Design and verification of distributed tasking supervisors for concurrent programming languages

A tasking supervisor implements the concurrency constructs of a concurrent programming language. This thesis addresses two fundamental issues in constructing distributed implementations of a concurrent language: (1) Principles for designing a tasking supervisor for the language, and (2) Practical techniques for verifying that the supervisor correctly implements the semantics of the language. Previous research in concurrent languages has focused on the design of constructs for expressing concurrency, while ignoring these two important implementation issues. First, the thesis describes the design of a tasking supervisor for the Ada programming language. The Supervisor implements the full Ada tasking language, and it performs distributed program execution on multiple CPUs. The Supervisor is a portable, modular, distributed software system written in Ada. The interface between the Supervisor and application programs forms the topmost layer of the Supervisor and is formally specified in Anna (ANNotated Ada). All machine dependences are encapsulated in the bottom layer of the Supervisor; this layer is an implementation of an abstract virtual loosely coupled multiprocessor. The principles used to design the Supervisor may be used to design a distributed supervisor for any concurrent language. Second, the thesis presents new and practical techniques for automatically verifying the behavior of a distributed supervisor; these techniques are illustrated by the verification of the Distributed Ada Supervisor. An event-based formalization of the Ada tasking semantics is expressed as a collection of machine-processable specifications written in TSL (Task Sequencing Language). Correctness of the Supervisor is established by automatically checking executions of test programs for consistency with the TSL specifications. Since the specifications are derived solely from the Ada semantics, the specifications can be used to test any implementation of Ada tasking. In addition, every Ada tasking program may be used as test input. The theory and practice of concurrent programming is in its infancy. The research described in this thesis represents a major step toward the development of a theory of constructing multiprocessor implementations of concurrent programming languages.

[1]  David Rosenblum,et al.  An implementation of Anna , 1985, SIGAda '85.

[2]  D C Luckham,et al.  An environment for Ada software development based on formal specification , 1987, ALET.

[3]  Robert D. Tennent,et al.  The denotational semantics of programming languages , 1976, CACM.

[4]  Per Brinch Hansen,et al.  Distributed processes: a concurrent programming concept , 1978, CACM.

[5]  David C. Luckham,et al.  A practical method of documenting and verifying Ada programs with packages , 1980 .

[6]  Raphael A. Finkel,et al.  Interprocess Communication in Charlotte , 1987, IEEE Software.

[7]  Gary Marc Levin,et al.  Proof rules for Communicating Sequential Processes , 1980 .

[8]  Richard J. LeBlanc,et al.  Event-Driven Monitoring of Distributed Programs , 1985, ICDCS.

[9]  David A. Fisher DoD's Common Programming Language Effort , 1978, Computer.

[10]  N. Natarajan,et al.  A distributed scheme for detecting communication deadlocks , 1986, IEEE Transactions on Software Engineering.

[11]  Theodore P. Baker,et al.  Implementing Ada Exceptions , 1986, IEEE Software.

[12]  Peter Wegner,et al.  Operational semantics of programming languages , 1972, Proving Assertions About Programs.

[13]  Willem P. de Roever,et al.  A Proof System for Concurrent ADA Programs , 1984, Sci. Comput. Program..

[14]  William F. Clocksin,et al.  Programming in Prolog , 1987, Springer Berlin Heidelberg.

[15]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[16]  Keith A. Lantz,et al.  Preemptable remote execution facilities for the V-system , 1985, SOSP 1985.

[17]  M Woodger Origins of Ada features , 1987, ALET.

[18]  Gregory R. Andrews,et al.  Concepts and Notations for Concurrent Programming , 1983, CSUR.

[19]  P. M. Melliar-Smith,et al.  An interval logic for higher-level temporal reasoning , 1983, PODC '83.

[20]  Vivek Sarkar,et al.  Compile-time partitioning and scheduling of parallel programs , 1986, SIGPLAN '86.

[21]  Sriram Sankar,et al.  Concurrent Runtime Checking of Annotated Ada Programs , 1986, FSTTCS.

