verifying concurrent programs using contracts
play

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla - PowerPoint PPT Presentation

Oct 24, 2023 •285 likes •1.54k views

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo ao M. Lourenc o, Ale s Smr cka, Diogo G. Sousa, Tom a s Vojnar Brno University of Technology (BUT) Universidade Nova de Lisboa (UNL)

  1. Extending Contracts with Parameters Motivation void replace(Object a, Object b) { if (array.contains(a)) { int idx=array.indexOf(a); array.set(idx,b); } } void erase(Object c) { int idx; while ((idx=array.indexOf(c)) > -1) { array.remove(idx); } } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 5 / 17

  2. Extending Contracts with Parameters Motivation void atomic replace(Object a, Object b) { if (array.contains(a)) { int idx=array.indexOf(a); array.set(idx,b); } } void atomic erase(Object c) { int idx; while ((idx=array.indexOf(c)) > -1) { array.remove(idx); } } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 5 / 17

  3. Extending Contracts with Parameters Motivation void atomic replace(Object a, Object b) { if (array.contains(a)) { int idx=array.indexOf(a); void f() { array.set(idx,b); Object x,y,z; } ... } replace(x,y); ... erase(z); } void atomic erase(Object c) { int idx; while ((idx=array.indexOf(c)) > -1) { array.remove(idx); } } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 5 / 17

  4. Extending Contracts with Parameters Motivation void atomic replace(Object a, Object b) { if (array.contains(a)) { int idx=array.indexOf(a); void f() { array.set(idx,b); Object x,y,z; } ... } replace(x,y); ... erase(z); } void atomic erase(Object c) { int idx; while ((idx=array.indexOf(c)) > -1) { array.remove(idx); } } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 5 / 17

  5. Extending Contracts with Parameters Motivation void atomic replace(Object a, Object b) { if (array.contains(a)) { x � array int idx=array.indexOf(a); void f() { array.set(idx,b); Object x,y,z; } ... } replace(x,y); ... erase(z); } void atomic erase(Object c) { int idx; while ((idx=array.indexOf(c)) > -1) { array.remove(idx); } } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 5 / 17

  6. Extending Contracts with Parameters Motivation void atomic replace(Object a, Object b) { if (array.contains(a)) { x � array int idx=array.indexOf(a); void f() { array.set(idx,b); Object x,y,z; } ... } replace(x,y); ... erase(z); } void atomic erase(Object c) { int idx; while ((idx=array.indexOf(c)) > -1) { array.remove(idx); } } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 5 / 17

  7. Extending Contracts with Parameters Motivation void atomic replace(Object a, Object b) { if (array.contains(a)) { x � array int idx=array.indexOf(a); void f() { array.set(idx,b); Object x,y,z; } ... } replace(x,y); ... Contract contains indexOf violated! erase(z); } void atomic erase(Object c) { int idx; while ((idx=array.indexOf(c)) > -1) { array.remove(idx); } } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 5 / 17

  8. Extending Contracts with Parameters Allows one to express how the flow of data influences the dependencies between methods Contract specification extended by considering Method call parameters Return values Expressed as meta-variables Contract for the java.util.ArrayList class ( ̺ ′ 1 ) contains ( X ) indexOf ( X ) ( ̺ ′ 2 ) X = indexOf ( ) ( remove ( X ) | set ( X , ) | get ( X ) ) ( ̺ ′ 3 ) X = size () ( remove ( X ) | set ( X , ) | get ( X ) ) ( ̺ ′ 4 ) add ( X ) ( get ( X ) | indexOf ( X ) ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 5 / 17

  9. Extending Contracts with Parameters Allows one to express how the flow of data influences the dependencies between methods Contract specification extended by considering Method call parameters Return values Expressed as meta-variables Contract for the java.util.ArrayList class ( ̺ ′ 1 ) contains ( X ) indexOf ( X ) ( ̺ ′ 2 ) X = indexOf ( ) ( remove ( X ) | set ( X , ) | get ( X ) ) ( ̺ ′ 3 ) X = size () ( remove ( X ) | set ( X , ) | get ( X ) ) ( ̺ ′ 4 ) add ( X ) ( get ( X ) | indexOf ( X ) ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 5 / 17

