Download the full version of the textbook now at textbookfull.

com

Programming Languages and Systems 1st Edition

Nobuko Yoshida

https://textbookfull.com/product/programming-
languages-and-systems-1st-edition-nobuko-yoshida/

Explore and download more textbook at https://textbookfull.com

 Recommended digital products (PDF, EPUB, MOBI) that
you can download immediately if you are interested.

Programming Languages and Systems Amal Ahmed

https://textbookfull.com/product/programming-languages-and-systems-
amal-ahmed/

textbookfull.com

Knowledge Management and Acquisition for Intelligent

Systems Kenichi Yoshida

https://textbookfull.com/product/knowledge-management-and-acquisition-
for-intelligent-systems-kenichi-yoshida/

textbookfull.com

Understanding Programming Languages 1st Edition Cliff B.

Jones

https://textbookfull.com/product/understanding-programming-
languages-1st-edition-cliff-b-jones/

textbookfull.com

Cognitive Neuroscience 5th ed The Biology of the Mind 5th

Edition Michael S. Gazzaniga

https://textbookfull.com/product/cognitive-neuroscience-5th-ed-the-
biology-of-the-mind-5th-edition-michael-s-gazzaniga/

textbookfull.com
Advances in refining catalysis 1st Edition Üner

https://textbookfull.com/product/advances-in-refining-catalysis-1st-
edition-uner/

textbookfull.com

Public Health 101 Healthy People Healthy Population 2nd

Edition Riegelman

https://textbookfull.com/product/public-health-101-healthy-people-
healthy-population-2nd-edition-riegelman/

textbookfull.com

Urban Public Spaces: From Planned Policies to Everyday

Politics (Illustrated with Brazilian Case Studies) (The
Urban Book Series) 1st Edition Lucia Capanema Alvares
https://textbookfull.com/product/urban-public-spaces-from-planned-
policies-to-everyday-politics-illustrated-with-brazilian-case-studies-
the-urban-book-series-1st-edition-lucia-capanema-alvares/
textbookfull.com

Explorations in Diversity: Examining the Complexities of

Privilege, Discrimination, and Oppression Sharon K
Anderson
https://textbookfull.com/product/explorations-in-diversity-examining-
the-complexities-of-privilege-discrimination-and-oppression-sharon-k-
anderson/
textbookfull.com

Polarons and Bipolarons: An Introduction 1st Edition Ashok

Chatterjee (Author)

https://textbookfull.com/product/polarons-and-bipolarons-an-
introduction-1st-edition-ashok-chatterjee-author/

textbookfull.com
First Order Phase Transitions of Magnetic Materials: Broad
and Interrupted Transitions First Edition Praveen Chaddah

https://textbookfull.com/product/first-order-phase-transitions-of-
magnetic-materials-broad-and-interrupted-transitions-first-edition-
praveen-chaddah/
textbookfull.com
ARCoSS Nobuko Yoshida (Ed.)

Programming
LNCS 12648

Languages
and Systems
30th European Symposium on Programming, ESOP 2021
Held as Part of the European Joint Conferences
on Theory and Practice of Software, ETAPS 2021
Luxembourg City, Luxembourg, March 27 – April 1, 2021
Proceedings
Lecture Notes in Computer Science 12648
Founding Editors
Gerhard Goos, Germany
Juris Hartmanis, USA

Editorial Board Members

Elisa Bertino, USA Gerhard Woeginger , Germany
Wen Gao, China Moti Yung, USA
Bernhard Steffen , Germany

Advanced Research in Computing and Software Science

Subline of Lecture Notes in Computer Science

Subline Series Editors

Giorgio Ausiello, University of Rome ‘La Sapienza’, Italy
Vladimiro Sassone, University of Southampton, UK

Subline Advisory Board

Susanne Albers, TU Munich, Germany
Benjamin C. Pierce, University of Pennsylvania, USA
Bernhard Steffen , University of Dortmund, Germany
Deng Xiaotie, Peking University, Beijing, China
Jeannette M. Wing, Microsoft Research, Redmond, WA, USA
More information about this subseries at http://www.springer.com/series/7407
Nobuko Yoshida (Ed.)

Programming
Languages
and Systems
30th European Symposium on Programming, ESOP 2021
Held as Part of the European Joint Conferences
on Theory and Practice of Software, ETAPS 2021
Luxembourg City, Luxembourg, March 27 – April 1, 2021
Proceedings

123
Editor
Nobuko Yoshida
Imperial College
London, UK

ISSN 0302-9743 ISSN 1611-3349 (electronic)

Lecture Notes in Computer Science
ISBN 978-3-030-72018-6 ISBN 978-3-030-72019-3 (eBook)
https://doi.org/10.1007/978-3-030-72019-3

LNCS Sublibrary: SL1 – Theoretical Computer Science and General Issues

© The Editor(s) (if applicable) and The Author(s) 2021. This book is an open access publication.
Open Access This book is licensed under the terms of the Creative Commons Attribution 4.0 International
License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution
and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and
the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this book are included in the book’s Creative Commons license,
unless indicated otherwise in a credit line to the material. If material is not included in the book’s Creative
Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use,
you will need to obtain permission directly from the copyright holder.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, expressed or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
 ETAPS Foreword

Welcome to the 24th ETAPS! ETAPS 2021 was originally planned to take place in
Luxembourg in its beautiful capital Luxembourg City. Because of the Covid-19 pan-
demic, this was changed to an online event.
ETAPS 2021 was the 24th instance of the European Joint Conferences on Theory
and Practice of Software. ETAPS is an annual federated conference established in
1998, and consists of four conferences: ESOP, FASE, FoSSaCS, and TACAS. Each
conference has its own Program Committee (PC) and its own Steering Committee
(SC). The conferences cover various aspects of software systems, ranging from theo-
retical computer science to foundations of programming languages, analysis tools, and
formal approaches to software engineering. Organising these conferences in a coherent,
highly synchronised conference programme enables researchers to participate in an
exciting event, having the possibility to meet many colleagues working in different
directions in the field, and to easily attend talks of different conferences. On the
weekend before the main conference, numerous satellite workshops take place that
attract many researchers from all over the globe.
ETAPS 2021 received 260 submissions in total, 115 of which were accepted,
yielding an overall acceptance rate of 44.2%. I thank all the authors for their interest in
ETAPS, all the reviewers for their reviewing efforts, the PC members for their con-
tributions, and in particular the PC (co-)chairs for their hard work in running this entire
intensive process. Last but not least, my congratulations to all authors of the accepted
papers!
ETAPS 2021 featured the unifying invited speakers Scott Smolka (Stony Brook
University) and Jane Hillston (University of Edinburgh) and the conference-specific
invited speakers Işil Dillig (University of Texas at Austin) for ESOP and Willem Visser
(Stellenbosch University) for FASE. Inivited tutorials were provided by Erika Ábrahám
(RWTH Aachen University) on analysis of hybrid systems and Madhusudan
Parthasararathy (University of Illinois at Urbana-Champaign) on combining machine
learning and formal methods.
ETAPS 2021 was originally supposed to take place in Luxembourg City, Luxem-
bourg organized by the SnT - Interdisciplinary Centre for Security, Reliability and
Trust, University of Luxembourg. University of Luxembourg was founded in 2003.
The university is one of the best and most international young universities with 6,700
students from 129 countries and 1,331 academics from all over the globe. The local
organisation team consisted of Peter Y.A. Ryan (general chair), Peter B. Roenne (or-
ganisation chair), Joaquin Garcia-Alfaro (workshop chair), Magali Martin (event
manager), David Mestel (publicity chair), and Alfredo Rial (local proceedings chair).
ETAPS 2021 was further supported by the following associations and societies:
ETAPS e.V., EATCS (European Association for Theoretical Computer Science),
EAPLS (European Association for Programming Languages and Systems), and EASST
(European Association of Software Science and Technology).
vi ETAPS Foreword

The ETAPS Steering Committee consists of an Executive Board, and representa-

tives of the individual ETAPS conferences, as well as representatives of EATCS,
EAPLS, and EASST. The Executive Board consists of Holger Hermanns (Saar-
brücken), Marieke Huisman (Twente, chair), Jan Kofron (Prague), Barbara König
(Duisburg), Gerald Lüttgen (Bamberg), Caterina Urban (INRIA), Tarmo Uustalu
(Reykjavik and Tallinn), and Lenore Zuck (Chicago).
Other members of the steering committee are: Patricia Bouyer (Paris), Einar Broch
Johnsen (Oslo), Dana Fisman (Be’er Sheva), Jan-Friso Groote (Eindhoven), Esther
Guerra (Madrid), Reiko Heckel (Leicester), Joost-Pieter Katoen (Aachen and Twente),
Stefan Kiefer (Oxford), Fabrice Kordon (Paris), Jan Křetínský (Munich), Kim G.
Larsen (Aalborg), Tiziana Margaria (Limerick), Andrew M. Pitts (Cambridge), Grigore
Roșu (Illinois), Peter Ryan (Luxembourg), Don Sannella (Edinburgh), Lutz Schröder
(Erlangen), Ilya Sergey (Singapore), Mariëlle Stoelinga (Twente), Gabriele Taentzer
(Marburg), Christine Tasson (Paris), Peter Thiemann (Freiburg), Jan Vitek (Prague),
Anton Wijs (Eindhoven), Manuel Wimmer (Linz), and Nobuko Yoshida (London).
I’d like to take this opportunity to thank all the authors, attendees, organizers of the
satellite workshops, and Springer-Verlag GmbH for their support. I hope you all
enjoyed ETAPS 2021.
Finally, a big thanks to Peter, Peter, Magali and their local organisation team for all
their enormous efforts to make ETAPS a fantastic online event. I hope there will be a
next opportunity to host ETAPS in Luxembourg.

February 2021 Marieke Huisman

ETAPS SC Chair
ETAPS e.V. President
 Preface

Welcome to the 30th European Symposium on Programming! ESOP 2021 was orig-
inally planned to take place in Luxembourg. Because of the COVID-19 pandemic, this
was changed to an online event. ESOP is one of the European Joint Conferences on
Theory and Practice of Software (ETAPS). It is devoted to fundamental issues in the
specification, design, analysis, and implementation of programming languages and
systems.
This volume contains 24 papers, which the program committee selected among 79
submissions. Each submission received between three and five reviews. After an author
response period, the papers were discussed electronically among the 25 PC members
and 98 external reviewers. The nine papers for which the PC chair had a conflict of
interest (11% of the total submissions) were kindly handled by Patrick Eugster.
The quality of the submissions for ESOP 2021 was astonishing, and very sadly, we
had to reject many strong papers. I would like to thank all the authors who submitted
their papers to ESOP 2021.
Finally, I truly thank the members of the program committee. I am very impressed
by their insightful and constructive reviews – every PC member has contributed very
actively to the online discussions under this difficult COVID-19 situation, and sup-
ported Patrick and me. It was a real pleasure to work with all of you! I am also grateful
to the nearly 100 external reviewers, who provided their expert opinions.
I would like to thank the ESOP 2020 chair Peter Müller for his instant help and
guidance on many occasions. I thank all who contributed to the organisation of ESOP–
the ESOP steering committee and its chair Peter Thiemann as well as the ETAPS
steering committee and its chair Marieke Huisman, who provided help and guidance.
I would also like to thank Alfredo Rial Duran, Barbara Könich, and Francisco Ferreira
for their help with the proceedings.

