DMCA
Specifying Multithreaded Java Semantics forProgram Verification
Citations
| 1231 |
How to make a multiprocessor computer that correctly executes multiprocess programs
- Lamport
- 1979
(Show Context)
Citation Context ... as stateless search and persistent sets. However, a commonality among all these techniques is that they assume the underlying execution model of a multithreaded program to be sequentially consistent =-=[20]-=-. Sequential Consistency. Before proceeding any further, let us elaborate on this point. An execution model for multithreaded programs is sequentially consistent if for any program P (a) any execution... |
| 816 |
Parallel Program Design: A Foundation.
- Chandy, Misra
- 1988
(Show Context)
Citation Context ...e body B is executed atomically. The guarded-command notation for describing concurrent systems has been popularized by many researchers including Chandy and Misra in their Unity programming language =-=[9]-=-. We denote action usei(j) as a use action on shared variable vj by Thi; similarly for assign, load, store, read, and write. The action locki denotes locking of all shared variables by Thi; similarly ... |
| 591 | Model checking programs
- Visser, Havelund, et al.
- 2000
(Show Context)
Citation Context ...erings of operations in the individual threads. There is currently a huge body of ongoing work on employing static analysis and model checking techniques [10] for concurrent Java program verification =-=[14, 19, 25, 26, 31]-=-. Some of these techniques translate the program to a formal model [19, 25] and then use dataflow analysis/ model checking to search the state space of this model. Others [14, 31] directly analyze pro... |
| 385 | The Java memory model.
- Manson, Pugh, et al.
- 2005
(Show Context)
Citation Context ...ifies certain rules that must never be violated in a multithreaded execution. In other words, the model is neither operational nor executable. This makes the JMM almost impossible to reason with (see =-=[28]-=- for the complexities of informal reasoning about the JMM). We develop an executable specification of the JMM in this paper. Secondly, program verification via model checking suffers from the state sp... |
| 290 |
Programming with POSIX Threads,
- Butenhof
- 1997
(Show Context)
Citation Context ...fe uses and applications of Java multithreading are presented in [18]. Java threads can be run on multiple hardware processors or on a single processor through a thread library (such as POSIX threads =-=[7]-=-). As the implementations of multithreading are varied, the Java Language Specification (JLS) prescribes certain abstract rules which any implementation of Java multithreading must follow [16]. These ... |
| 189 |
Concurrent Programming in Java: Design Principles and Patterns
- Lea
- 1999
(Show Context)
Citation Context ...execution model cannot possibly detect. 1. INTRODUCTION The Java programming language supports multithreaded programming where multiple threads can communicate via reads/writes of shared objects (see =-=[21]-=- for a detailed discussion on software design using multithreaded Java). Multithreading is a useful technique as it allows the programmer to structure different parts of the program into different thr... |
| 173 | The murϕ verification system. In:
- Dill
- 1996
(Show Context)
Citation Context ... execution trace. Our invariant checker has been implemented on top of a memoized logic programming system XSB [32]. Because our model is expressed in guarded-command notation, the Mur' model checker =-=[12]-=- is a candidate implementation vehicle as it supports a guarded-command-based specification language. However, note that in the verification of any multithreaded program, it is sufficient to check onl... |
| 114 | Model checking multi-threaded distributed java programs.
- Stoller
- 2000
(Show Context)
Citation Context ...work in Section 6.s2. RELATED WORK Verification of Java programs has been studied extensively. Specifically, significant progress has been achieved recently in multithreaded Java program verification =-=[6, 11, 14, 19, 25, 26, 30]-=-. Out of these works, [11, 19, 25] extract formal model from Java source code and analyze the formal model, while [6, 14, 30] propose techniques to directly analyze the source code by modifying the st... |
| 63 | A programmer friendly modular definition of the semantics of java.
- Borger, Schulte
- 1999
(Show Context)
Citation Context ...ntics (the current one or any future improvement) should be incorporated into Java program verification. Since the inception of the JMM, several formalizations of Java concurrency have been proposed, =-=[5, 8, 15, 17]-=- to name a few. Some of these [5] focus only on language level concurrency constructs without considering the memory model. Some others [8, 15] construct non-executable specifications of the memory mo... |
| 46 |
Formal specification of abstract memory models. In
- Dill, Park, et al.
