ASPfun: A Distributed Object Calculus and its Formalization in Isabelle Work realized in collaboration with Florian Kammüller and Henry Sudhof (Technische Universität Berlin) Ludovic HENRIO Montevideo, Nov 2007
ASPfun: A Distributed Object Calculus and its Formalization in Isabelle Work realized in collaboration with Florian Kammüller and Henry Sudhof (Technische.
Dec 13, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ASPfun: A Distributed Object Calculus and its Formalization in Isabelle
Work realized in collaboration with Florian Kammüller and Henry Sudhof (Technische Universität Berlin)
Ludovic HENRIO
Montevideo, Nov 2007
Context
-calculus: A Theory of Objects (Abadi,Cardelli) Formalizes objects and typing Several calculi: a functional and an imperative one
ASP: Asynchronous Sequential Processes (Caromel, Henrio) Based on imp-calculus
Distributed active object calculus Asynchronous method calls (requests), futures Properties of confluence/determinism, e.g. execution
insensitive to the order of replies
Objective
Provide a framework for (mechanically) proving properties on distributed object-oriented languages and programs
typing, confluence, …
Each method is a function with a parameter: “self”
Functional -calculus
Syntax
Semantics (Abadi - Cardelli)
Why functional? updating a field creates a new object (copy)
Contribution
ASPfun calculus
Based on functional -calculus Distributed with active objects and futures Good representation of functional distributed programs
(workflows, services)
A type system for ASPfun:
Typing active objects and futures Proof of subject-reduction and progress no dead-lock
A Formalization in Isabelle/HOL Calculus and semantics Type-system Proofs
ASPfun is simpler
Easier to formalize in Isabelle/HOL
A lot of interesting properties (no dead-lock)
BUT further from a “real life” complete programming language
Agenda
1 - ASPfun: syntax, semantics and properties
2 - A type system for ASPfun
3 - Formalization in Isabelle/HOL
ASPfun Syntax (static)
One new construct: Active
1 - ASPfun: syntax, semantics and properties
ASPfun Syntax (dynamic)
Configurations are sets of activities, each activity has: A name An active object A list of requests being treated
Requests map terms to future identifiers
1 - ASPfun: syntax, semantics and properties
f1
f0
f3
f2
Add reference to futures (result of requests) and activities
ASPfun Semantics (1/5): Local reduction
Reduced according to -calculus semantics
f1
f0
1 - ASPfun: syntax, semantics and properties
ASPfun Semantics (2/5): Activity creation
a is “self contained”
f1
f0
1 - ASPfun: syntax, semantics and properties
ASPfun Semantics (3/5):Remote Method Invocation
f2 freshf1
f0
f2
f2
1 - ASPfun: syntax, semantics and properties
ASPfun Semantics (4/5): Reply
f1
f0
f2
… …f2
1 - ASPfun: syntax, semantics and properties
ASPfun Semantics (5/5): Field update on an active object
f1
f0
f2
is “self contained”
1 - ASPfun: syntax, semantics and properties
A Basic Property
A configuration is well-formed if it only refers to existing activities and futures
Reduction preserves well-formedness
Initial configuration:
1 - ASPfun: syntax, semantics and properties
Agenda
1 - ASPfun: syntax, semantics and properties
2 - A type system for ASPfun
3 - Formalization in Isabelle/HOL
Static Terms
Re-uses typing for -calculus Syntax:
Typing judgement
Basic idea: the type of an active object is the type of the contained object
How to type active object and future references?
Typing environment (mapping from variables to types)
2 - A type system for ASPfun
Typing Configurations
The type of a configuration is two mappings: From activity to types From futures to types
A configuration is well-typed if: Futures and activities defined in C and
are the same All the active objects of C are well-typed All the requests of C are well-typed
Then, typing terms: -calculus terms and Active are typed as usual Future and active object references are typed using the
environment
f1f0
2 - A type system for ASPfun
Typing Properties
Each term has a unique type
Subject-reduction (reduction preserves typing)
Progress:
C is well-typed C can be reduced or all its requests are values
Where a value is an object or a reference to an activity
Absence of dead-locks
2 - A type system for ASPfun
Agenda
1 - ASPfun: syntax, semantics and properties
2 - A type system for ASPfun
3 - Formalization in Isabelle/HOL
Syntax
Syntax is mostly trivial,e.g.:
Relies on deBruijn indices (represent variables by natural numbers -- depth)
Configurations are mappings
Finite mapping
3 - A Formalization in Isabelle/HOL
Semantics
Almost direct translation, e.g.:
Like on paper, reduction relies on reduction contexts (expression with a hole: the reduction occurs in the single hole)
3 - A Formalization in Isabelle/HOL
Properties and Proofs
deBruijn indices induce a lot of (easy) additional lemmas Reduction preserves well-formedness (long) Typing relatively easy to define
Proofs (subject-reduction, progress, …) relatively long but not difficult (>1000 lines each)
Main difficulties: Long repetitive proofs A lot of design choices (e.g. define reduction contexts) Finite maps, and associated recurrence Two axioms remaining (fresh futures and activities exist)
requires configurations as finite maps of an unbounded length
3 - A Formalization in Isabelle/HOL
Future Works / Todo list
Introduce methods with a parameter: (x,y) / a.l(b) (ongoing)
Prove confluence of ASPfun
Define a parallel reduction (reducing severl terms in parallel)
ASPfun as it is specified is not confluent Introduce new rules for merging/garbage collecting activities Or reduce the conditions of reduction (!! progress)
Remove De Bruijn indices “nominal techniques”?
Conclusion
A new distributed calculus and its formalization in Isabelle
A Type system: Progress no dead-lock
A base framework for developments on objects, confluence and distribution
A lot of possible applications (distribution / typing / AOP …)Experiments on Isabelle (a few months development)
User-friendly, relatively fast developmentFinding the right structure/representation is crucialProofs are long repetitive and unstructuredDifficulties when modifying / reusing code
http://www.cs.tu-berlin.de/~flokam/isabelle/sigma/
THANK YOU !!!If you prefer the Greek version …
AppendixTyping Rules
Configuration
ASP
An Example
1 - Functional -calculus in Isabelle
An Example
1 - Functional -calculus in Isabelle
What are De Bruijn Indices?
De Bruijn indices avoid having to deal with -conversion
Variables are natural numbers depending on the depth of the parameter
1 - Functional -calculus in Isabelle
Why De Bruijn Indices?
Drawbacks: Terms are “ugly” We are interested in general properties / not
for extracting an interpreter … Lot of additional definitions/lemmas are necessary:
Definition of subst and lift: semantics more complex Proofs of several additional (easy) lemmas
Advantages Established approach Reuse Nipkow’s framework for confluence of the -calculus
Alternative approaches, e.g. nominal techniques probably better on the long term
De Bruijn indices are perhaps not the best solution but allowed a fast implementation
1 - Functional -calculus in Isabelle
Related Documents
![The Road to Olympus [2ex] Experiences - bephpug.de fileThe Story so farphpBB3 OlympusLessons lernedaMean ricksT The Road to Olympus Experiences Henry Kellanved Sudhof December 2007](https://static.cupdf.com/doc/110x72/5d4a8dc788c9934e098b68ec/the-road-to-olympus-2ex-experiences-story-so-farphpbb3-olympuslessons-lernedamean.jpg)
