S. Bishop, M. Fairbairn, Hannes Mehnert, Michael Norrish, T. Ridge, Peter Sewell, Michael Smith, Keith Wansbrough
{"title":"Engineering with Logic","authors":"S. Bishop, M. Fairbairn, Hannes Mehnert, Michael Norrish, T. Ridge, Peter Sewell, Michael Smith, Keith Wansbrough","doi":"10.1145/3243650","DOIUrl":"https://doi.org/10.1145/3243650","url":null,"abstract":"Conventional computer engineering relies on test-and-debug development processes, with the behavior of common interfaces described (at best) with prose specification documents. But prose specifications cannot be used in test-and-debug development in any automated way, and prose is a poor medium for expressing complex (and loose) specifications. The TCP/IP protocols and Sockets API are a good example of this: they play a vital role in modern communication and computation, and interoperability between implementations is essential. But what exactly they are is surprisingly obscure: their original development focused on “rough consensus and running code,” augmented by prose RFC specifications that do not precisely define what it means for an implementation to be correct. Ultimately, the actual standard is the de facto one of the common implementations, including, for example, the 15 000 to 20 000 lines of the BSD implementation—optimized and multithreaded C code, time dependent, with asynchronous event handlers, intertwined with the operating system, and security critical. This article reports on work done in the Netsem project to develop lightweight mathematically rigorous techniques that can be applied to such systems: to specify their behavior precisely (but loosely enough to permit the required implementation variation) and to test whether these specifications and the implementations correspond with specifications that are executable as test oracles. We developed post hoc specifications of TCP, UDP, and the Sockets API, both of the service that they provide to applications (in terms of TCP bidirectional stream connections) and of the internal operation of the protocol (in terms of TCP segments and UDP datagrams), together with a testable abstraction function relating the two. These specifications are rigorous, detailed, readable, with broad coverage, and rather accurate. Working within a general-purpose proof assistant (HOL4), we developed language idioms (within higher-order logic) in which to write the specifications: operational semantics with nondeterminism, time, system calls, monadic relational programming, and so forth. We followed an experimental semantics approach, validating the specifications against several thousand traces captured from three implementations (FreeBSD, Linux, and WinXP). Many differences between these were identified, as were a number of bugs. Validation was done using a special-purpose symbolic model checker programmed above HOL4. Having demonstrated that our logic-based engineering techniques suffice for handling real-world protocols, we argue that similar techniques could be applied to future critical software infrastructure at design time, leading to cleaner designs and (via specification-based testing) more robust and predictable implementations. In cases where specification looseness can be controlled, this should be possible with lightweight techniques, without the need for a general-purpose proof assistant, at ","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"93 1","pages":"1 - 77"},"PeriodicalIF":0.0,"publicationDate":"2018-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76103549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Parallel Metric Tree Embedding Based on an Algebraic View on Moore-Bellman-Ford","authors":"Stephan Friedrichs, C. Lenzen","doi":"10.1145/3231591","DOIUrl":"https://doi.org/10.1145/3231591","url":null,"abstract":"A metric tree embedding of expected stretch α ≥ 1 maps a weighted n-node graph G = (V, E, ω) to a weighted tree T = (VT, ET , ωT) with V ⊑ VT such that, for all v,w ∈ V, dist(v, w, G) ≤ dist(v, w, T), and E[dist(v, w, T)] ≤ α dist(v, w, G). Such embeddings are highly useful for designing fast approximation algorithms as many hard problems are easy to solve on tree instances. However, to date, the best parallel polylog n)-depth algorithm that achieves an asymptotically optimal expected stretch of α ∈ O(log n) requires Ω (n2) work and a metric as input. In this article, we show how to achieve the same guarantees using polylog n depth and Õ(m1+ϵ) work, where m = |E| and ϵ > 0 is an arbitrarily small constant. Moreover, one may further reduce the work to Õ(m + n1+ε) at the expense of increasing the expected stretch to O(ε−1 log n). Our main tool in deriving these parallel algorithms is an algebraic characterization of a generalization of the classic Moore-Bellman-Ford algorithm. We consider this framework, which subsumes a variety of previous “Moore-Bellman-Ford-like” algorithms, to be of independent interest and discuss it in depth. In our tree embedding algorithm, we leverage it to provide efficient query access to an approximate metric