Results 1 - 10
of
187
KLAIM: a Kernel Language for Agents Interaction and Mobility
- IEEE Transactions on Software Engineering
, 1997
"... We investigate the issue of designing a kernel programming language for Mobile Computing and describe Klaim, a language that supports a programming paradigm where processes, like data, can be moved from one computing environment to another. The language consists of a core Linda with multiple tuple s ..."
Abstract
-
Cited by 258 (62 self)
- Add to MetaCart
We investigate the issue of designing a kernel programming language for Mobile Computing and describe Klaim, a language that supports a programming paradigm where processes, like data, can be moved from one computing environment to another. The language consists of a core Linda with multiple tuple spaces and of a set of operators for building processes. Klaim naturally supports programming with explicit localities. Localities are first-class data (they can be manipulated like any other data), but the language provides coordination mechanisms to control the interaction protocols among located processes. The formal operational semantics is useful for discussing the design of the language and provides guidelines for implementations. Klaim is equipped with a type system that statically checks access rights violations of mobile agents. Types are used to describe the intentions (read, write, execute, etc.) of processes in relation to the various localities. The type system is used...
Resource Access Control in Systems of Mobile Agents
- Information and Computation
, 1998
"... INTRODUCTION Mobile computation, where independent agents roam widely distributed networks in search of resources and information, is fast becoming a reality. A number of programming languages, APIs and protocols have recently emerged which seek to provide high-level support for mobile agents. These ..."
Abstract
-
Cited by 212 (18 self)
- Add to MetaCart
(Show Context)
INTRODUCTION Mobile computation, where independent agents roam widely distributed networks in search of resources and information, is fast becoming a reality. A number of programming languages, APIs and protocols have recently emerged which seek to provide high-level support for mobile agents. These include Java [30], Odyssey [15], Aglets [19], Voyager [24] and the latest revisions of the Internet protocol [25, 2]. In addition to these commercial efforts, many prototype languages have been developed and implemented within the programming language research community --- examples include Linda [8, 9], Facile [16], Obliq [7], Infospheres [11], the join calculus [13], and Nomadic Pict [33]. In this paper we address the issue of resource access control for such languages. Central to the paradigm of mobile computation are the notions of agent, resource and location. Agents are effective entities that perform computation and interact with other First publis
detecting the unexpected in distributed systems
- In NSDI’06: Proceedings of the 3rd conference on 3rd Symposium on Networked Systems Design & Implementation
"... Bugs in distributed systems are often hard to find. Many bugs reflect discrepancies between a system’s behavior and the programmer’s assumptions about that behavior. We present Pip 1, an infrastructure for comparing actual behavior and expected behavior to expose structural errors and performance pr ..."
Abstract
-
Cited by 141 (7 self)
- Add to MetaCart
(Show Context)
Bugs in distributed systems are often hard to find. Many bugs reflect discrepancies between a system’s behavior and the programmer’s assumptions about that behavior. We present Pip 1, an infrastructure for comparing actual behavior and expected behavior to expose structural errors and performance problems in distributed systems. Pip allows programmers to express, in a declarative language, expectations about the system’s communications structure, timing, and resource consumption. Pip includes system instrumentation and annotation tools to log actual system behavior, and visualization and query tools for exploring expected and unexpected behavior 2. Pip allows a developer to quickly understand and debug both familiar and unfamiliar systems. We applied Pip to several applications, including FAB, SplitStream, Bullet, and RanSub. We generated most of the instrumentation for all four applications automatically. We found the needed expectations easy to write, starting in each case with automatically generated expectations. Pip found unexpected behavior in each application, and helped to isolate the causes of poor performance and incorrect behavior. 1
The Polymorphic Pi-calculus: Theory and Implementation
, 1995
"... We investigate whether the π-calculus is able to serve as a good foundation for the design and implementation of a strongly-typed concurrent programming language. The first half of the dissertation examines whether the π-calculus supports a simple type system which is flexible enough to provide a su ..."
Abstract
-
Cited by 109 (0 self)
- Add to MetaCart
We investigate whether the π-calculus is able to serve as a good foundation for the design and implementation of a strongly-typed concurrent programming language. The first half of the dissertation examines whether the π-calculus supports a simple type system which is flexible enough to provide a suitable foundation for the type system of a concurrent programming language. The second half of the dissertation considers how to implement the π-calculus efficiently, starting with an abstract machine for π-calculus and finally presenting a compilation of π-calculus to C. We start the dissertation by presenting a simple, structural type system for π-calculus, and then, after proving the soundness of our type system, show how to infer principal types for π-terms. This simple type system can be extended to include useful type-theoretic constructions such as recursive types and higherorder polymorphism. Higher-order polymorphism is important, since it gives us the ability to implement abstract datatypes in a type-safe manner, thereby providing a greater degree of modularity for π-calculus programs. The functional computational paradigm plays an important part in many programming languages. It is well-known that the π-calculus can encode functional computation. We go further and show that the type structure of λ-terms is preserved by such encodings, in the sense that we can relate the type of a λ-term to the type of its encoding in the π-calculus. This means that a π-calculus programming language can genuinely support typed functional programming as a special case. An efficient implementation of π-calculus is necessary if we wish to consider π-calculus as an operational foundation for concurrent programming. We first give a simple abstract machine for π-calculus and prove it correct. We then show how this abstract machine inspires a simple, but efficient, compilation of π-calculus to C (which now forms the basis of the Pict programming language implementation).