January 2021 Nobuko Yoshida

 Organization

Program Committee
Stephanie Balzer CMU
Sandrine Blazy University of Rennes 1 - IRISA
Viviana Bono Università di Torino
Brijesh Dongol University of Surrey
Patrick Eugster Università della Svizzera italiana (USI)
Marco Gaboardi Boston University
Dan Ghica University of Birmingham
Justin Hsu University of Wisconsin-Madison
Zhenjiang Hu Peking University
Robbert Krebbers Radboud University Nijmegen
Hongjin Liang Nanjing University
Yu David Liu SUNY Binghamton
Étienne Lozes I3S, University of Nice & CNRS
Corina Pasareanu CMU/NASA Ames Research Center
Alex Potanin Victoria University of Wellington
Guido Salvaneschi University of St. Gallen
Alan Schmitt Inria
Taro Sekiyama National Institute of Informatics
Zhong Shao Yale University
Sam Staton University of Oxford
Alexander J. Summers University of British Columbia
Vasco T. Vasconcelos University of Lisbon
Tobias Wrigstad Uppsala University
Nicolas Wu Imperial College London
Nobuko Yoshida Imperial College London
Damien Zufferey MPI-SWS

Additional Reviewers

Adamek, Jiri Besson, Frédéric

Alglave, Jade Bodin, Martin
Álvarez Picallo, Mario Canino, Anthony
Ambal, Guillaume Casal, Filipe
Amtoft, Torben Castegren, Elias
Ancona, Davide Castellan, Simon
Atig, Mohamed Faouzi Chakraborty, Soham
Avanzini, Martin Charguéraud, Arthur
Bengtson, Jesper Chen, Liqian
x Organization

Chen, Yixuan Maranget, Luc

Chini, Peter Martínez, Guido
Chuprikov, Pavel Mehrotra, Puneet
Cogumbreiro, Tiago Miné, Antoine
Curzi, Gianluca Mordido, Andreia
Dagnino, Francesco Muroya, Koko
Dal Lago, Ugo Murray, Toby
Damiani, Ferruccio Møgelberg, Rasmus Ejlers
Derakhshan, Farzaneh New, Max
Dexter, Philip Noizet, Louis
Dezani-Ciancaglini, Mariangiola Noller, Yannic
Emoto, Kento Novotný, Petr
Fernandez, Kiko Oliveira Vale, Arthur
Fromherz, Aymeric Orchard, Dominic
Frumin, Daniil Padovani, Luca
Gavazzo, Francesco Pagani, Michele
Gordillo, Pablo Parthasarathy, Gaurav
Gratzer, Daniel Paviotti, Marco
Guéneau, Armaël Power, John
Iosif, Radu Poças, Diogo
Jacobs, Jules Pérez, Jorge A.
Jiang, Hanru Qu, Weihao
Jiang, Yanyan Rand, Robert
Jongmans, Sung-Shik Rouvoet, Arjen
Jovanović, Dejan Sammler, Michael
Kaminski, Benjamin Lucien Sato, Tetsuya
Kerjean, Marie Sterling, Jonathan
Khayam, Adam Stutz, Felix Matthias
Kokologiannakis, Michalis Sutre, Grégoire
Krishna, Siddharth Swamy, Nikhil
Laird, James Takisaka, Toru
Laporte, Vincent Toninho, Bernardo
Lemay, Mark Toro, Matias
Lindley, Sam Vene, Varmo
Long, Yuheng Viering, Malte
Mamouras, Konstantinos Wang, Di
Mangipudi, Shamiek Zufferey, Damien
Visit https://textbookfull.com
now to explore a rich
collection of eBooks, textbook
and enjoy exciting offers!
 Contents

The Decidability of Verification under PS 2.0. . . . . . . . . . . . . . . . . . . . . . . 1

Parosh Aziz Abdulla, Mohamed Faouzi Atig, Adwait Godbole,
S. Krishna, and Viktor Vafeiadis

Data Flow Analysis of Asynchronous Systems using Infinite

Abstract Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Snigdha Athaiya, Raghavan Komondoor, and K. Narayan Kumar

Types for Complexity of Parallel Computation in Pi-Calculus. . . . . . . . . . . . 59

Patrick Baillot and Alexis Ghyselen

Checking Robustness Between Weak Transactional Consistency Models . . . . 87

Sidi Mohamed Beillahi, Ahmed Bouajjani, and Constantin Enea

Verified Software Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Lennart Beringer

An Automated Deductive Verification Framework for Circuit-building

Quantum Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Christophe Chareton, Sébastien Bardin, François Bobot,
Valentin Perrelle, and Benoît Valiron

Nested Session Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Ankush Das, Henry DeYoung, Andreia Mordido, and Frank Pfenning

Coupled Relational Symbolic Execution for Differential Privacy . . . . . . . . . . 207

Gian Pietro Farina, Stephen Chong, and Marco Gaboardi

Graded Hoare Logic and its Categorical Semantics . . . . . . . . . . . . . . . . . . . 234

Marco Gaboardi, Shin-ya Katsumata, Dominic Orchard,
and Tetsuya Sato

Do Judge a Test by its Cover: Combining Combinatorial

and Property-Based Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Harrison Goldstein, John Hughes, Leonidas Lampropoulos,
and Benjamin C. Pierce

For a Few Dollars More: Verified Fine-Grained Algorithm Analysis Down

to LLVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Maximilian P. L. Haslbeck and Peter Lammich

Run-time Complexity Bounds Using Squeezers. . . . . . . . . . . . . . . . . . . . . . 320

Oren Ish-Shalom, Shachar Itzhaky, Noam Rinetzky, and Sharon Shoham
xii Contents

Complete trace models of state and control . . . . . . . . . . . . . . . . . . . . . . . . 348

Guilhem Jaber and Andrzej S. Murawski

Session Coalgebras: A Coalgebraic View on Session Types

and Communication Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Alex C. Keizer, Henning Basold, and Jorge A. Pérez

Correctness of Sequential Monte Carlo Inference for Probabilistic

Programming Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Daniel Lundén, Johannes Borgström, and David Broman

Densities of Almost Surely Terminating Probabilistic Programs

are Differentiable Almost Everywhere . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Carol Mak, C.-H. Luke Ong, Hugo Paquet, and Dominik Wagner

Graded Modal Dependent Type Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . 462

Benjamin Moon, Harley Eades III, and Dominic Orchard

Automated Termination Analysis of Polynomial Probabilistic Programs . . . . . 491

Marcel Moosbrugger, Ezio Bartocci, Joost-Pieter Katoen,
and Laura Kovács

Bayesian strategies: probabilistic programs as generalised

graphical models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Hugo Paquet

Temporal Refinements for Guarded Recursive Types . . . . . . . . . . . . . . . . . . 548

Guilhem Jaber and Colin Riba

Query Lifting: Language-integrated query for heterogeneous

nested collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579
Wilmer Ricciotti and James Cheney

Reverse AD at Higher Types: Pure, Principled and Denotationally Correct . . . 607

Matthijs Vákár

Sound and Complete Concolic Testing for Higher-order Functions . . . . . . . . 635

Shu-Hung You, Robert Bruce Findler, and Christos Dimoulas

Strong-Separation Logic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664

Jens Pagel and Florian Zuleger

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693

 The Decidability of Verification under PS 2.0

Parosh Aziz Abdulla1 , Mohamed Faouzi Atig()1 , Adwait Godbole2 , S.

Krishna2 , and Viktor Vafeiadis3
1
Uppsala University, Uppsala, Sweden
{parosh,mohamed faouzi.atig}@it.uu.se
2
IIT Bombay, Mumbai, India
{adwaitg,krishnas}@cse.iitb.ac.in
3
MPI-SWS, Kaiserslautern, Germany
[email protected]

Abstract. We consider the reachability problem for finite-state multi-

threaded programs under the promising semantics (PS 2.0) of Lee et al.,
which captures most common program transformations. Since reachability
is already known to be undecidable in the fragment of PS 2.0 with only
release-acquire accesses (PS 2.0-ra), we consider the fragment with only
relaxed accesses and promises (PS 2.0-rlx). We show that reachability
under PS 2.0-rlx is undecidable in general and that it becomes decidable,
albeit non-primitive recursive, if we bound the number of promises.
Given these results, we consider a bounded version of the reachability
problem. To this end, we bound both the number of promises and of
“view-switches”, i.e., the number of times the processes may switch their
local views of the global memory. We provide a code-to-code translation
from an input program under PS 2.0 (with relaxed and release-acquire
memory accesses along with promises) to a program under SC, thereby
reducing the bounded reachability problem under PS 2.0 to the bounded
context-switching problem under SC. We have implemented a tool and
tested it on a set of benchmarks, demonstrating that typical bugs in
programs can be found with a small bound.

