Event-B Decomposition for Parallel Programs — Extended Abstract — ? (original) (raw)

Event-B Decomposition for Parallel Programs

Lecture Notes in Computer Science, 2010

We present here a case study developing a parallel program. The approach that we use combines refinement and decomposition techniques. This involves in the first step to abstractly specify the aim of the program, then subsequently introduce shared information between sub-processes via refinement. Afterwards, decomposition is applied to split the resulting model into sub-models for different processes. These sub-models are later independently developed using refinement. Our approach aids the understanding of parallel programs and reduces the complexity in their proofs of correctness.

Derivation of concurrent programs by stepwise scheduling of Event-B models

Formal Aspects of Computing, 2014

Event-B is a refinement-based formal method that has been shown to be useful in developing concurrent and distributed programs. Large models can be decomposed into sub-models that can be refined semi-independently and executed in parallel. In this paper, we show how to introduce explicit control flow for the concurrent sub-models in the form of event schedules. We explore how schedules can be designed so that their application results in a correctness-preserving refinement step. For practical application, two patterns for schedule introduction are provided, together with their associated proof obligations. We demonstrate our method by applying it on the dining philosophers problem.

Generating Distributed Programs from Event-B Models

Electronic Proceedings in Theoretical Computer Science, 2020

Distributed algorithms offer challenges in checking that they meet their specifications. Verification techniques can be extended to deal with the verification of safety properties of distributed algorithms. In this paper, we present an approach for combining correct-by-construction approaches and transformations of formal models (EVENT-B) into programs (DISTALGO) to address the design of verified distributed programs. We define a subset LB (Local EVENT-B) of the EVENT-B modelling language restricted to events modelling the classical actions of distributed programs as internal or local computations, sending messages and receiving messages. We define then transformations of the various elements of the LB language into DISTALGO programs. The general methodology consists in starting from a statement of the problem to program and then progressively producing an LB model obtained after several refinement steps of the initial LB model. The derivation of the LB model is not described in the current paper and has already been addressed in other works. The transformation of LB models into DISTALGO programs is illustrated through a simple example. The refinement process and the soundness of the transformation allow one to produce correct-by-construction distributed programs.

An axiomatic proof technique for parallel programs I

Acta Informatica, 1976

A language for parallel programming, with a primitive construct for synchronization and mutual exclusion, is presented. Hoare's deductive system for proving partial correctness of sequential programs is extended to include the parallelism described by the language. The proof method lends insight into how one should underst~,nd and present parallel programs. Examples are given using several of the standard problems in the literature. Methods for proving termination and the absence of deadlock are also given.

Event-B development of the FindP program

2009

We present here a case study developing a parallel program. The approach that we use combines refinement and decomposition techniques. This involves in the first step to abstractly specify the aim of the program, then subsequently introduce shared information between sub-processes via refinement. Afterwards, decomposition is applied to separate the resulting model into submodels for different processes. These sub-models are later independently developed using refinement. Our approach aids the understanding of parallel programs and reduces the complexity in their proofs of correctness.

Verifying properties of parallel programs

Communications of the ACM, 1976

An axiomatic method for proving a number of properties of parallel programs is presented. Hoare has given a set of axioms for partial correctness, but they are not strong enough in most cases. This paper defines a more powerful deductive system which is in some sense complete for partial correctness. A crucial axiom provides for the use of auxiliary variables, which are added to a parallel program as an aid to proving it correct. The information in a partial correctness proof can be used to prove such properties as mutual exclusion, freedom from deadlock, and program termination. Techniques for verifying these properties are presented and illustrated by application to the dining philosophers problem.

Using true concurrency to model execution of parallel programs

International Journal of Parallel Programming, 1994

Parallel execution of a program R (intuitively regarded as a partial order) is usually modeled by sequentially executing one of the total orders (interleavings) into which it can be embedded. Our work deviates from this serialization principle by using true concurrency 21] to model parallel execution. True concurrency is represented via completions of R to semi total orders, called time diagrams. These orders are characterized via a set of conditions (denoted by Ct), yielding orders or time diagrams which preserve some degree of the intended parallelism in R. Another way to express semi total orders is to use re-writing or derivation rules (denoted by Cx) which for any program R generates a set of semi-total orders. This paper includes a classi cation of parallel execution into three classes according to three di erent types of Ct conditions. For each class a suitable Cx is found and a proof of equivalence between the set of all time diagrams satisfying Ct and the set of all terminal Cx derivations of R is devised. This equivalence between time diagram conditions and derivation rules is used to de ne a novel notion of correctness for parallel programs. This notion is demonstrated by showing that a speci c asynchronous program enforces synchronous execution, which always halts, showing that true concurrency can be useful in the context of parallel program veri cation.

Separating Computation and Coordination In the Design of Parallel and Distributed Programs

P ′ , M ′ , then some conclusion". The method of structural operational semantics [96] ensures that every transition is derived by a finite number of inferences using the semantic rules. This allows statements of the aforementioned type, to be proven by induction on the depth of this inference tree. This method is called proof by transition induction. This technique is used the proof of Lemma 2.1.9.

Abstractions for Parallelism: Patterns, Performance and Correctness

cs.manchester.ac.uk

Despite rapid advances in parallel hardware performance, the full potential of processing power is not being exploited in the software community for one clear reason: the difficulty in designing efficient and effective parallel applications. Identifying sub-tasks within the application, designing parallel algorithms, and balancing load among the processing units has been a daunting task for novice programmers, and even the experienced programmers are often trapped with design decisions that underachieve in potential peak performance. Design patterns have been used as a notation to capture how experts in a given domain think about and approach their work. Over the last decade there have been several approaches in identifying common patterns that are repeatedly used in parallel software design process. Documentation of these design patterns helps the programmers by providing definition, solution and guidelines for common parallelization problems. A convenient way to further raise the level of abstraction and make it easier for programmers to write legible code is the philosophy of 'Separation of Concerns'. This separation is achieved by Aspect Oriented Programming (AOP) paradigm by allowing programmers to specify the concerns in an independent manner and letting the compiler 'weave' (AOP terminology for unification of modules) them at compile time. However, abstraction by its very nature often produces unoptimized code as it frames the solution of a problem without much thought to underlying machine architecture. Indeed, in the current phase of multicore era, where chip manufacturers are continuously experimenting with processor architectures, an optimization on one architecture might not yield any benefit on another from a different chip manufacturer. Using the auto-tuner one can automatically explore the optimization space for a particular computational kernel on a given processor architecture. The last relevant aspect of concern in this project would be the formal specification and verification of properties concerning parallel programs. It's well known fact that parallel programs are particularly prone to insidious defects such as deadlocks and race conditions due to shared variables and locking. Using tools from formal verification it is however possible to guarantee certain safety properties (such as deadlock and data race avoidance) while refining successive abstractions to code level. The interplay of abstractions, auto-tuning and correctness in the context of parallel software development will be considered in this project report.