Your search keyword '"Doherty, Simon"' showing total 11 results

1. On Strong Observational Refinement and Forward Simulation

Author

Derrick, John, Doherty, Simon, Dongol, Brijesh, Schellhorn, Gerhard, and Wehrheim, Heike

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Logic in Computer Science

Abstract

Hyperproperties are correctness conditions for labelled transition systems that are more expressive than traditional trace properties, with particular relevance to security. Recently, Attiya and Enea studied a notion of strong observational refinement that preserves all hyperproperties. They analyse the correspondence between forward simulation and strong observational refinement in a setting with finite traces only. We study this correspondence in a setting with both finite and infinite traces. In particular, we show that forward simulation does not preserve hyperliveness properties in this setting. We extend the forward simulation proof obligation with a progress condition, and prove that this progressive forward simulation does imply strong observational refinement., Comment: Full version of the paper to appear in DISC 2021

Published

2021

2. Modularising Verification Of Durable Opacity

Author

Bila, Eleni, Derrick, John, Doherty, Simon, Dongol, Brijesh, Schellhorn, Gerhard, and Wehrheim, Heike

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Non-volatile memory (NVM), also known as persistent memory, is an emerging paradigm for memory that preserves its contents even after power loss. NVM is widely expected to become ubiquitous, and hardware architectures are already providing support for NVM programming. This has stimulated interest in the design of novel concepts ensuring correctness of concurrent programming abstractions in the face of persistency and in the development of associated verification approaches. Software transactional memory (STM) is a key programming abstraction that supports concurrent access to shared state. In a fashion similar to linearizability as the correctness condition for concurrent data structures, there is an established notion of correctness for STMs known as opacity. We have recently proposed durable opacity as the natural extension of opacity to a setting with non-volatile memory. Together with this novel correctness condition, we designed a verification technique based on refinement. In this paper, we extend this work in two directions. First, we develop a durably opaque version of NOrec (no ownership records), an existing STM algorithm proven to be opaque. Second, we modularise our existing verification approach by separating the proof of durability of memory accesses from the proof of opacity. For NOrec, this allows us to re-use an existing opacity proof and complement it with a proof of the durability of accesses to shared state.

Published

2020

3. Defining and Verifying Durable Opacity: Correctness for Persistent Software Transactional Memory

Author

Bila, Eleni, Doherty, Simon, Dongol, Brijesh, Derrick, John, Schellhorn, Gerhard, and Wehrheim, Heike

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Logic in Computer Science, Computer Science - Programming Languages

Abstract

Non-volatile memory (NVM), aka persistent memory, is a new paradigm for memory that preserves its contents even after power loss. The expected ubiquity of NVM has stimulated interest in the design of novel concepts ensuring correctness of concurrent programming abstractions in the face of persistency. So far, this has lead to the design of a number of persistent concurrent data structures, built to satisfy an associated notion of correctness: durable linearizability. In this paper, we transfer the principle of durable concurrent correctness to the area of software transactional memory (STM). Software transactional memory algorithms allow for concurrent access to shared state. Like linearizability for concurrent data structures, opacity is the established notion of correctness for STMs. First, we provide a novel definition of durable opacity extending opacity to handle crashes and recovery in the context of NVM. Second, we develop a durably opaque version of an existing STM algorithm, namely the Transactional Mutex Lock (TML). Third, we design a proof technique for durable opacity based on refinement between TML and an operational characterisation of durable opacity by adapting the TMS2 specification. Finally, we apply this proof technique to show that the durable version of TML is indeed durably opaque. The correctness proof is mechanized within Isabelle., Comment: This is the full version of the paper that is to appear in FORTE 2020 (https://www.discotec.org/2020/forte)

Published

2020

4. Integrating Owicki-Gries for C11-Style Memory Models into Isabelle/HOL

Author

Dalvandi, Sadegh, Dongol, Brijesh, and Doherty, Simon

Subjects

Computer Science - Programming Languages, Computer Science - Logic in Computer Science

Abstract

Weak memory presents a new challenge for program verification and has resulted in the development of a variety of specialised logics. For C11-style memory models, our previous work has shown that it is possible to extend Hoare logic and Owicki-Gries reasoning to verify correctness of weak memory programs. The technique introduces a set of high-level assertions over C11 states together with a set of basic Hoare-style axioms over atomic weak memory statements (e.g., reads/writes), but retains all other standard proof obligations for compound statements. This paper takes this line of work further by showing Nipkow and Nieto's encoding of Owicki-Gries in the Isabelle theorem prover can be extended to handle C11-style weak memory models in a straightforward manner. We exemplify our techniques over several litmus tests from the literature and a non-trivial example: Peterson's algorithm adapted for C11. For the examples we consider, the proof outlines can be automatically discharged using the existing Isabelle tactics developed by Nipkow and Nieto. The benefit here is that programs can be written using a familiar pseudocode syntax with assertions embedded directly into the program.

Published

2020

5. Convolution and Concurrency

Author

Cranch, James, Doherty, Simon, and Struth, Georg

Subjects

Computer Science - Logic in Computer Science, 03G10, 06B35, 08A55, 68Q85

Abstract

We show how concurrent quantales and concurrent Kleene algebras arise as convolution algebras $Q^X$ of functions from structures $X$ with two ternary relations that satisfy relational interchange laws into concurrent quantales or Kleene algebras $Q$. The elements of $Q$ can be understood as weights; the case $Q=\bool$ corresponds to a powerset lifting. We develop a correspondence theory between relational properties in $X$ and algebraic properties in $Q$ and $Q^X$ in the sense of modal and substructural logics, and boolean algebras with operators. As examples, we construct the concurrent quantales and Kleene algebras of $Q$-weighted words, digraphs, posets, isomorphism classes of finite digraphs and pomsets.