Keywords: Model-Checking · Memory Models · Promising Semantics

1 Introduction
An important long-standing open problem in PL research has been to define a
weak memory model that captures the semantics of concurrent memory accesses
in languages like Java and C/C++. A model is considered good if it can be
implemented efficiently (i.e., if it supports all usual compiler optimizations and
its accesses are compiled to plain x86/ARM/Power/RISCV accesses), and is
easy to reason about. To address this problem, Kang et al. [16] introduced the
promising semantics. This was the first model that supported basic invariant
reasoning, the DRF guarantee, and even a non-trivial program logic [30].
In the promising semantics, the memory is modeled as a set of timestamped
messages, each corresponding to a write made by the program. Each pro-
cess/thread records its own view of the memory—i.e., the latest timestamp for
c The Author(s) 2021
N. Yoshida (Ed.): ESOP 2021, LNCS 12648, pp. 1–29, 2021.
https://doi.org/10.1007/978-3-030-72019-3 1
2 P. A. Abdulla et al.

each memory location that it is aware of. A message has the form (x, v, (f, t], V )
where x is a location, v a value to be stored for x, (f, t] is the timestamp interval
corresponding to the write and V is the local view of the process who made the
write to x. When reading from memory, a process can either return the value
stored at the timestamp in its view or advance its view to some larger timestamp
and read from that message. When a process p writes to memory location x, a
new message with a timestamp larger than p’s view of x is created, and p’s view
is advanced to include the new message. In addition, in order to allow load-store
reorderings, a process is allowed to promise a certain write in the future. A
promise is also added as a message in the memory, except that the local view of
the process is not updated using the timestamp interval in the message. This is
done only when the promise is eventually fulfilled. A consistency check is used
to ensure that every promised message can be certified (i.e., made fulfillable) by
executing that process on its own. Furthermore, this should hold from any future
memory (i.e., from any extension of the memory with additional messages). The
quantification prevents deadlocks (i.e., processes from making promises they are
not able to fulfil). However, the unbounded number of future memories, that
need to be checked, makes the verification of even simple programs practically
infeasible. Moreover, a number of transformations based on global value range
analysis as well as register promotion were not supported in [16].
To address these concerns, Lee et al. developed a new version of the promising
semantics, PS 2.0 [22] PS 2.0 simplifies the consistency check and instead of
checking the promise fulfilment from all future memories, PS 2.0 checks for
promise fulfilment only from a specially crafted extension of the current memory
called capped memory. PS 2.0 also introduces the notion of reservations, which
allows a process to secure a timestamp interval in order to perform a future
atomic read-modify-write instruction. The reservation blocks any other message
from using that timestamp interval. Because of these changes, PS 2.0 supports
register promotion and global value range analysis, while capturing all features
(process local optimizations, DRF guarantees, hardware mappings) of the original
promising semantics. Although PS 2.0 can be considered a semantic breakthough,
it is a very complex model: it supports two memory access modes, relaxed (rlx)
and release-acquire (ra), along with promises, reservations and certifications.
Let PS 2.0-rlx (resp. PS 2.0-ra) be the fragment of PS 2.0 allowing only
relaxed (rlx) (resp. release-acquire (ra)) memory accesses. A natural and funda-
mental question to investigate is the verification of concurrent programs under
PS 2.0. Consider the reachability problem, i.e., whether a given configuration
of a concurrent finite-state program is reachable. Reachability with only ra
accesses has already been shown to be undecidable [1], even without promises
and reservations. That leaves us only the PS 2.0-rlx fragment, which captures the
semantics of concurrent ‘relaxed’ memory accesses in programming languages
such as Java and C/C++. We show that if an unbounded number of promises is
allowed, the reachability problem under PS 2.0-rlx is undecidable. Undecidability
is obtained with an execution with only 2 processes and 3 context switches, where
a context is a computation segment in which only one process is active.
 The Decidability of Verification under PS 2.0 3

Then, we show that reachability under PS 2.0-rlx becomes decidable if we

bound the number of promises at any time (however, the total number of promises
made within a run can be unbounded). The proof introduces a new memory
model with higher order words LoHoW, which we show equivalent to PS 2.0-rlx
in terms of reachable states. Under the bounded promises assumption, we use
the decidability of the coverability problem of well structured transition systems
(WSTS) [7,13] to show that the reachability problem for LoHoW with bounded
number of promises is decidable. Further, PS 2.0-rlx without promises and reser-
vations has a non-primitive recursive lower bound. Our decidability result covers
the relaxed fragment of the RC11 model [20,16] (which matches the PS 2.0-rlx
fragment with no promises). Given the high complexity for PS 2.0-rlx and the
undecidability of PS 2.0-ra, we next consider a bounded version of the reachabil-
ity problem. To this end, we propose a parametric under-approximation in the
spirit of context bounding [9,33,21,26,24,29,1,3]. The aim of context bounding
is to restrict the otherwise unbounded interaction between processes, and has
been shown experimentally in the case of SC programs to maintain enough
behaviour coverage for bug detection [24,29]. The concept of context bounding
has been extended for weak memory models. For instance, for RA, Abdula et
al. [1] proposed view bounding using the notion of view-switching messages and
a translation that keeps track of the causality between different variables. Since
PS 2.0 subsumes RA, we propose a bounding notion that extends view bounding.
Using our new bounding notion, we propose a source-to-source translation
from programs under PS 2.0 to context-bounded executions of the transformed
program under SC. The challenges in our translation differ a lot from that in [1],
as we have to provide a procedure that (i) handles different memory accesses rlx
and ra, (ii) guesses the promises and reservations in a non-deterministic manner,
and (iii) verifies that promises are fulfilled using the capped memory.
We have implemented this reduction in a tool, PS2SC. Our experimental
results demonstrate the effectiveness of our approach. We exhibit cases where
hard-to-find bugs are detectable using a small view-bound. Our tool displays
resilience to trivial changes in the position of bugs and the order of processes.
Further, in our code-to-code translation, the mechanism for making and certifying
promises and reservations is isolated in one module, and can easily be changed
to cover different variants of the promising semantics.
For lack of space, detailed proofs can be found in [5].

2 Preliminaries

In this section, we introduce the notation that will be used throughout.

Notations. Given two natural numbers i, j ∈ N s.t. i ≤ j, we use [i, j] to denote
{k | i ≤ k ≤ j}. Let A and B be two sets. We use f : A → B to denote that f is
a function from A to B. We define f [a → b] to be the function f  s.t. f  (a) = b
and f  (a ) = f (a ) for all a = a. For a binary relation R, we use [R]∗ to denote
its reflexive and transitive closure. Given an alphabet Σ, we use Σ ∗ (resp. Σ + )
to denote the set of possibly empty (resp. non-empty) finite words (also called
4 P. A. Abdulla et al.

simple words) over Σ. A higher order word over Σ is an element of (Σ ∗ )∗ (i.e.,

word of words). Let w = a1 a2 · · · an be a simple word over Σ, we use |w| to
denote the length of w. Given an index i in [1, |w|], we use w[i] to denote the ith
letter of w. Given two indices i and j s.t. 1 ≤ i ≤ j ≤ |w|, we use w[i, j] to denote
the word ai ai+1 · · · aj . Sometimes, we see a word as a function from [1, |w|] to Σ.
Program Syntax. The simple program-
ming language we use is described in Fig-
ure 1. A program Prog consists of a set
Loc of (global) variables or memory lo-
cations, and a set P of processes. Each
process p declares a set Reg (p) of (lo-
cal) registers followed by a sequence of la-
beled instructions. We assume that these
sets of registers are disjoint and we use
Reg := ∪p Reg (p) to denote their union.
We assume also a (potentially unbounded) Fig. 1: Syntax of programs.
data domain Val from which the registers and locations take values. All locations
and registers are assumed to be initialized with the special value 0 ∈ Val (if not
mentioned otherwise). An instruction i is of the form λ : s where λ is a unique
label and s isa statement. We use Lp to denote the set of all labels of the process
p, and L = p∈P Lp the set of all labels of all processes. We assume that the
execution of the process p starts always with a unique initial instruction labeled
by λpinit .
A write instruction is of the form xo = $r assigns the value of register $r to
the location x, and o denotes the access mode. If o = rlx, the write is a relaxed
write, while if o = ra, it is a release write. A read instruction $r = xo reads
the value of the location x into the local register $r. Again, if the access mode
o = rlx, it is a relaxed read, and if o = ra, it is an acquire read. Atomic updates
or RMW instructions are either compare-and-swap (CASor ,ow ) or FADDor ,ow .
Both have a pair of accesses (or , ow ∈ {rel, acq, rlx}) to the same location – a
read followed by a write. Following [22], FADD(x, v) stores the value of x into a
register $r, and adds v to x, while CAS(x, v1 , v2 ) compares an expected value
v1 to the value in x, and if the values are same, sets the value of x to v2 . The
old value of x is then stored in $r. A local assignment instruction $r = e assigns
to the register $r the value of e, where e is an expression over a set of operators,
constants as well as the contents of the registers of the current process, but not
referring to the set of locations. The fence instruction SC-fence is used to enforce
sequential consistency if it is placed between two memory access operations. For
simplicity, we will write assume(x = e) instead of $r = x; assume($r = e). This
notation is extended in the straightforward manner to conditional statements.

3 The Promising Semantics

In this section, we recall the promising semantics [22]. We present here PS 2.0
with three memory accesses, relaxed, release writes (rel) and acquire reads (acq).
 The Decidability of Verification under PS 2.0 5

Read-modify-writes (RMW) instructions have two access modes - one for read
and one for write. We keep aside the release and acquire fences (and subsequent
access modes), since they do not affect the results of this paper.

Timestamps. PS 2.0 uses timestamps to maintain a total order over all the
writes to the same variable. We assume an infinite set of timestamps Time,
densely totally ordered by ≤, with 0 being the minimum element. A view is a
timestamp function V : Loc → Time that records the largest known timestamp
for each location. Let T be the set containing all the timestamp functions, along
with the special symbol ⊥. Let Vinit represent the initial view where all locations
are mapped to 0. Given two views V and V  , we use V ≤ V  to denote that
V (x) ≤ V  (x) for x ∈ Loc. The merge operation between two views V and V 
returns the pointwise maximum of V and V  , i.e., (V V  )(y) is the maximum of
V (y) and V  (y). Let I denote the set of all intervals over Time. The timestamp
intervals in I have the form (f, t] where either f = t = 0 or f < t, with f, t ∈ Time.
Given an interval I = (f, t] ∈ I, I.frm and I.to denote f, t respectively.

Memory. In PS 2.0, the memory is modelled as a set of concrete messages

(which we just call messages), and reservations. Each message represents the
effect of a write or a RMW operation and each reservation is a timestamp interval
reserved for future use. In more detail, a message m is a tuple (x, v, (f, t], V )
where x ∈ Loc, v ∈ Val, (f, t] ∈ I and V ∈ T. A reservation r is a tuple (x, (f, t]).
Note that a reservation, unlike a message, does not commit to any particular value.
We use m.loc (r.loc), m.val, m.to (r.to), m.frm (r.frm) and m.View to denote
respectively x, v, t, f and V . Two elements (either messages or reservations) are
 m2 .loc)
said to be disjoint (m1 #m2 ) if they concern different variables (m1 .loc =
or their intervals do not overlap (m1 .to ≤ m2 .frm∨m1 .frm ≥ m2 .to). Two sets of
elements M, M  are disjoint, denoted M #M  , if m#m for every m ∈ M, m ∈ M  .
Two elements m1 , m2 are adjacent denoted Adj(m1 , m2 ) if m1 .loc = m2 .loc
and m1 .to = m2 .frm. A memory M is a set of pairwise disjoint messages and
reservations. Let M be the subset of M containing only messages (no reservations).
For a location x, let M (x) be {m ∈ M | m.loc = x}. Given a view V and a
memory M , we say V ∈ M if V (x) = m.to for some message m ∈ M  for every
x ∈ Loc. Let M denote the set of all memories.
Insertion into Memory. Following [22], a memory M can be extended with a
message (due to the execution of a write/RMW instruction) or a reservation m
with m.loc = x, m.frm = f and m.to = t in a number of ways:
A
Additive insertion M ← m is defined only if (1) M #{m}; (2) if m is a message,
then no message m ∈ M has m .loc = x and m .frm = t; and (3) if m is a
reservation, then there exists a message m ∈ M
 with m .loc = x and m .to = f .
A
The extended memory M ← m is then M ∪ {m}.
S
Splitting insertion M ← m is defined if m is a message, and, if there exists
a message m = (x, v  , (f, t ], V ) with t < t in M . Then M is updated to
S
M ← m = (M \{m } ∪ {m, (x, v  , (t, t ], V )}).
6 P. A. Abdulla et al.

