ETAPS 2021 was the 24th edition of the European Joint Conferences on Theory and Practice of Software. ESOP is one of the European Joint Conferences on Theory and Practice of Software (ETAPS).

1 Introduction

We show that if an unbounded number of promises is allowed, the reachability problem under PS 2.0-rlxis is undecidable. Then we show that reachability under PS 2.0-rlx becomes determinable if we bound the number of promises at any time (however, the total number of promises made within a run can be unbounded).

2 Preliminaries

Our determination result covers the released fragment of the RC11 model [20,16] (which matches the PS 2.0-rlx fragment without promises). The write instruction is of the form xo= $r assigns the register value $r to locationx and indicates the access method.

3 The Promising Semantics

In PS 2.0, memory is modeled as a series of concrete messages (which we simply call messages) and reservations. Note that we use the set of all labels L(resp. registers Reg) instead of Lp.

Fig. 2: A subset of PS 2.0 inference rules at the process level.

4 Undecidability of Consistent Reachability in PS 2.0

Our undecidability result is also tight in that the reachability problem becomes decidable when we limit ourselves to machine states where the number of promises is bounded. The reachability problem for concurrent programs over a finite data domain is undecidable under PS 2.0-rlx.

5 Decidable Fragments of PS 2.0

Formal Model of LoHoW

This corresponds to adding/deleting process p to/from pointer array m. Making/unbooking will result in marking/unmarking the memory type at the end of the simpleword to the right of the current pointer p.

Fig. 7: A subset of LoHoW inference rules at the process level.

Decidability of LoHoW with Bounded Promises

Given an instruction label function J : P → L that maps every p∈ P to a label in Lp, the reachability problem in LoHoW questions whether there exists a two-phase LoHoWstate S of the form (std,−,((J, R), HW),((J, R),HW)) st. An instruction label functionJ is reachable in a program Prog in LoHoWiff J is reachable in Prog inPS 2.0-rlx.

6 Source to Source Translation

Translation Maps

The process then continues its execution in consistency check (cc) mode from the current instruction label (λ) itself. Finally, the process updates its view with that of the new message and increments the counters for context switches and core events.

Fig. 10: Algorithms for CSO and Write

7 Implementation and Experimental Results

In the first case, we show that PS2SC is able to detect errors in litmus tests and examples with few reads and writes to shared memory. In the following tables we give the eK value (forPS2SC) and the eL value (unrolling link) for all tools.

Table 1: Litmus TestsBenchmarks Utilizing Promises.In the following,

8 Related Work and Conclusion

PS2SC is able to detect the bug within a minute, showing that essential event-bounding is an effective underestimation technique for finding bugs. We have shown examples where our tool is able to discover hard-to-find bugs faster than the others with relatively small values ​​of K.

Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June. Also, unlike Forward DFAS, Backward DFAS visits a small portion of the VCFG on each call.

Fig. 1. Pseudo-code of each process in leader election, and a partial run

In this language, you can create calculations in parallel and use the resulting values ​​in the body of the program. Their approach is based on amortized complexity and builds on a line of work in setting up sequential languages ​​to define type systems that allow the derivation of work boundaries and program scope.

2 The Pi-calculus with Semantics for Work and Span

Semantics and Complexity

First, we want a parallel complexity that works as if we had an infinite number of processors. Then, for an annotated processP, its global parallel complexity is given by max{n|P ⇒∗pQ∧ C(Q) =n} where ⇒∗p is the reflection and transitive closure of ⇒p.

An Example Process

The main point is that stored processes have a local complexity equal to zero, so doing a reduction will always increase this local complexity. Thus, to bound the complexity of a marked process, we must reduce it by ⇒p, and then we must obtain the local maximum complexity over all normal forms.

3 Size Types for the Work

Size Input/Output Types

This is useful for using subtyping, since input and output channels do not behave the same in terms of subtyping. The main differences are that due to the two types of channels, we need two exit rules.

Fig. 6. Subtyping Rules for Server Types

Subject Reduction

As stated before, we can enrich the type system with other types of algebraic data and the proof can be easily adapted. We decided to present this version here as an introduction to the type system for space, but the work itself may be of interest.

4 Types for Parallel Complexity

Complexity and Open Processes)

• Size Types with Time
• Examples
• Complexity Results

This is typically the kind of context we need to define a server, since a server shouldn't depend on when it is called. Similarly, the time of r(which is equal to g(i)−1) must be greater than the time of r, and so must the total complexity f[i]−1.

Substitution)

The procedure for proving the subject reduction for ⇒p in this type system is itself more difficult than that for Theorem 1. So from the proof of subject reduction for span one could derive the proof of subject reduction for work, simply by forgetting the consideration with time and the constructor n: P in the following proof.

5 An Example: Bitonic Sort

We then similarly obtain a recurrence relation for the complexity K of bsort on an input list with a size less than 2i. So we can take a K in O(i2), and finally we obtain that bitonic sort is indeed in O(log(n)2) on a list of sizes.

Fig. 11. Bitonic Sort

6 Related Work

Because of session types, they have linearity for using data types like lists, but they gain deadlock freedom in contrast to our computation. Additionally, they provide deterministic operations to simplify the use of their types, such as subtyping, but they do not define dependent types or size types that are useful for dealing with data types.

7 Perspectives

In: Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2008, San Francisco, California, USA, January. This property known as robustness usually implies that any specification of the program is preserved when the consistency is weakened.

