simpson s 4 slot algorithm proved in three slides
play

Simpsons 4-slot algorithm, proved in three slides Richard Bornat - PowerPoint PPT Presentation

Aug 24, 2023 •244 likes •685 views

Simpsons 4-slot algorithm, proved in three slides Richard Bornat School of Computing, Middlesex University (and Matthew Parkinson, ditto) 20th December 2005 1 Data structures: a bit array and a wide data array slot: 0 1 wide data: 2

  1. Simpson’s 4-slot algorithm, proved in three slides Richard Bornat School of Computing, Middlesex University (and Matthew Parkinson, ditto) 20th December 2005 1

  2. Data structures: a bit array and a wide data array slot: 0 1 wide data: 2

  3. Programming is really hard: only nine lines, no CAS, and you still can’t understand it 3

  4. Programming is really hard: only nine lines, no CAS, and you still can’t understand it reading , latest : bit var slot : array bit of bit data : array bit of array bit of datatype procedure write ( item : datatype ); pair , index : bit ; var begin pair := not ( reading ); index := not ( slot [ pair ]); data [ pair , index ] := item ; slot [ pair ] := index ; latest := pair end ; read : datatype ; procedure pair , index : bit ; var begin pair := latest ; reading := pair ; index := slot [ pair ]; read := data [ pair , index ] end ; 3

  5. Separation logic 4

  6. Separation logic ◮ E �→ F is a single-celled heap with address E and content F . 4

  7. Separation logic ◮ E �→ F is a single-celled heap with address E and content F . ◮ E �→ F 0 , F 1 is a two-celled heap; E �→ F 0 , F 1 , F 2 is three cells; and so on for four-, five-, ... celled heaps. 4

  8. Separation logic ◮ E �→ F is a single-celled heap with address E and content F . ◮ E �→ F 0 , F 1 is a two-celled heap; E �→ F 0 , F 1 , F 2 is three cells; and so on for four-, five-, ... celled heaps. ◮ E and F must be ‘pure’ expressions that don’t mention the heap (don’t use �→ ). 4

  9. Separation logic ◮ E �→ F is a single-celled heap with address E and content F . ◮ E �→ F 0 , F 1 is a two-celled heap; E �→ F 0 , F 1 , F 2 is three cells; and so on for four-, five-, ... celled heaps. ◮ E and F must be ‘pure’ expressions that don’t mention the heap (don’t use �→ ). ◮ A ⋆ B is separation of heaps; A ∧ B , A ∨ B , ¬ A , A → B , ∀ x · P ( x ) , ∃ x · P ( x ) are as normal. A ∧ B expresses coincidence of heaps; you don’t need to know about A − ⋆ B . 4

  10. Separation logic ◮ E �→ F is a single-celled heap with address E and content F . ◮ E �→ F 0 , F 1 is a two-celled heap; E �→ F 0 , F 1 , F 2 is three cells; and so on for four-, five-, ... celled heaps. ◮ E and F must be ‘pure’ expressions that don’t mention the heap (don’t use �→ ). ◮ A ⋆ B is separation of heaps; A ∧ B , A ∨ B , ¬ A , A → B , ∀ x · P ( x ) , ∃ x · P ( x ) are as normal. A ∧ B expresses coincidence of heaps; you don’t need to know about A − ⋆ B . ◮ E �→ F 0 , F 1 is just shorthand for E �→ F 0 ⋆ E + 1 �→ F 1 . 4

  11. A modified Hoare logic 5

  12. A modified Hoare logic ◮ { Q } C { R } is a resourced and partial correctness assertion. C will not go wrong (exceed its allocated resources) if started with resource Q , and will, if it terminates, deliver resource R . 5

  13. A modified Hoare logic ◮ { Q } C { R } is a resourced and partial correctness assertion. C will not go wrong (exceed its allocated resources) if started with resource Q , and will, if it terminates, deliver resource R . ◮ The ‘small axioms’ of assignment are { emp } x := new () { x �→ } { E �→ } dispose E { emp } { R [ E / x ] } x := E { R } ( the Hoare axiom ) { E �→ F } x := [ E ] { x = F ∧ E �→ F } ( x not free in E , F ) { E �→ } [ E ] := F { E �→ F } 5