[22]  Amir Pnueli,et al.  Rendezvous with ADA: a proof theoretical view , 1982, AdaTEC Conference on Ada.

[23]  Krzysztof R. Apt,et al.  Ten Years of Hoare's Logic: A Survey—Part I , 1981, TOPL.

[24]  Brent Hailpern Verifying Concurrent Processes Using Temporal Logic , 1982, Lecture Notes in Computer Science.

[25]  John K. Ousterhout,et al.  Scheduling Techniques for Concurrent Systems , 1982, ICDCS.

[26]  David R. Cheriton,et al.  Thoth, a portable real-time operating system , 1979, CACM.

[27]  Scott A. Smolka,et al.  Processes, Tasks, and Monitors: A Comparative Study of Concurrent Programming Primitives , 1983, IEEE Transactions on Software Engineering.

[28]  Zohar Manna,et al.  Verification of concurrent programs, Part I: The temporal framework , 1981 .

[29]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[30]  Nicholas Carriero,et al.  Linda and Friends , 1986, Computer.

[31]  Theodore P. Baker,et al.  A runtime supervisor to support Ada tasking: rendezvous and delays , 1985 .

[32]  永田 守男,et al.  Verifying Properties of Parallel Programs : An Axiomatic Approach , 1976 .

[33]  Richard A. Volz,et al.  Timing Issues in the Distributed Execution of Ada Programs , 1987, IEEE Transactions on Computers.

[34]  David S. Rosenblum A Methodology for the Design of Ada Transformation Tools in a DIANA Environment , 1985, IEEE Software.

[35]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[36]  David C. Luckham,et al.  Adam: An Ada‐based language for multiprocessing , 1981, Softw. Pract. Exp..

[37]  Gigliola Vaglini,et al.  Development of a debugger for a concurrent language , 1983, SIGSOFT '83.

[38]  Greg Thiel,et al.  LOCUS a network transparent, high reliability distributed system , 1981, SOSP.

[39]  Per Brinch Hansen,et al.  The programming language concurrent pascal , 1975, Language Hierarchies and Interfaces.

[40]  Christopher Strachey,et al.  Toward a mathematical semantics for computer languages , 1971 .

[41]  Zohar Manna,et al.  Verification of Concurrent Programs. Part II. Temporal Proof Principles. , 1981 .

[42]  D. Helmbold,et al.  Runtime detection and description of deadness errors in Ada tasking , 1985, ALET.

[43]  B. J. Mailloux,et al.  Revised Report on the Algorithmic Language ALGOL 68 , 1976, SIGP.

[44]  Amy L. Lansky,et al.  GEM: A tool for concurrency specification and verification , 1983, PODC '83.

[45]  David A. Padua,et al.  High-Speed Multiprocessors and Compilation Techniques , 1980, IEEE Transactions on Computers.

[46]  James J. Horning,et al.  The Larch Family of Specification Languages , 1985, IEEE Software.

[47]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[48]  Olaf Owe,et al.  ANNA A Language for Annotating Ada Programs , 1987, Lecture Notes in Computer Science.

[49]  William Stallings,et al.  Local networks , 1984, CSUR.

[50]  Zohar Manna,et al.  The logical basis for computer programming. Volume 1: deductive reasoning , 1985 .

[51]  Willy Zwaenepoel,et al.  Distributed process groups in the V Kernel , 1985, TOCS.

[52]  Andrew Birrell,et al.  Implementing Remote procedure calls , 1983, SOSP '83.

[53]  Robert E. Strom,et al.  NIL: An integrated language and system for distributed programming , 1983, ACM SIGPLAN Notices.

[54]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[55]  Edward Falis Design and implementation in Ada of a runtime task supervisor , 1982, AdaTEC '82.

[56]  Geert B. Clemmensen,et al.  A formal model of distributed Ada tasking , 1982, AdaTEC Conference on Ada.

[57]  David R. Cheriton The V Kernel: A Software Base for Distributed Systems , 1984, IEEE Software.

[58]  David R. Cheriton Local networking and internetworking in the V-system , 1983, SIGCOMM 1983.

