Reasoning about expression evaluation under interference

The Java language supports the use of monitors, sockets, and remote method invocation for concurrent programming. Also, Java classes can be defined to simulate other types of concurrent constructs. However, concurrent Java programs, like other concurrent programs, are difficult to specify, design, code, test and debug. In this paper, we describe the design of a toolset, called JaDA (Java Dynamic Analyzer), that provides testing and debugging tools for concurrent Java programs. To collect run-time information or control program execution, JaDA requires transformation of a concurrent Java program into a slightly different Java program. We show that by modifying Java classes that support concurrent programming, Java application programs only need minor modifications. We also present a novel approach to managing threads that are needed for testing and debugging of concurrent Java programs.

Most proof methods for reasoning about concurrent programs are based upon the interleaving semantics of concurrent computation: a concurrent program is executed in a stepwise fashion, with only one enabled action being executed at each step. Interleaving semantics, in effect, requires that a concurrent program be executed as a nondeterministic sequential program. This is clearly an abstraction of the way in which concurrent programs are actually executed. To ensure that this is a reasonable abstraction, interleaving semantics should only be used to reason about programs with “simple” actions; we call such programs “atomic”. In this paper, we formally characterise the class of atomic programs. We adopt the criterion that a program is atomic if it can be implemented in a wait-free, serialisable manner by a primitive program. A program is primitive if each of its actions has at most one occurrence of a shared bit, and each shared bit is read by at most one process and written by at most one process. It follows from our results that the traditionally accepted atomicity criterion, which allows each action to have at most one occurrence of a shared variable, can be relaxed, allowing programs to have more powerful actions. For example, according to our criterion, an action can read any finite number of shared variables, provided it writes no shared variable.

The Java programming language is a modem object-oriented language that supports concurrency. Ensuring concurrent programs are correct is difficult. Additional problems encountered in concurrent programs, compared with sequential programs, include deadlock, livelock, starvation, and dormancy. Often these problems are related and are sometimes side effects of one another Furthermore, different programming languages attach different meanings to these terms. Sun Microsystems provides a textual description of the Java concurrency model which is inadequate for reasoning with such programs. Formal specifications are required for verifying concurrent programs through the use of tools and methods such as static analysis, dynamic analysis, model-checking, and theorem proving. It is clear that the behaviour of the Java concurrency model must be unambiguous and well-understood for these tools to operate effectively. This paper presents a formal specification of the Java concurrency model using the Z specification language. A number of important correctness properties of concurrent programs are constructed from the model, and their application to the implementation of verification and testing tools for concurrent Java programs is discussed.

Oz is an experimental higher-order concurrent constraint programming system under development at DFKI. It combines ideas from logic and concurrent programming in a simple yet expressive language. From logic programming Oz inherits logic variables and logic data structures, which provide for a programming style where partial information about the values of variables is imposed concurrently and incrementally. A novel feature of Oz is that it accommodates higher-order programming without sacrificing that denotation and equality of variables are captured by first-order logic. Another new feature of Oz is constraint communication, a new form of asynchronous communication exploiting logic variables. Constraint communication avoids the problems of stream communication, the conventional communication mechanism employed in concurrent logic programming Constraint communication can be seen as providing a minimal form of state fully compatible with logic data structures.

High level programming language constructs are proposed for scheduling of concurrent operations on a shared variable. Proof rules are given that can be used to check if an adequate scheduling can be prepared from the program text. The basis for the constructs is the condition that must be fulfilled before an operation on a shared variable is performed (the precondition of the operation) and what can be proved to hold when an operation terminates (the postassertion of the operation).

We give a translation from concurrent programs to sequential programs that reduces the context-bounded reachability problem in the concurrent program to a reachability problem in the sequential one. The translation has two salient features: (a) the sequential program tracks, at any time, the local state of only one thread (though it does track multiple copies of shared variables), and (b) all reachable states of the sequential program correspond to reachable states of the concurrent program. We also implement our transformation in the setting of concurrent recursive programs with finite data domains, and show that the resulting sequential program can be model-checked efficiently using existing recursive sequential program reachability tools.

Traditional fault localization techniques are well equipped for identifying faults in sequential programs. Faults in concurrent programs are caused due to interleaving of the threads during run-time. Finding the faults in concurrent programs are more difficult in comparison with sequential programs. In this paper, we have proposed a fault localization framework based on spectrum-based fault localization for concurrent programs to find the faults occurs during execution of multiple threads. The technique finds the most suspicious function or branch for effective fault localization. We have tested the proposed the technique with two different concurrent example programs to check the accuracy of the technique.

Refactoring has become an effective approach to convert sequential programs into concurrent programs. Many refactoring algorithms and tools are proposed to assist developers in writing high-performance concurrent programs. Although researchers actively conduct surveys on refactoring, we are not aware of any survey that summarizes, categorizes and discusses concurrency-oriented refactoring. To this end, this paper presents a survey that investigates how refactoring assists with concurrent programming. To the best of our knowledge, this paper is the first survey that summarizes the state-of-the-art, concurrency-oriented refactoring. First, we design six research questions addressing the concurrent structure, programming language, performance improvement and consistency evaluation. Second, we answer these questions by examining the related papers and then present the results to show how refactoring provides support for concurrent programming after a decade of development, such as transforming the concurrent structures, supporting parallel language, and improving performance. Finally, we summarize the related works and present the future trends.

