rely guarantee protocols
play

Rely-Guarantee Protocols Filipe Milito 1,2 Jonathan Aldrich 1 Lus - PowerPoint PPT Presentation

Oct 06, 2023 •344 likes •1.45k views

ECOOP 2014 Rely-Guarantee Protocols Filipe Milito 1,2 Jonathan Aldrich 1 Lus Caires 2 1 Carnegie Mellon University, Pittsburgh, USA 2 Universidade Nova de Lisboa, Lisboa, Portugal Motivation Mutable state can be useful in certain cases.

  1. Pipe Typestate ∃ P . ∃ C .( ![ put : !( ( ! int :: P ) ⊸ ( ![] :: P ) ) , close : !( ( ![] :: P ) ⊸ ! [] ) , tryTake : !( ( ![] :: C ) ⊸ Depleted #![] + NoResult #(![] :: C ) + Result #(! int :: C ) ) ] :: ( C * P ) ) 53

  2. Pipe Typestate ∃ P . ∃ C .( ![ put : !( ( ! int :: P ) ⊸ ( ![] :: P ) ) , close : !( ( ![] :: P ) ⊸ ! [] ) , tryTake : !( ( ![] :: C ) ⊸ Depleted #![] + NoResult #(![] :: C ) + Result #(! int :: C ) ) ] :: ( C * P ) ) rw p ∃ p.( ref p :: T [p]) 53

  3. Pipe Typestate ∃ P . ∃ C .( ![ put : !( ( ! int :: P ) ⊸ ( ![] :: P ) ) , close : !( ( ![] :: P ) ⊸ ! [] ) , tryTake : !( ( ![] :: C ) ⊸ Depleted #![] + NoResult #(![] :: C ) + Result #(! int :: C ) ) ] :: ( C * P ) ) rw p ∃ p.( ref p :: T [p]) rw c ∃ p.( ref p :: H [p]) 53

  4. Problems of Sharing 1. Account for interference ( public changes). Consider all possible interleaved uses of aliases and how they may change the shared state. 2. Handle private changes. Making sure other aliases do not see any intermediate or inconsistent states of the shared state (which may appear due to type changing assignments like int to string , etc.). 54

  5. Syntax 55

  6. Syntax 56

  7. Syntax 57

  8. 2. Protocol Use • Protocols are used through focus and defocus constructs. • They serve two purposes: a) Hide private changes from the other aliases of that shared state. b) Advance the step of the protocol, by obeying the constraints on public changes. 58

  9. Focus / Defocus focus Empty ... defocus 59

  10. Focus / Defocus Empty ⇒ Filled ; Next focus Empty ... defocus 59

  11. Focus / Defocus Empty ⇒ Filled ; Next focus Empty ... defocus 59

  12. Focus / Defocus Empty ⇒ Filled ; Next focused state focus Empty defocus-guarantee ... defocus 60

  13. Focus / Defocus Empty ⇒ Filled ; Next focus Empty ... defocus 61

  14. Focus / Defocus Empty ⇒ Filled ; Next focus Empty Empty , Filled ; Next ... defocus 61

  15. Focus / Defocus Empty ⇒ Filled ; Next focus Empty Empty , Filled ; Next PartiallyFilled , Filled ; Next ... defocus 62

  16. Focus / Defocus Empty ⇒ Filled ; Next focus Empty Empty , Filled ; Next ... Filled , Filled ; Next defocus 63

  17. Focus / Defocus Empty ⇒ Filled ; Next focus Empty Empty , Filled ; Next ... Filled , Filled ; Next defocus 64

  18. Focus / Defocus Empty ⇒ Filled ; Next focus Empty Empty , Filled ; Next ... Filled , Filled ; Next defocus 64

  19. Focus / Defocus Empty ⇒ Filled ; Next focus Empty Empty , Filled ; Next ... Filled , Filled ; Next defocus Next 64

  20. Focus / Defocus Empty ⇒ Filled ; Next , Δ { focus Empty Empty , Filled ; Next ▷ Δ private ... changes Filled , Filled ; Next ▷ Δ defocus Next , Δ 65

