Verification of sequential and concurrent libraries

Deshmukh, Jyotirmoy Vinay

02 August 2011

The goal of this dissertation is to present new and improved techniques for fully automatic verification of sequential and concurrent software libraries. In most cases, automatic software verification is plagued by undecidability, while in many others it suffers from prohibitively high computational complexity. Model checking -- a highly successful technique used for verifying finite state hardware circuits against logical specifications -- has been less widely adapted for software, as software verification tends to involve reasoning about potentially infinite state-spaces. Two of the biggest culprits responsible for making software model checking hard are heap-allocated data structures and concurrency. In the first part of this dissertation, we study the problem of verifying shape properties of sequential data structure libraries. Such libraries are implemented as collections of methods that manipulate the underlying data structure. Examples of such methods include: methods to insert, delete, and update data values of nodes in linked lists, binary trees, and directed acyclic graphs; methods to reverse linked lists; and methods to rotate balanced trees. Well-written methods are accompanied by documentation that specifies the observational behavior of these methods in terms of pre/post-conditions. A pre-condition [phi] for a method M characterizes the state of a data structure before the method acts on it, and the post-condition [psi] characterizes the state of the data structure after the method has terminated. In a certain sense, we can view the method as a function that operates on an input data structure, producing an output data structure. Examples of such pre/post-conditions include shape properties such as acyclicity, sorted-ness, tree-ness, reachability of particular data values, and reachability of pointer values, and data structure-specific properties such as: "no red node has a red child'', and "there is no node with data value 'a' in the data structure''. Moreover, methods are often expected not to violate certain safety properties such as the absence of dangling pointers, absence of null pointer dereferences, and absence of memory leaks. We often assume such specifications as implicit, and say that a method is incorrect if it violates such specifications. We model data structures as directed graphs, and use the two terms interchangeably. Verifying correctness of methods operating on graphs is an instance of the parameterized verification problem: for every input graph that satisfies [phi], we wish to ensure that the corresponding output graph satisfies [psi]. Control structures such as loops and recursion allow an arbitrary method to simulate a Turing Machine. Hence, the parameterized verification problem for arbitrary methods is undecidable. One of the main contributions of this dissertation is in identifying mathematical conditions on a programming language fragment for which parameterized verification is not only decidable, but also efficient from a complexity perspective. The decidable fragment we consider can be broadly sub-divided into two categories: the class of iterative methods, or methods which use loops as a control flow construct to traverse a data structure, and the class of recursive methods, or methods that use recursion to traverse the data structure. We show that for an iterative method operating on a directed graph, if we are guaranteed that if the number of destructive updates that a method performs is bounded (by a constant, i.e., O(1)), and is guaranteed to terminate, then the correctness of the method can be checked in time polynomial in the size of the method and its specifications. Further, we provide a well-defined syntactic fragment for recursive methods operating on tree-like data structures, which assures that any method in this fragment can be verified in time polynomial in the size of the method and its specifications. Our approach draws on the theory of tree automata, and we show that parameterized correctness can be reduced to emptiness of finite-state, nondeterministic tree automata that operate on infinite trees. We then leverage efficient algorithms for checking the emptiness of such tree automata to obtain a tractable verification framework. Our prototype tool demonstrates the low theoretical complexity of our technique by efficiently verifying common methods that operate on data structures. In the second part of the dissertation, we tackle another obstacle for tractable software verification: concurrency. In particular, we explore application of a static analysis technique based on interprocedural dataflow analysis to predict and document deadlocks in concurrent libraries, and analyze deadlocks in clients that use such libraries. The kind of deadlocks that we focus result from circular dependencies in the acquisition of shared resources (such as locks). Well-written applications that use several locks implicitly assume a certain partial order in which locks are acquired by threads. A cycle in the lock acquisition order is an indicator of a possible deadlock within the application. Methods in object-oriented concurrent libraries often encapsulate internal synchronization details. As a result of information hiding, clients calling the library methods may cause thread safety violations by invoking methods in a manner that violates the partial ordering between lock acquisitions that is implicit within the library. Given a concurrent library, we present a technique for inferring interface contracts that speciy permissible concurrent method calls and patterns of aliasing among method arguments that guarantee deadlock-free execution for the methods in the library. The contracts also help client developers by documenting required assumptions about the library methods. Alternatively, the contracts can be statically enforced in the client code to detect potential deadlocks in the client. Our technique combines static analysis with a symbolic encoding for tracking lock dependencies, allowing us to synthesize contracts using a satisfiability modulo theories (SMT) solver. Additionally, we investigate extensions of our technique to reason about deadlocks in libraries that employ signalling primitives such as wait-notify for cooperative synchronization. We demonstrate its scalability and efficiency with a prototype tool that analyzed over a million lines of code for some widely-used open-source Java libraries in less than 50 minutes. Furthermore, the contracts inferred by our approach have been able to pinpoint real bugs, i.e. deadlocks that have been reported by users of these libraries. / text