L
Lowering Insertion M ← m is only defined if there exists m in M that is identical
to m = (x, v, (f, t], V ) except for m.View ≤ m .View. Then, M is updated to
L
M ← m = M \{m } ∪ {m}.
Transition System of a Process. Given a process p ∈ P, a state σ of p is
defined by a pair (λ, R) where λ ∈ L is the label of the next instruction to be
executed by p and R : Reg → Val maps each register of p to its current value.
(Observe that we use the set of all labels L (resp. registers Reg) instead of Lp
(resp. Reg (p)) in the definition of σ just for the sake of simplicity.) Transitions
t
between the states of p are of the form (λ, R) = ⇒ (λ , R ) with t is on one of
p
the following forms: , rd(o, x, v), wt(o, x, v), U(or , ow , x, vr , vw ), and SC-fence. A
rd(o,x,v)
transition of the form (λ, R) =====⇒ (λ , R ) denotes the execution of a read
p
instruction of the form $r = xo labeled by λ where (1) λ is the label of the
next instructions that can be executed after the instruction labelled by λ, and
(2) R is the mapping that results from updating the value of the register $r in
t
⇒ (λ , R ) is defined in similar manner
R to v. The transition relation (λ, R) =
p
for the other cases of t where wt(o, x, v) stands for a write instruction that
writes the value v to x, U(or , ow , x, vr , vw ) stands for a RMW that reads the
value vr from x and write vw to it, SC-fence stands for a SC-fence instruction,
and  stands for the execution of the other local instructions. Observe that
o, or , ow are the access modes which can be rlx or ra. We use ra for both
t
release and acquire. Finally, we use (λ, R) − → (λ , R ), with t =
 , to denote that
p
   t  
⇒ σ1 =
(λ, R) = ⇒ ··· =
⇒ σn =
⇒ σn+1 = ⇒ (λ , R ).
⇒ ··· =
p p p p p p
Machine States. A machine state MS is a tuple ((J, R), VS, PS, M, G), where
J : P → L maps each process p to the label of the next instruction to be executed,
R : Reg → Val maps each register to its current value, VS = P → T is the process
view map, which maps each process to a view, M is a memory and P S : P → M
maps each process to a set of messages (called promise set), and G ∈ T is the
global view (that will be used by SC fences). We use C to denote the set of
all machine states. Given a machine state MS = ((J, R), VS, PS, M, G) and a
process p, let MS↓p denote (σ, VS(p), PS(p), M, G), with σ = (J(p), R(p)), (i.e.,
the projection of the machine state to the process p). We call MS↓p the process
configuration. We use Cp to denote the set of all process configurations.
The initial machine state MS init = ((Jinit , Rinit ), VSinit , PSinit , Minit , Ginit ) is
one where: (1) Jinit (p) is the label of the initial instruction of p; (2) Rinit ($r) = 0
for every $r ∈ Reg; (3) for each p, VS(p) = Vinit as the initial view (that maps each
location to the timestamp 0); (4) for each p, the set of promises PSinit (p) is empty;
(5) the initial memory Minit contains exactly one initial message (x, 0, (0, 0], Vinit )
per location x; and (6) the initial global view maps each location to 0.
Transition Relation. We first describe the transition (σ, V, P, M, G) − →
p
(σ  , V  , P  , M  , G ) between process configurations in Cp from which we induce
the transition relation between machine states.
 The Decidability of Verification under PS 2.0 7

Memory Helpers Process Helpers

m = (x, −, (−, t], K) ∈ M V (x) ≤ t
o = rlx ⇒ V  = V [x → t]
(MEMORY : NEW) o = ra ⇒ V  = V [x → t]  K
 A
 o,m
V −−→ V 
m
(P, M ) −→ P  , M ← m rd

m = (x, −, (−, t], K) ∈ M, V (x) < t

MEMORY FULFIL
 S
 L
o = rlx ⇒ K = ⊥, o = ra ⇒ P (x) = ∅ ∧ K = V 
←∈ ←, ← , P  = P ← m, M  = M ← m (P, M ) −→ (P  , M  ) V  = V [x → t]
m

m o,m
(P, M ) −→ (P  \{m}, M  ) (V, P, M ) −−→ (V  , P  , M  )
wt
Process Steps
Read Write
rd(o,x,v)  wt(o,x,v)
σ −−−−−−→ σ σ −−−−−−→ σ 
p p
o,m  o,m
m = (x, v, (−, −], −), V −−→ V m = (x, v, (−, −], −), (V, P, M ) −−→ (V  , P  , M  )
rd wt
(σ, V, P, M, G) −
→ (σ  , V  , P, M, G) (σ, V, P, M, G) −
→ (σ  , V  , P  , M  , G)
p p

SC-fence Promise
m = (−, −, (−, −], K),
SC-fence 
−−−−
σ− → σ A
M  = M ← m, K ∈ M 
p
 
(σ, V, P, M, G) −
→ (σ  , V  G, P, M, G  V ) (σ, V, P, M, G) −
A
→ σ, V, P ← m, M  , G
p
p
Update
U (or ,ow ,x,vr ,vw )
σ −−−−−−−−−−−→ σ  , mr = (x, vr , (−, t], −), mw = (x, vw , (t, −], −),
p
or ,mr ow ,mw
V −−−−→ V  , (V  , P, M ) − → (V  , P  , M  )
−−−−
rd wt
(σ, V, P, M, G) −
→ (σ  , V  , P  , M  , G)
p

Fig. 2: A subset of PS 2.0 inference rules at the process level.

Process Relation. The formal definition of −

→ is given in Figure 2. Below, we
p
explain these inference rules. Note that the full set of rules can be found in [5].
Read A process p can read from M by observing a message m = (x, v, (f, t], K) if
V (x) ≤ t (i.e., p must not be aware of a later message for x). In case of a relaxed
read rd(rlx, x, v), the process view of x is updated to t, while for an acquire read
rd(ra, x, v), the process view is updated to V [x → t] K. The global memory
M , the set of promises P , and the global view G remain the same.
Write. A process can add a fresh message to the memory (MEMORY : NEW) or
fulfil an outstanding promise (MEMORY : FULFILL). The execution of a write
(wt(rlx, x, v)) results in a message m with location x along with a timestamp in-
terval (−, t]. Then, the process view for x is updated to t. In case of a release write
(wt(ra, x, v)) the updated process view is also attached to m, and ensures that
the process does not have an outstanding promise on x. (MEMORY : FULFILL)
allows to split a promise interval or lower its view before fulfilment.
Update. When a process performs a RMW, it first reads a message m =
(x, v, (f, t], K) and then writes an update message with frm timestamp equal to
t; that is, a message of the form m = (x, v  , (t, t ], K  ). This forbids any other
8 P. A. Abdulla et al.

write to be placed between m and m . The access modes of the reads and writes
in the update follow what has been described for the read and write above.
Promise, Reservation and Cancellation. A process can non-deterministically
promise future writes which are not release writes. This is done by adding a
message m to the memory M s.t. m#M and to the set of promises P . Later, a
relaxed write instruction can fulfil an existing promise. Recall that the execution
of a release write requires that the set of promises to be empty and thus it can not
be used to fulfil a promise. In the reserve step, the process reserves a timestamp
interval to be used for a later RMW instruction reading from a certain message
without fixing the value it will write. A reservation is added both to the memory
and the promise set. The process can drop the reservation from both sets using
the cancel step in non-deterministic manner.
SC fences. The process view V is merged with the global view G, resulting in
V G as the updated process view and global view.
Machine Relation. We are ready now to define the induced transition relation
between machine states. For machine states MS = ((J, R), V S, P S, M, G) and
MS  = ((J  , R ), V S  , P S  , M  , G ), we write MS −
→ MS  iff (1) MS↓p −
→
p p
MS↓p and (J(p ), V S(p ), P S(p )) = (J  (p ), V S  (p ), P S  (p )) for all p = p.
Consistency. According to Lee et al. [22], there is one final requirement on
machine states called consistency, which roughly states that, from every encoun-
tered machine state, all the messages promised by a process p can be certified
(i.e., made fulfillable) by executing p on its own from a certain future memory
(called capped memory), i.e., extension of the memory with additional reservation.
Before defining consistency, we need to introduce capped memory.
Cap View, Cap Message and Capped Memory. The last element of a memory
M with respect to a location x, denoted by mM,x , is an element from M (x)
with the highest timestamp among all elements of M (x) and is defined as
mM,x = maxm∈M (x) m.to. The cap view of a memory M , denoted by VM , is the
view which assigns to each location x, the to timestamp in the message mM
,x .

That is, VM = λx.m  .to. Recall that M denote the subset of M containing

M ,x

only messages (no reservations). The cap message of a memory M with respect
to a location x, is given by m
 M,x = (x, mM,x .val, (mM,x .to, mM,x .to + 1], VM ).

Then, the capped memory of a memory M , wrt. a set of promises P , denoted
by MP , is an extension of M , defined as: (1) for every m1 , m2 ∈ M with
m1 .loc = m2 .loc, m1 .to < m2 .frm, and there is no message m ∈ M (m1 .loc) such
that m1 .to < m .to < m2 .to, we include a reservation (m1 .loc, (m1 .to, m2 .frm])
in M
P , and (2) we include a cap message m  M,x in MP for every variable x unless
mM,x is a reservation in P .
Consistency. A machine state MS = ((J, R), V S, P S, M, G) is consistent if every
process p can certify/fulfil all its promises from the capped memory M P S(p) , i.e.,
((J, R), V S, P S, M →] ((J , R ), V S , P S , M , G ) with P S  (p) = ∅.
P S(p) , G) [− ∗      
p
Visit https://textbookfull.com
now to explore a rich
collection of eBooks, textbook
and enjoy exciting offers!
 The Decidability of Verification under PS 2.0 9

The Reachability Problem in PS 2.0. A run of Prog is a sequence of the

form: MS 0 [−−→]∗ MS 1 [−−→]∗ MS 2 [−−→]∗ . . .[−−→]∗ MS n where MS 0 = MS init
pi1 pi2 pi3 pin
is the initial machine state and MS 1 , . . . , MS n are consistent machine states.
Then, MS 0 , . . . , MS n are said to be reachable from MS init .
Given an instruction label function J : P → L that maps each process p ∈ P
to an instruction label in Lp , the reachability problem asks whether there exists
a machine state of the form ((J, R), V, P, M, G) that is reachable from MS init .
A positive answer to this problem means that J is reachable in Prog in PS 2.0.