  10. Extending Contracts with Spoilers Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  11. Extending Contracts with Spoilers Motivation Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  12. Extending Contracts with Spoilers Motivation Contract for the java.util.ArrayList class ( ̺ 1 ) contains indexOf ( ̺ 2 ) indexOf ( set | remove | get ) ( ̺ 3 ) size ( remove | set | get ) ( ̺ 4 ) add ( get | indexOf ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  13. Extending Contracts with Spoilers Motivation Contract for the java.util.ArrayList class ( ̺ 1 ) contains indexOf ( ̺ 2 ) indexOf ( set | remove | get ) ( ̺ 3 ) size ( remove | set | get ) ( ̺ 4 ) add ( get | indexOf ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  14. Extending Contracts with Spoilers Motivation Contract for the java.util.ArrayList class ( ̺ 1 ) contains indexOf ( ̺ 2 ) indexOf ( set | remove | get ) ( ̺ 3 ) size ( remove | set | get ) ( ̺ 4 ) add ( get | indexOf ) Thread 1 Thread 2 Thread 3 Thread 4 Thread 5 Thread 6 Thread 7 Thread 8 contains contains indexOf set remove get size add indexOf Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  15. Extending Contracts with Spoilers Motivation Contract for the java.util.ArrayList class ( ̺ 1 ) contains indexOf ( ̺ 2 ) indexOf ( set | remove | get ) ( ̺ 3 ) size ( remove | set | get ) ( ̺ 4 ) add ( get | indexOf ) Thread 1 Thread 2 Thread 3 Thread 4 Thread 5 Thread 6 Thread 7 Thread 8 contains contains indexOf set remove get size add 7 contract violations indexOf Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  16. Extending Contracts with Spoilers Motivation Contract for the java.util.ArrayList class Σ M (methods) ( ̺ 1 ) contains indexOf contains ( ̺ 2 ) indexOf ( set | remove | get ) indexOf ( ̺ 3 ) size ( remove | set | get ) set ( ̺ 4 ) add ( get | indexOf ) remove get Thread 1 Thread 2 Thread 3 Thread 4 Thread 5 Thread 6 Thread 7 Thread 8 size add contains contains indexOf set remove get size add 7 contract violations indexOf Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  17. Extending Contracts with Spoilers Motivation Contract for the java.util.ArrayList class Σ M (methods) ( ̺ 1 ) contains indexOf contains ( ̺ 2 ) indexOf ( set | remove | get ) indexOf ( ̺ 3 ) size ( remove | set | get ) set ( ̺ 4 ) add ( get | indexOf ) remove get Thread 1 Thread 2 Thread 3 Thread 4 Thread 5 Thread 6 Thread 7 Thread 8 size add contains contains indexOf set remove get size add 7 contract violations indexOf Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  18. Extending Contracts with Spoilers Motivation Contract for the java.util.ArrayList class Σ M (methods) ( ̺ 1 ) contains indexOf contains ( ̺ 2 ) indexOf ( set | remove | get ) indexOf ( ̺ 3 ) size ( remove | set | get ) set ( ̺ 4 ) add ( get | indexOf ) remove get Thread 1 Thread 2 Thread 3 Thread 4 Thread 5 Thread 6 Thread 7 Thread 8 size add contains contains indexOf set remove get size add 1 contract violation and 6 false alarms! indexOf Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  19. Extending Contracts with Spoilers Allows one to express in which context the contract clauses shall be enforced Definition Let R be the set of target clauses where each target ̺ ∈ R is a regular expression over Σ M . Let S be the set of spoilers where each spoiler σ ∈ S is a regular expression over Σ M . A contract is then a relation C ⊆ R × S which defines for each target the spoilers that may cause atomicity violations. Contract for the java.util.ArrayList class ( ̺ ′′ 1 ) contains indexOf � remove ( ̺ ′′ 2 ) indexOf ( remove | set | get ) � remove | add | set ( ̺ ′′ 3 ) size ( remove | set | get ) � remove ( ̺ ′′ 4 ) add indexOf � remove | set Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  20. Extending Contracts with Spoilers Allows one to express in which context the contract clauses shall be enforced Definition Let R be the set of target clauses where each target ̺ ∈ R is a regular expression over Σ M . Let S be the set of spoilers where each spoiler σ ∈ S is a regular expression over Σ M . A contract is then a relation C ⊆ R × S which defines for each target the spoilers that may cause atomicity violations. Contract for the java.util.ArrayList class ( ̺ ′′ 1 ) contains indexOf � remove ( ̺ ′′ 2 ) indexOf ( remove | set | get ) � remove | add | set ( ̺ ′′ 3 ) size ( remove | set | get ) � remove ( ̺ ′′ 4 ) add indexOf � remove | set Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  21. Extending Contracts with Spoilers Allows one to express in which context the contract clauses shall be enforced Definition Let R be the set of target clauses where each target ̺ ∈ R is a regular expression over Σ M . Let S be the set of spoilers where each spoiler σ ∈ S is a regular expression over Σ M . A contract is then a relation C ⊆ R × S which defines for each target the spoilers that may cause atomicity violations. Contract for the java.util.ArrayList class ( ̺ ′′ 1 ) contains indexOf � remove ( ̺ ′′ 2 ) indexOf ( remove | set | get ) � remove | add | set ( ̺ ′′ 3 ) size ( remove | set | get ) � remove ( ̺ ′′ 4 ) add indexOf � remove | set Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 6 / 17