  21. Focus / Defocus Empty ⇒ Filled ; Next , Δ { focus Empty Empty , Filled ; Next ▷ Δ private ... changes Filled , Filled ; Next ▷ Δ defocus Next , Δ 65

  22. Focus / Defocus Empty ⇒ Filled ; Next , Δ { focus Empty Empty , Filled ; Next ▷ Δ private hides any state that may allow ... changes reentrant accesses to focused state Filled , Filled ; Next ▷ Δ defocus Next , Δ 65

  23. Problems of Sharing 1. Account for interference ( public changes). Consider all possible interleaved uses of aliases and how they may change the shared state. 2. Handle private changes. Making sure other aliases do not see any intermediate or inconsistent states of the shared state (which may appear due to type changing assignments like int to string , etc.). 66

  24. 3. Protocol Conformance • Protocols are introduced explicitly, in pairs, through the share construct: share A as B || C “type A (either a capability or an existing protocol) can be safely split in types B and C (two protocols)” • Arbitrary aliasing is possible by continuing to split an existing protocol. 67

  25. Checking share • We must check that a protocol is aware of all possible states that may appear due to the “interleaving” of other aliases of that shared state. • Checking a split is built from two components: a) a stepping relation , that “simulates” a single use of focus - defocus (i.e. a step of the protocol). b) a protocol conformance definition that ensures the protocol considers all possible alias interleaving. 68

  26. Protocol Conformance Example share E as rec X .( E ⇒ E ; X ⊕ N ⇒ none ⊕ C ⇒ none ) || E ⇒ ( N ⊕ C ) 69

  27. Protocol Conformance Example share E as Consumer rec X .( E ⇒ E ; X ⊕ N ⇒ none ⊕ C ⇒ none ) || E ⇒ ( N ⊕ C ) Producer 69

  28. Initial state. { E C P C P C P possible interleaving C P C P 70

  29. Initial state. { E C P However, our protocols can only list a finite C P C P number of distinct states , and each possible protocol lists a finite number of distinct interleaving protocol steps . C P C P This will ensure that there is finite number of distinct configurations , each representing one possible alias interleaving in the use of the state that is being shared by the protocols. 70

  30. ⇒ ⇒ ⇒ E State: Producer Consumer N ⊕ E E C E ⇒ ⊕ none C ⊕ none N Configurations: 71

  31. ⇒ ⇒ ⇒ State: Producer Consumer N ⊕ E E E C E ⇒ ⊕ none C ⊕ none N Configurations: 71

  32. ⇒ ⇒ ⇒ State: Producer Consumer N ⊕ E E E C E ⇒ ⊕ none C ⊕ none N Configurations: 71

  33. ⇒ ⇒ ⇒ E State: Producer Consumer N ⊕ E E C E ⇒ ⊕ none C ⊕ none N Configurations: 71

  34. ⇒ ⇒ ⇒ E State: Producer Consumer N ⊕ N ⊕ E E C C E ⇒ ⊕ none C ⊕ none N Configurations: 72

  35. ⇒ ⇒ ⇒ E State: Producer Consumer N ⊕ N ⊕ E E C C E ⇒ ⊕ none C ⊕ none N Configurations: 72

  36. ⇒ ⇒ ⇒ State: Producer Consumer N ⊕ N ⊕ E E C C E ⇒ E ⊕ none C ⊕ none N Configurations: 72

Recommend

On Rely-Guarantee Reasoning Stephan van Staden June 29, 2015 1 / 15 Overview Introduction

On Rely-Guarantee Reasoning Stephan van Staden June 29, 2015 1 / 15 Overview Introduction

On Rely-Guarantee Reasoning Stephan van Staden June 29, 2015 1 / 15 Overview Introduction Basics of Rely-Guarantee Overview of the paper Two techniques for constructing Rely-Guarantee models Soundness results The traditional

272 views • 23 slides
Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL

Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL

Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL Leonor Prensa Nieto TU M unchen Marseille, 7 January 2002 Isabelle HOL = Overview Motivation. Hoare logic for

263 views • 23 slides
Rely-Guarantee References for Refinement Types over Aliased Mutable Data Colin S. Gordon,