4 Undecidability of Consistent Reachability in PS 2.0

The reachability problem is undecidable for PS 2.0 even for finite-state programs.
The proof is by a reduction from Post’s Correspondence Problem (PCP) [28]. A
PCP instance consists of two sequences u1 , . . . , un and v1 , . . . , vn of non-empty
words over some alphabet Σ. Checking whether there exists a sequence of indices
j1 , . . . , jk ∈ {1, . . . , n} s.t. uj1 . . . ujk = vj1 . . . vjk is undecidable. Our proof works
with the fragment of PS 2.0 having only relaxed (rlx) memory accesses and
crucially uses unboundedly many promises to ensure that a process cannot skip
any writes made by another process. We construct a concurrent program with
two processes p1 and p2 over a finite data domain. The code of p1 is split into two
modes: a generation mode and a validation mode by a if and its else branch.
The if branch is entered when the value of a boolean location validate is 0 (its
initial value). We show that reaching the instructions annotated by // and // in
p1 , p2 is possible iff the PCP instance has a solution. We give below an overview
of the execution steps leading to the annotated instructions.

– Process p1 promises to write letters of ui (one by one) to a location x, and

the respective indices i to a location index . The number of made promises
is arbitrary, since it depends on the length of the PCP solution. Observe
that the sequence of promises made to the variable index corresponds to the
guessed solution of the PCP problem.
– Before switching out of context, p1 certifies its promise using the if branch
which consists of a loop that non-deterministically chooses an index i and
writes i to index and ui to x. The promises of p1 are as yet not fulfilled; this
happens in the else branch of p1 , when it writes the promised values.
– p2 reads from the sequences of promises written to x and index and copies
them (one by one) to variables y and index  respectively. Then, p2 sets
validate to 1 and reaches //.
– The else branch in p1 is enabled at this point, where p1 reads the sequence
of indices from index  , and each time it reads an index i from index  , it checks
that it can read the sequence of letters of vi from y.
– p1 copies the sequence of observed values from y and index  back to x and
index respectively. To fulfil the promises, it is crucial that the sequence of
read values from index  (resp. y) is the same as the sequence of promised
values to index (resp. x). Since y holds a sequence vi1 . . . vik , the promises
10 P. A. Abdulla et al.

are fulfilled if and only if this sequence is same as the promised sequence
ui1 . . . uik . This happens only when i1 , . . . , ik is a PCP solution.
– At the end of promise fulfilment, p1 reaches //.

Our undecidability result is also tight in the sense that the reachability problem
becomes decidable when we restrict ourselves to machine states where the number
of promises is bounded. Further, our proof is robust: it goes through for PS 1.0
[16]. Let us call the fragment of PS 2.0 with only rlx memory accesses PS 2.0-rlx.

Theorem 1. The reachability problem for concurrent programs over a finite data
domain is undecidable under PS 2.0-rlx.

5 Decidable Fragments of PS 2.0

Since keeping ra memory accesses renders the reachability problem undecidable

[1] and so does having unboundedly many promises when having rlx memory
accesses (Theorem 1), we address in this section the decidability problem for
PS 2.0-rlx with a bounded number of promises in any reachable configuration.
Bounding the number of promises in any reachable machine state does not
imply that the total number of promises made during that run is bounded. Let
bdPS 2.0-rlx represent the restriction of PS 2.0-rlx to boundedly many promises
where the number of promises in each reachable machine state is smaller or equal
to a given constant. Notice that the fragment bdPS 2.0-rlx subsumes the relaxed
fragment of the RC11 model [20,16].We assume here a finite data domain.
To establish the decidability of the reachability of bdPS 2.0-rlx, we introduce
an alternate memory model for concurrent programs called LoHoW (for “lossy
higher order words”). We present the operational semantics of LoHoW, and show
that (1) PS 2.0-rlx is reachability equivalent to LoHoW, (2) under the bounded
promise assumption, reachability is decidable in LoHoW (hence, bdPS 2.0-rlx).
Introduction to LoHoW. Given a concurrent program Prog, a state of LoHoW
maintains a collection of higher order words, one per location of Prog, along
with the states of all processes. The higher order word HWx corresponding to
the location x is a word of simple words, representing the sub memory M (x)
in PS 2.0-rlx. Each simple word in HWx is an ordered sequence of “memory
types”, that is, messages or promises in M (x), maintained in the order of their
to timestamps in the memory. The word order between memory types in HWx
represents the order induced by time stamps between memory types in M (x).
The key information to encode in each memory type of HWx is: (1) is it a message
(msg) or a promise (prm) in M (x), (2) the process (p) which added it to M (x),
the value (val) it holds, (3) the set S (called pointer set) of processes that have
seen this memory type in M (x) and (4) whether the adjacent time interval to
the right of this memory type in M (x) has been reserved by some process.
Memory Types. To keep track of (1-4) above, a memory type is an element of
Σ ∪ Γ with, Σ = {msg, prm} × Val × P × 2P (for 1-3) and Γ = {msg, prm} × Val ×
P × 2P × P (for 4). We write a memory type as (r, v, p, S, ?). Here r represents
 The Decidability of Verification under PS 2.0 11

either msg (message) or prm (promise) in M (x), v is the value, p is the process
that added the message/promise, S is a pointer set of processes whose local view
(on x) agrees with the to timestamp of the message/promise. If the type ∈ Γ , the
fifth component (?) is the process id that has reserved the time slot right-adjacent
to the message/promise. ? is a wildcard that may (or not) be matched.
Simple Words. A simple word ∈ Σ ∗ #(Σ ∪ Γ ), and each HWx is a word
∈ (Σ ∗ #(Σ ∪ Γ ))+ . # is a special symbol not in Σ ∪ Γ , which separates the
last symbol from the rest of the simple word. Consecutive symbols of Σ in a
simple word in HWx represent adjacent messages/promises in M (x) and are
hence unavailable for a RMW. # does not correspond to any element from the
memory, and is used to demarcate the last symbol of the simple word.

Fig. 3: A higher order word HW (black) with four embedded simple words (pink).
Higher order words. A higher order word is a sequence of simple words. Figure
3 depicts a higher order word with four simple words. We use a left to right
order in both simple words and higher order words. Furthermore, we extend
in the straightforward manner the classical word indexation strategy to higher
order words. For example, the symbol at the third position of the higher order
word HW in Figure 3 is HW[3] = (msg, 2, p, {p, q}). A higher order word HW is
well-formed iff for every p ∈ P, there is a unique position i in HW having p in its
pointer set; that is, HW[i] is of the form (−, −, −, S, ?) ∈ Σ ∪ Γ s.t. p ∈ S. The
higher order word given in Figure 3 is well-formed. We will use ptr(p, HW) to
denote the unique position i in HW having p in its pointer set. We assume that
all the manipulated higher
g order words are well-formed.

Fig. 4: Map from memories M (x), M (y) to higher order words HWx , HWy .
Each higher order word HWx represents the entire space [0, ∞) of available
timestamps in M (x). Each simple word in HWx represents a timestamp interval
(f, t], while consecutive simple words represent disjoint timestamp intervals (while
preserving order). The memory types constituting each simple word take up
adjacent timestamp intervals, spanning the timestamp interval of the simple word.
The adjacency of timestamp intervals within simple words is used in RMW steps
and reservations. The last symbol in a simple word denotes a message/promise
which, (1) if in Σ, is available for a RMW, while (2) if in Γ , is unavailable for
RMW since it is followed by a reservation. Symbols at positions other than
the rightmost in a simple word, represent messages/promises which are not
12 P. A. Abdulla et al.

available for RMW. Figure 4 presents a mapping from a memory of PS 2.0-rlx to

a collection of higher order words (one per location) in LoHoW.
Initializing higher order words. For each location x ∈ Loc, the initial higher
order word HWinit
x is defined as , where P is the set of all processes
and p1 is some process in P. The set of all higher order words HWinit x for all
locations x represents the initial memory of PS 2.0-rlx where all locations have
value 0, and all processes are aware of the initial message.
Simulating PS 2.0 Memory Operations in LoHoW. In the following, we
describe how to handle PS 2.0-rlx instructions in LoHoW. Since we only have
the rlx mode, we denote Reads, Writes and RMWs as wt(x, v), rd(x, v) and
U(x, vr , vw ), dropping the modes.
Reads. To simulate a rd(x, v) by a process p in LoHoW, we need an index
j ≥ ptr(p, HWx ) in HWx such that HWx [j] is a memory type with value v of the
form (−, v, −, S  , ?) (? denotes that the type is either from Σ or Γ ). The read is
simulated by adding p to the set S  and removing it from its previous set.

Fig. 5: Transformation of HWx on a read. (? denotes that type is from Σ or Γ )

Writes. A wt(x, v) by a process p (writing v to x) is simulated by adding a new
msg type in HWx with a timestamp higher than the view of p for x: (1) add the
simple word (msg, v, p, {p}) to the right of ptr(p, HWx ) or (2) there is α ∈ Σ such
that the word w#α is in HWx to the right of ptr(p, HWx ). Modify w#α to get
wα#(msg, v, p, {p})·. Remove p from its previous pointer set.

Fig. 6: Transformation of HWx on a write. (? denotes that type is from Σ or Γ ).