  22. Static Validation Based on grammars and parsing trees Supports contracts with parameters only Analyses all executions of a program May report false positives Uses points-to information to handle multiple instances of a module Class Scope Mode Allows the analysis to handle large programs Checks each class individually Calls to other classes are ignored Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 7 / 17

  23. Static Validation Algorithm 1 Require: P: client’s program, R : module contract; 2 for t ∈ threads ( P ) do G t ← build grammar ( t ) ; 3 G ′ t ← subword grammar ( G t ) ; 4 for ̺ ∈ R do 5 T ← parse ( G ′ t , ̺ ) ; 6 for τ ∈ T do 7 N ← lowest common ancestor ( τ, ̺ ) ; 8 if ¬ run atomically ( N ) then return ERROR; 9 10 return OK; Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 8 / 17

  24. Illustration of the Static Validation Approach void run() { if (cond) f(); else { m.indexOf(); g(); } } void atomic f() { m.indexOf(); g(); } void atomic g() { m.remove(); } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 9 / 17

  25. Illustration of the Static Validation Approach void run() { entry R if (cond) cond f(); else { f() m.indexOf() m.indexOf(); g(); g() } return } void atomic f() { entry entry G F m.indexOf(); g(); m.indexOf() m.remove() } g() return void atomic g() { m.remove(); return } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 9 / 17

  26. Illustration of the Static Validation Approach R → a G F → a G void run() { entry R R → F G → b if (cond) cond f(); else { f() m.indexOf() m.indexOf(); g(); g() } return } void atomic f() { entry entry G F m.indexOf(); g(); m.indexOf() m.remove() } g() return void atomic g() { m.remove(); return } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 9 / 17

  27. Illustration of the Static Validation Approach R → a G F → a G void run() { entry R R → F G → b if (cond) cond f(); else { f() m.indexOf() R → a G F → a G m.indexOf(); R → F G → b g(); g() a → a b → b } return a → ǫ b → ǫ } void atomic f() { entry entry G F m.indexOf(); g(); m.indexOf() m.remove() } g() return void atomic g() { m.remove(); return } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 9 / 17

  28. Illustration of the Static Validation Approach R → a G F → a G void run() { entry R R → F G → b if (cond) cond f(); else { f() m.indexOf() R → a G F → a G m.indexOf(); R → F G → b g(); g() a → a b → b } return a → ǫ b → ǫ } void atomic f() { entry entry G F m.indexOf(); R g(); m.indexOf() m.remove() } F R g() return void atomic g() { G G m.remove(); return } a b a b Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 9 / 17