Rely-Guarantee References for Refinement Types over Aliased Mutable Data Colin S. Gordon,

Rely-Guarantee References for Refinement Types over Aliased Mutable Data Colin S. Gordon, Michael D. Ernst, and Dan Grossman University of Washington PLDI 2013 Static Verification Meets Aliasing 2 3 x:ref y:ref x := !x+1; m(y);

739 views • 26 slides
Rely/Guarantee Reasoning for Asynchronous Programs Ivan Gavran 1 , Filip Niksic 1 , Aditya Kanade

Rely/Guarantee Reasoning for Asynchronous Programs Ivan Gavran 1 , Filip Niksic 1 , Aditya Kanade

Rely/Guarantee Reasoning for Asynchronous Programs Ivan Gavran 1 , Filip Niksic 1 , Aditya Kanade 2 , Rupak Majumdar 1 , Viktor Vafeiadis 1 1 Max Planck Institute for Software Systems (MPI-SWS), Germany 2 Indian Institute of Science, Bangalore,

672 views • 52 slides
Synchronization Coherency protocols guarantee that a reading processor (thread) sees the most

Synchronization Coherency protocols guarantee that a reading processor (thread) sees the most

Synchronization Coherency protocols guarantee that a reading processor (thread) sees the most current update to shared data. Coherency protocols do not : make sure that only one thread accesses shared data or a shared hardware or software

334 views • 11 slides
Developing programs by Splitting atoms (rely/guarantee conditions, data reification, . . . )

Developing programs by Splitting atoms (rely/guarantee conditions, data reification, . . . )

Developing programs by Splitting atoms (rely/guarantee conditions, data reification, . . . ) Cliff B Jones Computing Science Newcastle University FMCO 2008-10-22 Cliff B Jones (Newcastle) Developing programs by Splitting atoms

603 views • 36 slides
A marriage of rely/guarantee & separation logic Viktor V afeiadis MPI - SWS Coarse - grain

A marriage of rely/guarantee & separation logic Viktor V afeiadis MPI - SWS Coarse - grain

A marriage of rely/guarantee & separation logic Viktor V afeiadis MPI - SWS Coarse - grain locking 2 3 5 7 11 13 Coarse - grain locking 2 3 5 7 11 13 Fine - grain locking Pessimistic: lock - coupling 2 3 5 7 11 13 Fine -

743 views • 57 slides
GUARANTEE GIVING OF A GUARANTEE MEANS: ENTERING INTO A CONTRACT TO PERFORM THE PROMISE OF

GUARANTEE GIVING OF A GUARANTEE MEANS: ENTERING INTO A CONTRACT TO PERFORM THE PROMISE OF

Chapter No. Page No. 9 201 International Finance IMPORT / EXPORT GUARANTEES GUARANTEE GIVING OF A GUARANTEE MEANS: ENTERING INTO A CONTRACT TO PERFORM THE PROMISE OF DISCHARGE THE LIABILITY OF THIRD PERSON IN CASE OF HIS DEFAULT.

463 views • 13 slides
Role of credit guarantee in improving financial access to Micro SMEs History of Credit Guarantee

Role of credit guarantee in improving financial access to Micro SMEs History of Credit Guarantee

Role of credit guarantee in improving financial access to Micro SMEs History of Credit Guarantee in Thailand Thai Credit Guarantee Corporation or TCG is a state-owned specialized financial institution under the supervision of the Ministry of

670 views • 3 slides
13 th / 14 th FINA World Swimming Championships (25m) 2016 / 2018 BUDGETING Guarantee The

13 th / 14 th FINA World Swimming Championships (25m) 2016 / 2018 BUDGETING Guarantee The

13 th / 14 th FINA World Swimming Championships (25m) 2016 / 2018 BUDGETING Guarantee The candidate City shall provide a written financial guarantee to FINAs satisfaction The guarantee may be given by the City or local, regional or

874 views • 30 slides
Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport network Example client/server systems and link their application-level protocols: physical Application-Layer Protocols:

432 views • 10 slides
Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport Example client/server systems and network their application-level protocols: link physical Application-Layer Protocols

