A Modal Language for the Safety of Mobile Values

(work in progress)

ROPAS @ SNU

4/7/2006

박성우 Sungwoo ParkPOSTECH

2

Distributed Computation• Heterogeneous nodes with different local resources• Mobile term (code)

abstract datatype

local heap

3

Modal Logic• Modalities ¤ and }

– ¤ A : necessarily A– } A : possibly A

• Spatially:– ¤ A : everywhere A– } A : somewhere A

4

Modal Type Theory• Basic idea: enrich the type system with modal types

• Staged computation: temporal interpretation– box M : ¤ A

M has type A at all subsequent stages

• Spatial interpretation– box M : ¤ A

M has type A at every node, i.e., globally– dia M : } A

M has type A at some node

5

Modal Type System for Distributed Computation

• Borghuis and Fejis '00• Jia and Walker, ESOP '04

– box M : ¤ A, M = mobile term, valid at every node– dia M : } A, M = mobile term, valid at some node– uses hybrid logic

• Murphy et al, LICS '04– box M : ¤ A, M = mobile term, valid at every node– dia l : } A, l = reference to local resource

• Moody, '03– box M : ¤ A, M = mobile term, valid at every node– dia M : } A, M = mobile term, valid at some node

6

Remote Evaluation

box M : ¤ A

V : A ???

M : A

V : A

7

Remote Evaluation - Okay but not quite good

box M : ¤ ¤ A

N : A

M : ¤ A

box N : ¤ A

V : A

8

Remote Evaluation in Jia & Murphy

N : A

M : ¤ A

box N : ¤ A

V : A

9

Harsh Reality• Jia and Walker, ESOP '04

– uses hybrid logic (i.e., indices)

• Murphy et al, LICS '04– Every term is mobile!– Then what is the ¤ modality for?

10

Why This Complication?• Because they do not take into consideration

value mobility!

• Consider a term M such that:

– Term (code) mobility:Is the term M valid at a remote node?

– Value mobility:Is the value V valid at a remote node?

– These two are independent.

M : A V : A

11

¤ (int ! int), term: mobile, value: immobile

letval new_reference = ref 0val f = fn x => x + !new_reference

inf

end

• The term is valid at any node.• The result f is local, however.

12

¤ (int ! int), term: immobile, value: mobile

letval v = !some_existing_referenceval f = fn x => x + v

inf

end

• The term is local.• The result f is valid at any node, however.

13

Key Idea• box M : ¤ A

M is valid at any node.V is valid at the current node,

but we know nothing about its mobility.

• cir M : O A

M is valid at the current node,but we know nothing about its mobility.

V is valid at any node, however.

M : A V : A

M : A V : A

14

Outline• Introduction V

• Modal language ¤O with ¤ and O modalities

• Modal language with value mobility• Logic of direct evidence

15

Plan

¤ O

¤O

16

17

¤

¤ O

¤O

18

¤ for Term Mobility

19

Type System for ¤

20

O

¤ O

¤O

21

O for Value Mobility

22

Type System for O

23

Typing Rules in O

24

Reduction Rules in O

25

¤O

¤ O

¤O

26

¤O= ¤+ O

• Additional typing rule and substitution

• Special rules for primitive types– e.g., booleans, integers, …

27

Good Things about ¤O

28

Bad Things about ¤O

• Complexity– when the system is augmented with indices and

communication constructs• 30 pages of type safety proof

even without mutable references– Mechanizing type safety proof seems necessary.

• POPLMark Challenge

• Redundancy– 'really' serious problem

29

Key Observation: Redundancy• Term mobility is a special case of value mobility.

Term M is mobile? Value x:_. M is mobile?

Value box M is mobile?

Value … M … is mobile?

,

Conclusion: ditch the ¤ modality.

30

Outline• Introduction V

• Modal language ¤O with ¤ and O modalities V

• Modal language ¡} with value mobility

• Logic of direct evidence

31

Key Idea: Value Mobility Only• box M : ¡ A

V is valid at every node.I.e., ¡ = O ¼ necessity modality

• dia M : } A

V is valid at some node.I.e., } ¼ possibility modality

M : A V : A

M : A V : A

32

Plan

¡ }

¡}

33

with Call-by-value

34

¡

¡ }

¡}

35

¡

36

Type System for ¡

37

}

¡ }

¡}

38

}

39

Type System for } (1/2)

40

Type System for } (2/2)

41

Soundness of the Type System for }

42

¡} and Beyond

¡ }

¡} ¡}store

¡}store+communication

43

Application• Robotics

– communication constructs– does not use code mobility.

• Grid computing– distributed computation on the network– makes heavy use of code mobility.

44

Outline• Introduction V

• Modal language ¤O with ¤ and O modalities V

• Modal language ¡} with value mobility

• Logic of direct evidence

45

Motivation• What is the logic for ¡} under the Curry-Howard

isomorphism?– Type-theoretically, we distinguish between

values and ordinary terms.

– Logically, we distinguish between(weak) normal proofs andordinary proofs.

• So we develop a logic of normal proofs, or direct evidence.

46

47

48

49

감사합니다 .