dialectical refinement rescuing programming from the
play

Dialectical refinement: Rescuing programming from the logicians - PowerPoint PPT Presentation

Sep 20, 2023 •155 likes •1.48k views

Dialectical refinement: Rescuing programming from the logicians Richard Bornat Professor of Computer Programming School of Engineering and Information Sciences Middlesex University 5th November 2008 1 There are two programming problems 2

  1. Dialectical programming Lakatos, in “Proofs and Refutations”, shows the evolution over time of Euler’s conjecture about polyhedral solids Vertices − Edges + Faces = 2 (e.g for a cube V = 8, E = 12, F = 6). The conjecture leads to a proof which is challenged by a counter-example (e.g. a polyhedron with a tunnel, a polyhedron with a central cavity) 5

  2. Dialectical programming Lakatos, in “Proofs and Refutations”, shows the evolution over time of Euler’s conjecture about polyhedral solids Vertices − Edges + Faces = 2 (e.g for a cube V = 8, E = 12, F = 6). The conjecture leads to a proof which is challenged by a counter-example (e.g. a polyhedron with a tunnel, a polyhedron with a central cavity) which leads to a refinement of the conjecture, a new proof, a deeper understanding. 5

  3. Dialectical programming Lakatos, in “Proofs and Refutations”, shows the evolution over time of Euler’s conjecture about polyhedral solids Vertices − Edges + Faces = 2 (e.g for a cube V = 8, E = 12, F = 6). The conjecture leads to a proof which is challenged by a counter-example (e.g. a polyhedron with a tunnel, a polyhedron with a central cavity) which leads to a refinement of the conjecture, a new proof, a deeper understanding. This is intentionally reminiscent of Hegel’s dialectic “Thesis plus antithesis yields synthesis”. 5

  4. Dialectical programming Lakatos, in “Proofs and Refutations”, shows the evolution over time of Euler’s conjecture about polyhedral solids Vertices − Edges + Faces = 2 (e.g for a cube V = 8, E = 12, F = 6). The conjecture leads to a proof which is challenged by a counter-example (e.g. a polyhedron with a tunnel, a polyhedron with a central cavity) which leads to a refinement of the conjecture, a new proof, a deeper understanding. This is intentionally reminiscent of Hegel’s dialectic “Thesis plus antithesis yields synthesis”. (But we are simple people, we won’t bother with Hegel.) 5

  5. Dialectical programming Lakatos, in “Proofs and Refutations”, shows the evolution over time of Euler’s conjecture about polyhedral solids Vertices − Edges + Faces = 2 (e.g for a cube V = 8, E = 12, F = 6). The conjecture leads to a proof which is challenged by a counter-example (e.g. a polyhedron with a tunnel, a polyhedron with a central cavity) which leads to a refinement of the conjecture, a new proof, a deeper understanding. This is intentionally reminiscent of Hegel’s dialectic “Thesis plus antithesis yields synthesis”. (But we are simple people, we won’t bother with Hegel.) Can the dialectic reach places that logical refinement cannot? 5

  6. Dialectical programming Lakatos, in “Proofs and Refutations”, shows the evolution over time of Euler’s conjecture about polyhedral solids Vertices − Edges + Faces = 2 (e.g for a cube V = 8, E = 12, F = 6). The conjecture leads to a proof which is challenged by a counter-example (e.g. a polyhedron with a tunnel, a polyhedron with a central cavity) which leads to a refinement of the conjecture, a new proof, a deeper understanding. This is intentionally reminiscent of Hegel’s dialectic “Thesis plus antithesis yields synthesis”. (But we are simple people, we won’t bother with Hegel.) Can the dialectic reach places that logical refinement cannot? I think so. 5

  7. The single-place buffer 6

  8. The single-place buffer In an aeroplane you have sensors – e.g. temperature, pressure, airflow – and you have monitors – e.g. black-box recorders, autopilots, display screens. 6

  9. The single-place buffer In an aeroplane you have sensors – e.g. temperature, pressure, airflow – and you have monitors – e.g. black-box recorders, autopilots, display screens. We want a simple interface between a monitor and a sensor. 6

  10. The single-place buffer In an aeroplane you have sensors – e.g. temperature, pressure, airflow – and you have monitors – e.g. black-box recorders, autopilots, display screens. We want a simple interface between a monitor and a sensor. The simplest is a single-place buffer: the sensor writes to it, the monitor reads. 6

  11. The single-place buffer In an aeroplane you have sensors – e.g. temperature, pressure, airflow – and you have monitors – e.g. black-box recorders, autopilots, display screens. We want a simple interface between a monitor and a sensor. The simplest is a single-place buffer: the sensor writes to it, the monitor reads. The sensor may write faster than the monitor reads (so there may be missed values). 6

  12. The single-place buffer In an aeroplane you have sensors – e.g. temperature, pressure, airflow – and you have monitors – e.g. black-box recorders, autopilots, display screens. We want a simple interface between a monitor and a sensor. The simplest is a single-place buffer: the sensor writes to it, the monitor reads. The sensor may write faster than the monitor reads (so there may be missed values). The monitor may read faster than the sensor writes (so there may be repeated values). 6

