type safe nondeterminism a formal semantics of java
play

Type Safe Nondeterminism A Formal Semantics of Java Threads Andreas - PowerPoint PPT Presentation

Aug 13, 2023 •278 likes •750 views

Type Safe Nondeterminism A Formal Semantics of Java Threads Andreas Lochbihler University of Passau Germany 01/13/2008 Funded by DFG grant Sn11/10-1 Andreas Lochbihler Type Safe Nondeterminism FOOL 08 1 / 17 Overview Motivation 1

  1. Type Safe Nondeterminism A Formal Semantics of Java Threads Andreas Lochbihler University of Passau Germany 01/13/2008 Funded by DFG grant Sn11/10-1 Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 1 / 17

  2. Overview Motivation 1 Java threads 2 Formalisation 3 The Jinja and framework semantics Deadlock vs. progress Type safety for Jinja Summary 4 Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 2 / 17

  3. Motivation The goal Our goal: Formalise Java thread semantics Show type safety In a theorem prover Benefits: Solid basis for formal verification problems Language based security (LBS) Proof carrying code (PCC) Starting point: Jinja semantics (Nipkow, Klein, TOPLAS’06) Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 3 / 17

  4. Motivation Type safety Type safety Well-typed programs evaluate fully and No untrapped errors can occur Proof technique (Wright, Felleisen ’94): Progress Semantics cannot get stuck (as long as some threads are not deadlocked yet) Preservation Evaluating a well-typed statement results in another well-typed statement with equal or smaller type Challenge: Deadlock can break progress property Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 4 / 17

  5. Java threads Java thread features Dual nature of threads: Objects of class Thread Execution contexts spawned by start() Communication via shared memory Synchronization via locking Deadlocks to break progress Synthesized methods in Object : wait() notify() notifyAll() Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 5 / 17

  6. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } I II Objects e f g Wait set: {} {} {} III Locked by: Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  7. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Request lock on f I II Objects e f g Wait set: {} {} {} III Locked by: Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  8. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } I II Objects e f g Wait set: {} {} {} III Locked by: I Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  9. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Request lock on g I II Objects e f g Wait set: {} {} {} III Locked by: I Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  10. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } I II Objects e f g Wait set: {} {} {} III Locked by: I II Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  11. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Request lock on e I II Objects e f g Wait set: {} {} {} III Locked by: I II Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  12. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } I II Objects e f g Wait set: {} {} {} III Locked by: III I II Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  13. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Request lock on g I II Objects e f g Wait set: {} {} {} III Locked by: III I II Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  14. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Request lock on g Request lock on e I II Objects e f g Wait set: {} {} {} III Locked by: III I II Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  15. Java threads Java deadlock example Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Request lock on g Request lock on e Request lock on f I II Objects Deadlock e f g Wait set: {} {} {} III Locked by: III I II Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 6 / 17

  16. Java threads Java deadlock example with wait sets Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Z Z Z I II Objects e f g Wait set: {} {} {} III Locked by: Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 7 / 17

  17. Java threads Java deadlock example with wait sets Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Request lock on f Z Z Z I II Objects e f g Wait set: {} {} {} III Locked by: Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 7 / 17

  18. Java threads Java deadlock example with wait sets Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Z Z Z I II Objects e f g Wait set: {} {} {} III Locked by: I Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 7 / 17

  19. Java threads Java deadlock example with wait sets Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Request lock on g Z Z Z I II Objects e f g Wait set: {} {} {} III Locked by: I Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 7 / 17

  20. Java threads Java deadlock example with wait sets Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Z Z Z I II Objects e f g Wait set: {} {} {} III Locked by: I I Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 7 / 17

  21. Java threads Java deadlock example with wait sets Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ••• ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Z Z Z I II Objects e f g Wait set: {} {} {} III Locked by: I I Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 7 / 17

  22. Java threads Java deadlock example with wait sets Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Wait on notify Z Z Z I II Objects e f g Wait set: {} {} { I } III Locked by: I Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 7 / 17

  23. Java threads Java deadlock example with wait sets Thread (I) Thread (II) Thread (III) synchronized (f) { synchronized (g) { synchronized (e) { synchronized (g) { synchronized (e) { synchronized (f) { ··· ··· ··· ··· g.wait(); g.notify(); ··· ··· ··· } } } } } } Wait on notify Request lock on e Z Z Z I II Objects e f g Wait set: {} {} { I } III Locked by: I Andreas Lochbihler Type Safe Nondeterminism FOOL ’08 7 / 17

Recommend

The need for a formal model of Java Safety guarantees of Java definedness type safety

The need for a formal model of Java Safety guarantees of Java definedness type safety

Making the Java Memory Model Safe Andreas Lochbihler Institute for Information Security ETH Zurich supported by DFG Sn11/10-1,2 The need for a formal model of Java Safety guarantees of Java definedness type safety security

595 views • 44 slides
Formal Semantics in Modern Type Theories (and Event Semantics in MTT-Framework) Zhaohui Luo

Formal Semantics in Modern Type Theories (and Event Semantics in MTT-Framework) Zhaohui Luo

