School of Informatics

LL(1) predictive parsing Informatics 2A: Lecture 10 Alex Simpson School of Informatics

LL(1) grammars and parse tables Predictive parsing using a parse table When is a grammar LL(1)? LL(1) predictive parsing Informatics 2A: Lecture 10 Alex Simpson School of Informatics University of Edinburgh als@staffmail.ed.ac.uk 9 October,

311 views • 12 slides
s tr r rr

s tr r rr

s tr r rr sts r sr rst r Pt

612 views • 60 slides
Ch.9: Object-oriented programming Joakim Sundnes 1 , 2 1 Simula Research Laboratory 2 University of

Ch.9: Object-oriented programming Joakim Sundnes 1 , 2 1 Simula Research Laboratory 2 University of

Ch.9: Object-oriented programming Joakim Sundnes 1 , 2 1 Simula Research Laboratory 2 University of Oslo, Dept. of Informatics Oct 20, 2020 0.1 Plan for Oct 24 Exercises 7.10, 7.11, 7.12 and 7.25 Object-oriented programming (OOP)

135 views • 12 slides
Numerical integration example The probability that someones IQ falls between a and b is given by

Numerical integration example The probability that someones IQ falls between a and b is given by

Numerical integration example The probability that someones IQ falls between a and b is given by the area under the curve ( x 100)2 1 2 (15)2 D ( x ) = e 15 2 (this is the normal distribution with average 100 and standard

713 views • 37 slides
Decomposing labelled proof theory for intuitionistic modal logic Sonia Marin , Marianela Morales,

Decomposing labelled proof theory for intuitionistic modal logic Sonia Marin , Marianela Morales,

Decomposing labelled proof theory for intuitionistic modal logic Sonia Marin , Marianela Morales, and Lutz Straburger IT-University of Copenhagen July 8, 2018 This presentation was made possible by grant NPRP 097-988-1-178 , from the Qatar

445 views • 22 slides
Machine-Assisted Indexing Week 12 LBSC 671 Creating Information Infrastructures

Machine-Assisted Indexing Week 12 LBSC 671 Creating Information Infrastructures

Machine-Assisted Indexing Week 12 LBSC 671 Creating Information Infrastructures Machine-Assisted Indexing Goal: Automatically suggest descriptors Better consistency with lower cost Approach: Rule-based expert system Design

685 views • 50 slides
Quadrature of highly oscillatory integrals: the role of (complex) orthogonal polynomials Alfredo

Quadrature of highly oscillatory integrals: the role of (complex) orthogonal polynomials Alfredo

Quadrature of highly oscillatory integrals: the role of (complex) orthogonal polynomials Alfredo Dea no Optimal Point Configurations and Orthogonal Polynomials 2017 CIEM, Castro Urdiales. April 18-22, 2017 Joint work with Daan Huybrechs (KU

715 views • 25 slides
SPARQL Part III Jan Pettersen Nytun, UiA 1 S Agenda O P Example with: - ORDER BY -

SPARQL Part III Jan Pettersen Nytun, UiA 1 S Agenda O P Example with: - ORDER BY -

SPARQL Part III Jan Pettersen Nytun, UiA 1 S Agenda O P Example with: - ORDER BY - SUM Example continues with: - GROUP BY - GROUP BY together with SUM Example continues with: - HAVING - BIND - CONCAT New example with:

1.12k views • 67 slides

More recommend