  13. The single-place buffer In an aeroplane you have sensors – e.g. temperature, pressure, airflow – and you have monitors – e.g. black-box recorders, autopilots, display screens. We want a simple interface between a monitor and a sensor. The simplest is a single-place buffer: the sensor writes to it, the monitor reads. The sensor may write faster than the monitor reads (so there may be missed values). The monitor may read faster than the sensor writes (so there may be repeated values). But the monitor must always get complete values, not half-written values, not half of one value and half of the next. 6

  14. How it can go wrong 7

  15. How it can go wrong The sensor is a clock, displaying minutes m and seconds s in two shared integer variables. 7

  16. How it can go wrong The sensor is a clock, displaying minutes m and seconds s in two shared integer variables. Each second it does if s = 59 then s := 0 ; m := m + 1 else s := s + 1 fi 7

  17. How it can go wrong The sensor is a clock, displaying minutes m and seconds s in two shared integer variables. Each second it does if s = 59 then s := 0 ; m := m + 1 else s := s + 1 fi Between s := 0 and m := m + 1 the clock is slow (by 60 seconds). If the monitor reads at that instant it sees a half-written value. 7

  18. How it can go wrong The sensor is a clock, displaying minutes m and seconds s in two shared integer variables. Each second it does if s = 59 then s := 0 ; m := m + 1 else s := s + 1 fi Between s := 0 and m := m + 1 the clock is slow (by 60 seconds). If the monitor reads at that instant it sees a half-written value. If the sensor does m := m + 1 ; s := 0 then the clock can be seen as fast (by 59 seconds). 7

  19. Dijkstra’s solution: atomic accesses 8

  20. Dijkstra’s solution: atomic accesses local b = null in   . . . . . .   write ( w ) ˆ = � b := w � read ( ) ˆ = local y in     � y := b � ;     return y ni 8

  21. Dijkstra’s solution: atomic accesses local b = null in   . . . . . .   write ( w ) ˆ = � b := w � read ( ) ˆ = local y in     � y := b � ;     return y ni Atomicity means indivisibility. Interleaving will do. 8

  22. Dijkstra’s solution: atomic accesses local b = null in   . . . . . .   write ( w ) ˆ = � b := w � read ( ) ˆ = local y in     � y := b � ;     return y ni Atomicity means indivisibility. Interleaving will do. Atomicity can be done with ‘semaphores’ as on the railways (block signalling). 8

  23. Dijkstra’s solution: atomic accesses local b = null , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     � b := w ; ws := ws . w � local y in     � y := b ; rs := rs . y � ;     return y ni Atomicity means indivisibility. Interleaving will do. Atomicity can be done with ‘semaphores’ as on the railways (block signalling). For specification purposes I add a couple of auxiliary variables ws and rs . 8

  24. Dijkstra’s solution: atomic accesses local b = null , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     � b := w ; ws := ws . w � local y in     � y := b ; rs := rs . y � ;     return y ni Atomicity means indivisibility. Interleaving will do. Atomicity can be done with ‘semaphores’ as on the railways (block signalling). For specification purposes I add a couple of auxiliary variables ws and rs . The specification is that the read sequence destuttered is a subsequence of ws and the last element of ws is always in b . ⌊ rs ⌋ � ws ∧ ws Ω = b . 8

  25. Dijkstra’s solution: atomic accesses local b = null , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     � b := w ; ws := ws . w � local y in     � y := b ; rs := rs . y � ;     return y ni Atomicity means indivisibility. Interleaving will do. Atomicity can be done with ‘semaphores’ as on the railways (block signalling). For specification purposes I add a couple of auxiliary variables ws and rs . The specification is that the read sequence destuttered is a subsequence of ws and the last element of ws is always in b . ⌊ rs ⌋ � ws ∧ ws Ω = b . But atomicity means waiting, and waiting isn’t simple or even certain . 8

  26. Cut down waiting with a two-slot buffer 9

  27. Cut down waiting with a two-slot buffer local b = null , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     � b := w ; ws := ws . w � local y in     � y := b ; rs := rs . y � ;     return y ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =   � c [ ! l ] := w ; l := ! l ; �   local y in     ws := ws . w � y := c [ l ]; rs := rs . y � ;     return y ni 9

  28. Cut down waiting with a two-slot buffer local b = null , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     � b := w ; ws := ws . w � local y in     � y := b ; rs := rs . y � ;     return y ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =   � c [ ! l ] := w ; l := ! l ; �   local y in     ws := ws . w � y := c [ l ]; rs := rs . y � ;     return y ni Data refinement! 9

  29. Cut down waiting with a two-slot buffer local b = null , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     � b := w ; ws := ws . w � local y in     � y := b ; rs := rs . y � ;     return y ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =   � c [ ! l ] := w ; l := ! l ; �   local y in     ws := ws . w � y := c [ l ]; rs := rs . y � ;     return y ni Data refinement! Now ⌊ rs ⌋ � ws ∧ ws Ω = c [ l ] . 9

