Generating Efficient, Terminating Logic Programs

The objective of control generation in logic programming is to automatically derive a computation rule for a program that is efficient and yet does not compromise program correctness. Progress in solving this important problem has been slow and, to date, only partial solutions have been proposed where the generated programs are either incorrect or inefficient. We show how the control generation problem can be tackled with a simple automatic transformation that relies on information about the depths of derivations. To prove correctness of our transform we introduce the notion of a semi delay recurrent program which generalises previous ideas in the termination literature for reasoning about logic programs with dynamic selection rules

Safety Verification of Phaser Programs

We address the problem of statically checking control state reachability (as in possibility of assertion violations, race conditions or runtime errors) and plain reachability (as in deadlock-freedom) of phaser programs. Phasers are a modern non-trivial synchronization construct that supports dynamic parallelism with runtime registration and deregistration of spawned tasks. They allow for collective and point-to-point synchronizations. For instance, phasers can enforce barriers or producer-consumer synchronization schemes among all or subsets of the running tasks. Implementations %of these recent and dynamic synchronization are found in modern languages such as X10 or Habanero Java. Phasers essentially associate phases to individual tasks and use their runtime values to restrict possible concurrent executions. Unbounded phases may result in infinite transition systems even in the case of programs only creating finite numbers of tasks and phasers. We introduce an exact gap-order based procedure that always terminates when checking control reachability for programs generating bounded numbers of coexisting tasks and phasers. We also show verifying plain reachability is undecidable even for programs generating few tasks and phasers. We then explain how to turn our procedure into a sound analysis for checking plain reachability (including deadlock freedom). We report on preliminary experiments with our open source tool

Logical Concurrency Control from Sequential Proofs

We are interested in identifying and enforcing the isolation requirements of a concurrent program, i.e., concurrency control that ensures that the program meets its specification. The thesis of this paper is that this can be done systematically starting from a sequential proof, i.e., a proof of correctness of the program in the absence of concurrent interleavings. We illustrate our thesis by presenting a solution to the problem of making a sequential library thread-safe for concurrent clients. We consider a sequential library annotated with assertions along with a proof that these assertions hold in a sequential execution. We show how we can use the proof to derive concurrency control that ensures that any execution of the library methods, when invoked by concurrent clients, satisfies the same assertions. We also present an extension to guarantee that the library methods are linearizable or atomic

Operating guidelines for services

In the paradigm of service-oriented computing, companies organize their core competencies as services and may request other functionalities from services of other companies. Services provide high flexibility, platform independent loose coupling, and distributed execution. They may thus help to reduce the complexity of dynamically binding and integrating heterogenous processes within and across organizations. The vision of service-oriented architectures is to provide a framework for publishing new services, for on demand searching for and discovery of existing services, and for dynamically binding services to achieve common business goals. That way, each individual organization gains more flexibility to dynamically react on new challenges. As services may be created or modified, or collaborations may be restructured at any point in time, a new challenge arises in this setting—the challenge for deciding the compatibility of the composed services before their actual binding. Recent literature distinguishes four different aspects of service compatibility: syntactical, behavioral, semantical, and non-functional compatibility. In this thesis, we focus on behavioral compatibility and abstract from the other aspects. Potential behavioral incompatibilities between services include deadlocks (two services wait for a message of each other), livelocks (two services keep exchanging messages without progressing), and pending messages that have been sent but cannot be received anymore. For stateful services that interact via asynchronous message passing, deciding behavioral compatibility is far from trivial. Local changes to one service may introduce errors in some or even all other services of an interaction. The verification of behavioral compatibility suffers from state explosion problems and is restricted by privacy issues. That is, the parties of an interaction are essentially autonomous and may be competitors in other business fields. Consequently, they do not want to reveal the internals of their processes to the other participants in order to hide trade secrets. To systematically approach this challenge, we introduce a formal framework based on Petri nets and automata for service modeling and formalize behavioral compatibility as deadlock freedom of the composition of the services. The main contribution of this thesis is to introduce the concept of the operating guideline of a service. Operating guidelines provide a formal characterization of the set of all behaviorally compatible services R for a given service S. Usually, this set is infinite. However, the operating guideline OGS of a service S serves as a finite representation of this infinite set. Furthermore, the operating guideline of S reveals only internals that are inevitably necessary to decide behavioral compatibility with S. We provide a construction method of operating guidelines for finite-state services with bounded communication. Operating guidelines can be used in many applications in the context of serviceoriented computing. The most fundamental application is to support the discovery of behaviorally compatible services. To this end, we develop a matching procedure that efficiently decides whether a given service R is characterized by the operating guideline OGS of a service S. If R matches, then both services R and S are behaviorally compatible and can be bound together to interact with each other. If R does not match with OGS, then the services are behaviorally incompatible and may run into severe behavioral errors and not reach their common business goal. Operating guidelines can furthermore be applied in the novel research areas of service substitutability and the generation of adapter services, for instance. To this end, we develop methods to compare the sets of services characterized by the operating guidelines OGS and OGS0 . If OGS0 characterizes more services than OGS, then the service S can be substituted by the service S0 without loosing any behaviorally compatible interaction partner R. Furthermore, we show how to synthesize a service R from the operating guideline OGS such that R is behaviorally compatible to S by construction. All results presented in this thesis are implemented in our service analysis tool Fiona. Fiona may compute operating guidelines for services modeled as Petri nets. It may match a service with an operating guideline, compare operating guidelines for equivalence or an inclusion relation, and synthesize service adapters for behaviorally incompatible services. Together with the tool BPEL2oWFN— which translates web services specified in BPEL into Petri net models of the services—we can immediately apply our results to services that stem from practic