  29. Experimental Results Benchmark Clauses Contract False Potential Real SLOC Time (s) Violations Positives AV AV Allocate Vector 1 1 0 0 1 183 0.120 Coord03 4 1 0 0 1 151 0.093 Coord04 2 1 0 0 1 35 0.039 Jigsaw 1 1 0 0 1 100 0.044 Local 2 1 0 0 1 24 0.033 Knight 1 1 0 0 1 135 0.219 NASA 1 1 0 0 1 89 0.035 Store 1 1 0 0 1 621 0.090 StringBuffer 1 1 0 0 1 27 0.032 UnderReporting 1 1 0 0 1 20 0.029 VectorFail 2 1 0 0 1 70 0.048 Account 4 2 0 0 2 42 0.041 Arithmetic DB 2 2 0 0 2 243 0.272 Connection 2 2 0 0 2 74 0.058 Elevator 2 2 0 0 2 268 0.333 OpenJMS 0.7 6 54 10 28 4 163K 148 Tomcat 6.0 9 157 16 47 3 239K 3070 Cassandra 2.0 1 60 24 15 2 192K 246 Derby 10.10 1 19 5 7 1 793K 522 Lucene 4.6 3 136 21 76 0 478K 151 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 10 / 17

  30. Dynamic Validation Based on happens-before relation and vector clocks Supports both contracts with spoilers and parameters Analyses a concrete execution of a program If a contract is violated in the execution, it will be detected Extrapolation based on the happens-before relation Noise injection to force rare interleavings (executions) On-the-fly validation Uses a partial trace (trace window) Does not require a trace to be available Each thread needs to remember Last instance of each spoiler 1 Last instance of each target 2 Up to | T | additional instances of each target 3 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 11 / 17

  31. Dynamic Validation Algorithm Data: trace window υ , event e ∈ E generated by thread t ∈ T 1 if ∃ ̺ ∈ R , r ∈ [ ̺ ] υ t : e = end ( r ) then for σ ∈ C ( ̺ ) , u ∈ T : u � t do 2 if ∃ s ∈ [ σ ] υ u : start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) then r is violated by s ; 3 if ∃ s ∈ [ σ ] τ u : start ( s ) ∈ υ ∧ end ( s ) � υ then 4 if start ( s ) ≺ hb start ( r ) then 5 if ∃ r ′ ∈ [ ̺ ] υ t : r ′ � r ∧ start ( s ) ⊀ hb start ( r ′ ) then PV ̺,σ ( u ) = VC end ( r ′ ) ( t ) ; 6 t if ∃ r ′ ∈ [ ̺ ] υ t : r ′ � r then υ → r ′ ; 7 8 if σ ∈ S , s ∈ [ σ ] υ t : end ( s ) = e then if ∃ s ′ ∈ [ σ ] υ t : s ′ � s then υ → s ′ ; 9 for ̺ ∈ C ( σ ) , u ∈ T : u � t do 10 if ∃ r ∈ [ ̺ ] υ u : start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) then r is violated by s ; 11 if PV ̺,σ ( t ) � 0 ∧ PV ̺,σ ( t ) ≤ VC end ( s ) ( u ) then 12 u u an instance of ̺ is violated by s ; 13 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 12 / 17