  30. Simplify atomicity in the writer local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =   � c [ ! l ] := w ; l := ! l ; �   local y in     ws := ws . w � y := c [ l ]; rs := rs . y � ;     return y ni 10

  31. Simplify atomicity in the writer local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =   � c [ ! l ] := w ; l := ! l ; �   local y in     ws := ws . w � y := c [ l ]; rs := rs . y � ;     return y ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y in     � � wt := ! l � � ; � y := c [ l ]; rs := rs . y � ;     � c [ wt ] := w � ; return y     � � l := wt ; ws := ws . w � � ni ni 10

  32. Simplify atomicity in the writer local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =   � c [ ! l ] := w ; l := ! l ; �   local y in     ws := ws . w � y := c [ l ]; rs := rs . y � ;     return y ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y in     � � wt := ! l � � ; � y := c [ l ]; rs := rs . y � ;     � c [ wt ] := w � ; return y     � � l := wt ; ws := ws . w � � ni ni Stores naturally serialise small reads and writes. 10

  33. Simplify atomicity in the writer local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =   � c [ ! l ] := w ; l := ! l ; �   local y in     ws := ws . w � y := c [ l ]; rs := rs . y � ;     return y ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y in     � � wt := ! l � � ; � y := c [ l ]; rs := rs . y � ;     � c [ wt ] := w � ; return y     � � l := wt ; ws := ws . w � � ni ni Stores naturally serialise small reads and writes. Still ⌊ rs ⌋ � ws ∧ ws Ω = c [ l ] . 10

  34. (Can’t) simplify atomicity in the reader 11

  35. (Can’t) simplify atomicity in the reader local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y in     � � wt := ! l � � ; � y := c [ l ]; rs := rs . y � ;     � c [ wt ] := w � ; return y     � � l := wt ; ws := ws . w � � ni ni 11

  36. (Can’t) simplify atomicity in the reader local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y in     � � wt := ! l � � ; � y := c [ l ]; rs := rs . y � ;     � c [ wt ] := w � ; return y     � � l := wt ; ws := ws . w � � ni ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; � � rt := l � � ;     � c [ wt ] := w � ; � y := c [ rt ]; rs := rs . y � ;     � � l := wt ; ws := ws . w � � return y ni ni 11

  37. (Can’t) simplify atomicity in the reader local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y in     � � wt := ! l � � ; � y := c [ l ]; rs := rs . y � ;     � c [ wt ] := w � ; return y     � � l := wt ; ws := ws . w � � ni ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; � � rt := l � � ;     � c [ wt ] := w � ; � y := c [ rt ]; rs := rs . y � ;     � � l := wt ; ws := ws . w � � return y ni ni Looks plausible, but it’s broken. 11

  38. (Can’t) simplify atomicity in the reader local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y in     � � wt := ! l � � ; � y := c [ l ]; rs := rs . y � ;     � c [ wt ] := w � ; return y     � � l := wt ; ws := ws . w � � ni ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; � � rt := l � � ;     � c [ wt ] := w � ; � y := c [ rt ]; rs := rs . y � ;     � � l := wt ; ws := ws . w � � return y ni ni Looks plausible, but it’s broken. Still ws Ω = c [ l ] 11

  39. (Can’t) simplify atomicity in the reader local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y in     � � wt := ! l � � ; � y := c [ l ]; rs := rs . y � ;     � c [ wt ] := w � ; return y     � � l := wt ; ws := ws . w � � ni ni local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; � � rt := l � � ;     � c [ wt ] := w � ; � y := c [ rt ]; rs := rs . y � ;     � � l := wt ; ws := ws . w � � return y ni ni Looks plausible, but it’s broken. Still ws Ω = c [ l ] , but no longer ⌊ rs ⌋ � ws . 11

  40. What goes wrong? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � rt := l � � ;  � � wt := ! l � � ; w1 r1     � y := c [ rt ]; rs := rs . y � ;  r2 � c [ wt ] := w � ; w2     return y   � � l := wt ; ws := ws . w � � w3 ni ni 12

  41. What goes wrong? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � rt := l � � ;  � � wt := ! l � � ; w1 r1     � y := c [ rt ]; rs := rs . y � ;  r2 � c [ wt ] := w � ; w2     return y   � � l := wt ; ws := ws . w � � w3 ni ni From the point of view of the reader, after � � rt := l � � , the writer behaves like this finite-state machine: start start w2 w3 w2 l = rt l = rt l = ! rt l = ! rt w3 12

  42. What goes wrong? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � rt := l � � ;  � � wt := ! l � � ; w1 r1     � y := c [ rt ]; rs := rs . y � ;  r2 � c [ wt ] := w � ; w2     return y   � � l := wt ; ws := ws . w � � w3 ni ni From the point of view of the reader, after � � rt := l � � , the writer behaves like this finite-state machine: start start c [ ! rt ] := w c [ rt ] := w l := ! rt l = rt l = rt l = ! rt l = ! rt l := rt 12