Computer software

Verification

Static analysis

Shape analysis

Data structures

Deadlocks

Deadlock detection

Concurrency

Concurrent libraries

Multi-threaded

Wait-notify

Synchronization

A Presence Server for Context-aware Applications

Eslami, Mohammad Zarifi

January 2007

This master’s thesis project “A Presence Server for Context-aware Applications” was carried out at KTH Center for Wireless Systems (Wireless@KTH). The overall goal of this thesis project is to implement a context aware infrastructure to serve as middleware for different kinds of context aware applications, such as a context-aware printing application, location based notifier application, etc. This thesis examines different types of context aware architectures and considers different forms of context modeling. Additionally the thesis also explores some of the related technology, in order to provide the reader with suitable background information to understand the rest of the thesis. By using the SIP Express Router (SER) and its presence module (pa) a context server has been designed, implemented, and evaluated. Evaluation reveals that the critical bottleneck is the increasing service time as the number of Publish messages for different events in the SER database increases, i.e. the time required for handling and sending the Notify messages when a new Publish message is received increases as a function of the number of earlier Publish messages. The evaluation also shows that the dependence of SER upon the MySQL database as incorrect database queries can cause SER to crash. Additionally the performance of the database limits the performance of the context server. A number of future improvements are necessary to address security issues (in particular the authentication of Watchers) and adding policy based control in order to send Notify messages only to the Watchers authorized to receive information for a specific event. / Examensarbetet "A Presence Server for Context-aware Applications" genomfördes på Kungliga Tekniska Högskolan, KTH Center for Wireless Systems (Wireless@KTH). Det övergripande målet med detta examensarbetsprojekt är att implementera en kontextmedveten infrastruktur som fungerar som "middleware" för olika typer av kontextmedvetna applikationer. Exempel på dessa är kontextmedveten utskriftsapplikation och platsberoende meddelarapplikation osv. Rapporten undersöker olika typer av kontextmedvetna arkitekturer och betraktar olika former av kontextmodellering. Rapporten utforskar även vissa besläktade teknologier för att kunna tillhandahålla läsaren med en passande bakgrundsinformation och därmed öka förståelsen för resten av examensarbetet. Genom att använda Sip Express Routern (SER) och dess närvaromodul (presence module, PA) har en kontextserver designats, implementerats och utvärderats. Utvärderingen visar att den kritiska flaskhalsen är tiden det tar för SER servern att svara på nya Publish meddelanden, för olika händelser, i SER databasen. Svarstiden ökar allteftersom databasen fylls med mer data. Detta påverkar hantering och sänding av Notify meddelande när en ny Publish meddelande är mottagen. Uvärderingen visar också att en viktig fråga är relationen mellan SER servern och MySQL databasen, eftersom felaktiga förfrågningar till databasen kan krascha SER servern. De viktigaste framtida förbättringarna är säkerhetsaspekter (mer specifikt autenticering av Watchers) och tillägg av policybaserad sändning av Notify meddelanden endast till auktoriserade Watchers för specifika händelser.

Context

Context-aware

SIP

SIP-SIMPLE

XML

PIDF

SER

Presence Agent module

Subscribe message

Publish message

Notify message

Communication Systems

Kommunikationssystem

Srovnání systémů sociálně - právní ochrany dětí v České republice a ve Finsku / Comparison of Systems of Social and Legal Protection of Children in the Czech Republic and in Finland

Dobešová, Anežka

January 2019

The thesis briefly describes basic terms, international acts and legislation which relate to the social and legal protection of children. In greater detail, it goes over the individual components of Czech and Finnish systems of social and legal protection of children. Afterwards, both systems and its positives and negatives are compared and the main advantages of Finnish system which could be beneficial four the Czech system are described. To achieve the goals, the information from the literature are used together with the survey in which participated social workers from the Czech Republic and Finland.