  14. Three inference rules 6

  15. Three inference rules { Q } C { R } (modifies C � free P = {} ) ◮ The frame rule: { P ⋆ Q } C { P ⋆ R } 6

  16. Three inference rules { Q } C { R } (modifies C � free P = {} ) ◮ The frame rule: { P ⋆ Q } C { P ⋆ R } ◮ The concurrency rule (has horrid side-condition): { Q 1 } C 1 { R 1 } { Q 2 } C 2 { R 2 } . . . { Q n } C n { R n } { Q 1 ⋆ Q 2 ⋆ · · · ⋆ Q n } C 1 || C 2 || · · · || C n { R 1 ⋆ R 2 ⋆ · · · ⋆ R n } 6

  17. Three inference rules { Q } C { R } (modifies C � free P = {} ) ◮ The frame rule: { P ⋆ Q } C { P ⋆ R } ◮ The concurrency rule (has horrid side-condition): { Q 1 } C 1 { R 1 } { Q 2 } C 2 { R 2 } . . . { Q n } C n { R n } { Q 1 ⋆ Q 2 ⋆ · · · ⋆ Q n } C 1 || C 2 || · · · || C n { R 1 ⋆ R 2 ⋆ · · · ⋆ R n } ◮ The CCR rule (has atrocious side condition): { ( Q ⋆ I b ) ∧ G } C { R ⋆ I b } { Q } with b when G do C od { R } 6

  18. Recent simplifications (not explained here) 7

  19. Recent simplifications (not explained here) ◮ Permissions (fractions of �→ , counts of ֌ ) to allow sharing of heap; 7

  20. Recent simplifications (not explained here) ◮ Permissions (fractions of �→ , counts of ֌ ) to allow sharing of heap; ◮ Variable permissions, to allow variables to be resource; 7

  21. Recent simplifications (not explained here) ◮ Permissions (fractions of �→ , counts of ֌ ) to allow sharing of heap; ◮ Variable permissions, to allow variables to be resource; ◮ Trivial side conditions; 7

  22. Recent simplifications (not explained here) ◮ Permissions (fractions of �→ , counts of ֌ ) to allow sharing of heap; ◮ Variable permissions, to allow variables to be resource; ◮ Trivial side conditions; ◮ No side conditions at all (very new, this!). 7

  23. Nine lines are now ten, with added auxiliary proof-variables write: with bundle when true do pair := not ( reading ); wuse := pair od; index := not ( slot [ pair ]); data [ pair , index ] := item ; with bundle when true do slot [ pair ] := index ; wuse := − 1 od; with bundle when true do latest := pair od with bundle when true do pair := latest od; read: with bundle when true do reading := pair od; with bundle when true do index := slot [ pair ]; ruse := index od; read := data [ pair , index ]; with bundle when true do ruse := − 1 od 8

  24. What the writer owns (A point of notation: I’ve used a special form of �→ to describe a heap, just to make the slides easy to read. For example, data [ pair , index ] �→ replaces data + 2 ⋆ pair + index �→ . There is no change in meaning.) 9

  25. What the writer owns (A point of notation: I’ve used a special form of �→ to describe a heap, just to make the slides easy to read. For example, data [ pair , index ] �→ replaces data + 2 ⋆ pair + index �→ . There is no change in meaning.) latest 0 . 5 , slot 0 . 5 , data 0 . 33 , wuse 0 . 5 , pair , index � slot [ 0 ] �− − − → ⋆ slot [ 1 ] �− − − → ⋆ � 0 . 5 0 . 5 � if wuse ≥ 0 then data [ pair , index ] �→ else emp fi 9

  26. What the reader owns reading 0 . 5 , ruse 0 . 5 , data 0 . 33 , pair , index � if ruse ≥ 0 then data [ pair , index ] �→ else emp fi 10

  27. The bundle owns the rest latest 0 . 5 , reading 0 . 5 , slot 0 . 5 , data 0 . 33 , wuse 0 . 5 , ruse 0 . 5  slot [ 0 ] �− − 0 . 5 s ( 0 ) ⋆ slot [ 1 ] �− − → − 0 . 5 s ( 1 ) ⋆ − →  if wuse ≥ 0 ∧ ruse ≥ 0 then     data [ reading , not ( ruse )] �→ ⋆ data [ wuse , s ( wuse )] �→     elsf wuse ≥ 0 then     data [ wuse , s ( wuse )] �→ ⋆     data [ not ( wuse ) , s ( not ( wuse ))] �→ ⋆ data [ not ( wuse ) , not ( s ( not ( wuse )))] �→   � ∃ s ·   elsf ruse ≥ 0 then      data [ reading , not ( ruse )] �→ ⋆     data [ not ( reading ) , s ( not ( reading ))] �→ ⋆ data [ not ( reading ) , not ( s ( not ( reading ))] �→ )      else    data �→ , , ,    fi 11