  43. What goes wrong? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � rt := l � � ;  � � wt := ! l � � ; w1 r1     � y := c [ rt ]; rs := rs . y � ;  r2 � c [ wt ] := w � ; w2     return y   � � l := wt ; ws := ws . w � � w3 ni ni From the point of view of the reader, after � � rt := l � � , the writer behaves like this finite-state machine: start start c [ ! rt ] := w c [ rt ] := w l := ! rt l = rt l = rt l = ! rt l = ! rt l := rt If the reader comes in at box 1 or 2 and reads at box 4, it will see the second value written 12

  44. What goes wrong? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � rt := l � � ;  � � wt := ! l � � ; w1 r1     � y := c [ rt ]; rs := rs . y � ;  r2 � c [ wt ] := w � ; w2     return y   � � l := wt ; ws := ws . w � � w3 ni ni From the point of view of the reader, after � � rt := l � � , the writer behaves like this finite-state machine: start start c [ ! rt ] := w c [ rt ] := w l := ! rt l = rt l = rt l = ! rt l = ! rt l := rt If the reader comes in at box 1 or 2 and reads at box 4, it will see the second value written; if it then comes back quickly, it can see the first thing written!! 12

  45. What goes wrong? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � rt := l � � ;  � � wt := ! l � � ; w1 r1     � y := c [ rt ]; rs := rs . y � ;  r2 � c [ wt ] := w � ; w2     return y   � � l := wt ; ws := ws . w � � w3 ni ni From the point of view of the reader, after � � rt := l � � , the writer behaves like this finite-state machine: start start c [ ! rt ] := w c [ rt ] := w l := ! rt l = rt l = rt l = ! rt l = ! rt l := rt If the reader comes in at box 1 or 2 and reads at box 4, it will see the second value written; if it then comes back quickly, it can see the first thing written!! Also note � c [ rt ] := w � � y := c [ rt ] � . 12

  46. Can we repair it (1)? All our problems (ordering, collisions) are caused by the third action start start c [ ! rt ] := w c [ rt ] := w l := ! rt l = rt l = rt l = ! rt l = ! rt l := rt 13

  47. Can we repair it (1)? All our problems (ordering, collisions) are caused by the third action start start c [ ! rt ] := w c [ rt ] := w l := ! rt l = rt l = rt l = ! rt l = ! rt l := rt Can we detect when that action happens? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; � � rt := l � � ;     � c [ wt ] := w � ; � y := c [ rt ]; rs := rs . y � ;     � � l := wt ; ws := ws . w � � return y ni ni 13

  48. Can we repair it (1)? All our problems (ordering, collisions) are caused by the third action start start c [ ! rt ] := w c [ rt ] := w l := ! rt l = rt l = rt l = ! rt l = ! rt l := rt Can we detect when that action happens? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; � � rt := l � � ;     � c [ wt ] := w � ; � y := c [ rt ]; rs := rs . y � ;     � � l := wt ; ws := ws . w � � return y ni ni No, because the writer can’t tell the difference between the first and the third actions. 13

  49. Can we repair it (2)? All our problems (ordering, collisions) are caused by the third action start start c [ ! rt ] := w c [ rt ] := w l := ! rt l = rt l = rt l = ! rt l = ! rt l := rt Can we detect when it might happen? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; � � rt := l � � ;     � c [ wt ] := w � ; � y := c [ rt ]; rs := rs . y � ;     � � l := wt ; ws := ws . w � � return y ni ni 14

  50. Can we repair it (2)? All our problems (ordering, collisions) are caused by the third action start start c [ ! rt ] := w c [ rt ] := w l := ! rt l = rt l = rt l = ! rt l = ! rt l := rt Can we detect when it might happen? local c [ 2 ] = ( null , null ) , l = 0 , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; � � rt := l � � ;     � c [ wt ] := w � ; � y := c [ rt ]; rs := rs . y � ;     � � l := wt ; ws := ws . w � � return y ni ni Yes: it becomes possible after the second action. 14

  51. A repair (back to correctness) The writer signals when disaster becomes possible; the reader incorporates the signal in its answer. local c [ 2 ] = ( null , null ) , l = 0 , ok , ws = � � . null , rs = � � in   . . . . . .  write ( w ) ˆ = read ( ) ˆ =      local wt in local y , rt in     � � wt := ! l � � ; � � ok := true � � ;     � c [ wt ] := w � ; � � rt := l � � ;     � � l := wt ; ws := ws . w � � ; � y := c [ rt ] � ;     � � ok := false � � ; � � rt = ok ; rs := rs . ( rt , y ) � � ;     ni return ( rt , y ) ni 15