  32. Illustration of the Dynamic Validation Approach void tmain() { thread_create(worker,input); queue_init(); result = queue_receive(); } void worker( void * data) { do_work(); queue_send(result); } Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  33. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); queue send } queue init queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  34. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); queue send } queue init Atomicity Violation? queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  35. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); queue send } queue init Atomicity Violation? No queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  36. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); queue send } queue init Atomicity Violation? No Data Race? queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  37. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); lock(q) queue send queue send } unlock(q) lock(q) queue init queue init Atomicity Violation? No unlock(q) Data Race? queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  38. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); lock(q) queue send queue send } unlock(q) lock(q) queue init queue init Atomicity Violation? No unlock(q) Data Race? No queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  39. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); lock(q) queue send queue send } unlock(q) lock(q) queue init queue init Atomicity Violation? No unlock(q) Data Race? No queue receive Order Violation! Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  40. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); lock(q) queue send queue send } unlock(q) lock(q) queue init queue init Atomicity Violation? No unlock(q) Data Race? No queue receive Order Violation! Can we detect it using contracts? Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  41. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); thread start queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); queue send } queue init queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  42. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 (tmain) (worker) thread_create(worker,input); thread start queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); queue send } queue init Contract: thread start queue init ← { queue send, queue receive } queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  43. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); thread start queue_init(); result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); queue send } queue init Contract: thread start queue init ← { queue send, queue receive } queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  44. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); thread start queue_init(); [1,0] result = queue_receive(); thread create } void worker( void * data) { thread start do_work(); do work queue_send(result); queue send } queue init Contract: thread start queue init ← { queue send, queue receive } queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  45. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] do work queue_send(result); queue send } queue init Contract: thread start queue init ← { queue send, queue receive } queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  46. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] do work queue_send(result); [1,1] queue send } [1,1] queue init Contract: thread start queue init ← { queue send, queue receive } queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  47. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] do work queue_send(result); [1,1] queue send } [1,1] queue init Contract: thread start queue init [2,0] ← { queue send, queue receive } queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  48. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] do work queue_send(result); [1,1] queue send } [1,1] [1,1] queue init Contract: thread start queue init [2,0] ← { queue send, queue receive } queue receive Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  49. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] do work queue_send(result); [1,1] s queue send } [1,1] [1,1] r queue init Contract: thread start queue init [2,0] ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  50. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] do work queue_send(result); [1,1] s queue send } [1,1] e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [1,1] r queue init Contract: thread start queue init [2,0] ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  51. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1, 0 ] [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] do work queue_send(result); [1,1] s queue send } [1, 1 ] [1,1] e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [1,1] r queue init Contract: thread start queue init [2,0] ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) ¬ ( 1 ≤ 0 ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  52. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] [1, 0 ] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] do work queue_send(result); [1,1] s queue send } [1,1] [1, 1 ] e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [ 1 ,1] [1,1] r queue init Contract: thread start queue init [ 2 ,0] [2,0] ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) ¬ ( 1 ≤ 0 ) ¬ ( 2 ≤ 1 ) ∧ Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  53. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] [1, 0 ] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] do work queue_send(result); [1,1] s queue send } [1,1] [1, 1 ] e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [ 1 ,1] [1,1] r queue init Contract: thread start queue init [2,0] [ 2 ,0] ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) ¬ ( 1 ≤ 0 ) ¬ ( 2 ≤ 1 ) ∧ Contract violated! Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  54. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start r queue init do_work(); [1,1] [2,0] do work queue_send(result); [1,1] s queue send } [1,1] e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [1,1] Contract: thread start queue init ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  55. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] [1, 0 ] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start r queue init do_work(); [1,1] [ 2 ,0] [2,0] do work queue_send(result); [1,1] s queue send } [1,1] [1, 1 ] e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [1,1] [ 1 ,1] Contract: thread start queue init ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) ¬ ( 1 ≤ 0 ) ¬ ( 2 ≤ 1 ) ∧ Contract violated! Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  56. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] [1, 0 ] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start r queue init do_work(); [1,1] [ 2 ,0] [2,0] do work queue_send(result); [1,1] s queue send } [1,1] [1, 1 ] e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [ 1 ,1] [1,1] r Contract: thread start queue init ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) ¬ ( 1 ≤ 0 ) ¬ ( 2 ≤ 1 ) ∧ Extrapolation! Contract violated! Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  57. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { lock(q) thread start r queue init queue init do_work(); [1,1] unlock(q) [1,1] do work queue_send(result); lock(q) s queue send queue send } unlock(q) e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) Contract: thread start queue init ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  58. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { [2,0] lock(q) thread start r [2,0] queue init queue init do_work(); [1,1] [3,0] unlock(q) [1,1] do work queue_send(result); lock(q) [2,1] s queue send queue send [2,1] } [2,2] unlock(q) e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) Contract: thread start queue init ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  59. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { [2,0] lock(q) thread start r [2,0] queue init queue init do_work(); [1,1] [3,0] unlock(q) [1,1] do work queue_send(result); lock(q) [2,1] s queue send queue send [2,1][2,1] } [2,2] unlock(q) e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) Contract: thread start queue init ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  60. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1, 0 ] [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { [2,0] lock(q) thread start r [ 2 ,0] [2,0] queue init queue init do_work(); [1,1] [3,0] unlock(q) [1,1] do work queue_send(result); lock(q) [2,1] s [2, 1 ] [ 2 ,1] queue send queue send [2,1][2,1] } [2,2] unlock(q) e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) Contract: thread start queue init ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) ¬ ( 1 ≤ 0 ) ¬ ( 2 ≤ 2 ) ∧ No violation Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  61. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] Noise [1,1] do work queue_send(result); lock(q) s queue send queue send } unlock(q) e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) lock(q) r queue init queue init Contract: thread start queue init unlock(q) ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) Noise injection! Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  62. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] Noise [1,1] do work queue_send(result); lock(q) [1,1] s queue send queue send [1,1] } [1,2] unlock(q) e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [2,1] lock(q) r [2,1] queue init queue init Contract: thread start queue init [3,1] unlock(q) ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) Noise injection! Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  63. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] Noise [1,1] do work queue_send(result); lock(q) [1,1] [1,1] s queue send queue send [1,1][1,1] [1,1] } [1,2] [1,2] unlock(q) e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [2,1] [2,1] lock(q) r [2,1] [2,1] queue init queue init Contract: thread start queue init [3,1] [3,1] unlock(q) ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) Noise injection! Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  64. Illustration of the Dynamic Validation Approach void tmain() { Thread 1 Thread 2 [1,0] [0,1] (tmain) (worker) thread_create(worker,input); r thread start queue_init(); [1, 0 ] [1,0] result = queue_receive(); thread create } [2,0] void worker( void * data) { thread start do_work(); [1,1] Noise [1,1] do work queue_send(result); lock(q) [1,1] [1,1] s [1, 1 ] [ 1 ,1] queue send queue send [1,1] [1,1][1,1] } [1,2] [1,2] unlock(q) e t ≺ hb e u ∼ VC e t ( t ) ≤ VC e u ( t ) [2,1] [2,1] lock(q) r [2,1] [ 2 ,1] [2,1] queue init queue init Contract: thread start queue init [3,1] [3,1] unlock(q) ← { queue send, queue receive } queue receive start ( s ) ⊀ hb start ( r ) ∧ end ( r ) ⊀ hb end ( s ) ¬ ( 1 ≤ 0 ) ¬ ( 2 ≤ 1 ) ∧ Noise injection! Contract violated! Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 13 / 17

