d. Programming Assignment 1: Build and Verify a model of a file server; Due Date: September 20, 2011. Send your solution to the instructor before 1PM.

1. the pseudo-code for this model is on the website under “File Servers: Conversational Continuity”.

2. Carefully describe the properties that must hold for this model, including a “soft” shutdown of clients and servers; describe how the model accurately reflects your correctness criteria; and then document the model execution under SPIN/Promela (ispin).

3. Instructor’s Solution

8. Java Concurrency:

a. Modeling a Concurrent Program in Java

b. Java Monitors

1. Hartley Tutorial: http://elvis.rowan.edu/~hartley/JavaConcProg/

2. Java Tutorial: http://download.oracle.com/javase/tutorial/essential/concurrency/index.html

c. Semaphores in Java

d. Alarm Clock Examples

1. Something like Hoare’s monitor

2. Avoiding deadlock

e. Safety in Java Monitors

f. Specific Notification in Java

g. Java Thread Architecture:

1. Webserver and Worker Threads

h. Confinement in Java Threads

i. Java Concurrent Utilities: pdf version

1. Online Java Concurrent Utilities: http://download.oracle.com/javase/6/docs/technotes/guides/concurrency/index.html

2. Locks and Conditions: http://download.oracle.com/javase/6/docs/api/java/util/concurrent/locks/Condition.html

3. Executors: http://download.oracle.com/javase/6/docs/api/java/util/concurrent/Executor.html

4. Semaphores: http://download.oracle.com/javase/6/docs/api/java/util/concurrent/Semaphore.html

5. BlockingQueue: http://download.oracle.com/javase/6/docs/api/java/util/concurrent/BlockingQueue.html

6. Programming Assignment 2: Implement and verify (using JPF) the Alarm Clock with Java Concurrency Utilities. Use Locks and Conditions as your synchronization mechanisms: Due Sept. 27. Submit to instructor in email by 1PM

1. Documentation for Concurrent Software

2. Alarm Clock starting points: Java Deadlock Code or Java Lost Thread Code

3. I will accept a solution to the alarm clock that treats time logically, as in a simulation model. That is, get rid of the “tick()” method. To update the clock, you set it to the minimum of all those waiting in the clock list, and awaken all those on the waiting list at the minimum time.

4. Do not inter-mix synchronization mechanisms of the Java Concurrency Primitives and the Java Concurrent Utilities library

5. Instructor’s solution

9. Using Locks and Conditions in POSIX Threads:

10. Using Synchronization Primitives in C#: //pdos.csail.mit.edu/6.824/papers/birrell-threads-csharp.pdf

11. September 20: Model-checking with Java PathFinder (JPF)

a. Concepts of ModelChecking\JPFModelChecker.pdf

b. JPF Website: http://babelfish.arc.nasa.gov/trac/jpf

c. How to access JPF

d. Examples of JPF Model-checking

1. Deadlock in Java

2. Simple Air Conditioner Controller

3. Semaphore

4. Alarm clock loses a thread and deadlocks

5. Stock Fund Manager Example –

1. Fund Manager Description

2. Fund Manager Code

6. Example – Bounded Buffer Manager

e. Programming Assignment 3: Due Oct. 5. Implement the Client/Server model of Programming Assignment 1 in Java with a blocking queue from the Concurrent Utilities Library. Verify it with JPF. Due at 1PM.

1. Document your program

12. Deriving synchronization from Promela model (global invariants)

a. Concurrent Programming with await(Boolean expression)

1. Practice Homework: derive the semaphore synchronization (using Andrews’ method) of the dining philosophers promela program

b. September 18: Mizuno translation method (“await”)

1. Mizuno paper

2. Reader/Writer Solution

3. Practice Homework: derive the Java Synchronizing Primitives (using Mizuno’s method) of the dining philosophers promela program

4. Practice Homework: JPFDiskHarness

1. Instructor’s solution

c. State Dependence in Java

13. Mizuno Paper on Threadpool (notes)

1. Iterative Heat Transfer Simulation

2. Threadpool Code

3. TPoolBarrierSkeleton

4. GenericJob

5. Programming Assignment 4: Due Oct. 11: Use JPF to verify Mizuno’s Implementation of the Threadpool Problem.

1. Prove that (for every step t in the execution) the compute phase of all jobs is always executed before the copy phase of all jobs, and that the copy phase for step t always precedes the compute phase for step t+1 (except for the last step in the execution).

2. Document Your Verification

3. Alternate Programming Assignments for Programming Assignment 4: Using a model-checker, verify

1. Distributed Semaphores, or

2. Heartbeat algorithm for a topology of a graph, or

3. Token Passing method for Termination Detection in a Graph, or

4. An implementation of a multi-processor kernel.

14. Implementing synchronization primitives in a kernel

15. Testing Concurrent Programs

1. Verification, Validation, and Testing

2. Testing Concurrent Software

3. Unit tests

4. Bounded Buffer