On Global Types and Multi-Party Session

Global types are formal specifications that describe communication protocols in terms of their global interactions. We present a new, streamlined language of global types equipped with a trace-based semantics and whose features and restrictions are semantically justified. The multi-party sessions obtained projecting our global types enjoy a liveness property in addition to the traditional progress and are shown to be sound and complete with respect to the set of traces of the originating global type. Our notion of completeness is less demanding than the classical ones, allowing a multi-party session to leave out redundant traces from an underspecified global type. In addition to the technical content, we discuss some limitations of our language of global types and provide an extensive comparison with related specification languages adopted in different communities

Proving termination of logic programs with delay declarations

In this paper we propose a method for proving termination of logic programs with delay declarations. The method is based on the notion of recurrent logic program, which is used to prove programs terminating wrt an arbitrary selection rule. Most importantly, we use the notion of bound query (as proposed by M. Bezem) in the definition of cover, a new notion which forms the kernel of our approach. We introduce the class of delay recurrent programs and prove that programs in this class terminate for all local delay selection rules, provided that the delay conditions imply boundedness. The corresponding method can be also used to transform a logic program into a terminating logic program with delay declarations

Application-Layer Connector Synthesis

International audienceThe heterogeneity characterizing the systems populating the Ubiquitous Computing environment prevents their seamless interoperability. Heterogeneous protocols may be willing to cooperate in order to reach some common goal even though they meet dynamically and do not have a priori knowledge of each other. Despite numerous e orts have been done in the literature, the automated and run-time interoperability is still an open challenge for such environment. We consider interoperability as the ability for two Networked Systems (NSs) to communicate and correctly coordinate to achieve their goal(s). In this chapter we report the main outcomes of our past and recent research on automatically achieving protocol interoperability via connector synthesis. We consider application-layer connectors by referring to two conceptually distinct notions of connector: coordinator and mediator. The former is used when the NSs to be connected are already able to communicate but they need to be speci cally coordinated in order to reach their goal(s). The latter goes a step forward representing a solution for both achieving correct coordination and enabling communication between highly heterogeneous NSs. In the past, most of the works in the literature described e orts to the automatic synthesis of coordinators while, in recent years the focus moved also to the automatic synthesis of mediators. Within the Connect project, by considering our past experience on automatic coordinator synthesis as a baseline, we propose a formal theory of mediators and a related method for automatically eliciting a way for the protocols to interoperate. The solution we propose is the automated synthesis of emerging mediating connectors (i.e., mediators for short)