Formal Semantics in Modern Type Theories (and Event Semantics in MTT-Framework) Zhaohui Luo Royal Holloway University of London This talk I. Formal semantics in Modern Type Theories: overview MTT-semantics is both model-theoretic and

564 views • 30 slides
Rule formats for bounded nondeterminism in structural operational semantics lvaro

Rule formats for bounded nondeterminism in structural operational semantics lvaro

Rule formats for bounded nondeterminism in structural operational semantics lvaro Garca-Prez Luca Aceto Anna Inglfsdttir Reykjavk University Lyngby, January 8th, 2016 1 / 11 Motivation 2 / 11 Structural operational semantics

383 views • 21 slides
Why formalize? n ML is tricky, particularly in corner cases Formal Semantics n generalizable type

Why formalize? n ML is tricky, particularly in corner cases Formal Semantics n generalizable type

Why formalize? n ML is tricky, particularly in corner cases Formal Semantics n generalizable type variables? n polymorphic references? n exceptions? n Some things are often overlooked for any language n evaluation order? side-effects? errors? n

371 views • 17 slides
Why formalize? ! ML is tricky, particularly in corner cases Formal Semantics ! generalizable type

Why formalize? ! ML is tricky, particularly in corner cases Formal Semantics ! generalizable type

Why formalize? ! ML is tricky, particularly in corner cases Formal Semantics ! generalizable type variables? ! polymorphic references? ! exceptions? ! Some things are often overlooked for any language ! evaluation order? side-effects? errors? !

603 views • 3 slides
Introductory Notes Jigsaw Semantics or: Dynamic Semantics Put Together Again Formal semantics

Introductory Notes Jigsaw Semantics or: Dynamic Semantics Put Together Again Formal semantics

Jigsaw Semantics Introduction Introductory Notes Jigsaw Semantics or: Dynamic Semantics Put Together Again Formal semantics and formal pragmatics: the disciplines are much scattered and seriously challenged, or so it seems. Formal

164 views • 12 slides
Lexical Semantics in Formal Semantics: History and Challenges . Barbara H. Partee

Lexical Semantics in Formal Semantics: History and Challenges . Barbara H. Partee

Lexical Semantics in Formal Semantics: History and Challenges . Barbara H. Partee partee@linguist.umass.edu ESSLLI RefSemPlus Workshop, August 2016 1. Introduction n The early important achievements of formal semantics that made it of

1.01k views • 36 slides
Type Systems Lecture 7 Dec. 1st, 2004 Sebastian Maneth

Type Systems Lecture 7 Dec. 1st, 2004 Sebastian Maneth

Type Systems Lecture 7 Dec. 1st, 2004 Sebastian Maneth http://lampwww.epfl.ch/teaching/typeSystems/2004 Today Featherweight Java 1. Recall Syntax of FJ 2. Static Semantics 3. Dynamic Semantics (Evaluation) 4. Type

692 views • 46 slides
A Denotational Semantics for Low-Level Probabilistic Programs with Nondeterminism Di Wang 1 Jan

A Denotational Semantics for Low-Level Probabilistic Programs with Nondeterminism Di Wang 1 Jan

A Denotational Semantics for Low-Level Probabilistic Programs with Nondeterminism Di Wang 1 Jan Hoffmann 1 Thomas Reps 2,3 1 Carnegie Mellon University 2 University of Wisconsin 3 GrammaTech, Inc. Probabilistic Programs Draw random data from

914 views • 72 slides
Introduction to formal semantics - Enrico Leonhardt Introduction to formal semantics 1 / 25

Introduction to formal semantics - Enrico Leonhardt Introduction to formal semantics 1 / 25

Introduction to formal semantics - Enrico Leonhardt Introduction to formal semantics 1 / 25 Enrico Leonhardt | Motivation | Semiotics | Formal semantics in CS | structure Motivation - Philosophy paradox antinomy

710 views • 25 slides
First-order logic C h a p t e r 8 1 Outline Why FOL? Syntax and semantics of FOL

First-order logic C h a p t e r 8 1 Outline Why FOL? Syntax and semantics of FOL

First-order logic C h a p t e r 8 1 Outline Why FOL? Syntax and semantics of FOL Fun with sentences Wumpus world in FOL 2 Thinking about formal languages Programming languages = formal languages. Most widely used type

670 views • 22 slides
Co-nondeterminism in compositions: A kernelization lower bound for a Ramsey-type problem Stefan

Co-nondeterminism in compositions: A kernelization lower bound for a Ramsey-type problem Stefan

Co-nondeterminism in compositions: A kernelization lower bound for a Ramsey-type problem Stefan Kratsch September 03, WorKer 2011, Vienna 1 Introduction Ramsey(k) Input: A graph G and an integer k . Parameter: k . Question: Does G contain an

395 views • 25 slides
A Model-Theoretic Reconstruction of Type-Theoretic Semantics for Anaphora Matthew Gotham

A Model-Theoretic Reconstruction of Type-Theoretic Semantics for Anaphora Matthew Gotham