  65. Discarding Spoilers Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  66. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  67. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  68. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  69. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  70. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  71. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  72. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 a 3 b 3 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  73. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 a 3 b 3 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  74. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 a 3 b 3 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  75. Discarding Spoilers Thread 1 Thread 2 Thread 3 Thread 4 a 1 x 1 x 3 y 1 y 3 b 1 x 4 x 2 y 4 a 2 y 2 a 3 b 3 Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 14 / 17

  76. Discarding Targets Jan Fiedor (BUT) Verifying Programs using Contracts ICST, March 15, 2017 15 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis & Verification Group NEC Labs America, Princeton, USA www.nec-labs.com Tutorial: Verifying Concurrent Programs Oct 2011 Acknowledgements Malay Ganai, Vineet

982 views • 72 slides
Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs with Unbounded Replication D.

774 views • 50 slides
The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed Bouajjani 2 Mohamed Faouzi Atig 1 Tuan Phong Ngo 1 1 Uppsala University 2 IRIF, Universit Paris Diderot & IUF CONCUR 2016 1 Motivation

1.66k views • 118 slides
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya Sergey Aleks Nanevski Anindya Banerjee ESOP 2015 A logic-based approach for Specifying and Verifying Concurrent Algorithms An

2.36k views • 186 slides
SteelCore: An Extensible Concurrent Separation Logic for Effectful Dependent Programs Nikhil

SteelCore: An Extensible Concurrent Separation Logic for Effectful Dependent Programs Nikhil