that allows sampling the tree using polylog n depth and Õ(m) work. We illustrate the generality and versatility of our techniques by various examples and a number of additional results. Specifically, we (1) improve the state of the art for determining metric tree embeddings in the Congest model, (2) determine a (1 + εˆ)-approximate metric regarding the distances in a graph G in polylogarithmic depth and Õ(n(m+n1 + ε )) work, and (3) improve upon the state of the art regarding the k-median and the buy-at-bulk network design problems.","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"53 1","pages":"1 - 55"},"PeriodicalIF":0.0,"publicationDate":"2018-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91342300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
T. Roughgarden, Sergei Vassilvitskii, Joshua R. Wang
{"title":"Shuffles and Circuits (On Lower Bounds for Modern Parallel Computation)","authors":"T. Roughgarden, Sergei Vassilvitskii, Joshua R. Wang","doi":"10.1145/3232536","DOIUrl":"https://doi.org/10.1145/3232536","url":null,"abstract":"The goal of this article is to identify fundamental limitations on how efficiently algorithms implemented on platforms such as MapReduce and Hadoop can compute the central problems in motivating application domains, such as graph connectivity problems. We introduce an abstract model of massively parallel computation, where essentially the only restrictions are that the “fan-in” of each machine is limited to s bits, where s is smaller than the input size n, and that computation proceeds in synchronized rounds, with no communication between different machines within a round. Lower bounds on the round complexity of a problem in this model apply to every computing platform that shares the most basic design principles of MapReduce-type systems. We prove that computations in our model that use few rounds can be represented as low-degree polynomials over the reals. This connection allows us to translate a lower bound on the (approximate) polynomial degree of a Boolean function to a lower bound on the round complexity of every (randomized) massively parallel computation of that function. These lower bounds apply even in the “unbounded width” version of our model, where the number of machines can be arbitrarily large. As one example of our general results, computing any nontrivial monotone graph property—such as connectivity—requires a super-constant number of rounds when every machine receives only a subpolynomial (in n) number of input bits s. Finally, we prove that, in two senses, our lower bounds are the best one could hope for. For the unbounded-width model, we prove a matching upper bound. Restricting to a polynomial number of machines, we show that asymptotically better lower bounds would separate P from NC1.","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"23 1","pages":"1 - 24"},"PeriodicalIF":0.0,"publicationDate":"2018-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86749895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Invited Article Foreword","authors":"É. Tardos","doi":"10.1145/3241947","DOIUrl":"https://doi.org/10.1145/3241947","url":null,"abstract":"The Invited Article section of this issue consists of the article, “Settling the query complexity of non-adaptive junta testing,” by Xi Chen, Rocco A. Servedio, Li-Yang Tan, Erik Waingarten, and Jinyu Xie, which won the best paper award at the 2017 Computational Complexity Conference (CCC’17). We want to thank the CCC’17 Program Committee and the PC chair Ryan O’Donnell for their help in selecting this invited article, and editor Irit Dinur for handling the article.","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"73 1","pages":"1 - 1"},"PeriodicalIF":0.0,"publicationDate":"2018-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83200045","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Moshe Babaioff, Nicole Immorlica, D. Kempe, Robert D. Kleinberg
{"title":"Matroid Secretary Problems","authors":"Moshe Babaioff, Nicole Immorlica, D. Kempe, Robert D. Kleinberg","doi":"10.1145/3212512","DOIUrl":"https://doi.org/10.1145/3212512","url":null,"abstract":"We define a generalization of the classical secretary problem called the matroid secretary problem. In this problem, the elements of a matroid are presented to an online algorithm in uniformly random order. When an element arrives, the algorithm observes its value and must make an irrevocable decision whether or not to accept it. The accepted elements must form an independent set, and the objective is to maximize the combined value of these elements. We present an O(log k)-competitive algorithm for general matroids (where k is the rank of the matroid), and constant-competitive algorithms for several special cases including graphic matroids, truncated partition matroids, and bounded degree transversal matroids. We leave as an open question the existence of constant-competitive algorithms for general matroids. Our results have applications in welfare-maximizing online mechanism design for domains in which