Supply Chain Event Management – Bedarf, Systemarchitektur und Nutzen aus Perspektive fokaler Unternehmen der Modeindustrie

Tröger, Ralph

10 November 2014

Supply Chain Event Management (SCEM) bezeichnet eine Teildisziplin des Supply Chain Management und ist für Unternehmen ein Ansatzpunkt, durch frühzeitige Reaktion auf kritische Ausnahmeereignisse in der Wertschöpfungskette Logistikleistung und -kosten zu optimieren. Durch Rahmenbedingungen wie bspw. globale Logistikstrukturen, eine hohe Artikelvielfalt und volatile Geschäftsbeziehungen zählt die Modeindustrie zu den Branchen, die für kritische Störereignisse besonders anfällig ist. In diesem Sinne untersucht die vorliegende Dissertation nach einer Beleuchtung der wesentlichen Grundlagen zunächst, inwiefern es in der Modeindustrie tatsächlich einen Bedarf an SCEM-Systemen gibt. Anknüpfend daran zeigt sie nach einer Darstellung bisheriger SCEM-Architekturkonzepte Gestaltungsmöglichkeiten für eine Systemarchitektur auf, die auf den Designprinzipien der Serviceorientierung beruht. In diesem Rahmen erfolgt u. a. auch die Identifikation SCEM-relevanter Business Services. Die Vorzüge einer serviceorientierten Gestaltung werden detailliert anhand der EPCIS (EPC Information Services)-Spezifikation illustriert. Abgerundet wird die Arbeit durch eine Betrachtung der Nutzenpotenziale von SCEM-Systemen. Nach einer Darstellung von Ansätzen, welche zur Nutzenbestimmung infrage kommen, wird der Nutzen anhand eines Praxisbeispiels aufgezeigt und fließt zusammen mit den Ergebnissen einer Literaturrecherche in eine Konsolidierung von SCEM-Nutzeffekten. Hierbei wird auch beleuchtet, welche zusätzlichen Vorteile sich für Unternehmen durch eine serviceorientierte Architekturgestaltung bieten. In der Schlussbetrachtung werden die wesentlichen Erkenntnisse der Arbeit zusammengefasst und in einem Ausblick sowohl beleuchtet, welche Relevanz die Ergebnisse der Arbeit für die Bewältigung künftiger Herausforderungen innehaben als auch welche Anknüpfungspunkte sich für anschließende Forschungsarbeiten ergeben.