Time/Contention Trade-Offs for Multiprocessor Synchronization

We present a framework that takes a concurrent program composed of unsynchronized processes, along with a temporal specification of their global concurrent behaviour, and automatically generates a concurrent program with synchronization ensuring correct global behaviour. Our methodology supports finite-state concurrent programs composed of processes that may have local and shared variables, may be straight-line or branching programs, may be ongoing or terminating, and may have program-initialized or user-initialized variables. The specification language is an extension of propositional Computation Tree Logic (CTL) that enables easy specification of safety and liveness properties over control and data variables. The framework also supports synthesis of synchronization at different levels of abstraction and granularity.

Reverse engineering of concurrent real-time programs with timing constraints is a particularly challenging research area, because the functional behaviour of a program, and the non-functional timing requirements, are implicit and can be very difficult to discover. The authors present a significant advance in this area, which is achieved by modelling real-time concurrent programs in the wide spectrum language WSL. They show how a sequential program with interrupts can be modelled in WSL, and the method is then extended to model more general concurrent programs. They show how a program modelled in this way may subsequently be 'inverse engineered' by the use of formal program transformations, to discover a specification for the program. >

We present new techniques for fast, accurate and scalable static data race detection in concurrent programs. Focusing our analysis on Linux device drivers allowed us to identify the unique challenges posed by debugging large-scale real-life code and also pinpointed drawbacks in existing race warning generation methods. This motivated the development of new techniques that helped us in improving both the scalability as well as the accuracy of each of the three main steps in a race warning generation system. The first and most crucial step is the automatic discovery of shared variables. Towards that end, we present a new, efficient dataflow algorithm for shared variable detection which is more effective than existing correlation-based techniques that failed to detect the shared variables responsible for data races in majority of the drivers in our benchmark suite. Secondly, accuracy of race warning generation strongly hinges on the precision of the pointer analysis used to compute aliases for lock pointers. We formulate a new scalable context sensitive alias analysis that effectively combines a divide and conquer strategy with function summarization and is demonstrably more efficient than existing BDD-based techniques. Finally, we provide a new warning reduction technique that leverages lock acquisition patterns to yield provably better warning reduction than existing lockset based methods.KeywordsShared VariableConcurrent ProgramProgram LocationData RaceAccess EventThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

In this paper we consider an optimization problem that arises in the execution of parallel programs on shared-memory multiple-instruction-stream, multiple-data-stream (MIMD) computers. A program on such machines consists of many sequential program segments, each executed by a single processor. These segments interact as they access shared variables. Access to memory is asynchronous, and memory accesses are not necessarily executed in the order they were issued. An execution is correct if it is sequentially consistent: It should seem as if all the instructions were executed sequentially, in an order obtained by interleaving the instruction streams of the processors. Sequential consistency can be enforced by delaying each access to shared memory until the previous access of the same processor has terminated. For performance reasons, however, we want to allow several accesses by the same processor to proceed concurrently. Our analysis finds a minimal set of delays that enforces sequential consistency. The analysis extends to interprocessor synchronization constraints and to code where blocks of operations have to execute atomically. We use a conflict graph similar to that used to schedule transactions in distributed databases. Our graph incorporates the order on operations given by the program text, enabling us to do without locks even when database conflict graphs would suggest that locks are necessary. Our work has implications for the design of multiprocessors; it offers new compiler optimization techniques for parallel languages that support shared variables.

The methodology underlying formal methods is first to specify precisely the behaviour of a piece of software, then to write this software and finally to prove whether or not that actual implementation meets its specification. Unity [5, 7] is a formal method that attempts to decouple a program from its implementation. For that propose, Unity separates logical behaviour from implementation, provides predicates for specifications, and proof rules to derive specifications directly from the program text. This type of proof strategy is often clearer and more succinct than arguing about a program’s operational behaviour. Our research fits into Unity’s methodology. Its aim is to develop a proof environment suitable for mechanical proof of concurrent programs [1]. This proof is based on Unity [5], and may be used to specify and verify both safety and liveness properties.

Unity [CM88, Mer92, Kna90], as action systems approach [BS91], is a formal method that attempts to decouple a program from its implementation. Therefore, Unity separates logical behaviour from implementation, it provides predicates for specifications, and proof rules for deriving specifications directly from the program text. This type of proof strategy is often clearer and more succinct than argument about a program's operational behaviour. Our research fits into Unity's methodology. Its aims to develop a proof environment suitable for mechanical proof of concurrent programs. This proof is based on Unity [CM88], and may be used to specify and verify both safety and liveness properties. Our verification method is based on theorem proving, so that an axiomatization of the operational semantics is needed. We use Dijkstra's wp-calculus to formalize the Unity logic, so we can always derive a sound relationship between the operational semantics of a given Unity specification and the axiomatic one from which theorems in our logic will be derived.