  52. A repair (back to correctness) The writer signals when disaster becomes possible; the reader incorporates the signal in its answer. local c [ 2 ] = ( null , null ) , l = 0 , ok , ws = � � . null , rs = � � in   . . . . . .  write ( w ) ˆ = read ( ) ˆ =      local wt in local y , rt in     � � wt := ! l � � ; � � ok := true � � ;     � c [ wt ] := w � ; � � rt := l � � ;     � � l := wt ; ws := ws . w � � ; � y := c [ rt ] � ;     � � ok := false � � ; � � rt = ok ; rs := rs . ( rt , y ) � � ;     ni return ( rt , y ) ni – and then we notice that we don’t need atomic buffer accesses any more. 15

  53. A repair (back to correctness) The writer signals when disaster becomes possible; the reader incorporates the signal in its answer. local c [ 2 ] = ( null , null ) , l = 0 , ok , ws = � � . null , rs = � � in   . . . . . .  write ( w ) ˆ = read ( ) ˆ =      local wt in local y , rt in     � � wt := ! l � � ; � � ok := true � � ;     c [ wt ] := w ; � � rt := l � � ;     � � l := wt ; ws := ws . w � � ; y := c [ rt ];     � � ok := false � � ; � � rt = ok ; rs := rs . ( rt , y ) � � ;     ni return ( rt , y ) ni – and then we notice that we don’t need atomic buffer accesses any more. 15

  54. A repair (back to correctness) The writer signals when disaster becomes possible; the reader incorporates the signal in its answer. local c [ 2 ] = ( null , null ) , l = 0 , ok , ws = � � . null , rs = � � in   . . . . . .  write ( w ) ˆ = read ( ) ˆ =      local wt in local y , rt in     � � wt := ! l � � ; � � ok := true � � ;     c [ wt ] := w ; � � rt := l � � ;     � � l := wt ; ws := ws . w � � ; y := c [ rt ];     � � ok := false � � ; � � rt = ok ; rs := rs . ( rt , y ) � � ;     ni return ( rt , y ) ni – and then we notice that we don’t need atomic buffer accesses any more. If � rs is rs with the ( false , ) results taken out and the true labels discarded, then we have ⌊ � rs ⌋ � ws ∧ ws Ω = c [ l ] . 15

  55. Summary so far, and a criticism 16

  56. Summary so far, and a criticism We have gone from an atomic single-slot buffer (not wait-free) 16

  57. Summary so far, and a criticism We have gone from an atomic single-slot buffer (not wait-free) to an atomic double-slot buffer (ditto) 16

  58. Summary so far, and a criticism We have gone from an atomic single-slot buffer (not wait-free) to an atomic double-slot buffer (ditto) to a faulty not so completely atomic double-slot buffer (still not wait-free) 16

  59. Summary so far, and a criticism We have gone from an atomic single-slot buffer (not wait-free) to an atomic double-slot buffer (ditto) to a faulty not so completely atomic double-slot buffer (still not wait-free) to a working wait-free non-atomic double-slot buffer that tells us when it’s succeeded. 16

  60. Summary so far, and a criticism We have gone from an atomic single-slot buffer (not wait-free) to an atomic double-slot buffer (ditto) to a faulty not so completely atomic double-slot buffer (still not wait-free) to a working wait-free non-atomic double-slot buffer that tells us when it’s succeeded. We certainly haven’t proceeded by “a sequence of true understatements” (Lakatos); 16

  61. Summary so far, and a criticism We have gone from an atomic single-slot buffer (not wait-free) to an atomic double-slot buffer (ditto) to a faulty not so completely atomic double-slot buffer (still not wait-free) to a working wait-free non-atomic double-slot buffer that tells us when it’s succeeded. We certainly haven’t proceeded by “a sequence of true understatements” (Lakatos); we have made at least one “false overstatement”; 16

  62. Summary so far, and a criticism We have gone from an atomic single-slot buffer (not wait-free) to an atomic double-slot buffer (ditto) to a faulty not so completely atomic double-slot buffer (still not wait-free) to a working wait-free non-atomic double-slot buffer that tells us when it’s succeeded. We certainly haven’t proceeded by “a sequence of true understatements” (Lakatos); we have made at least one “false overstatement”; perhaps we have made a step of “exception barring”. 16

  63. Summary so far, and a criticism We have gone from an atomic single-slot buffer (not wait-free) to an atomic double-slot buffer (ditto) to a faulty not so completely atomic double-slot buffer (still not wait-free) to a working wait-free non-atomic double-slot buffer that tells us when it’s succeeded. We certainly haven’t proceeded by “a sequence of true understatements” (Lakatos); we have made at least one “false overstatement”; perhaps we have made a step of “exception barring”. I see the step that includes the ‘ ok ’ variable as an example of thesis (program) plus antithesis (counter-example) yielding synthesis (repaired program). 16

  64. Summary so far, and a criticism We have gone from an atomic single-slot buffer (not wait-free) to an atomic double-slot buffer (ditto) to a faulty not so completely atomic double-slot buffer (still not wait-free) to a working wait-free non-atomic double-slot buffer that tells us when it’s succeeded. We certainly haven’t proceeded by “a sequence of true understatements” (Lakatos); we have made at least one “false overstatement”; perhaps we have made a step of “exception barring”. I see the step that includes the ‘ ok ’ variable as an example of thesis (program) plus antithesis (counter-example) yielding synthesis (repaired program). But what use is the pair ( false , something ) ? What can a user do but ignore something and try to read again? 16