SteelCore: An Extensible Concurrent Separation Logic for Effectful Dependent Programs Nikhil Swamy, Aseem Rastogi, Aymeric Fromherz , Denis Merigoux, Danel Ahman, Guido Martinez ICFP 2020 1/12 Verifying Concurrent Programs Lots of recent work

556 views • 37 slides
Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly

Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly

Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly University Gyngys, Hungary Synchron 2016 Bamberg December 2016 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

486 views • 25 slides
Parallel Analysis of Parallelism Verifying Concurrent Software System Designs Using GPUs GTC

Parallel Analysis of Parallelism Verifying Concurrent Software System Designs Using GPUs GTC

Parallel Analysis of Parallelism Verifying Concurrent Software System Designs Using GPUs GTC 2015 Anton Wijs Correctness of Concurrent Systems Distributed, concurrent systems common-place, but very

633 views • 52 slides
Verifying concurrent software using movers in CSPEC Tej Chajed , Frans Kaashoek, Butler Lampson*,

Verifying concurrent software using movers in CSPEC Tej Chajed , Frans Kaashoek, Butler Lampson*,

Verifying concurrent software using movers in CSPEC Tej Chajed , Frans Kaashoek, Butler Lampson*, Nickolai Zeldovich MIT CSAIL and *Microsoft Concurrent software is difficult to get right Programmer cannot reason about code in sequence 2

1.2k views • 72 slides
VCC: A Practical System for Verifying Concurrent C Ernie Cohen 1 , Markus Dahlweid 2 , Mark

VCC: A Practical System for Verifying Concurrent C Ernie Cohen 1 , Markus Dahlweid 2 , Mark

VCC: A Practical System for Verifying Concurrent C Ernie Cohen 1 , Markus Dahlweid 2 , Mark Hillebrand 3 , Dirk Leinenbach 3 , Michal Moskal 2 , Thomas Santen 2 , Wolfram Schulte 4 and Stephan Tobies 2 1 Microsoft Corporation, Redmond, WA, USA 2

553 views • 27 slides
From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT

From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT

From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation VPT 2017 Allan Blanchard, Fr ed eric Loulergue, Nikolai Kosmatov April 29 th , 2017 From Concurrent Programs to Simulating Sequential Programs

488 views • 37 slides
+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1

+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1

+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1 Verifying the Correctness of HARPO Programs Presented at NECEC 2018, St. Johns NL Inaam Ahmed Computer Engineering Research Labs, Dept. ECE, MUN

492 views • 23 slides
Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan

Concurrent Datatype Verification 01 Concurrent Datatype Verification Verifying lock free data types using CSP and FDR Jonathan Lawrence jonathan.lawrence@cs.ox.ac.uk Concurrent Datatype Verification 02 Introduction Case study using

618 views • 27 slides
Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert

Verifying that a compiler preserves concurrent value-dependent information-flow security Robert Sison (UNSW Sydney, Data61) and Toby Murray (University of Melbourne) September 2019 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au So

1.94k views • 156 slides
Verifying a Concurrent Garbage Collector Delphine Demange Suresh Jagannathan Gustavo Petri

Verifying a Concurrent Garbage Collector Delphine Demange Suresh Jagannathan Gustavo Petri

Verifying a Concurrent Garbage Collector Delphine Demange Suresh Jagannathan Gustavo Petri David Pichardie Jan Vitek Yannick Zakowski Why are high level languages difficult to compile? Easy to compile in C Obj.f := v What about Java? A

1.17k views • 73 slides
Verifying concurrent Go code in Coq with Goose Tej Chajed , Joseph Tassarotti*, Frans Kaashoek,

Verifying concurrent Go code in Coq with Goose Tej Chajed , Joseph Tassarotti*, Frans Kaashoek,

Verifying concurrent Go code in Coq with Goose Tej Chajed , Joseph Tassarotti*, Frans Kaashoek, Nickolai Zeldovich MIT and *Boston College Systems verification, broadly impl proof specification 2 Systems verification requires connecting

859 views • 48 slides
Verifying concurrent, crash-safe systems with Perennial Tej Chajed , Joseph Tassarotti*, Frans