  28. The writer � � latest 0 . 5 , slot 0 . 5 , data 0 . 33 , wuse 0 . 5 , pair , index � wuse = − 1 ∧ slot [ 0 ] �− − − → ⋆ slot [ 1 ] �− − − → 0 . 5 0 . 5 with bundle when true do pair := not ( reading ); wuse := pair od; index := not ( slot [ pair ]); data [ pair , index ] := item ; with bundle when true do slot [ pair ] := index ; wuse := − 1 od; with bundle when true do latest := pair od � � latest 0 . 5 , slot 0 . 5 , data 0 . 33 , wuse 0 . 5 , pair , index � wuse = − 1 ∧ slot [ 0 ] �− − − → ⋆ slot [ 1 ] �− − − → 0 . 5 0 . 5 12

  29. The writer � � latest 0 . 5 , slot 0 . 5 , data 0 . 33 , wuse 0 . 5 , pair , index � wuse = − 1 ∧ slot [ 0 ] �− − − → ⋆ slot [ 1 ] �− − − → 0 . 5 0 . 5 with bundle when true do pair := not ( reading ); wuse := pair od;  latest 0 . 5 , slot 0 . 5 , data 0 . 33 , wuse 0 . 5 , pair , index  � slot [ pair ] �−   − 0 . 5 i ⋆ slot [ not ( pair )] �− − → − − → ⋆ � � wuse = pair ∧ ∃ i · 0 . 5 data [ pair , not ( i )] �→   index := not ( slot [ pair ]); data [ pair , index ] := item ; with bundle when true do slot [ pair ] := index ; wuse := − 1 od; with bundle when true do latest := pair od � � latest 0 . 5 , slot 0 . 5 , data 0 . 33 , wuse 0 . 5 , pair , index � wuse = − 1 ∧ slot [ 0 ] �− − − → ⋆ slot [ 1 ] �− − − → 0 . 5 0 . 5 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Functional Pearl: Four slot asynchronous communication mechanism Matthew Danish September 17,

Functional Pearl: Four slot asynchronous communication mechanism Matthew Danish September 17,

Functional Pearl: Four slot asynchronous communication mechanism Matthew Danish September 17, 2013 Introduction Low-level systems programming with dependent types Simpson, 1989. Four slot fully asynchronous communication mechanism .

703 views • 24 slides
Rail Slot Exchange Auctioning - Theory and a First Algorithm Andreas Tanner joint work with

Rail Slot Exchange Auctioning - Theory and a First Algorithm Andreas Tanner joint work with

Rail Slot Exchange Auctioning - Theory and a First Algorithm Andreas Tanner joint work with T.Schlechte R.Borndrfer K.Mitusch 4th Conference on Applied I nfrastructure Research 8.10.2005 Workgroup for Infrastructure Policy, TU Berlin

559 views • 34 slides
How to book a slot to record your presentation Please answer the e-mail you have received and

How to book a slot to record your presentation Please answer the e-mail you have received and

How to book a slot to record your presentation Please answer the e-mail you have received and choose your convenient slot for recording. Once the slot will be selected and a recording meeting is set, you will receive a link from the congress

321 views • 6 slides
Proposed Concept Two Ns slot, Np pole winding are formed each having coil pitch = 2 X slot

Proposed Concept Two Ns slot, Np pole winding are formed each having coil pitch = 2 X slot

Proposed Concept Two Ns slot, Np pole winding are formed each having coil pitch = 2 X slot pitch These two windings (W1, W2) are mechanically phase shifted by an angle To eliminate certain harmonic, this shifting

512 views • 4 slides
Public WH Design (Problem 24) K $/yr = ( ) b AC $/slot-yr M slot Demand assumed

Public WH Design (Problem 24) K $/yr = ( ) b AC $/slot-yr M slot Demand assumed

Public WH Design (Problem 24) K $/yr = ( ) b AC $/slot-yr M slot Demand assumed uncorrelated since it belongs to different customers N M SS 1 i i = + + M SS i 2

102 views • 6 slides
CS586: Distributed Computing Tutorial 4 Professor: Panagiota Fatourou TA: Eleftherios Kosmas

CS586: Distributed Computing Tutorial 4 Professor: Panagiota Fatourou TA: Eleftherios Kosmas

CS586: Distributed Computing Tutorial 4 Professor: Panagiota Fatourou TA: Eleftherios Kosmas CSD November 2011 Andersons Algorithm: The Array-Based Lock Initially Process pi Tai Tail = 0 = 0 int slot = -1; int slot = -1; 1. 1.