RMWs. Capturing RMWs is similar to the execution of a read followed by
a write. In PS 2.0-rlx, a process p performing an RMW, reads from a mes-
sage with a timestamp interval (, t] and adds a message to M (x) with times-
tamp interval (t, −]. Capturing RMWs needs higher order words. Consider a
U(x, vr , vw ) step by process p. Then, there is a simple word in
HWx having (−, vr , −, S) as the last memory type whose position is to the right
of ptr(p, HWx ). As usual, p is removed from its pointer set, #(−, vr , −, S) is
replaced with (−, vr , −, S\{p})# and (−, vw , p, {p}) is appended, resulting in
extending to .
Promises, Reservations and Cancellations. Handling promises made by a process p
in PS 2.0-rlx is similar to handling wt(x, v): we add the simple word
in HWx to the right of the position ptr(p, HWx ), or append (prm, v, p, {}) at the
 The Decidability of Verification under PS 2.0 13

end of a simple word with a position larger than ptr(p, HWx ). The memory type
has tag prm (a promise), and the pointer set is empty (since making a promise
does not lift the view of the promising process). Splitting the time interval of a
promise is simulated in LoHoW by inserting a new memory type right before the
corresponding promise memory type (prm, −, p, S), while fulfilment of a promise
by a process p results in replacing (prm, v, p, S) with (msg, v, p, S ∪ {p}).
In PS 2.0-rlx, a process p makes a reservation by adding the pair (x, (f, t])
to the memory, given that there is a message/promise in the memory with
timestamp interval (−, f ]. In LoHoW this is captured by “tagging” the rightmost
memory type (message/promise) in a simple word with the name of the process
that makes the reservation. This requires us to consider the memory types from
Γ = {msg, prm} × Val × P × 2P × P where the last component stores the process
which made the reservation. Such a memory type always appears at the end of a
simple word, and represents that the next timestamp interval adjacent to it has
been reserved. Observe that nothing can be added to the right of a memory type
of the form (msg, v, p, S, q). Thus, reservations are handled as follows.

(Res) Assume the rightmost symbol in a simple word as (msg, v, p, S). To capture
the reservation by q, (msg, v, p, S) is replaced with (msg, v, p, S, q).
(Can) A cancellation is done by removing the last component q from
(msg, v, p, S, q) resulting in (msg, v, p, S).

Certification In PS 2.0-rlx, certification for a process p happens from the capped

memory, where intermediate time slots (other than reserved ones) are blocked,
and any new message can be added only at the maximal timestamp. This is
handled in LoHoW by one of the following: (1) Addition of new memory types is
allowed only at the right end of any HWx , or (2) If the rightmost memory type
in HWx is of form (−, v, −, −, q) with q =
 p (a reservation by q), then the word
#(msg, v, q, {}) is appended at end of HWx .
Memory is altered in PS 2.0-rlx during certification phase to check for promise
fulfilment, and at the end of the certification phase, we resume from the memory
which was there before. To capture this in LoHoW, we work on a duplicate
of (HWx )x∈Loc in the certification phase. Notice that the duplication allows
losing non-deterministically, empty memory types: these are memory types whose
pointer set is empty, as well as redundant simple words, which are simple words
consisting entirely of empty memory types. This copy of HWx is then modified
during certification, and is discarded once we finish the certification phase.

5.1 Formal Model of LoHoW

In the following, we formally define LoHoW and state the equivalence of the
reachability problem in PS 2.0-rlx and LoHoW. For a memory type m = (r, v, p, S)
(or m = (r, v, p, S, q)), we use m.value to denote v. For a memory type (r, v, p, S, ?)
and a process p ∈ P, we define the following: add(m, p ) ≡ (r, v, p, S ∪ {p }, ?)
and del(m, p ) ≡ (r, v, p, S \ {p }, ?). This corresponds to the addition/deletion of
the process p to/from the set of pointers of m. Extending the above notation,
Random documents with unrelated
content Scribd suggests to you:
questions, i. 145;
inception of the Siberian Railway, i. 149–155;
Boxer Rebellion, i. 154, 155;
her intentions as to Manchuria, and the result, i. 157–170;
treaty with China, i. 158, 160;
influence of M. de Witte, i. 171;
the Royal Timber Company, i. 172–184, 306–313;
pyramid of her interests, i. 185, 186;
establishment of a Viceroyalty in the Far East, i. 187;
Kuropatkin’s special reports, i. 188–193;
her bluff, i. 194–198;
reasons for her reverses in the war with Japan, i. 229–309, ii.
1–97;
suggested improvements in the army, ii, 98–176;
summary of the war, ii. 177–287;
conclusions upon the battle of Mukden, i. 288–305;
breakdown of the unit organization and distribution, ii. 314–
335
Russki Invalid, article on military expenditure, i. 111, 112;
on duty and love of country, ii. 78–80
Russo-Chinese Bank, De Witte’s influence over the, i. 172

Saghalien, Russian garrison at, i. 148, 200;

part concession of, to Japan, i. 232
St. George, the Cross of, ii. 16
St. Petersburg Convention, i. n. 21
Sakharoff, General, Chief of the Headquarter Staff, i. 115, 207;
War Minister, i. 252;
the Siberian Railway, i. 261;
mobilization, i. 272, 273, 276, 277;
unfitness of generals, i. 300;
his description of the Japanese plans, ii. 30;
commands the Southern Force, ii. 209
Samoiloff, Lieutenant-Colonel, military attaché in Japan,
his views on Japanese strength, i. 208
Samsonoff, General, and his Siberian Cossacks, ii. 234
Sappers. See Engineers
Serfs, emancipation of the, i. 23, 24
Servia, war with Turkey, i. 24
Sevastopol, siege of, i. 18, 19, 83;
Russian loss at, i. 98
Sha Ho, Russian strength at battle of, i. 242, ii. 182;
Japanese loss at, ii. 193
Shipka Pass, defence of the, i. 26, 30
Shtakelberg, General:
on the Yalu, ii. 38;
concentration at Te-li-ssu, ii. 218, 219;
battle near the Yen-tai Mines, ii. 234;
strength of his force, ii. n. 78;
faulty disposition of his troops, ii. 246, 247;
his attack on Su-ma-pu, ii. 262
Siberian Railway. See Railways
Siberian Rifle Regiments, East, expansion and value of, i. 124–
126, ii. 183, 207
Sinope, Russian victory at, i. 15, 16, 107
Skobeleff, General, at Plevna, i. 26, 28;
seizes Geok Tepe, i. 31, 85, 148
Solovieff, M., historian, the Crimean War, i. 21, 22
Sosnovski, Lieutenant-Colonel, and the Chinese, i. 92
Spade, revival in the army of the use of the, i. 142
Stössel, General:
defence of Port Arthur, ii. 213;
his alarmist reports, ii. 229
Subotin, General, capture of Mukden, i. 155
Sungari River, Russian withdrawal to, i. 232
Surrender, the question of, ii. 175
Suvoroff, Russian battleship, gallantry on the, i. 240
Suvoroff, General, his campaigns, i. 8, 10
Sviatosloff, Grand-Duke, i. 4
Sweden as Russia’s neighbour, i. 3;
war with Russia, i. 12, 36;
her Russian frontier, i. 40–44

Tartars as Russia’s neighbours, i. 3

Ta-shih-chiao, battle of, ii. 182
Tashkent, Russian occupation of, i. 87, 147
Tchernaya, battle of the, i. 18
Telegraph and telephones, need for, ii. 143, 144, 162
Te-li-ssu, Russian disaster at, i. 257, 258
Territorial system, the, ii. 126
Tieh-ling, retirement from, ii. 86
Timber Company, the Royal:
its importance, i. 169;
Bezobrazoff’s propositions, i. 172;
investigation of, i. 173–184;
history of, ii. 306–313
Todleben, General:
Crimean War, i. 21;
assault on Plevna, i. 26
Togo, Admiral:
naval battle at Port Arthur, i. 238, 240
Topornin, General, ii. 276, 292, 297
Trans-Baikal Railway to Vladivostok, i. 69;
capacity of, i. 247–256
Trans-Baikal Cossack, success of, ii. 153
Triple Alliance, the, i. 46, 51, 87, 113
Trous de loup, i. 215, 216
Trubetski, Prince, President of the Moscow nobility,
correspondence with Kuropatkin, ii. 198–200
Tserpitski, General, ii. 279, 280, 290, 296, 297, 330
Tsitsihar, capture of, i. 155, ii. 322
Tsushima, defeat of Russian fleet at, i. 238–241
Turkey, and Russia, i. 3;
wars with Russia, i. 6, 81–83;
 her army, i. 15;
her peace strength, i. 15;
Crimean War, i. 16;
war with Servia and Russia, i. 24;
Plevna, i. 25;
Russian loss, i. 36;
possibility of trouble with Russia, i. 58
Turkomans, Russian expedition against the, i. 30–32, 85, 86

Ujin, Colonel, his pack telephone system, ii. n. 45

Uniform, value of, ii. 100–103
Units, proposed details of, ii. 161–163;
breakdown of, ii. 314–335
Ushakoff, Russian ironclad, total loss of, at Tsushima, i. 240
Ussuri districts, Russian annexation of, i. 35, 69, 200

Vannovski, General, War Minister:

the improvement of the army, i. 113;
succeeded by General Kuropatkin, i. 115;
on the allotment of funds, i. 117
Velichko, Major-General, armament for Port Arthur, i. 128
Viceroyalty, establishment of the, i. 187
Vladivostok:
Trans-Baikal Railway, i. 69;
fortification of, i. 126, 148, 151, 200;
Russian fleet at, i. 237;
 daring sally from, i. 239;
garrison at, ii. 206
Vogak, Major-General, council at Port Arthur, i. 180

War Department (see also Army), problems for the Russian, i.

1–39;
expansion of the army, and growing complications of defence
problems, i. 78–96;
the chief duty of the twentieth century, i. 102–104;
taken by surprise, i. 105;
estimate procedure and inadequacy of funds allotted, i. 116–
122, 138, 139;
ready by September, 1905, i. 134;
lines of communication 5,400 miles long, i. 135;
dual capacity of Finance Minister, i. 139;
Manchurian and Korean questions, i. 145–198;
reasons for the Russian reverses, i. 229–309, ii. 1–97;
measures for the improvement of the army, ii. 98–176;
the causes of Russian failure summarized, ii. 177–204
Wei-hai-wei, Japanese occupation of, ii. 30
Witgeft, Admiral, his death while attacking the Japanese fleet, i.
238
Witte, Sergius de, Minister of Finance, and Dalny, i. 127, 172;
his dual capacity, i. 139;
his influence, i. 171;
and the Russo-Chinese Bank, i. 172;
and the evacuation of Manchuria, i. 173;
and the Royal Timber Company, i. 173–184, ii. 306–313

Yakub Beg, death of, i. 92

Yalu, battles on the, i. 125, 257, ii. 38;
the timber concession, i. 169–184, ii. 306–313;
naval engagement at the mouth of the, i. 202
Yellow Peril, the, a reality, ii. 200
Yen-tai mines, battle at the, ii. 234–236

Zarubaeff, General, i. 303;

withdraws his troops towards Hai-cheng, ii. 225;
the retreat from Mukden, ii. 232, 285, 286, 333
Zasulitch, General, his defeat, ii. 38, 211, 212, 225
Zikoff, ii. 212

THE END
BILLING AND SONS, LTD., PRINTERS, GUILDFORD
JUST OUT.
ARTILLERY AND EXPLOSIVES.
ESSAYS AND LECTURES WRITTEN AND DELIVERED AT
VARIOUS TIMES.
By Sir Andrew Noble, K.C.B., D.C.L., F.R.S.