Published

2020

6. Relational Semigroups and Object-Free Categories

Author

Cranch, James, Doherty, Simon, and Struth, Georg

Subjects

Computer Science - Logic in Computer Science, 18A05, 18A15, 08A02, 08A55

Abstract

This note relates axioms for partial semigroups and monoids with those for small object-free categories, either with multiple monoidal units or with source and target maps. We discuss the adjunction of a zero element to both kinds of category and provide examples that separate the algebras considered.

Published

2020

7. Verifying C11 Programs Operationally

Author

Doherty, Simon, Dongol, Brijesh, Wehrheim, Heike, and Derrick, John

Subjects

Computer Science - Programming Languages, Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

This paper develops an operational semantics for a release-acquire fragment of the C11 memory model with relaxed accesses. We show that the semantics is both sound and complete with respect to the axiomatic model. The semantics relies on a per-thread notion of observability, which allows one to reason about a weak memory C11 program in program order. On top of this, we develop a proof calculus for invariant-based reasoning, which we use to verify the release-acquire version of Peterson's mutual exclusion algorithm.

Published

2018

8. Causal Linearizability: Compositionality for Partially Ordered Executions

Author

Doherty, Simon, Derrick, John, Dongol, Brijesh, and Wehrheim, Heike

Subjects

Computer Science - Logic in Computer Science, Computer Science - Programming Languages

Abstract

In the interleaving model of concurrency, where events are totally ordered, linearizability is compositional: the composition of two linearizable objects is guaranteed to be linearizable. However, linearizability is not compositional when events are only partially ordered, as in many weak-memory models that describe multicore memory systems. In this paper, we present causal linearizability, a correctness condition for concurrent objects implemented in weak-memory models. We abstract from the details of specific memory models by defining our condition using Lamport's execution structures. We apply our condition to the C11 memory model, providing a correctness condition for C11 objects. We develop a proof method for verifying objects implemented in C11 and related models. Our method is an adaptation of simulation-based methods, but in contrast to other such methods, it does not require that the implementation totally order its events. We also show that causal linearizability reduces to linearizability in the totally ordered case.

Published

2018

9. Reducing Opacity to Linearizability: A Sound and Complete Method

Author

Armstrong, Alasdair, Dongol, Brijesh, and Doherty, Simon

Subjects

Computer Science - Logic in Computer Science, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Data Structures and Algorithms, Computer Science - Programming Languages

Abstract

Transactional memory is a mechanism that manages thread synchronisation on behalf of a programmer so that blocks of code execute with an illusion of atomicity. The main safety criterion for transactional memory is opacity, which defines conditions for serialising concurrent transactions. Proving opacity is complicated because it allows concurrent transactions to observe distinct memory states, while TM implementations are typically based on one single shared store. This paper presents a sound and complete method, based on coarse-grained abstraction, for reducing proofs of opacity to the relatively simpler correctness condition: linearizability. We use our methods to verify TML and NORec from the literature and show our techniques extend to relaxed memory models by showing that both are opaque under TSO without requiring additional fences. Our methods also elucidate TM designs at higher level of abstraction; as an application, we develop a variation of NORec with fast-path reads transactions. All our proofs have been mechanised, either in the Isabelle theorem prover or the PAT model checker.

Published

2016

10. Causal Linearizability

Author

Doherty, Simon and Derrick, John

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Most work on the verification of concurrent objects for shared memory assumes sequential consistency, but most multicore processors support only weak memory models that do not provide sequential consistency. Furthermore, most verification efforts focus on the linearizability of concurrent objects, but there are existing implementations optimized to run on weak memory models that are not linearizable. In this paper, we address these problems by introducing causal linearizability, a correctness condition for concurrent objects running on weak memory models. Like linearizability itself, causal linearizability enables concurrent objects to be composed, under weak constraints on the client's behaviour. We specify these constraints by introducing a notion of operation-race freedom, where programs that satisfy this property are guaranteed to behave as if their shared objects were in fact linearizable. We apply these ideas to objects from the Linux kernel, optimized to run on TSO, the memory model of the x86 processor family., Comment: Full version of submission to SEFM 2016

Published

2016

11. Spatio-temporal bivariate statistical models for atmospheric trace-gas inversion

Author

Zammit-Mangion, Andrew, Cressie, Noel, Ganesan, Anita L., Doherty, Simon O', and Manning, Alistair J.

Subjects

Statistics - Applications

Abstract

Atmospheric trace-gas inversion refers to any technique used to predict spatial and temporal fluxes using mole-fraction measurements and atmospheric simulations obtained from computer models. Studies to date are most often of a data-assimilation flavour, which implicitly consider univariate statistical models with the flux as the variate of interest. This univariate approach typically assumes that the flux field is either a spatially correlated Gaussian process or a spatially uncorrelated non-Gaussian process with prior expectation fixed using flux inventories (e.g., NAEI or EDGAR in Europe). Here, we extend this approach in three ways. First, we develop a bivariate model for the mole-fraction field and the flux field. The bivariate approach allows optimal prediction of both the flux field and the mole-fraction field, and it leads to significant computational savings over the univariate approach. Second, we employ a lognormal spatial process for the flux field that captures both the lognormal characteristics of the flux field (when appropriate) and its spatial dependence. Third, we propose a new, geostatistical approach to incorporate the flux inventories in our updates, such that the posterior spatial distribution of the flux field is predominantly data-driven. The approach is illustrated on a case study of methane (CH$_4$) emissions in the United Kingdom and Ireland., Comment: 39 pages, 8 figures

Published

2015