281 views • 13 slides
Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI model. 1 Layered Protocols (2) 2-2 A typical message as it appears on the network. Data Link Layer 2-3 Discussion between a receiver and a

577 views • 23 slides
E-COMMERCE OMMERCE E-commerce : Mission We guarantee a smooth cross- We guarantee a

E-COMMERCE OMMERCE E-commerce : Mission We guarantee a smooth cross- We guarantee a

E-COMMERCE OMMERCE E-commerce : Mission We guarantee a smooth cross- We guarantee a smooth cross-border logistic chain border logistic chain We enable a fast, reliable & affordable shipment delivery solution We shift the

141 views • 10 slides
4 Application Layer Protocols Device Management Protocols Application layer protocols offering

4 Application Layer Protocols Device Management Protocols Application layer protocols offering

EPFL, Spring 2017 4 Application Layer Protocols Device Management Protocols Application layer protocols offering remote services for large networks of devices: - Monitoring (health of devices and network, get current state) - Management

1.31k views • 93 slides
SPAPSD COVID-19 Protocols GENERAL SAFETY EXPECTATIONS It is our responsibility to mitigate risks

SPAPSD COVID-19 Protocols GENERAL SAFETY EXPECTATIONS It is our responsibility to mitigate risks

SPAPSD COVID-19 Protocols GENERAL SAFETY EXPECTATIONS It is our responsibility to mitigate risks associated with the spread of COVID-19 u and take that responsibility seriously, but we cannot guarantee a COVID-19 free environment. It is

495 views • 11 slides
Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

The 1 st World Congress on Controversies in Hematology (COHEM) Rome, September, 2-5, 2010 Session 4. Acute Lymphoblastic Leukemia Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL? No No JM

990 views • 44 slides
An Assume-Guarantee Method for Modular An Assume-Guarantee Method for Modular Verification of

An Assume-Guarantee Method for Modular An Assume-Guarantee Method for Modular Verification of

An Assume-Guarantee Method for Modular An Assume-Guarantee Method for Modular Verification of Evolving Component-Based Software Verification of Evolving Component-Based Software Pham Ngoc Hung, Nguyen Truong Thang, and Takuya Katayama Japan

544 views • 21 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
VA Guarantee Reinsurance Market Direct Writers Perspective Kirk Evans SOA Antitrust

VA Guarantee Reinsurance Market Direct Writers Perspective Kirk Evans SOA Antitrust

Equity-Based Insurance Guarantees Conference Nov. 5-6, 2018 Chicago, IL VA Guarantee Reinsurance Market Direct Writers Perspective Kirk Evans SOA Antitrust Compliance Guidelines SOA Presentation Disclaimer Sponsored by VA Guarantee

645 views • 21 slides
Zirconia Disilicato Compositi Peek - Pekkton Fibra PMMA Multi-strato Bio HPP (Bredent)

Zirconia Disilicato Compositi Peek - Pekkton Fibra PMMA Multi-strato Bio HPP (Bredent)

LaBor Dental seeks to combine the traditional dental technology with up-to-date digital technology: our advanced working protocols, in fact, allow us to guarantee our clients a high and repeatable quality standard in a short period of time. Our

197 views • 3 slides
1 Pitfalls of Lock-Based Protocols (Cont.) The Two-Phase Locking Protocol The potential for

1 Pitfalls of Lock-Based Protocols (Cont.) The Two-Phase Locking Protocol The potential for

Concurrency Control Lock-Based Protocols Timestamp-Based Protocols Lecture 9 Concurrency Control Validation-Based Protocols Multiple Granularity Multiversion Schemes Deadlock Handling Chapter 16 Insert and Delete

780 views • 8 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Assume-Guarantee Validation for STE Properties within an SVA Environment Tom Melham Oxford

Assume-Guarantee Validation for STE Properties within an SVA Environment Tom Melham Oxford

Assume-Guarantee Validation for STE Properties within an SVA Environment Tom Melham Oxford University Zurab Khasidashvili & Gavirel Gavrielov Intel Israel Ltd. Validation of STE Verification Environment Assume (STE) Guarantee (SVA)

387 views • 19 slides

More recommend