  65. A more honest repair local c [ 2 ] = ( null , null ) , l = 0 , ok , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; do     c [ wt ] := w ; � � ok := true � � ;     � � l := wt ; ws := ws . w � � ; � � rt := l � � ;      � � ok := false � � ; y := c [ rt ];     ni � � rt = ok � �     until rt ;     � � rs := rs . y � � ;      return y ni 17

  66. A more honest repair local c [ 2 ] = ( null , null ) , l = 0 , ok , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; do     c [ wt ] := w ; � � ok := true � � ;     � � l := wt ; ws := ws . w � � ; � � rt := l � � ;      � � ok := false � � ; y := c [ rt ];     ni � � rt = ok � �     until rt ;     � � rs := rs . y � � ;      return y ni Obviously not wait-free. 17

  67. A more honest repair local c [ 2 ] = ( null , null ) , l = 0 , ok , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; do     c [ wt ] := w ; � � ok := true � � ;     � � l := wt ; ws := ws . w � � ; � � rt := l � � ;      � � ok := false � � ; y := c [ rt ];     ni � � rt = ok � �     until rt ;     � � rs := rs . y � � ;      return y ni Obviously not wait-free. But otherwise repaired. 17

  68. A more honest repair local c [ 2 ] = ( null , null ) , l = 0 , ok , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; do     c [ wt ] := w ; � � ok := true � � ;     � � l := wt ; ws := ws . w � � ; � � rt := l � � ;      � � ok := false � � ; y := c [ rt ];     ni � � rt = ok � �     until rt ;     � � rs := rs . y � � ;      return y ni Obviously not wait-free. But otherwise repaired. Finite-state machine now c [ ! L ] := w c [ ! L ] := w l := ! L start ok ∧ l = L ok ∧ l = ! L ok := false c [ L ] := w ¬ ok ok := false l := ! l start ok ∧ l = L 17

  69. Try three slots local c [ 2 ] = ( null , null ) , d = null , l = 0 , ok , ws = � � . null , rs = � � in   . . . . . .   write ( w ) ˆ = read ( ) ˆ =     local wt in local y , rt in     � � wt := ! l � � ; � � ok := true � � ;     c [ wt ] := w ; � � rt := l � � ;      � � l := wt ; ws := ws . w � � ; y := c [ rt ];     � d := w � ; � � rt = ok � � ;     � � ok := false � � ; if ¬ rt then � y := d � else skip fi ;     ni � � rs := rs . y � � ;      return y ni The writer can first write in a side-channel, then signal that mayhem approaches. If it gets the signal, the reader uses the side-channel. 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dialectical Behavior Therapy Overview Shawn S. Sidhu, M.D., F.A.P.A. Question Why was

Dialectical Behavior Therapy Overview Shawn S. Sidhu, M.D., F.A.P.A. Question Why was

Dialectical Behavior Therapy Overview Shawn S. Sidhu, M.D., F.A.P.A. Question Why was Dialectical Behavior Therapy originally created? A) Borderline Personality Disorder B) Impulsivity C) Bipolar Disorder D) Suicidality E) Major

791 views • 55 slides
Dialectical Behavior Therapy Overview Shawn S. Sidhu, M.D., F.A.P.A. Question Why was

Dialectical Behavior Therapy Overview Shawn S. Sidhu, M.D., F.A.P.A. Question Why was

Dialectical Behavior Therapy Overview Shawn S. Sidhu, M.D., F.A.P.A. Question Why was Dialectical Behavior Therapy originally created? A. Borderline Personality Disorder B. Impulsivity C. Bipolar Disorder D. Suicidality E. Major

1.03k views • 55 slides
Imperative Programming by Stepwise Refinement in Coq Boubacar Demba Sall Emmanuel Chailloux

Imperative Programming by Stepwise Refinement in Coq Boubacar Demba Sall Emmanuel Chailloux

Imperative Programming by Stepwise Refinement in Coq Boubacar Demba Sall Emmanuel Chailloux (Doctoral Advisor) Fr ed eric Peschanski (Doctoral Advisor) Sorbonne University, LIP6 UMR 7606 4 place Jussieu 75005 Paris, France. Journ ee

534 views • 16 slides
Rescuing SuperH to Linux Commonplace 1 HISAO MUNAKATA RENESAS SOLUTIONS CORP. JLS 2009 :

Rescuing SuperH to Linux Commonplace 1 HISAO MUNAKATA RENESAS SOLUTIONS CORP. JLS 2009 :

Rescuing SuperH to Linux Commonplace 1 HISAO MUNAKATA RENESAS SOLUTIONS CORP. JLS 2009 : 2009-10-23 Rescuing SuperH to Linux commonplace Ideal open source eco-system 2 Each party collaborate together to make total Linux eco-system major