2 Overview

This trace is also a violation of the intended specification since the number of tickets does not increase (the sum of tickets is 3 in both processes). We show that PC behavior and SER behavior of the original and transformed program, respectively, are related by a bijection.

Fig. 1: Transactional programs and traces under different consistency models.

3 Consistency Models

Robustness

However, this implementation is not feasible under PC (which implies that it is not feasible under both SI and SER). However, this execution is not allowed under SER, as one of the two transactions must see the script of the other.

Fig. 3: Litmus programsWe illustrate the notion of robustness on

4 Robustness Against CC Relative to PC

Next we show that a traceτ of a program P is CCiff and the corresponding trace τ♣ of P♣ is also CC. Checking robustness against CC against PC can be traced to the reachability problem under SER in polynomial time.

5 Robustness Against PC Relative to SI

If a track τ is PC and all happens-before cycles in τ contain two successive RW dependencies, then τSI. Conversely, let τ be a trace of P under PC such that all its happens-before cycles contain two consecutive RW.

Fig. 6: A program instrumentation for checking robustness against PC relative to SI. The auxiliary variables used by the instrumentation are shared variables, except for hbP, rdSet’, and wrSet’, which are process-local variables, and they are initially set

6 Proving Robustness Using Commutativity Dependency Graphs

Checking the robustness of a program with a fixed number of variables and a bounded data domain with respect to PC with respect to SI is PSPACE-complete if the number of processes is bounded, and EXPSPACE-complete otherwise. Next, we give a characterization of the commutativity dependence graphs that are necessary to demonstrate robustness with respect to PC with respect to SI.

7 Experimental Evaluation

For each application we have built a customer program with a fixed number of processes (2) and a fixed number of transactions of the corresponding application (maximum 2 transactions per process). On the other hand, increasing the number of transactions in a process does not seem to create a large overhead.

Table 2: Results of the experiments. The columns titled X-Y stand for the result of applications robustness against X relative to Y.

8 Related Work

Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, January. Proceedings of the 21st ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPoPP 2016, Barcelona, ​​Spain, March.

2 Program verification using VST

3 VSU calculus

Components and soundness

First, we note that system functions can be exported (we do not require domS ∩domE = ∅) and that import and export are different (domI ∩domE =∅follows). Once a component has been verified and exposed as SP [I]p[E], the specifications of p's private functions are hidden within the existentially quantified context and therefore inaccessible.

Derived rules

Condition (c) requires that functions that are ordered the same by p1 and p2 have the same definitions, and requires that differently ordered functions have the same type signatures and be in the import string of a non-implementation-guaranteed translation unit. The most interesting aspect of the rule is the duplicate use of the intersection operator, C1C2, to construct the final specifications of exported functions and system functions.

4 APDs and specification interfaces

• Abstract predicate declarations (APDs)
• Abstract specification interfaces (ASIs)
• Verification of ASI-specified compilation units
• A VSU for a malloc-free library
• Putting it all together

In the case of eConnection.c, these tests reveal the instantiation of APD'sConnTP in Coq's integer type, Z, which corresponds to the existence of a global integer variable in the C code that holds a connection counter; relevant. The main specification is verified against the a<: specialization of the general VST main specification, but is still abstract in the APDs of the application code modules - see [14] for details.

5 Modular verification of the Subject/Observer pattern

Specification and proof reuse

The only modifications are in the implementation-dependent validation of Topic, namely in the definitions of the representation predicates and in the VST proofs of the individual functions. Customizing the verification involves step-indexed aspects of VST and thus requires a bit more work; details are included in the Coq development [14].

Pattern-level specification

The calls to notifyinupdate and register get the additional argument&get, and the specification of get can be removed from the import of Observer VSU. wherefuncptr φ expresses that the value is a pointer to some function that meets the specificationφ, and φget is the input forgetfrom Fig.8. notify's large specification is adapted accordingly. Thus, we instead use the concept from Section3.2 to lift the VSU for the SubjectObserver with function pointers from Section5.1 to a VSU for the aggregated but narrowed ASI and then revalidate the latter.

6 Verification of object principles

The resulting objects behave indistinctly; the existential quantification over I in the definition of N is carried over to P, B, and C, ensuring that the representational differences between I1 and I2 are hidden from clients: when checking a method call, clients unwrap P, etc., but receive a "fresh" symbolic display predicate I each time. The wrapper VSU then encapsulates the predicatesP object, etc., exporting the ASI with specifications such as

7 Discussion

The description of the circuit family is parameterized by a classical parameter (here the non-negative integer); It indicates the range of the sum (defined as the set BVr(h,p) of bit vectors of lengths(h,p));.

Fig. 2: The circuit for QPE2.2Quantum circuits.In a

2 Overview of Nested Session Types

A proper fragment of nested session types closed under sequential composition, the main feature of context-free session types (section 7). When the type T[x] emits L, it returns T[T[x]] and increments the number of Ts in the type by 1.

3 Description of Types

All V-type names occurring in a valid signature must be defined, and all type variables defined in a valid definition must be distinct. This high-level extension of all type variables is what we call the prenex form of polymorphism.

4 Type Equality

Type Equality Definition

Free variables in type Arefer to the set of variables of type freely occurring in A. Since we allow parameters in type definitions, we must define equality in the presence of variables of free type.

Decidability of Type Equality

The core of the reduction lies in the observation that session types can be translated into terms, and type definitions can be translated into production rules for a first-order grammar. The finite representation of session types and unique definitions ensures that fog(Σ) is a deterministic first-order grammar.

5 Practical Algorithm for Type Equality