From concurrent state machines to reliable multi-threaded Java code

• A submitted manuscript is the author's version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers.

[1]  Assaf Schuster,et al.  Verifying Very Large Industrial Circuits Using 100 Processes and Beyond , 2005, ATVA.

[2]  Xavier Crégut,et al.  Model transformations with Tom , 2012, LDTA.

[3]  Marieke Huisman,et al.  Permission-Based Separation Logic for Multithreaded Java Programs , 2014, Log. Methods Comput. Sci..

[4]  Kurt Stenzel,et al.  Formal verification of QVT transformations for code generation , 2011, MODELS'11.

[5]  Dragan Bosnacki,et al.  Towards Modular Verification of Threaded Concurrent Executable Code Generated from DSL Models , 2015, FACS.

[6]  Anton Wijs,et al.  Define, Verify, Refine: Correct Composition and Transformation of Concurrent System Semantics , 2013, FACS.

[7]  Frank Piessens,et al.  VeriFast for Java: A Tutorial , 2013, Aliasing in Object-Oriented Programming.

[8]  Anton Wijs GPU Accelerated Strong and Branching Bisimilarity Checking , 2015, TACAS.

[9]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[10]  Ljp Luc Engelen From napkin sketches to reliable software , 2012 .

[11]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[12]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[13]  Swarnendu Biswas,et al.  DoubleChecker: efficient sound and precise atomicity checking , 2014, PLDI.

[14]  Dragan Bosnacki,et al.  Towards Verified Java Code Generation from Concurrent State Machines , 2014, AMT@MoDELS.

[15]  Lars Birkedal,et al.  Joins: A Case Study in Modular Specification of a Concurrent Reentrant Higher-Order Library , 2013, ECOOP.

[16]  Frank Piessens,et al.  Sound reasoning about unchecked exceptions , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).

[17]  Grigore Rosu,et al.  Improved multithreaded unit testing , 2011, ESEC/FSE '11.

[18]  Alfons Laarman,et al.  Multi-Core LTSmin: Marrying Modularity and Scalability , 2011, NASA Formal Methods.

[19]  Mats Per Erik Heimdahl,et al.  Partial Translation Verification for Untrusted Code-Generators , 2008, ICFEM.

[20]  Azadeh Farzan,et al.  Causal Atomicity , 2006, CAV.

[21]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[22]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[23]  Shane Sendall,et al.  Model Transformation: The Heart and Soul of Model-Driven Software Development , 2003, IEEE Softw..

[24]  Jong-Deok Choi,et al.  Efficient and precise datarace detection for multithreaded object-oriented programs , 2002, PLDI '02.

[25]  Michael D. Ernst,et al.  Ownership and immutability in generic Java , 2010, OOPSLA.

[26]  Alfons Laarman,et al.  Multi-core Nested Depth-First Search , 2011, ATVA.

[27]  Anton Wijs,et al.  Efficient Property Preservation Checking of Model Refinements , 2013, TACAS.

[28]  Douglas C. Schmidt,et al.  Guest Editor's Introduction: Model-Driven Engineering , 2006, Computer.

[29]  Mark van den Brand,et al.  Reusable and Correct Endogenous Model Transformations , 2012, ICMT@TOOLS.

[30]  Jan Smans,et al.  Deadlock-Free Channels and Locks , 2010, ESOP.

[31]  Martin Sulzmann,et al.  Model Checking DSL-Generated C Source Code , 2012, SPIN.

[32]  Peter Müller,et al.  Modular Verification of Finite Blocking in Non-terminating Programs , 2015, ECOOP.

[33]  Mark van den Brand,et al.  Prototyping the Semantics of a DSL using ASF+SDF: Link to Formal Verification of DSL Models , 2011, AMMSE.

[34]  Anton Wijs,et al.  A formal verification technique for behavioural model-to-model transformations , 2017, Formal Aspects of Computing.

[35]  Marina Zaharieva-Stojanovski,et al.  Closer to Reliable Software: Verifying Functional Behaviour of Concurrent Programs , 2015 .

[36]  S Sybren Roede,et al.  Proving correctness of threaded parallel executable code generated from models described by a domain specific language , 2012 .