- 1993
(Show Context)
Citation Context ...ify nontrivial software fragments, which would be extremely cumbersome to perform with human reasoning. Developing executable memory models has been studied in the context of hardware multiprocessors =-=[13, 27]-=-. Similar to Java threads, hardware shared-memory multiprocessors also impose a consistency model which dictates the allowed interactions among the processors via a shared memory. 3. THE JAVA MEMORY M... |
| 34 | Improving the Java Memory Model using CRF
- Maessen, Arvind, et al.
- 2000
(Show Context)
Citation Context ...as well as multiprocessor platforms. Therefore, changing the JMM now will not solve the problem of the Java programmer for many years to come. Moreover, the two concrete proposals for an improved JMM =-=[22, 23]-=- (which were proposed very recently, and are now being hotly debated) are also weaker than sequential consistency. In fact since the Java memory model describes all possible program behaviors on all p... |
| 28 | Double-checked locking: An optimization pattern for efficiently initializing and accessing thread-safe objects
- Schmidt, Harrison
- 1996
(Show Context)
Citation Context ... verified-correct program on some execution platforms !! Examples of such programs even include some popular multithreaded Java software construction idioms such as the "Double-Checked Locking" idiom =-=[29]-=-. There could be several solutions to this problem. First, we could develop a restricted fragment of Java programs for which the JMM guarantees sequentially consistency [2]. Programmers are then encou... |
| 14 | Formal models of Java at the JVM level – a survey from the ACL2 perspective
- Moore, Krug, et al.
- 2001
(Show Context)
Citation Context ... formalizing the underlying execution model, but does not address the issue of state-space search algorithms. Recently, some research has been directed towards developing executable models of the JVM =-=[4, 24]-=-. In particular, Moore [24] develops a formal model of a multithreaded JVM and advocates its use for verifying Java programs. Here, the only difference from conventional program verification is that i... |
| 10 |
The Java Language Specification. Chapter 17
- Gosling, Joy, et al.
- 1996
(Show Context)
Citation Context ... threads [7]). As the implementations of multithreading are varied, the Java Language Specification (JLS) prescribes certain abstract rules which any implementation of Java multithreading must follow =-=[16]-=-. These rules are called the Java Memory Model (JMM). However, the JMM is more complex than an interleaved execution of the threads, where each thread executes in program order. The operations in any ... |
| 9 | Investigating Java concurrency using abstract state machines - Gurevich, Schulte, et al. - 2000 |
| 2 |
et al. A formal executable semantics of the Javacard platform
- Barthe
(Show Context)
Citation Context ... formalizing the underlying execution model, but does not address the issue of state-space search algorithms. Recently, some research has been directed towards developing executable models of the JVM =-=[4, 24]-=-. In particular, Moore [24] develops a formal model of a multithreaded JVM and advocates its use for verifying Java programs. Here, the only difference from conventional program verification is that i... |
| 2 |
et al. An event based structural operational semantics of multithreaded Java
- Cenciarelli
- 1999
(Show Context)
Citation Context ...ntics (the current one or any future improvement) should be incorporated into Java program verification. Since the inception of the JMM, several formalizations of Java concurrency have been proposed, =-=[5, 8, 15, 17]-=- to name a few. Some of these [5] focus only on language level concurrency constructs without considering the memory model. Some others [8, 15] construct non-executable specifications of the memory mo... |
| 1 |
Java Specification Request (JSR) 133. Java Memory Model and Thread Specification revision
- Adve, Pai, et al.
- 2001
(Show Context)
Citation Context ...ally consistency [2]. Programmers are then encouraged to write programs only in this fragment. Secondly, we could change the JMM altogether (this is being seriously considered by an expert group, see =-=[1]-=-). Finally, we could develop an executable formal description of the JMM and incorporate it into program verification. Let us now study each of these solutions in depth. In the first solution, the fra... |
