aspfun: a distributed object calculus and its formalization in isabelle
Post on 01-Jan-2016
26 Views
Preview:
DESCRIPTION
TRANSCRIPT
ASPfun: A Distributed Object Calculus and its Formalization in Isabelle
Work realized in collaboration with Florian Kammüller and Henry Sudhof (Technische Universität Berlin)
Ludovic HENRIO
Montevideo, Nov 2007
Context
-calculus: A Theory of Objects (Abadi,Cardelli) Formalizes objects and typing Several calculi: a functional and an imperative one
ASP: Asynchronous Sequential Processes (Caromel, Henrio) Based on imp-calculus
Distributed active object calculus Asynchronous method calls (requests), futures Properties of confluence/determinism, e.g. execution
insensitive to the order of replies
Objective
Provide a framework for (mechanically) proving properties on distributed object-oriented languages and programs
typing, confluence, …
Each method is a function with a parameter: “self”
Functional -calculus
Syntax
Semantics (Abadi - Cardelli)
Why functional? updating a field creates a new object (copy)
Contribution
ASPfun calculus
Based on functional -calculus Distributed with active objects and futures Good representation of functional distributed programs
(workflows, services)
A type system for ASPfun:
Typing active objects and futures Proof of subject-reduction and progress no dead-lock
A Formalization in Isabelle/HOL Calculus and semantics Type-system Proofs
ASPfun is simpler
Easier to formalize in Isabelle/HOL
A lot of interesting properties (no dead-lock)
BUT further from a “real life” complete programming language
Agenda
1 - ASPfun: syntax, semantics and properties
2 - A type system for ASPfun
3 - Formalization in Isabelle/HOL
ASPfun Syntax (dynamic)
Configurations are sets of activities, each activity has: A name An active object A list of requests being treated
Requests map terms to future identifiers
1 - ASPfun: syntax, semantics and properties
f1
f0
f3
f2
Add reference to futures (result of requests) and activities
ASPfun Semantics (1/5): Local reduction
Reduced according to -calculus semantics
f1
f0
1 - ASPfun: syntax, semantics and properties
ASPfun Semantics (2/5): Activity creation
a is “self contained”
f1
f0
1 - ASPfun: syntax, semantics and properties
ASPfun Semantics (3/5):Remote Method Invocation
f2 freshf1
f0
f2
f2
1 - ASPfun: syntax, semantics and properties
ASPfun Semantics (5/5): Field update on an active object
f1
f0
f2
is “self contained”
1 - ASPfun: syntax, semantics and properties
A Basic Property
A configuration is well-formed if it only refers to existing activities and futures
Reduction preserves well-formedness
Initial configuration:
1 - ASPfun: syntax, semantics and properties
Agenda
1 - ASPfun: syntax, semantics and properties
2 - A type system for ASPfun
3 - Formalization in Isabelle/HOL
Static Terms
Re-uses typing for -calculus Syntax:
Typing judgement
Basic idea: the type of an active object is the type of the contained object
How to type active object and future references?
Typing environment (mapping from variables to types)
2 - A type system for ASPfun
Typing Configurations
The type of a configuration is two mappings: From activity to types From futures to types
A configuration is well-typed if: Futures and activities defined in C and
are the same All the active objects of C are well-typed All the requests of C are well-typed
Then, typing terms: -calculus terms and Active are typed as usual Future and active object references are typed using the
environment
f1f0
2 - A type system for ASPfun
Typing Properties
Each term has a unique type
Subject-reduction (reduction preserves typing)
Progress:
C is well-typed C can be reduced or all its requests are values
Where a value is an object or a reference to an activity
Absence of dead-locks
2 - A type system for ASPfun
Agenda
1 - ASPfun: syntax, semantics and properties
2 - A type system for ASPfun
3 - Formalization in Isabelle/HOL
Syntax
Syntax is mostly trivial,e.g.:
Relies on deBruijn indices (represent variables by natural numbers -- depth)
Configurations are mappings
Finite mapping
3 - A Formalization in Isabelle/HOL
Semantics
Almost direct translation, e.g.:
Like on paper, reduction relies on reduction contexts (expression with a hole: the reduction occurs in the single hole)
3 - A Formalization in Isabelle/HOL
Properties and Proofs
deBruijn indices induce a lot of (easy) additional lemmas Reduction preserves well-formedness (long) Typing relatively easy to define
Proofs (subject-reduction, progress, …) relatively long but not difficult (>1000 lines each)
Main difficulties: Long repetitive proofs A lot of design choices (e.g. define reduction contexts) Finite maps, and associated recurrence Two axioms remaining (fresh futures and activities exist)
requires configurations as finite maps of an unbounded length
3 - A Formalization in Isabelle/HOL
Future Works / Todo list
Introduce methods with a parameter: (x,y) / a.l(b) (ongoing)
Prove confluence of ASPfun
Define a parallel reduction (reducing severl terms in parallel)
ASPfun as it is specified is not confluent Introduce new rules for merging/garbage collecting activities Or reduce the conditions of reduction (!! progress)
Remove De Bruijn indices “nominal techniques”?
Conclusion
A new distributed calculus and its formalization in Isabelle
A Type system: Progress no dead-lock
A base framework for developments on objects, confluence and distribution
A lot of possible applications (distribution / typing / AOP …)Experiments on Isabelle (a few months development)
User-friendly, relatively fast developmentFinding the right structure/representation is crucialProofs are long repetitive and unstructuredDifficulties when modifying / reusing code
http://www.cs.tu-berlin.de/~flokam/isabelle/sigma/
What are De Bruijn Indices?
De Bruijn indices avoid having to deal with -conversion
Variables are natural numbers depending on the depth of the parameter
1 - Functional -calculus in Isabelle
Why De Bruijn Indices?
Drawbacks: Terms are “ugly” We are interested in general properties / not
for extracting an interpreter … Lot of additional definitions/lemmas are necessary:
Definition of subst and lift: semantics more complex Proofs of several additional (easy) lemmas
Advantages Established approach Reuse Nipkow’s framework for confluence of the -calculus
Alternative approaches, e.g. nominal techniques probably better on the long term
De Bruijn indices are perhaps not the best solution but allowed a fast implementation
1 - Functional -calculus in Isabelle
top related