[37]  Jeremy M. R. Martin,et al.  Formal Analysis of Concurrent Java Systems , 2000 .

[38]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[39]  Edmund M. Clarke,et al.  Model Checking and the State Explosion Problem , 2011, LASER Summer School.

[40]  Quoc V. Le,et al.  On optimization methods for deep learning , 2011, ICML.

[41]  Arie van Deursen,et al.  Domain-specific languages: an annotated bibliography , 2000, SIGP.

[42]  Dragan Bosnacki,et al.  GPU-PRISM: An Extension of PRISM for General Purpose Graphics Processing Units , 2010, 2010 Ninth International Workshop on Parallel and Distributed Methods in Verification, and Second International Workshop on High Performance Computational Systems Biology.

[43]  Christof Fetzer,et al.  Safe Exception Handling with Transactional Memory , 2015, Transactional Memory.

[44]  Jon Whittle,et al.  Verifying semantic conformance of state machine-to-java code generators , 2010, MODELS'10.

[45]  Loe M. G. Feijs Transformations of Designs , 1989, Algebraic Methods.

[46]  Frank Piessens,et al.  Expressive modular fine-grained concurrency specification , 2011, POPL '11.

[47]  Lars Birkedal,et al.  Modular Reasoning about Separation of Concurrent Data Structures , 2013, ESOP.

[48]  Mark van den Brand,et al.  Using a DSL and Fine-Grained Model Transformations to Explore the Boundaries of Model Verification , 2011, 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement - Companion.

[49]  D. G. Clarke,et al.  Proceedings of the First International Workshop on Aliasing, Confinement and Ownership in Object-oriented Programming (IWACO) , 2003 .

[50]  Cormac Flanagan,et al.  A type and effect system for atomicity , 2003, PLDI.

[51]  Bart Jacobs,et al.  Modular verification of deadlock-freedom in the presence of condition variables , 2017 .

[52]  Doug Lea,et al.  Concurrent programming in Java - design principles and patterns , 1996, Java series.

[53]  Thomas Tuerk,et al.  A Formalisation of Smallfoot in HOL , 2009, TPHOLs.

[54]  James Noble Victoria,et al.  Ownership Meets Java , 2007 .

[55]  Dawson R. Engler,et al.  Model Checking Large Network Protocol Implementations , 2004, NSDI.

[56]  van Mf Marcel Amstel,et al.  Assessing and improving the quality of model transformations , 2012 .

[57]  Thomas R. Gross,et al.  Handling errors in parallel programs based on happens before relations , 2010, 2010 IEEE International Symposium on Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW).

[58]  J. Schumann,et al.  Automatic Certification of Kalman Filters for Reliable Code Generation , 2005, 2005 IEEE Aerospace Conference.

[59]  Kurt Stenzel,et al.  Formal System Development with KIV , 2000, FASE.

[60]  Emden R. Gansner,et al.  Graphviz - Open Source Graph Drawing Tools , 2001, GD.

[61]  Jon Whittle,et al.  A survey of approaches for verifying model transformations , 2013, Software & Systems Modeling.

[62]  Nir Shavit,et al.  Software transactional memory , 1995, PODC '95.

[63]  Pascal Felber,et al.  Atomic Boxes: Coordinated Exception Handling with Transactional Memory , 2011, ECOOP.

[64]  Dominik Grewe,et al.  Automatically generating and tuning GPU code for sparse matrix-vector multiplication from a high-level representation , 2011, GPGPU-4.

[65]  Nicolae Goga,et al.  Formal Test Automation: A Simple Experiment , 1999, IWTCS.

[66]  Dragan Bosnacki,et al.  Many-core on-the-fly model checking of safety properties using GPUs , 2016, International Journal on Software Tools for Technology Transfer.

[67]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[68]  Anton Wijs,et al.  Compositional Model Checking Is Lively , 2017, FACS.

[69]  Hridesh Rajan,et al.  On exceptions, events and observer chains , 2013, AOSD.

[70]  Alex Groce,et al.  Tackling Large Verification Problems with the Swarm Tool , 2008, SPIN.

[71]  Frank Budinsky,et al.  Eclipse Modeling Framework , 2003 .