630 views • 21 slides
ANGELS ARC Ambulance for Rescuing Children A HOPE for Honduras and RIT MSD/ID Collaboration

ANGELS ARC Ambulance for Rescuing Children A HOPE for Honduras and RIT MSD/ID Collaboration

ANGELS ARC Ambulance for Rescuing Children A HOPE for Honduras and RIT MSD/ID Collaboration MEET THE TEAM Rebecca Bonamico (BME) Lead / Systems Engineer Ankha Khosbayar (ID) Designer Gage Ellis (EE) Purchasing Lead Charlee Lefkovich (ME)

741 views • 41 slides
ANGELS ARC Ambulance for Rescuing Children A HOPE for Honduras and RIT MSD/ID Collaboration

ANGELS ARC Ambulance for Rescuing Children A HOPE for Honduras and RIT MSD/ID Collaboration

ANGELS ARC Ambulance for Rescuing Children A HOPE for Honduras and RIT MSD/ID Collaboration MEET THE TEAM Rebecca Bonamico (BME) Lead / Systems Engineer Ankha Khosbayar (ID) Designer Gage Ellis (EE) Purchasing Lead Charlee Lefkovich (ME)

916 views • 53 slides
Toward Science or Technology: Rescuing The Space Between Gyorgy Kepes and Billy Kluver By

Toward Science or Technology: Rescuing The Space Between Gyorgy Kepes and Billy Kluver By

Toward Science or Technology: Rescuing The Space Between Gyorgy Kepes and Billy Kluver By Vaughn Whitney Garland MATX 603 Dr. Josh Eckhardt March 8, 2010 2 Comparing historical movements can be a daunting task. But, when it comes to

342 views • 13 slides
Crystallographic refinement Roberto A. Steiner roberto.steiner@kcl.ac.uk with many slides

Crystallographic refinement Roberto A. Steiner roberto.steiner@kcl.ac.uk with many slides

Crystallographic refinement Roberto A. Steiner roberto.steiner@kcl.ac.uk with many slides contributed by Pavel Afonine Crystallography workshop - Trieste 23-27 April 2012 Key aspects of refinement Crystallographic refinement is the process by

1.55k views • 124 slides
7 Refinement Options November 3, 2016 Overview Recap the HS Boundary Refinement Process

7 Refinement Options November 3, 2016 Overview Recap the HS Boundary Refinement Process

Proposed Refinements To High School Attendance Zone Boundaries: 7 Refinement Options November 3, 2016 Overview Recap the HS Boundary Refinement Process Share Community Feedback Baseline Data Review Boundaries Criteria Present

616 views • 27 slides
Adaptive Mesh Refinement CS 101 - Meshing Winter 2007 1 Mesh Refinement Applications

Adaptive Mesh Refinement CS 101 - Meshing Winter 2007 1 Mesh Refinement Applications

Adaptive Mesh Refinement CS 101 - Meshing Winter 2007 1 Mesh Refinement Applications reduce error in simulations approximation quality CS 101 - Meshing Winter 2007 2 Delaunay Refinement Ruppert/Chew quality measure:

243 views • 5 slides
Substance Use Urges and the Use of Dialectical Behavior Therapy Skills as Reported in Daily

Substance Use Urges and the Use of Dialectical Behavior Therapy Skills as Reported in Daily

Substance Use Urges and the Use of Dialectical Behavior Therapy Skills as Reported in Daily Diary Cards Erica Rozmid, Ph.D., Sandra Chen, M.A., Rob Montgomery, M.A., Adina Polack, B.A. Lindsey Thornburg, B.A., Marget Thomas, Psy.D., and Lynn

535 views • 12 slides
DBT: AN OVERVIEW Learning the Principles of Dialectical Behavior Therapy February 6, 2015

DBT: AN OVERVIEW Learning the Principles of Dialectical Behavior Therapy February 6, 2015

UNC SCHOOL OF SOCIAL WORK CLINICAL LECTURE INSTITUTE DBT: AN OVERVIEW Learning the Principles of Dialectical Behavior Therapy February 6, 2015 KRISTIN B. WEBB, PSY.D. 104 So. Estes Drive, Suite 206 Chapel Hill, NC 27514

1.11k views • 87 slides
Novel Algorithms for Abstract Dialectical Frameworks based on Complexity Analysis of Subclasses

Novel Algorithms for Abstract Dialectical Frameworks based on Complexity Analysis of Subclasses

Novel Algorithms for Abstract Dialectical Frameworks based on Complexity Analysis of Subclasses and SAT Solving Thomas Linsbichler 1 Marco Maratea 2 Andreas Niskanen 3 Johannes P. Wallner 1 Stefan Woltran 1 1 Institute of Logic and Computation, TU

571 views • 22 slides
DBT: AN OVERVIEW Learning the Principles of Dialectical Behavior Therapy KRISTIN B. WEBB, PSY.D.

DBT: AN OVERVIEW Learning the Principles of Dialectical Behavior Therapy KRISTIN B. WEBB, PSY.D.

