2,041 research outputs found
Towards verification of computation orchestration
Recently, a promising programming model called Orc has been proposed to support a structured way of orchestrating distributed Web Services. Orc is intuitive because it offers concise constructors to manage concurrent communication, time-outs, priorities, failure of Web Services or communication and so forth. The semantics of Orc is precisely defined. However, there is no automatic verification tool available to verify critical properties against Orc programs. Our goal is to verify the orchestration programs (written in Orc language) which invoke web services to achieve certain goals. To investigate this problem and build useful tools, we explore in two directions. Firstly, we define a Timed Automata semantics for the Orc language, which we prove is semantically equivalent to the operational semantics of Orc. Consequently, Timed Automata models are systematically constructed from Orc programs. The practical implication is that existing tool supports for Timed Automata, e.g., Uppaal, can be used to simulate and model check Orc programs. An experimental tool has been implemented to automate this approach. Secondly, we start with encoding the operational semantics of Orc language in Constraint Logic Programming (CLP), which allows a systematic translation from Orc to CLP. Powerful constraint solvers like CLP(R) are then used to prove traditional safety properties and beyond, e.g., reachability, deadlock-freeness, lower or upper bound of a time interval, etc. Counterexamples are generated when properties are not satisfied. Furthermore, the stepwise execution traces can be automatically generated as the simulation steps. The two different approaches give an insight into the verification problem of Web Service orchestration. The Timed Automata approach has its merits in visualized simulation and efficient verification supported by the well developed tools. On the other hand, the CPL approach gives better expressiveness in both modeling and verification. The two approaches complement each other, which gives a complete solution for the simulation and verification of Computation Orchestration
A methodology for programming with concurrency: An informal presentation
AbstractIn this methodology, programming problems which can be specified by an input/output assertion pair are solved in two steps: 1.(1) Refinement of a correct program that can be implemented sequentially.2.(2) Declaration of program properties, so-called semantic relations, that allow relaxations in the sequencing of the refinement's operations (e.g., concurrency).Formal properties of refinements comprise semantics (input/output characteristics) and (sequential) execution time. Declarations of semantic relations preserve the semantics but may improve the execution time of a refinement. The consequences are: 1.(a) The concurrency in a program is deduced from its formal semantics. Semantic correctness is not based on concurrency but precedes it.2.(b) Concurrency is a property not of programs but of executions. Programs do not contain concurrent commands, only suggestions (declarations) of concurrency.3.(c) The declaration of too much concurrency is impossible. Programs do not contain primitives for synchronization or mutual exclusion.4.(d) Proofs of parallel correctness are stepwise without auxiliary variables.5.(e) Freedom from deadlock and starvation is implicit without recourse to an authority outside the program, e.g., a fair scheduler
Engineering Benchmarks for Planning: the Domains Used in the Deterministic Part of IPC-4
In a field of research about general reasoning mechanisms, it is essential to
have appropriate benchmarks. Ideally, the benchmarks should reflect possible
applications of the developed technology. In AI Planning, researchers more and
more tend to draw their testing examples from the benchmark collections used in
the International Planning Competition (IPC). In the organization of (the
deterministic part of) the fourth IPC, IPC-4, the authors therefore invested
significant effort to create a useful set of benchmarks. They come from five
different (potential) real-world applications of planning: airport ground
traffic control, oil derivative transportation in pipeline networks,
model-checking safety properties, power supply restoration, and UMTS call
setup. Adapting and preparing such an application for use as a benchmark in the
IPC involves, at the time, inevitable (often drastic) simplifications, as well
as careful choice between, and engineering of, domain encodings. For the first
time in the IPC, we used compilations to formulate complex domain features in
simple languages such as STRIPS, rather than just dropping the more interesting
problem constraints in the simpler language subsets. The article explains and
discusses the five application domains and their adaptation to form the PDDL
test suites used in IPC-4. We summarize known theoretical results on structural
properties of the domains, regarding their computational complexity and
provable properties of their topology under the h+ function (an idealized
version of the relaxed plan heuristic). We present new (empirical) results
illuminating properties such as the quality of the most wide-spread heuristic
functions (planning graph, serial planning graph, and relaxed plan), the growth
of propositional representations over instance size, and the number of actions
available to achieve each fact; we discuss these data in conjunction with the
best results achieved by the different kinds of planners participating in
IPC-4
A semantics comparison workbench for a concurrent, asynchronous, distributed programming language
A number of high-level languages and libraries have been proposed that offer
novel and simple to use abstractions for concurrent, asynchronous, and
distributed programming. The execution models that realise them, however, often
change over time---whether to improve performance, or to extend them to new
language features---potentially affecting behavioural and safety properties of
existing programs. This is exemplified by SCOOP, a message-passing approach to
concurrent object-oriented programming that has seen multiple changes proposed
and implemented, with demonstrable consequences for an idiomatic usage of its
core abstraction. We propose a semantics comparison workbench for SCOOP with
fully and semi-automatic tools for analysing and comparing the state spaces of
programs with respect to different execution models or semantics. We
demonstrate its use in checking the consistency of properties across semantics
by applying it to a set of representative programs, and highlighting a
deadlock-related discrepancy between the principal execution models of SCOOP.