SCEM

Supply Chain Event Management

SOA

Serviceorientierte Architektur

EPCIS

EPC Information Services

Modeindustrie

Bedarf

Architektur

Systemarchitektur

Nutzen

SCEM-System

Business Services

Geschäftsorientierte Services

Supply Chain Management

SCM

Logistik

Fokale Unternehmen

Bekleidungsindustrie

Textilindustrie

Logistikleistung

Logistikkosten

Simulation

Service Science

Service Design

Event

Kritisches Ausnahmeereignis

Störung

Störereignis

Lieferkette

Wertschöpfungskette

Fallstudie

EPC

Electronic Product Code

Cloud Computing

Cloud-Infrastruktur

Cloud-ERP

Service-Identifikation

Service-Beschreibung

Gerry Weber

van Laack

Gardeur

Seidensticker

ThyssenKrupp

Deutsche Post

DHL

fTRACE

GS1

GS1 Germany

René Lezard

März München

Kybernetischer Regelkreis

Management by Exception

Supply Chain Risk Management

Supply Network Event Management

SNEM

Service-Repository

Service-Registry

Original Brand Manufacturer

OBM

SaaS

Software as a Service

RFID

Radio Frequency Identification

Komplexität

Störungsanfälligkeit

Nutzenpotenzial

SCEM-Lösung

Value Chain Integrator

Transaktionskostentheorie

Ressourcenbasierter Ansatz

Theorie der informatorischen Kaskaden

Systemtheorie

Prinzipal-Agent-Theorie

Theorien zur Informationsverarbeitung

Nutzenquantifizierung

Auto-ID

Automatische Identifikation

EDI

Electronic Data Interchange

Event-Typisierung

SCEM-Funktionen

SCEM-Funktionalitäten

Geschäftsprozesse

Servicekatalog

Servicekandidat

Servicespezifikation

Standard

Schnittstelle

Überwachen

Melden

Steuern

Messen

Simulieren

FMEA

Fehlermöglichkeits- und Einflussanalyse

SCEM-FMEA

Ereignisorientierte Simulation

Konfiguration

SCEM

Supply chain event management

SOA

Service-oriented architecture

EPCIS

EPC information services

Fashion industry

Need

Business need

Architecture

System architecture

Benefit

SCEM system

Business services

Business-oriented services

Supply chain management

SCM

Logistics

Apparel industry

Textile industry

Logistics performance

Logistics costs

Simulation

Service science

Service design

Event

Critical exception

Deviation

Disruption

Disruptive event

Supply chain

Value chain

Case study

EPC

Electronic product code

Cloud computing

Cloud infrastructure

Cloud ERP

Service identification

Service description

Gerry Weber

van Laack

Gardeur

Seidensticker

ThyssenKrupp

Deutsche Post

DHL

fTRACE

GS1

GS1 Germany

René Lezard

März München

Control system

Management by exception

Supply chain risk management

Supply network event management

SNEM

Service repository

Service registry

Original brand manufacturer

OBM

SaaS

Software as a Service

RFID

Radio Frequency Identification

Complexity

Vulnerability to disruptions

Potential

SCEM solution

Value chain integrator

Transaction cost theory

Resource-based view

Information cascades

System theory

Principal-agent theory

Information processing

AIDC

EDI

Electronic data interchange

Event classification

SCEM functions

SCEM functionalities

Business processes

Service catalogue

Service candidate

Service specification

Standard

Interface

Monitor

Notify

Simulate

Control

Measure

FMEA

Failure mode and effects analysis

SCEM FMEA

Discrete event simulation

Configuration

ddc:330

ddc:000

ddc:004

ddc:650

Supply Chain Event Management – Bedarf, Systemarchitektur und Nutzen aus Perspektive fokaler Unternehmen der Modeindustrie

Tröger, Ralph

17 October 2014

Supply Chain Event Management (SCEM) bezeichnet eine Teildisziplin des Supply Chain Management und ist für Unternehmen ein Ansatzpunkt, durch frühzeitige Reaktion auf kritische Ausnahmeereignisse in der Wertschöpfungskette Logistikleistung und -kosten zu optimieren. Durch Rahmenbedingungen wie bspw. globale Logistikstrukturen, eine hohe Artikelvielfalt und volatile Geschäftsbeziehungen zählt die Modeindustrie zu den Branchen, die für kritische Störereignisse besonders anfällig ist. In diesem Sinne untersucht die vorliegende Dissertation nach einer Beleuchtung der wesentlichen Grundlagen zunächst, inwiefern es in der Modeindustrie tatsächlich einen Bedarf an SCEM-Systemen gibt. Anknüpfend daran zeigt sie nach einer Darstellung bisheriger SCEM-Architekturkonzepte Gestaltungsmöglichkeiten für eine Systemarchitektur auf, die auf den Designprinzipien der Serviceorientierung beruht. In diesem Rahmen erfolgt u. a. auch die Identifikation SCEM-relevanter Business Services. Die Vorzüge einer serviceorientierten Gestaltung werden detailliert anhand der EPCIS (EPC Information Services)-Spezifikation illustriert. Abgerundet wird die Arbeit durch eine Betrachtung der Nutzenpotenziale von SCEM-Systemen. Nach einer Darstellung von Ansätzen, welche zur Nutzenbestimmung infrage kommen, wird der Nutzen anhand eines Praxisbeispiels aufgezeigt und fließt zusammen mit den Ergebnissen einer Literaturrecherche in eine Konsolidierung von SCEM-Nutzeffekten. Hierbei wird auch beleuchtet, welche zusätzlichen Vorteile sich für Unternehmen durch eine serviceorientierte Architekturgestaltung bieten. In der Schlussbetrachtung werden die wesentlichen Erkenntnisse der Arbeit zusammengefasst und in einem Ausblick sowohl beleuchtet, welche Relevanz die Ergebnisse der Arbeit für die Bewältigung künftiger Herausforderungen innehaben als auch welche Anknüpfungspunkte sich für anschließende Forschungsarbeiten ergeben.

info:eu-repo/classification/ddc/330

ddc:330

info:eu-repo/classification/ddc/000

ddc:000

info:eu-repo/classification/ddc/004

ddc:004

info:eu-repo/classification/ddc/650

ddc:650