DBT: AN OVERVIEW Learning the Principles of Dialectical Behavior Therapy KRISTIN B. WEBB, PSY.D. 104 So. Estes Drive, Suite 206 Chapel Hill, NC 27514 www.drkristiwebb.com kristi.w@mindspring.com (not for patients) 919/225-1569 Our Agenda

1.33k views • 88 slides
Rescuing Our Built Heritage Ronan ODonnell Project Officer Walled City Partnership 14 th

Rescuing Our Built Heritage Ronan ODonnell Project Officer Walled City Partnership 14 th

Foyle Family History Society Rescuing Our Built Heritage Ronan ODonnell Project Officer Walled City Partnership 14 th September 2015 Central Library Shipquay Street Circa 1900 Townscape Heritage Initiative Grant aid programme for the

637 views • 35 slides
Learn how Dialectical Behaviour Therapy is critical to people living w ith emotional regulation

Learn how Dialectical Behaviour Therapy is critical to people living w ith emotional regulation

To make sure you receive future emails, please add training@hincksdellcrest.org to your address book or safe list. Learn how Dialectical Behaviour Therapy is critical to people living w ith emotional regulation disorders On June 17th 2011,

62 views • 3 slides
Consistent bibliometric rankings of Scientists and Departments Denis Bouyssou Thierry Marchant

Consistent bibliometric rankings of Scientists and Departments Denis Bouyssou Thierry Marchant

Consistent bibliometric rankings of Scientists and Departments Denis Bouyssou Thierry Marchant CNRS Paris, France Ghent University Ghent, Belgium EBPM Workshop, Paris December If you do not know Thierry. . . Introduction

687 views • 54 slides
An ontology for digital graphematjcs and philology Die (hyper-)diplomatjsche Transkriptjon und

An ontology for digital graphematjcs and philology Die (hyper-)diplomatjsche Transkriptjon und

Paolo Monella An ontology for digital graphematjcs and philology Die (hyper-)diplomatjsche Transkriptjon und ihre Erkenntnispotentjale Bergische Universitt Wuppertal (BUW), 6 February 2020 Outline Outline Interoperability of digital

827 views • 67 slides
Library of Congress Classification: 6.2 1 Library of Congress Classification: 6.2 Two CSM

Library of Congress Classification: 6.2 1 Library of Congress Classification: 6.2 Two CSM

Library of Congress Classification: 6.2 1 Library of Congress Classification: 6.2 Two CSM instruction sheets are titled Filing Rules , F 10 and G 100. These instruction sheets provide a distillation of the practices and situations that are

797 views • 55 slides
Admissibility in the Abstract Dialectical Framework Polberg Sylwia, Johannes Peter Wallner and

Admissibility in the Abstract Dialectical Framework Polberg Sylwia, Johannes Peter Wallner and

Dung framework Admissible semantics for Dung Abstract Dialectical Framework The idea behind admissible semantics Admissible semantics in ADFs Admissibility in the Abstract Dialectical Framework Polberg Sylwia, Johannes Peter Wallner and Stefan

557 views • 28 slides
Task Sequence Theories for Curriculum Design to Develop Mathematical Thinking Behind Theory of

Task Sequence Theories for Curriculum Design to Develop Mathematical Thinking Behind Theory of

Keynote Lecture a Key e at t the e The The 7th h South E East st Asi sia D Design R Rese search Inter ernat ational al C Confer eren ence Task Sequence Theories for Curriculum Design to Develop Mathematical Thinking Behind

585 views • 20 slides
Open Up Dialogues in Families By Mdm Joyce Lim & Miss Chan ML Overview Sharing of Home

Open Up Dialogues in Families By Mdm Joyce Lim & Miss Chan ML Overview Sharing of Home

Using Dialogic Reading Techniques to Open Up Dialogues in Families By Mdm Joyce Lim & Miss Chan ML Overview Sharing of Home Life Introduction to Dialogic Reading (DR) CROWD and PEER DR Strategies Hands-on Session Q & A

376 views • 9 slides
www.nhsemployers.org/od @NHSE_DoOD Transformation requires moving purposefully into the unknown.

www.nhsemployers.org/od @NHSE_DoOD Transformation requires moving purposefully into the unknown.

www.nhsemployers.org/od @NHSE_DoOD Transformation requires moving purposefully into the unknown. And all we can rely on is that we will be surprised. www.nhsemployers.org/od @NHSE_DoOD www.nhsemployers.org/od @NHSE_DoOD Practice elements to

489 views • 21 slides
Portrait of the intuitionist as an Opponent in Dialogues. Embedding brouwerian counter-examples

Portrait of the intuitionist as an Opponent in Dialogues. Embedding brouwerian counter-examples

Portrait of the intuitionist as an Opponent in Dialogues. Embedding brouwerian counter-examples within classical plays Clment Lion. University of Lille, France clement.lion@univ-lille.fr Brouwer (1881-1966) explicitly rejected axiomatic

566 views • 23 slides

More recommend