[59]  Howard Barringer A Survey of Verification Techniques for Parallel Programs , 1985, Lecture Notes in Computer Science.

[60]  Nicholas Matelan The FLEX/32 multicomputer , 1985, ISCA '85.

[61]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[62]  Willy Zwaenepoel,et al.  The distributed V kernel and its performance for diskless workstations , 1983, SOSP '83.

[63]  Thomas J. LeBlanc,et al.  Debugging Parallel Programs with Instant Replay , 1987, IEEE Transactions on Computers.

[64]  Richard A. Volz,et al.  Some problems in distributing real-time Ada programs across machines , 1985, SIGAda '85.

[65]  James J. Horning,et al.  Synchronization Primitives for a Multiprocessor: A Formal Speci cation , 1987 .

[66]  John McCarthy,et al.  Queue-based multi-processing LISP , 1984, LFP '84.

[67]  Roy H. Campbell,et al.  The specification of process synchronization by path expressions , 1974, Symposium on Operating Systems.

[68]  Sriram Sankar,et al.  The complete transformation methodology for sequential runtime checking of an ANNA subset , 1986 .

[69]  Bernd Krieg-Brückner Consistency checking in Ada and Anna: a transformational approach , 1983, ALET.

[70]  David C. Luckham,et al.  Task Sequencing Language for Specifying Distributed Ada Systems , 1987, PARLE.

[71]  Steven M. German,et al.  Monitoring for deadlocks in Ada tasking , 1982, AdaTEC '82.

[72]  Olaf Owe,et al.  Semantic specification of Ada packages , 1985 .

[73]  C. A. R. Hoare,et al.  Monitors: an operating system structuring concept , 1974, CACM.

[74]  Tony Hoare,et al.  Hierarchical Program Structures , 1972 .

[75]  Andrew S. Tanenbaum,et al.  Distributed operating systems , 2009, CSUR.

[76]  Arthur Evans,et al.  Diana Reference Manual. Revision 3 , 1983 .

[77]  John F. Wakerly,et al.  The programming language PASCAL , 1979, Microprocessors and microsystems.

[78]  Andrew S. Tanenbaum,et al.  Operating systems: design and implementation , 1987, Prentice-Hall software series.

[79]  Carlos Urias Munoz,et al.  Automatic Generation of Random Self-Checking Test Cases , 1983, IBM Syst. J..

[80]  Robert E. Strom,et al.  NIL: A High-Level Language for Distributed Systems Programming , 1983, IBM Syst. J..

[81]  D. R. Stevenson Algorithms for translating Ada multitasking , 1980, SIGPLAN '80.

[82]  Per Brinch Hansen,et al.  The Architecture of Concurrent Programs , 1977 .

[83]  Raphael A. Finkel,et al.  A Stable Distributed Scheduling Algorithm , 1981, IEEE International Conference on Distributed Computing Systems.

[84]  David Luckham,et al.  TSL: task sequencing language , 1985, SIGAda '85.

[85]  David C. Luckham,et al.  ADA exceptions: specification and proof techniques , 1980 .

[86]  Willem P. de Roever,et al.  A Proof System for Communicating Sequential Processes , 1980, ACM Trans. Program. Lang. Syst..

[87]  James C. Browne,et al.  Gypsy: A language for specification and implementation of verifiable programs , 1977 .

[88]  William J. Bolosky,et al.  Mach: A New Kernel Foundation for UNIX Development , 1986, USENIX Summer.

[89]  Kai Hwang,et al.  Computer architecture and parallel processing , 1984, McGraw-Hill Series in computer organization and architecture.

[90]  Larry D. Wittie,et al.  BUGNET: A Debugging system for parallel programming environments , 1982, ICDCS.

[91]  Theodore P. Baker,et al.  Ada Tasking: From semantics to Efficient Implementation , 1985, IEEE Software.

[92]  I. Mearns,et al.  Axioms and proof rules for Ada tasks , 1982 .

[93]  Lawrence Flon,et al.  The Total Correctness of Parallel Programs , 1981, SIAM J. Comput..