With Numerous Diagrams and Illustrations. Medium 8vo. 21s.

net.
“The experience of Sir Andrew Noble covers such a wide field, and so
many important changes have taken place in connection with rifled guns,
their ammunition and projectiles, during the long period dealt with, that the
views of so eminent an expert are of an incalculable value. He is therefore to
be congratulated on his decision to bring into one volume the mass of
important information and invaluable details respecting the progress in naval
and artillery science.”—Broad Arrow.

THE FRONTIERSMAN’S POCKET BOOK.

Compiled and Edited by Roger Pocock, on behalf of the Council
of
the Legion of Frontiersmen.
With Illustrations. Leather, 5s. net.
“A very handy and well-packed little volume.... It brings together a large
amount of well-digested practical information about camping, means of
travel, signals, shooting, first-aid, and, in short, everything that a pioneering,
handy man ought to know.... May be heartily recommended to all classes of
scouts and frontiersmen.”—Scotsman.

FORTIFICATION:
ITS PAST ACHIEVEMENTS, RECENT DEVELOPMENTS,
FUTURE PROGRESS.
By Colonel Sir George S. Clarke, R.E., K.C.M.G., F.R.S.,
 Governor of Bombay.
New Edition Enlarged. With numerous Illustrations.
Medium 8vo. 18s. net.
“The reflections of this great soldier-statesman will be found as
fascinating as they are instructive, and that reasonable intelligence is the
only essential qualification for reading them with profit as well as with
interest and pleasure.”—Westminster Gazette.

THE BATTLE OF WAVRE AND

GROUCHY’S RETREAT.
A STUDY OF AN OBSCURE PART OF
THE WATERLOO CAMPAIGN.
By W. Hyde Kelly, R.E.

With Maps and Plans. Demy 8vo. 8s. net.

“ ... brings forward, with a vividness and brilliancy which compel attention
throughout one of the most obscure pages in the story of the famous
struggle.”—Birmingham Post.

OFFICIAL ACCOUNT OF
THE SECOND AFGHAN WAR,
1878–1880.
PRODUCED IN THE INTELLIGENCE BRANCH,
ARMY HEAD QUARTERS, INDIA
Abridged Official Account. With numerous Maps and Illustrations.
Medium 8vo. 21s. net.
“An excellent compendium of the whole war, clearly written and amply
illustrated by photographs, maps, and diagrams.... It is a narrative that will
fascinate the many who love to read about warlike movements.... It is a
story of wise and patient preparation, carefully arranged generalship,
supreme daring, amazing tenacity. Undoubtedly the right thing has been
done in giving to the world a stirring story, which has remained too long,
many will think, a secret record.”—Sheffield Independent.

THE GERMAN OFFICIAL ACCOUNT OF

THE WAR IN SOUTH AFRICA
PREPARED IN THE HISTORICAL SECTION OF THE
GREAT GENERAL STAFF, BERLIN.
With Maps and Plans. Demy 8vo. 15s. net each.
Part I.—From its Commencement in 1899 to the Capture of General Cronje’s
Forces at Paardeburg. Translated by Colonel W. H. H. Waters, R.A.,
C.V.O. Part II.—The Advance to Pretoria, the Upper Tugela Campaign,
etc., etc. Translated by Colonel Hubert du Cane, R.A., M.V.O.
“The most valuable work in which, since its close, the war has been
discussed. It stands alone, because it is the only work in which the war has
been surveyed by trained and competent students of war, the only one of
which the judgments are based on a familiarity with the modern theory of
war. The best book that has yet appeared on the South African War.”—
Morning Post.

THE BOOK OF WAR.

Translated into English by Captain E. F. Calthrop, R.A.
Crown 8vo. 2s. 6d. net.
This work, the writings of Suntzu and Wutzu, Chinese
strategists of about the fifth century B.C., is the most famous
work on the art of war in the Far East. It deals with operations
of war, statecraft, moral and training of troops, stratagem, the
use of spies, etc., and for twenty-five centuries it has been the
bible of the Chinese or Japanese ruler. The book is distinguished
alike by the poetry and grandeur of its language and the
modernity of its spirit.
 A WEEK AT WATERLOO IN 1815.
LADY DE LANCEY’S NARRATIVE.
BEING AN ACCOUNT OF HOW SHE NURSED HER HUSBAND,
COLONEL SIR WILLIAM H. D. LANCEY,
MORTALLY WOUNDED IN THE GREAT BATTLE.
With Photogravure Portraits and other Illustrations.
Square crown 8vo. 6s. net.
“Pages of writing of terrible beauty, subtlety, delicacy, and power describe
her nursing of him and his death. It is not a jagged series of poignant
notes.... There is no heroine in English history or literature more worshipful
than Lady de Lancey.”—World.

THE STORY OF THE BATTLE OF WATERLOO.

By the Rev. G. R. Gleig. With Map and Illustrations.

MOLTKE IN HIS HOME.

By Friedrich August Dressler.
Authorized Translation by Mrs. C. E. Barrett-Lennard.
With an Introduction by Lieut.-General Lord Methuen.
With Illustrations. Demy 8vo.
This does not attempt to give a biography of the great Field-Marshal, but
contains a series of sketches and incidents of his life, and of the
characteristics and surroundings of one of the greatest soldiers of the
nineteenth century.

THE MILITARY LIFE OF

H.R.H. THE DUKE OF CAMBRIDGE.
WRITTEN UNDER THE AUTHORITY OF THE LATE DUKE
FROM DOCUMENTS IN HIS OWN POSSESSION.
By Colonel Willoughby Verner,
 Late Rifle Brigade.
Assisted by Captain Erasmus Darwin Parker,
Late Manchester Regiment.
With Portraits. 2 Vols. Medium 8vo. 36s. net.
“We congratulate the authors on the manner in which they have
accomplished their task, and send our hearty good wishes after the volumes
they have launched.”—Saturday Review.

LUMSDEN OF THE GUIDES.

A SKETCH OF THE LIFE OF SIR HARRY LUMSDEN, HIS
SERVICES IN THE AFGHAN VALLEY, PUNJAB AND FRONTIER
CAMPAIGNS, AND OF THE RAISING OF THE FAMOUS CORPS OF
GUIDES.
By Sir P. Lumsden and G. R. Elsmie.
Portraits, Maps, and Illustrations. Demy 8vo. 7s. 6d. net.

THE AUTOBIOGRAPHY OF SIR HARRY SMITH.

INCLUDING HIS SERVICES IN SOUTH AMERICA—IN THE
PENINSULA AND FRANCE—AT NEW ORLEANS—AT WATERLOO
—IN NORTH AMERICA AND JAMAICA—IN SOUTH AFRICA
DURING THE KAFFIR WAR—IN INDIA DURING THE SIKH WAR
—AND AT THE CAPE, ETC.
Edited by G. C. Moore Smith.
With some additional Chapters supplied by the Editor.
With Portraits and Illustrations. Cheap Edition in 1 Vol. 10s. 6d. net.

THE LIFE OF JOHN COLBORNE,

FIELD-MARSHAL LORD SEATON.
By G. C. Moore Smith.
With Maps, Portraits, and other Illustrations. Demy 8vo. 16s. net.
 THE LIFE OF JOHN NICHOLSON,
SOLDIER AND ADMINISTRATOR.
By Captain Lionel J. Trotter.
With Portrait and 3 Maps.

THE LIFE OF HENRY PELHAM,

FIFTH DUKE OF NEWCASTLE.
SECRETARY OF STATE FOR THE COLONIES, 1852–54
AND 1859–64, AND SECRETARY OF STATE FOR WAR, 1852–55
By John Martineau,
Author of “The Life of Sir Bartle Frere.”

With Portraits. Demy 8vo. 12s. net.

“Among the most interesting and absorbing books of the moment may
safely be named The Life of Henry Pelham.”—M.A.P.
“Mr. Martineau’s work is a model of painstaking research and lucid
expression. He has the true historian’s temperament, his perspective and his
judgment are unimpeachable.”—Western Mail.

LONDON: JOHN MURRAY, ALBEMARLE STREET, W.

 FOOTNOTES

[1] [To economize ammunition at manœuvres, batteries

sometimes signal that they are firing instead of actually
doing so.—Ed.]

[2] [What in the British Army are colloquially known as

“Pow-wows.”—Ed.]

[3] [1903.—Ed.]

[4] Independent fire is difficult to control, and almost

impossible to stop in action.

[5] [The Cross of St. George corresponds to our Victoria

Cross, but is more easily won.—Ed.]

[6] [Russian regiments in Europe, as a rule, consist of four

battalions. East Siberian Rifle regiments in the late war had
three.—Ed.]

[7] [Liao-yang.—Ed.]

[8] [The Sha Ho.—Ed.]

[9] [Hsi-ping-kai, Kung-chu-ling, and Kuang-cheng-tzu.—Ed.]

[10] [1903.—Ed.]

[11] [See next page.—Ed.]

[12] It was followed by the 2nd Infantry Division; 10th and
17th Army Corps; 5th Siberian Corps; 1st Army Corps, and
6th Siberian Corps.

[13] The leading units of the 10th Army Corps arrived on

June 30.

[14] Sixty miles by a road which the rains had made very
difficult.

[15] [A European Russian regiment contains four battalions.

—Ed.]

[16] My report of June 20.

[17] The officer commanding the 2nd Manchurian Army

stated that the whole war strength of his force (total of
rifles, sabres, guns, with twenty-five men to a gun, and ten
to a machine-gun) constituted, on an average, only half the
actual numbers.

[18] This amounted in some units to as much as 20 per

cent. in men, and 30 per cent. in officers.

[19] [Behind and between armies.—Ed.]

[20] [One man on one full day’s work.—Ed.]

[21] [General Kuropatkin’s views on this point appear to

have changed, see p. 270.—Ed.]

[22] [Who had succeeded Grippenberg in the command of

the 2nd Army.—Ed.]

[23] Or sergeant-majors.
[24] [On account of student disorders that had led to the
closing of the Universities.—Ed.]

[25] Medical students.

[26] [General Kuropatkin himself.—Ed.]

[27] Our communications were threatened, and the Yen-tai

Mines on the flank were in the enemy’s hands.

[28] The retirement from Liao-yang was orderly, while that

from Mukden more nearly approached a rout; but it is not
certain that the Russians were really beaten at the former
place when the decision to retire was made.—Ed.

[29] [Sic. This seems almost incredible.—Ed.]

[30] [The portion of this chapter which immediately follows

deals in great detail with the breakdown of the unit
organization. It has been separated from the text, and is
given in Appendix II.—Ed.]