500 views • 8 slides
Context Since we are at the end Announcements This is the last class of the semester -- no

Context Since we are at the end Announcements This is the last class of the semester -- no

Context Since we are at the end Announcements This is the last class of the semester -- no more class meetings. Please respond to the Doodle poll to set up a 15 minute slot to meet. First slot early tomorrow, last slot is at 8:45pm

769 views • 50 slides
Tim Tim Simpson, Simpson, CA CAO Helen Helen Thoms homson, on, Dir Director ector of of

Tim Tim Simpson, Simpson, CA CAO Helen Helen Thoms homson, on, Dir Director ector of of

Tim Tim Simpson, Simpson, CA CAO Helen Helen Thoms homson, on, Dir Director ector of of Coun Council cil Ser Service vices/Cle s/Clerk Background Stormont, Dundas and Glengarry have been united as 1 County government since 1850

486 views • 14 slides
Writing Home 4: Harry Simpson Harry Simpson (actual name Henry ) Harrys Par Har aren ents

Writing Home 4: Harry Simpson Harry Simpson (actual name Henry ) Harrys Par Har aren ents

Writing Home 4: Harry Simpson Harry Simpson (actual name Henry ) Harrys Par Har aren ents was the only son in the Simpson family. He was inspired by the dog fights he saw taking place in the skies above Biggin Hill to join the RAF

215 views • 6 slides
Functional Programming WS 2019/20 Torsten Grust University of Tbingen 1 Administrivia Slot

Functional Programming WS 2019/20 Torsten Grust University of Tbingen 1 Administrivia Slot

Functional Programming WS 2019/20 Torsten Grust University of Tbingen 1 Administrivia Slot Time Room Lectures Thursday, 10:15-11:45 C215 Tutorials Tuesday, 14:15-15:45 A301 Lecture: notes on slides and whiteboard + live Haskell

504 views • 27 slides
More on negative results We proved that the following problems are not in P: ATM

More on negative results We proved that the following problems are not in P: ATM

More on negative results We proved that the following problems are not in P: ATM Incompressible strings A certain language in EXP By reduction, we proved that more problems are not in P These problems do not include many we really

312 views • 27 slides
Last week 1. We proved the Monotone Convergence Theorem 2. We saw applications of the MCT. 3. We

Last week 1. We proved the Monotone Convergence Theorem 2. We saw applications of the MCT. 3. We

Last week 1. We proved the Monotone Convergence Theorem 2. We saw applications of the MCT. 3. We proved Fatous Lemma. 4. We discussed integration of real valued and complex valued functions 5. If f : R is A -measurable then we say f

459 views • 10 slides
Overview of the KBP 2015 Slot Filler Validation Track Hoa Trang Dang National Institute of

Overview of the KBP 2015 Slot Filler Validation Track Hoa Trang Dang National Institute of

Overview of the KBP 2015 Slot Filler Validation Track Hoa Trang Dang National Institute of Standards and Technology Slot Filler Validation (SFV) Track Goals Allow teams without a full slot-filling system to participate in KBP, focus on

470 views • 12 slides
Lecture 25: GPU programming David Bindel 28 Apr 2010 Logistics Reminder: Last slot (5/5):

Lecture 25: GPU programming David Bindel 28 Apr 2010 Logistics Reminder: Last slot (5/5):

Lecture 25: GPU programming David Bindel 28 Apr 2010 Logistics Reminder: Last slot (5/5): brief project presentations Tell me (and your fellow students) what youre up to Keep to about 5 minutes slides or board Project

938 views • 25 slides
The Design of Slot Machine Games Kevin Harrigan, PhD University of Waterloo Nov 17, 2009, New

The Design of Slot Machine Games Kevin Harrigan, PhD University of Waterloo Nov 17, 2009, New

The Design of Slot Machine Games Kevin Harrigan, PhD University of Waterloo Nov 17, 2009, New Hampshire Presentation Topics My Background How Slot Machines Work The Design of Slot Machines Conclusion My Background Computer