[72]  Stephen D. Brookes,et al.  A Semantics for Concurrent Separation Logic , 2004, CONCUR.

[73]  Ewen Denney,et al.  Generating customized verifiers for automatically generated code , 2008, GPCE '08.

[74]  Anton Wijs,et al.  Distributed Extended Beam Search for Quantitative Model Checking , 2007, MoChArt.

[75]  Gary T. Leavens,et al.  On the interplay of exception handling and design by contract: an aspect-oriented recovery approach , 2011, FTfJP@ECOOP.

[76]  Anton Wijs,et al.  Verifying a Verifier: On the Formal Correctness of an LTS Transformation Verification Technique , 2016, FASE.

[77]  Ruurd Kuiper,et al.  Verification of Object Oriented Programs Using Class Invariants , 2000, FASE.

[78]  Bart Jacobs Provably live exception handling , 2015, FTfJP@ECOOP.

[79]  Dragan Bošnački,et al.  Dependency safety for Java - Implementing and testing failboxes , 2019, Sci. Comput. Program..

[80]  Christel Baier,et al.  Principles of model checking , 2008 .

[81]  Christof Fetzer,et al.  Automatic detection and masking of non-atomic exception handling , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[82]  B. J. Arnoldus,et al.  An illumination of the template enigma : software code generation with templates , 2011 .

[83]  Dragan Bosnacki,et al.  Dependency Safety for Java: Implementing Failboxes , 2016, PPPJ '16.

[84]  Dragan Bosnacki,et al.  Verifying Atomicity Preservation and Deadlock Freedom of a Generic Shared Variable Mechanism Used in Model-To-Code Transformations , 2016, MODELSWARD.

[85]  Dragan Bosnacki,et al.  GPUexplore 2.0: Unleashing GPU Explicit-State Model Checking , 2016, FM.

[86]  Frank Piessens,et al.  Failboxes: Provably Safe Exception Handling , 2009, ECOOP.

[87]  Christoph M. Kirsch,et al.  Analysis of Portfolio-Style Parallel SAT Solving on Current Multi-Core Architectures , 2013, POS@SAT.

[88]  Krzysztof Czarnecki,et al.  Feature-based survey of model transformation approaches , 2006, IBM Syst. J..

[89]  Samira and Johnson Ralph Tasharofi,et al.  Patterns in Testing Concurrent Programs with Non-deterministic Behaviors , 2011 .

[90]  Markus Völter,et al.  Introduction to openArchitectureWare 4 . 1 . 2 , 2007 .

[91]  James W. Havender Avoiding Deadlock in Multitasking Systems , 1968, IBM Syst. J..

[92]  Joe Armstrong,et al.  Making reliable distributed systems in the presence of software errors , 2003 .

[93]  Anton Wijs,et al.  REFINER: Towards Formal Verification of Model Transformations , 2014, NASA Formal Methods.

[94]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[95]  Martín Abadi,et al.  Types for safe locking: Static race detection for Java , 2006, TOPL.

[96]  Dragan Bosnacki,et al.  Verification of atomicity preservation in model-to-code transformations using generic Java code , 2016, 2016 4th International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[97]  Jürgen Teich,et al.  Generating GPU Code from a High-Level Representation for Image Processing Kernels , 2010, Euro-Par Workshops.

[98]  Marieke Huisman,et al.  The VerCors Tool for Verification of Concurrent Programs , 2014, FM.

[99]  Henry Ledgard,et al.  Reference Manual for the ADA® Programming Language , 1983, Springer New York.

[100]  Sabine Glesner,et al.  Formal Verification of Java Code Generation from UML Models , 2005 .

[101]  Anneke Kleppe,et al.  MDA explained - the Model Driven Architecture: practice and promise , 2003, Addison Wesley object technology series.

[102]  Marco Servetto,et al.  Strong exception-safety for checked and unchecked exceptions , 2011, J. Object Technol..

[103]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[104]  Willem P. A. Ligtenberg,et al.  Efficient reconstruction of biological networks via transitive reduction on general purpose graphics processors , 2012, BMC Bioinformatics.

[105]  Dragan Bošnački,et al.  Modular termination verification: extended version , 2015 .