Furthermore, we demonstrate the extensibility of the workbench by generalising
the formalisation of an execution model to support recently proposed extensions
for distributed programming. Our workbench is based on a modular and
parameterisable graph transformation semantics implemented in the GROOVE tool.
We discuss how graph transformations are leveraged to atomically model
intricate language abstractions, how the visual yet algebraic nature of the
model can be used to ascertain soundness, and highlight how the approach could
be applied to similar languages.Comment: Accepted by Formal Aspects of Computin
EOS: A project to investigate the design and construction of real-time distributed embedded operating systems
The EOS project is investigating the design and construction of a family of real-time distributed embedded operating systems for reliable, distributed aerospace applications. Using the real-time programming techniques developed in co-operation with NASA in earlier research, the project staff is building a kernel for a multiple processor networked system. The first six months of the grant included a study of scheduling in an object-oriented system, the design philosophy of the kernel, and the architectural overview of the operating system. In this report, the operating system and kernel concepts are described. An environment for the experiments has been built and several of the key concepts of the system have been prototyped. The kernel and operating system is intended to support future experimental studies in multiprocessing, load-balancing, routing, software fault-tolerance, distributed data base design, and real-time processing
Reliable Actors with Retry Orchestration
Enterprise cloud developers have to build applications that are resilient to
failures and interruptions. We advocate for, formalize, implement, and evaluate
a simple, albeit effective, fault-tolerant programming model for the cloud
based on actors, reliable message delivery, and retry orchestration. Our model
guarantees that (1) failed actor invocations are retried until success, (2) in
a distributed chain of invocations only the last one may be retried, (3)
pending synchronous invocations with a failed caller are automatically
cancelled. These guarantees make it possible to productively develop
fault-tolerant distributed applications ranging from classic problems of
concurrency theory to complex enterprise applications. Built as a service mesh,
our runtime system can interface application components written in any
programming language and scale with the application. We measure overhead
relative to reliable message queues. Using an application inspired by a typical
enterprise scenario, we assess fault tolerance and the impact of fault recovery
on application performance.Comment: 14 pages, 6 figure
Life of occam-Pi
This paper considers some questions prompted by a brief review of the history of computing. Why is programming so hard? Why is concurrency considered an “advanced” subject? What’s the matter with Objects? Where did all the Maths go? In searching for answers, the paper looks at some concerns over fundamental ideas within object orientation (as represented by modern programming languages), before focussing on the concurrency model of communicating processes and its particular expression in the occam family of languages. In that focus, it looks at the history of occam, its underlying philosophy (Ockham’s Razor), its semantic foundation on Hoare’s CSP, its principles of process oriented design and its development over almost three decades into occam-? (which blends in the concurrency dynamics of Milner’s ?-calculus). Also presented will be an urgent need for rationalisation – occam-? is an experiment that has demonstrated significant results, but now needs time to be spent on careful review and implementing the conclusions of that review. Finally, the future is considered. In particular, is there a future
- …