319 views • 31 slides
Price-Setting Auctions for Airport Slot Allocation: a Multi-Airport Case Study An Agent-Based

Price-Setting Auctions for Airport Slot Allocation: a Multi-Airport Case Study An Agent-Based

Price-Setting Auctions for Airport Slot Allocation: a Multi-Airport Case Study An Agent-Based Computational Economics Approach to Strategic Slot Allocation SESAR Innovation Days Bologna, 2 nd December 2015 Contents Airport slot allocation: a

402 views • 38 slides
1 http://xkcd.com/1185/ CS 1331 (Georgia Tech) Algorithms 1 / 21 Introduction to

1 http://xkcd.com/1185/ CS 1331 (Georgia Tech) Algorithms 1 / 21 Introduction to

1 1 http://xkcd.com/1185/ CS 1331 (Georgia Tech) Algorithms 1 / 21 Introduction to Object-Oriented Programming Algorithms Christopher Simpkins chris.simpkins@gatech.edu CLRS CS 1331 (Georgia Tech) Algorithms 2 / 21 Algorithms An

2.25k views • 21 slides
A Near-Optimal Algorithm for Testing Isomorphism of Two Unknown Graphs Krzysztof Onak IBM T.J.

A Near-Optimal Algorithm for Testing Isomorphism of Two Unknown Graphs Krzysztof Onak IBM T.J.

A Near-Optimal Algorithm for Testing Isomorphism of Two Unknown Graphs Krzysztof Onak IBM T.J. Watson Research Center Joint work with Xiaorui Sun (Columbia) Krzysztof Onak A Near-Optimal Algorithm for Testing Graph Isomorphism p. 1/22

1.18k views • 90 slides
An Architectural Framework for Accelerating Dynamic Parallel Algorithms on Reconfigurable

An Architectural Framework for Accelerating Dynamic Parallel Algorithms on Reconfigurable

An Architectural Framework for Accelerating Dynamic Parallel Algorithms on Reconfigurable Hardware Tao Chen, Shreesha Srinath Christopher Batten , G. Edward Suh Computer Systems Laboratory School of Electrical and Computer Engineering Cornell

546 views • 36 slides
Maximal Antichain Lattice Algorithms for Distributed Computations Vijay K. Garg Parallel and

Maximal Antichain Lattice Algorithms for Distributed Computations Vijay K. Garg Parallel and

Maximal Antichain Lattice Algorithms for Distributed Computations Vijay K. Garg Parallel and Distributed Systems Lab, Department of Electrical and Computer Engineering, The University of Texas at Austin, Austin, TX 78712

652 views • 33 slides
A Net-Reduction based Clustering Preprocessing Algorithm Jianhua Li, Laleh Behjat University of

A Net-Reduction based Clustering Preprocessing Algorithm Jianhua Li, Laleh Behjat University of

A Net-Reduction based Clustering Preprocessing Algorithm Jianhua Li, Laleh Behjat University of Calgary, Calgary, Canada ISPD April 12, 2006 A net reduction-based clustering preprocessing algorithm - ISPD 2006 Outline Introduction

771 views • 35 slides
Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer

Alias Analysis Last time Interprocedural analysis Today Intro to alias analysis (pointer analysis) CS553 Lecture Alias Analysis I 1 Aliasing What is aliasing? When two expressions denote the same mutable memory location e.g.,

812 views • 19 slides
Alias Analysis of Executable Code S. Debray, et al. (POPL 98) Presented by Xin Qi What is

Alias Analysis of Executable Code S. Debray, et al. (POPL 98) Presented by Xin Qi What is

Alias Analysis of Executable Code S. Debray, et al. (POPL 98) Presented by Xin Qi What is Special about Executables We no longer have Types cant do type filtering Structures jump all around We have Pointer

812 views • 18 slides
Rely-Guarantee References for Refinement Types over Aliased Mutable Data Colin S. Gordon,

Rely-Guarantee References for Refinement Types over Aliased Mutable Data Colin S. Gordon,

Rely-Guarantee References for Refinement Types over Aliased Mutable Data Colin S. Gordon, Michael D. Ernst, and Dan Grossman University of Washington PLDI 2013 Static Verification Meets Aliasing 2 3 x:ref y:ref x := !x+1; m(y);

739 views • 26 slides

More recommend