the sets of simultaneously satisfiable agents form a matroid.","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"11 1","pages":"1 - 26"},"PeriodicalIF":0.0,"publicationDate":"2018-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84307067","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Unifying Concurrent Objects and Distributed Tasks","authors":"Armando Castañeda, S. Rajsbaum, M. Raynal","doi":"10.1145/3266457","DOIUrl":"https://doi.org/10.1145/3266457","url":null,"abstract":"Tasks and objects are two predominant ways of specifying distributed problems where processes should compute outputs based on their inputs. Roughly speaking, a task specifies, for each set of processes and each possible assignment of input values, their valid outputs. In contrast, an object is defined by a sequential specification. Also, an object can be invoked multiple times by each process, while a task is a one-shot problem. Each one requires its own implementation notion, stating when an execution satisfies the specification. For objects, linearizability is commonly used, while tasks implementation notions are less explored. The article introduces the notion of interval-sequential object, and the corresponding implementation notion of interval-linearizability, to encompass many problems that have no sequential specification as objects. It is shown that interval-sequential specifications are local, namely, one can consider interval-linearizable object implementations in isolation and compose them for free, without sacrificing interval-linearizability of the whole system. The article also introduces the notion of refined tasks and its corresponding satisfiability notion. In contrast to a task, a refined task can be invoked multiple times by each process. Also, objects that cannot be defined using tasks can be defined using refined tasks. In fact, a main result of the article is that interval-sequential objects and refined tasks have the same expressive power and both are complete in the sense that they are able to specify any prefix-closed set of well-formed executions. Interval-linearizability and refined tasks go beyond unifying objects and tasks; they shed new light on both of them. On the one hand, interval-linearizability brings to task the following benefits: an explicit operational semantics, a more precise implementation notion, a notion of state, and a locality property. On the other hand, refined tasks open new possibilities of applying topological techniques to objects.","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"42 1","pages":"1 - 42"},"PeriodicalIF":0.0,"publicationDate":"2018-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87716418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"On the Complexity of Cache Analysis for Different Replacement Policies","authors":"D. Monniaux, Valentin Touzeau","doi":"10.1145/3366018","DOIUrl":"https://doi.org/10.1145/3366018","url":null,"abstract":"Modern processors use cache memory, a memory access that “hits” the cache returns early, while a “miss” takes more time. Given a memory access in a program, cache analysis consists in deciding whether this access is always a hit, always a miss, or is a hit or a miss depending on execution. Such an analysis is of high importance for bounding the worst-case execution time of safety-critical real-time programs. There exist multiple possible policies for evicting old data from the cache when new data are brought in, and different policies, though apparently similar in goals and performance, may be very different from the analysis point of view. In this article, we explore these differences from a complexity-theoretical point of view. Specifically, we show that, among the common replacement policies, Least Recently Used is the only one whose analysis is NP-complete, whereas the analysis problems for the other policies are PSPACE-complete.","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"9 1","pages":"1 - 22"},"PeriodicalIF":0.0,"publicationDate":"2018-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83220474","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Uniform, Integral, and Feasible Proofs for the Determinant Identities","authors":"Iddo Tzameret, S. Cook","doi":"10.1145/3431922","DOIUrl":"https://doi.org/10.1145/3431922","url":null,"abstract":"Aiming to provide weak as possible axiomatic assumptions in which one can develop basic linear algebra, we give a uniform and integral version of the short propositional proofs for the determinant identities demonstrated over GF(2) in Hrubeš-Tzameret [15]. Specifically, we show that the multiplicativity of the determinant function and the Cayley-Hamilton theorem over the integers are provable in the bounded arithmetic theory VNC2; the latter is a first-order theory corresponding to the complexity class NC2 consisting of problems solvable by uniform families of polynomial-size circuits and O(log2 n)-depth. This also establishes the existence of uniform polynomial-size propositional proofs operating with NC2-circuits of