A Model-Theoretic Reconstruction of Type-Theoretic Semantics for Anaphora Matthew Gotham University of Oslo 22 nd Conference on Formal Grammar, 22 July 2017 Matthew Gotham (Oslo) Semantics for Anaphora Formal Grammar 2017 1 / 26 What this

323 views • 29 slides
Formal Semantics Aspects to formalize Syntax : whats a syntactically well-formed program? Why

Formal Semantics Aspects to formalize Syntax : whats a syntactically well-formed program? Why

Formal Semantics Aspects to formalize Syntax : whats a syntactically well-formed program? Why formalize? some language features are tricky, formalize by a context-free grammar, e.g. in EBNF notation e.g. generalizable type variables,

568 views • 8 slides
More Theories, Formal semantics Jirka Hana Parts are based on slides by Carl Pollard Charles

More Theories, Formal semantics Jirka Hana Parts are based on slides by Carl Pollard Charles

More Theories Formal Semantics A Logical Grammar More Theories, Formal semantics Jirka Hana Parts are based on slides by Carl Pollard Charles University, 2011-11-12 Jirka Hana More Theories, Formal semantics More Theories Formal Semantics

732 views • 56 slides
A General Framework for the Semantics of Type Theory Taichi Uemura ILLC, University of Amsterdam

A General Framework for the Semantics of Type Theory Taichi Uemura ILLC, University of Amsterdam

A General Framework for the Semantics of Type Theory Taichi Uemura ILLC, University of Amsterdam 9 July, 2019. CT CwF-semantics of Type Theory Semantics of type theories based on categories with families (CwF) (Dybjer 1996). Martin-L of

747 views • 32 slides
Building Java Programs Chapter 16 References and linked nodes reading: 16.1 2 Value semantics

Building Java Programs Chapter 16 References and linked nodes reading: 16.1 2 Value semantics

Building Java Programs Chapter 16 References and linked nodes reading: 16.1 2 Value semantics value semantics : Behavior where values are copied when assigned, passed as parameters, or returned. All primitive types in Java use value

392 views • 25 slides
8 JDT embraces Type Annotations JDT embraces Type Annotations Java 8 ready Stephan Herrmann GK

8 JDT embraces Type Annotations JDT embraces Type Annotations Java 8 ready Stephan Herrmann GK

8 8 JDT embraces Type Annotations JDT embraces Type Annotations Java 8 ready Stephan Herrmann GK Software 8 Eclipse and Java 8 Java 8 features supported: JSR308 - Type Annotations. JEP120 - Repeating Annotations. JEP118 -

745 views • 35 slides
Minemu: Protecting buggy binaries from memory corruption attacks Erik Bosman

Minemu: Protecting buggy binaries from memory corruption attacks Erik Bosman

Minemu: Protecting buggy binaries from memory corruption attacks Erik Bosman <erik@minemu.org> Programming Languages type-safe vs. not type-safe Programming Languages type-safe vs. not type-safe Java Python Ruby Javascript

1.22k views • 111 slides
Nondeterministic Finite Automata Nondeterminism Subset Construction 1 Nondeterminism A

Nondeterministic Finite Automata Nondeterminism Subset Construction 1 Nondeterminism A

Nondeterministic Finite Automata Nondeterminism Subset Construction 1 Nondeterminism A nondeterministic finite automaton has the ability to be in several states at once. Transitions from a state on an input symbol can be to any set

737 views • 37 slides
11/19/10 Introduction Semantics can mean quite different things in different

11/19/10 Introduction Semantics can mean quite different things in different

11/19/10 Introduction Semantics can mean quite different things in different contexts; fields concerned with semantics are as diverse as psychology, law, Formal Semantics and Pragmatics: computer science, lexicography, logic,

393 views • 10 slides
Eventful Sessions: Eventful Sessions: Types, Programming and Bisimilarity Raymond Hu, Dimitrios

Eventful Sessions: Eventful Sessions: Types, Programming and Bisimilarity Raymond Hu, Dimitrios

Eventful Sessions: Eventful Sessions: Types, Programming and Bisimilarity Raymond Hu, Dimitrios Kouzapas, Olivier Pernet, Nobuko Yoshida Kohei Honda Type safe Eventful Sessions in Java Type safe Eventful Sessions in Java Combine session

1.24k views • 47 slides
A General Framework for the Semantics of Type Theory Taichi Uemura ILLC, University of Amsterdam

A General Framework for the Semantics of Type Theory Taichi Uemura ILLC, University of Amsterdam

A General Framework for the Semantics of Type Theory Taichi Uemura ILLC, University of Amsterdam 16 August, 2019. HoTT 2019 CwF-semantics of Type Theory Semantics of type theories based on categories with families (CwF) (Dybjer 1996).

542 views • 29 slides
On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code Hendrik Tews 1

On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code Hendrik Tews 1

Introduction Basics Type Errors Stronger Encodings Type Sensitivity Conclusion On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code Hendrik Tews 1 , Marcus V olp 1 , Tjark Weber 2 1 Technische Universit at

559 views • 40 slides

More recommend