Reasoning about Programs With Effects

AbstractThis note presents a summary of my research on reasoning about programs with effects. This work has been carried out in collaboration with several colleagues over roughly the past ten years. The work has had two major sub-themes: reasoning about functional programs extended with imperative features; and reasoning about components of open distributed systems. Functional programming languages extended with imperative features include languages like Scheme and ML as well as object-based languages such as Java. This work has focused on operationally based semantics and formalisms for specifying and reasoning about such programs. The work on components of open distributed systems has been based on the actor model of computation and has focused on developing semantic models for modular specification and composition of actor systems

Coordination and P2P computing

Peer-to-Peer (P2P) refers to a class of systems and/or applications that use distributed resources in a decentralized and autonomous manner to achieve a goal. A number of successful applications, like BitTorrent (for file and content sharing) and SETI@Home (for distributed computing) have demonstrated the feasibility of this approach. As a new form of distributed computing, P2P computing has the same coordination problems as other forms of distributed computing. Coordination has been considered an important issue in distributed computing for a long time and many coordination models and languages have been developed. This research focuses on how to solve coordination problems in P2P computing. In particular, it is to provide a seamless P2P computing environment so that the migration of computation components is transparent. This research extends Manifold, an event-driven coordination model, to meet P2P computing requirements and integrates the P2P-Manifold model into an existing platform. The integration hides the complexity of the coordination model and makes the model easy to use

Toward Provenance-Based Security for Configuration Languages

Large system installations are increasingly configured using high-level, mostly-declarative languages. Often, different users contribute data that is compiled centrally and distributed to individual systems. Although the systems themselves have been developed with reliability and availability in mind, the configuration compilation process can lead to unforeseen vulnerabilities because of the lack of access control on the different components combined to build the final configuration. Even if simple change-based access controls are applied to validate changes to the final version, changes can be lost or incorrectly attributed. Based on the growing literature on provenance for database queries and other models of computation, we identify a potential application area for provenance to securing configuration languages.

Bounding the End-to-End Execution Time in Distributed Real-Time Systems: Arguing the case for Deterministic Networks in Lingua Franca

Designing and implementing distributed systems with real-time requirements quickly reveal the complexity of handling time and logic across multiple systems. As data traverse a network, it is subjected to variable delay due to interfering traffic and variable load on network components. This introduces an element of non-determinism in execution time for distributed algorithms, which translates into increased error logic and pessimistic worst-case estimates. Over the next few years, it is expected that Cyber-Physical Systems will see many new use cases, and the network connecting these will play an ever more important role. Combined with the onset of the fourth industrial revolution, IEEEs Time Sensitive Networking, IETFs Deterministic Networking, and 3GPPs Ultra Reliable Low Latency profile will play a vital role in realizing these systems. Coordination languages such as Lingua Franca can offer a substantial contribution to the design process and implementation of distributed systems such as Cyber-Phyiscal Systems, both through its model of computation which elevates time to a first-class citizen and with its support for distributed models. In this paper, we show that by introducing deterministic network channels with a fixed delay, the worst-case execution time is not increased whereas the variance in total execution time from start to finish is greatly reduced. For a coordination language such as LF, this means that we can analyze a system using much tighter delay bounds for network traffic, which in turn can yield better resource utilization.publishedVersio

State-deterministic Finite Automata with Translucent Letters and Finite Automata with Nondeterministically Translucent Letters

Deterministic and nondeterministic finite automata with translucent letters were introduced by Nagy and Otto more than a decade ago as Cooperative Distributed systems of a kind of stateless restarting automata with window size one. These finite state machines have a surprisingly large expressive power: all commutative semi-linear languages and all rational trace languages can be accepted by them including various not context-free languages. While the nondeterministic variant defines a language class with nice closure properties, the deterministic variant is weaker, however it contains all regular languages, some non-regular context-free languages, as the Dyck language, and also some languages that are not even context-free. In all those models for each state, the letters of the alphabet could be in one of the following categories: the automaton cannot see the letter (it is translucent), there is a transition defined on the letter (maybe more than one transitions in nondeterministic case) or none of the above categories (the automaton gets stuck by seeing this letter at the given state and this computation is not accepting). State-deterministic automata are recent models, where the next state of the computation determined by the structure of the automata and it is independent of the processed letters. In this paper our aim is twofold, on the one hand, we investigate state-deterministic finite automata with translucent letters. These automata are specially restricted deterministic finite automata with translucent letters. In the other novel model we present, it is allowed that for a state the set of translucent letters and the set of letters for which transition is defined are not disjoint. One can interpret this fact that the automaton has a nondeterministic choice for each occurrence of such letters to see them (and then erase and make the transition) or not to see that occurrence at that time. Based on these semi-translucent letters, the expressive power of the automata increases, i.e., in this way a proper generalization of the previous models is obtained.Comment: In Proceedings AFL 2023, arXiv:2309.0112

Executable Rounds: a Programming Abstraction for Fault-Tolerant Protocols

Fault-tolerant distributed systems are notoriously difficult to design and implement. Although programming languages for distributed systems is an active research area, appropriate synchronization primitives for fault-tolerance and group communication remains an important challenge. We present a new programming abstraction, HSync, for implementing benign and Byzantine distributed protocols. HSync is based on communication-closed rounds. Round models offer a simple abstraction for group communication and communication-closed rounds simplify dealing with faults. Protocols are implemented in a modular way in HSync. The language separates the message reception from the process local computation. It extends classic rounds with language constructs that give to the programmer the possibility to implement network and algorithm-specific policies for message reception. We have implemented an execution platform for HSync that runs on top of commodity hardware. We evaluate experimentally its performance, by comparing consensus implementations in HSync with LibPaxos3 and Bft-SMaRt, two consensus libraries tolerant to benign, resp. Byzantine faults

Non Interference for Intuitionist Necessity

The necessity modality of intuitionist S4 is a comonad. In this paper, we study indexed necessity modalities that provide the logical foundation for a variety of applications; for example, to model possession of capabilities in policy languages for access control, and to track exceptions in type theories for exceptional computation. Noninterference properties of the intuitionist logic of indexed necessity modalities capture the limitations on the information flow between formulas that are under the scope of necessity modalities with different indices. The impact of noninterference is seen in the unprovability of certain formulas. Noninterference is necessary for several applications. In models of capabilities, noninterference facilitates distributed reasoning. In models of exceptions, noninterference is necessary to ensure that the exceptions are tracked conservatively. In this paper, we prove noninterference properties for indexed intuitionist necessity S4 modalities. To our knowledge, this is the first examination of noninterference results for the intuitionist S4 necessity modality (even without indexing)