the basic determinant identities over the integers (previous propositional proofs hold only over the two-element field).","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"9 35 1","pages":"1 - 80"},"PeriodicalIF":0.0,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88253504","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Parallelism in Randomized Incremental Algorithms","authors":"G. Blelloch, Yan Gu, Julian Shun, Yihan Sun","doi":"10.1145/3402819","DOIUrl":"https://doi.org/10.1145/3402819","url":null,"abstract":"In this article, we show that many sequential randomized incremental algorithms are in fact parallel. We consider algorithms for several problems, including Delaunay triangulation, linear programming, closest pair, smallest enclosing disk, least-element lists, and strongly connected components. We analyze the dependencies between iterations in an algorithm and show that the dependence structure is shallow with high probability or that, by violating some dependencies, the structure is shallow and the work is not increased significantly. We identify three types of algorithms based on their dependencies and present a framework for analyzing each type. Using the framework gives work-efficient polylogarithmic-depth parallel algorithms for most of the problems that we study. This article shows the first incremental Delaunay triangulation algorithm with optimal work and polylogarithmic depth. This result is important, since most implementations of parallel Delaunay triangulation use the incremental approach. Our results also improve bounds on strongly connected components and least-element lists and significantly simplify parallel algorithms for several problems.","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"22 1","pages":"1 - 27"},"PeriodicalIF":0.0,"publicationDate":"2018-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84522598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wojciech Czerwinski, S. Lasota, R. Lazic, Jérôme Leroux, Filip Mazowiecki
{"title":"The Reachability Problem for Petri Nets Is Not Elementary","authors":"Wojciech Czerwinski, S. Lasota, R. Lazic, Jérôme Leroux, Filip Mazowiecki","doi":"10.1145/3422822","DOIUrl":"https://doi.org/10.1145/3422822","url":null,"abstract":"Petri nets, also known as vector addition systems, are a long established model of concurrency with extensive applications in modeling and analysis of hardware, software, and database systems, as well as chemical, biological, and business processes. The central algorithmic problem for Petri nets is reachability: whether from the given initial configuration there exists a sequence of valid execution steps that reaches the given final configuration. The complexity of the problem has remained unsettled since the 1960s, and it is one of the most prominent open questions in the theory of verification. Decidability was proved by Mayr in his seminal STOC 1981 work, and, currently, the best published upper bound is non-primitive recursive Ackermannian of Leroux and Schmitz from Symposium on Logic in Computer Science 2019. We establish a non-elementary lower bound, i.e., that the reachability problem needs a tower of exponentials of time and space. Until this work, the best lower bound has been exponential space, due to Lipton in 1976. The new lower bound is a major breakthrough for several reasons. Firstly, it shows that the reachability problem is much harder than the coverability (i.e., state reachability) problem, which is also ubiquitous but has been known to be complete for exponential space since the late 1970s. Secondly, it implies that a plethora of problems from formal languages, logic, concurrent systems, process calculi, and other areas, which are known to admit reductions from the Petri nets reachability problem, are also not elementary. Thirdly, it makes obsolete the current best lower bounds for the reachability problems for two key extensions of Petri nets: with branching and with a pushdown stack. We develop a construction that uses arbitrarily large pairs of values with ratio R to provide zero testable counters that are bounded by R. At the heart of our proof is then a novel gadget, the so-called factorial amplifier that, assuming availability of counters that are zero testable and bounded by k, guarantees to produce arbitrarily large pairs of values whose ratio is exactly the factorial of k. Repeatedly composing the factorial amplifier with itself by means of the former construction enables us to compute, in linear time, Petri nets that simulate Minsky machines whose counters are bounded by a tower of exponentials, which yields the non-elementary lower bound. By refining this scheme further, we, in fact, already establish hardness for h-exponential space for Petri nets with h + 13 counters.","PeriodicalId":17199,"journal":{"name":"Journal of the ACM (JACM)","volume":"55 1","pages":"1 - 28"},"PeriodicalIF":0.0,"publicationDate":"2018-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87501202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}