Verifying concurrent, crash-safe systems with Perennial Tej Chajed , Joseph Tassarotti*, Frans

Verifying concurrent, crash-safe systems with Perennial Tej Chajed , Joseph Tassarotti*, Frans Kaashoek, Nickolai Zeldovich MIT and *Boston College Many systems need concurrency and crash safety Examples: file systems, databases, and key-value

852 views • 46 slides
www.softacad.bg Nikolay Tomitov - Co-CEO at SoftAcad learning center. Danail Alexiev

www.softacad.bg Nikolay Tomitov - Co-CEO at SoftAcad learning center. Danail Alexiev

www.softacad.bg Nikolay Tomitov - Co-CEO at SoftAcad learning center. Danail Alexiev Software Consultant at Axway, lector at SoftAcad learning center. www.softacad.bg 1. Document oriented databases 2. Introduction to JSON data format

791 views • 48 slides
DRIVE - Disseminating Resource Information in VEhicular and other mobile peer-to-peer networks

DRIVE - Disseminating Resource Information in VEhicular and other mobile peer-to-peer networks

DRIVE - Disseminating Resource Information in VEhicular and other mobile peer-to-peer networks Bo Xu Ouri Wolfson University of Illinois at Chicago wolfson@cs.uic.edu DRIVE objective Enable dramatic improvement of the travel experience

715 views • 57 slides
TinyOS Overview of TinyOS Industrial motivations behind TinyOS What is TinyOS? TinyOS

TinyOS Overview of TinyOS Industrial motivations behind TinyOS What is TinyOS? TinyOS

Karan Mangla Lakshya Goel Ankit Gupta Nitin Jain TinyOS Overview of TinyOS Industrial motivations behind TinyOS What is TinyOS? TinyOS vs. traditional OS TinyOS design models TinyOS structure Industrial Motivations behind

448 views • 41 slides
Making smart contract smarter Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor

Making smart contract smarter Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor

Making smart contract smarter Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor <EE817/IS893: Blockchain and Cryptocurrency> Presented by Daejun Kim (2019. 05) Index Background Introduction Security bugs in

1.39k views • 85 slides
Rod Thompson FIG 3D Cadastres workshop 2-4 October 2018, Delft NL. 1 1988 1988 was the year

Rod Thompson FIG 3D Cadastres workshop 2-4 October 2018, Delft NL. 1 1988 1988 was the year

Rod Thompson FIG 3D Cadastres workshop 2-4 October 2018, Delft NL. 1 1988 1988 was the year the world came to Brisbane Leisure ure in n th the Ag Age of of Te Technology hnology 2 1988 1988 was the year the world came to

752 views • 60 slides
In-memory In-memory Analytical Platforms Aditya Satyadev Director, BizAcuity Solutions Sachin

In-memory In-memory Analytical Platforms Aditya Satyadev Director, BizAcuity Solutions Sachin

In-memory In-memory Analytical Platforms Aditya Satyadev Director, BizAcuity Solutions Sachin Sangtani Senior Technical Consultant, Kognitio Agenda - update Introduction Context In-memory Analytics Benefits of adoption

314 views • 30 slides
Informatics Practices Class XI ( As per CBSE Board) Visit : python.mykvs.in for regular updates

Informatics Practices Class XI ( As per CBSE Board) Visit : python.mykvs.in for regular updates

New syllabus 2020-21 Chapter 10 Database Concepts Informatics Practices Class XI ( As per CBSE Board) Visit : python.mykvs.in for regular updates DATABASE CONCEPTS A database is a collection of DATA/INFORMATION that is organized so that

282 views • 11 slides
Code generation for Scicos/Nsp compiling by partial evaluation Workshop on Simulation at the

Code generation for Scicos/Nsp compiling by partial evaluation Workshop on Simulation at the

Code generation for Scicos/Nsp compiling by partial evaluation Workshop on Simulation at the System Level for Industrial Applications IESC, Carg` ese 2014 J.Ph Chancelier and Ramine Nikoukhah CERMICS-ENPC, ALTAIR October 19, 2014 J.Ph

488 views • 18 slides

More recommend