On developing and verifying design abstractions for reliable concurrent programming in Ada (original) (raw)
Related papers
Verification in concurrent programming with Petri nets structural techniques
Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231), 1998
This paper deals with verification of flow control in concurrent programs. We use Ada language model as reference. After translation of Ada programs into Petri nets (named Ada nets for Ada programs), we show how one can fully exploit the relationship between the behavior of the concurrent program and the structure of the corresponding Petri net. Using the siphon structure, we precise some structural conditions for behavioral properties such as deadlock-freeness and liveness that correct concurrent programs must satisfy. These conditions can be proved or disproved using efficient algorithms. We provide also a formal justification of guidelines (such as client/server paradigm) that programmers observe traditionally in order to built correct concurrent programs. Several examples are presented to show the effectiveness of using structure theory of Petri nets for static analysis of concurrent programs.
Modeling the Ada Task System by Petri Nets
Computer Languages, Systems & Structures, 1985
Multitasking is one of the most novel aspects of Ada. However, the combination of language primitives for concurrent execution of tasks, synchronization, termination, abortion, exception handling, etc. make Ada programs difficult to understand and analyze. This is partly due to the inherent complexity of the language and partly to the lack of a rigorous definition of its semantics. The Ada Reference Manual describes semantics in informal English prose; as a result, it is often verbose and ambiguous.
Design and implementation of a Petri net based toolkit for Ada tasking analysis
IEEE Transactions on Parallel and Distributed Systems, 1990
As computer systems have become more and more decentralized and parallel in operation, interest in concurrent and distributed software has grown. One very important and challenging problem for distributed-software engineering is program behavior analysis. We have advocated the use of Petri nets to d e h e a general static analysis framework for Ada tasking. The framework has evolved into a collection of tools that have proven to be a very valuable platform for experimental research. In this paper, we d e h e and discuss the design and implementation of tools that make up our Tasking-Oriented Toolkit for the Ada Language (TOTAL). Both modeling and query /analysis methods and tools are discussed. Example Ada tasking programs are used to demonstrate the utility of each tool individually as well as the way the tools integrate together.
Using symbolic execution for verification of Ada tasking programs
ACM Transactions on Programming Languages and Systems, 1990
A method is presented for using symbolic execution to generate the verification conditions required for proving correctness of programs written in a tasking subset of Ada. The symbolic execution rules are derived from proof systems that allow tasks to be verified independently in local proofs, which are then checked for cooperation. The isolation nature of this approach to symbolic execution of concurrent programs makes it better suited to formal verification than the more traditional interleaving approach, which suffers from combinatorial problems. The criteria for correct operation of a concurrent program include partial correctness, as well as more general safety properties, such as mutual exclusion and freedom from deadlock.
A proof system for concurrent ADA programs
Science of Computer Programming, 1984
Asubset of ADA is introduced, ADA-CF. to study the basicsynchronization and communication primitive of ADA, the rendezvous. Basing ourselves on the techniques introduced by Apt, Francez and de Roever for their CSP proof system, we develop a Hoare-style proof system for proving partial correctness properties which is sound and relatively complete. The proof system is then extended to deal with safety, deadlock, termination and failure. No prior exposure of the reader to parallel program proving techniques is presupposed. Two non-trivial example proofs are given of ADA-CF programs; the first one concerns a buffered producer-consumer algorithm, the second one a parallel sorting algorithm due to Brinch Hansen. Features of ADA expressing dynamic process creation and realtime constraints are not covered by our proof methods. Consequently, we do not claim that the methods described can be extended to full AD-\ without serious additional further research.
A Systematic Approach to the Petri Net Based Specification of Concurrent Systems
Real-time Systems, 1997
We describe an approach to the specification of concurrent systems which enables a Petri net model of a system to be built up in a systematic way starting from a trace-based CSP specification. This method enables the separate specification of the behavior of each component (process) and their interactions in terms of the feasible sequences of events in which they can be involved. A set of rules is then applied to transform the trace-based specifications into a complete Petri net that is analyzed and/or executed to validate system behavior. The domain transformation procedure is fully automatable. The specification of a safety-critical railway control system is used as a case study.
Kybernetes, 2002
This paper presents several research issues associated with the PNtalk language that is based on a certain kind of object‐oriented Petri nets (OOPNs) and intended mainly for modelling, prototyping, and verifying concurrent and distributed applications. The paper reviews the main concepts of PNtalk and OOPNs followed by a proposal of a system allowing prototypes based on PNtalk to be run in a distributed way. Furthermore, the first step made towards state spaces‐based formal analysis and verification over PNtalk OOPNs are also briefly mentioned in the paper.
Formal modeling of synchronization methods for concurrent objects in Ada 95
ACM SIGAda Ada Letters, 1999
One important role for One important role for Ada programming is Ada programming is to aid engineering of concurrent and to aid engineering of concurrent and distributed software. In a concurrent and distributed software. In a concurrent and distributed environment, objects may distributed environment, objects may execute concurrently and need to be execute concurrently and need to be synchronized to serve a common goal. Three synchronized to serve a common goal. Three basic methods by which objects in a basic methods by which objects in a concurrent environment can be constructed concurrent environment can be constructed and synchronized have been identified [1]. and synchronized have been identified [1]. To formalize the semantics of these methods To formalize the semantics of these methods and to provide a formal model of their core and to provide a formal model of their core behavior, we provide some graphic models behavior, we provide some graphic models based on the based on the Petri net formalism. The Petri net formalism. The purpose of this formal modeling is to purpose of this formal modeling is to illustrate the possibility of automatic illustrate the possibility of automatic program analysis for object-oriented program analysis for object-oriented features in Ada-95. Models for the three features in Ada-95. Models for the three distributed-object synchronization methods distributed-object synchronization methods are discussed, and a potential deadlock are discussed, and a potential deadlock situation for one of the methods/models is situation for one of the methods/models is illustrated. We conclude with some illustrated. We conclude with some comparison of the three methods in terms of comparison of the three methods in terms of the model abstractions. the model abstractions.
Proceedings of the ninth Washington Ada symposium on Ada Empowering software users and developers - WADAS '92, 1992
This paper describes salient features of a formal spedlcdon technique called State Architecture Notation (SAN), that is @cularly suited to the specification of functional properties as welI as Concurrency/real-time aspcta of large soflware. The issues involved in automatically mmsladng SAN specifications into Ada programs are discussed in this paper. Finally, we present our experiences with a spwiilc application of this specificatiodiiplement.ation process to a conventional realtime scheduling technique.