[31] When the appointments of Inspector-Generals were

created, some confusion resulted between the powers of
these and that of the district commanders.

[32] Two in the two brigades, and two on the divisional

staff.

[33] [Service with the colours in Russia has been reduced

generally from five to three years.—Ed.]

[34] The transport was not fully horsed.

[35] [By this expression is meant a land not belonging to
Russia.—Ed.]

[36] [The term used by common folk in Russia when

addressing men of higher birth.—Ed.]

[37] Owing to famine in the Kholm district in the years just

before the war, the reservists in it were called up later than
those in the neighbouring districts, and the majority of them
were consequently stationed on the line of communications.

[38] [Summary courts-martial under martial law.—Ed.]

[39] With two-wheeled baggage-carts, the number has to be

increased by an additional fifty-four men.

[40] Cooks and mess caterers, eighteen of each—i.e.,

sixteen per company, and two with scout sections, one
mounted, one dismounted.

[41] Three per company.

[42] [This is taking a regiment at 4,000—i.e., the men

actually in the firing-line and not employed specially—for
scout sections, etc.—Ed.]

[43] I several times reported to the War Minister that the

despatch of drafts to fill up wastage in the units already at
the front was much more necessary than the despatch to us
of fresh units.

[44] [Battle of Hei-kou-tai.—Ed.]

[45] Colonel Ujin’s pack-telephone system, which I tried in
Manchuria, is a very good one.

[46] [Presumably squares on a map.—Ed.]

[47] Artillery regiments to be subordinate in all respects as

regards command to the divisional commander. The
commander of an artillery brigade must technically
superintend and inspect all batteries with an army corps.

[48] One cavalry regiment per division.

[49] One sapper battalion and one company of sappers per

division; one mining and two telegraph companies as corps
troops.

[50] [Sic. This word is rather misleading. Some formation

less than a regiment is meant.—Ed.]

[51] Voiskovoi = Lieutenant-

}
Starshina Colonel
Esaoul = Captain } Of
Sotnik = Lieutenant } Cossacks.
Khorunji = Cornet }
[52] In the wars with Turkey and Persia, in the Caucasus
and Central Asia.

[53] [The first portion of this chapter, which is a

recapitulation of what has already been written in Chapters
I. to VII., has been omitted from this translation. What is
now given touches more upon the war itself.—Ed.]

[54] [About 1–1/3 miles to the inch.—Ed.]

[55] [Sic. Killed and wounded (see p. 207, Vol I.).—Ed.]

[56] [At the Sha Ho.—Ed.]

[57] [At Mukden.—Ed.]

[58] [Possibly the author refers to China, Japan, and India

being young in a national sense.—Ed.]

[59] [? Telegram.—Ed.]

[60] [General Linievitch.—Ed.]

[61] [? 1904 and 1905 also.—Ed.]

[62] [The name of General Kuropatkin’s country estate in

the province of Pskoff.—Ed.]

[63] [This chapter is composed of the introduction and

conclusion to Volume III. of the original, which have been
translated, as they add some light on points not touched
upon in Volume IV.—Ed.]

[64] Eighteen infantry battalions, 25 squadrons, 86 guns

total, 19,000 rifles and sabres.

[65] Two of them sapper battalions. The third battalions

formed in Russia for all the East Siberian Rifle Regiments
were only then beginning to arrive.

[66] The Viceroy’s letter (No. 2,960) of June 6 called

attention to the necessity of “bearing in mind measures to
guard against the event of an advance by Kuroki.”
[67] 1st and 9th East Siberian Rifle Divisions, and
2nd Brigade of the 35th Division.

[68] [There are several passes of this name.—Ed.]

[69] [This action is apparently what is elsewhere known as

that of Chiao-tou.—Ed.]

[70] [The reasons for this are given in great detail in Volume
IV.—i.e., Chapters I. to XII. of this book.—Ed.]

[71] This regiment did splendidly in later fights.

[72] The 122nd Tamboff Regiment was attacked when

bivouacking.

[73] The positions held on August 31 by the portion of

Kuroki’s army that crossed the river were only eleven miles
from the railway.

[74] [? Houton.—Ed.]

[75] The corps also arrived at the front with a shortage of

about 400 men per regiment—i.e., 1,600 per division.

[76] Less one brigade garrisoning Tieh-ling.

[77] [Presumably because it was destined for the 2nd Army.

—Ed.]

[78] Including Rennenkampf’s column, Shtakelberg had

under him 85 battalions, 43 sotnias, 174 guns, and 3 sapper
battalions.
[79] A very large number of men, particularly of the
1st Corps, left the ranks without reason. At Mukden,
however, this corps fought with great gallantry and
steadiness.

[80] [Grippenberg had already been appointed to the

command of the 2nd Army.—Ed.]

[81] From Ssu-chia-tun station to Ta-wang-chiang-pu.

[82] From Fu-shun to Ma-chia-tun.

[83] Of 72 squadrons and sotnias, 4 mounted scout parties,

and 22 guns.

[84] Including thirty siege-guns.

[85] Its garrison was not more than two battalions.

[86] Two regiments of the four in this division had been sent
to reinforce the Composite Rifle Corps, and one regiment to
reinforce the 1st Siberians.

[87] General Grippenberg could not use the telephone

himself, as he was somewhat deaf.

[88] Out of the 80,000 men of the drafts which had arrived.

[89] According to the programme of the arrival of the

troops, I calculated on increasing my reserve by three and
four Rifle brigades, but they arrived more than ten days late.

[90] For operations against Oku.

[91] [? Houton.—Ed.]
[92] One was ordered to support General Launits.

[93] [The body of Vol III. in the original deals in great detail
with the battle of Mukden, and is omitted in this translation.
—Ed.]

[94] Except from February 27 to March 1.

[95] 12.20 p.m., February 28.

[96] 3.25 p.m., March 2.

[97] 6.45 a.m., March 5.

[98] [Query north-west.—Ed.]

[99] In addition to five and a half battalions of the

41st Division.

[100] Sixteen battalions of the 19th Corps, concentrated at

Sha-ling-pu under my orders on March 2; sixteen battalions
of Golembatovski’s; and eight battalions of Churin’s division,
detained by Kaulbars on the way to join the troops operating
against Nogi.

[101] Major-General Krauze’s report.

[102] And fifty battalions collected towards Hsin-min-tun

were thus left with two squadrons of the Niejinsk Dragoons.

[103] In the afternoon of the 11th this division began to

move on Tieh-ling; it had only suffered small loss during the
battle.
[104] [Only the concluding portion of what follows in the
original is given here; the remainder is an exact repetition of
what has been more than once recapitulated.—Ed.]

[105] [This extract is, by the kind permission of the editor,

reprinted from McClure’s Magazine, where it appeared as an
editorial note upon the article on these memoirs, published
in September, 1908.—Ed.]

[106] Osvobojdenie, No. 75, Stuttgart, August 10, 1905. No

question has ever been raised, I think, with regard to the
authenticity of these letters and telegrams; but if there were
any doubt of it, such doubt would be removed by a
comparison of them with General Kuropatkin’s memoirs.—G.
K.

[107] Asakawa, who seems to have investigated this matter

carefully, says that the original contract for this concession
dated as far back as August 26, 1896, when the Korean King
was living in the Russian Legation at Seoul as a refugee.
—“The Russo-Japanese Conflict,” by K. Asakawa, London,
1905, p. 289.

[108] The italics are mine.—G. K.

[109] [Extracted from Chapter X.—Ed.]

[110] At the junction of roads near Newchuang.

[111] The 21st and 23rd East Siberian Rifle Regiments.

[112] Of these a brigade of the 6th East Siberian Rifle

Division and one regiment of the 1st Army Corps were sent
by my orders.

[113] The Omsk Regiment lost its way, and for a long time
could not be found, and the Krasnoyarsk and Tsaritsin
Regiments were kept with the 2nd Siberian Corps.
*** END OF THE PROJECT GUTENBERG EBOOK THE RUSSIAN
ARMY AND THE JAPANESE WAR, VOL. 2 (OF 2) ***

Updated editions will replace the previous one—the old editions

will be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States
copyright in these works, so the Foundation (and you!) can copy
and distribute it in the United States without permission and
without paying copyright royalties. Special rules, set forth in the
General Terms of Use part of this license, apply to copying and
distributing Project Gutenberg™ electronic works to protect the
PROJECT GUTENBERG™ concept and trademark. Project
Gutenberg is a registered trademark, and may not be used if
you charge for an eBook, except by following the terms of the
trademark license, including paying royalties for use of the
Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such
as creation of derivative works, reports, performances and
research. Project Gutenberg eBooks may be modified and
printed and given away—you may do practically ANYTHING in
the United States with eBooks not protected by U.S. copyright
law. Redistribution is subject to the trademark license, especially
commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the

free distribution of electronic works, by using or distributing this
work (or any other work associated in any way with the phrase
“Project Gutenberg”), you agree to comply with all the terms of
the Full Project Gutenberg™ License available with this file or
online at www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand,
agree to and accept all the terms of this license and intellectual
property (trademark/copyright) agreement. If you do not agree
to abide by all the terms of this agreement, you must cease
using and return or destroy all copies of Project Gutenberg™
electronic works in your possession. If you paid a fee for
obtaining a copy of or access to a Project Gutenberg™
electronic work and you do not agree to be bound by the terms
of this agreement, you may obtain a refund from the person or
entity to whom you paid the fee as set forth in paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only

be used on or associated in any way with an electronic work by
people who agree to be bound by the terms of this agreement.
There are a few things that you can do with most Project
Gutenberg™ electronic works even without complying with the
full terms of this agreement. See paragraph 1.C below. There
are a lot of things you can do with Project Gutenberg™
electronic works if you follow the terms of this agreement and
help preserve free future access to Project Gutenberg™
electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright
law in the United States and you are located in the United
States, we do not claim a right to prevent you from copying,
distributing, performing, displaying or creating derivative works
based on the work as long as all references to Project
Gutenberg are removed. Of course, we hope that you will
support the Project Gutenberg™ mission of promoting free
access to electronic works by freely sharing Project Gutenberg™
works in compliance with the terms of this agreement for
keeping the Project Gutenberg™ name associated with the
work. You can easily comply with the terms of this agreement
by keeping this work in the same format with its attached full
Project Gutenberg™ License when you share it without charge
with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside
the United States, check the laws of your country in addition to
the terms of this agreement before downloading, copying,
displaying, performing, distributing or creating derivative works
based on this work or any other Project Gutenberg™ work. The
Foundation makes no representations concerning the copyright
status of any work in any country other than the United States.

1.E. Unless you have removed all references to Project

Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project
Gutenberg™ work (any work on which the phrase “Project