A Uniform Type Structure for Secure Information Flow
, 2002
"... The \pi-calculus is a formalism of computing in which we can compositionally represent dynamics of major programming constructs by decomposing them into a single communication primitive, the name passing. This work reports our experience in using a linear/affine typed \pi-calculus for the analysis a ..."
Abstract
-
Cited by 93 (14 self)
- Add to MetaCart
The \pi-calculus is a formalism of computing in which we can compositionally represent dynamics of major programming constructs by decomposing them into a single communication primitive, the name passing. This work reports our experience in using a linear/affine typed \pi-calculus for the analysis and development of type systems of programming languages, focussing on secure information flow analysis. After presenting a basic typed calculus for secrecy, we demonstrate its usage by a sound embedding of the dependency core calculus (DCC) and by the development of a novel type discipline for imperative programs which extends both a secure multi-threaded imperative language by Smith and Volpano and (a call-by-value version of) DCC. In each case, the embedding gives a simple proof of noninterference.
Models of Sharing Graphs: A Categorical Semantics of let and letrec
, 1997
"... To my parents A general abstract theory for computation involving shared resources is presented. We develop the models of sharing graphs, also known as term graphs, in terms of both syntax and semantics. According to the complexity of the permitted form of sharing, we consider four situations of sha ..."
Abstract
-
Cited by 76 (9 self)
- Add to MetaCart
(Show Context)
To my parents A general abstract theory for computation involving shared resources is presented. We develop the models of sharing graphs, also known as term graphs, in terms of both syntax and semantics. According to the complexity of the permitted form of sharing, we consider four situations of sharing graphs. The simplest is first-order acyclic sharing graphs represented by let-syntax, and others are extensions with higher-order constructs (lambda calculi) and/or cyclic sharing (recursive letrec binding). For each of four settings, we provide the equational theory for representing the sharing graphs, and identify the class of categorical models which are shown to be sound and complete for the theory. The emphasis is put on the algebraic nature of sharing graphs, which leads us to the semantic account of them. We describe the models in terms of the notions of symmetric monoidal categories and functors, additionally with symmetric monoidal adjunctions and traced
Trust and Partial Typing in Open Systems of Mobile Agents
, 1998
"... . We present a partially-typed semantics for Dp, a distributed p-calculus. The semantics is designed for mobile agents in open distributed systems in which some sites may harbor malicious intentions. Nonetheless, the semantics guarantees traditional type-safety properties at good locations by using ..."
Abstract
-
Cited by 74 (10 self)
- Add to MetaCart
(Show Context)
. We present a partially-typed semantics for Dp, a distributed p-calculus. The semantics is designed for mobile agents in open distributed systems in which some sites may harbor malicious intentions. Nonetheless, the semantics guarantees traditional type-safety properties at good locations by using a mixture of static and dynamic type-checking. We show how the semantics can be extended to allow trust between sites, improving performance and expressiveness without compromising type-safety. 1 Introduction In [12] we presented a type system for controlling the use of resources in a distributed system, or network. The type system guarantees two properties: resource access is always safe, e.g. integer resources are always accessed with integers and string resources are always accessed with strings, and resource access is always authorized, i.e. resources may only be accessed by agents that have been granted permission to do so. While these properties are desirable, they are properti...
Proof Techniques for Cryptographic Processes
- in 14th Annual IEEE Symposium on Logic in Computer Science
, 1999
"... Contextual equivalences for cryptographic process calculi, like the spi-calculus, can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, namely may-testing and barbed equivalence, and ..."
Abstract
-
Cited by 70 (8 self)
- Add to MetaCart
(Show Context)
Contextual equivalences for cryptographic process calculi, like the spi-calculus, can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, namely may-testing and barbed equivalence, and investigate tractable proof methods for them. To this aim, we design an enriched labelled transition system, where transitions are constrained by the knowledge the environment has of names and keys. The new transition system is then used to define a trace equivalence and a weak bisimulation equivalence, that avoid quantification over contexts. Our main results are soundness and completeness of trace and weak bisimulation equivalence with respect to may-testing and barbed equivalence, respectively. They lead to more direct proof methods for equivalence checking. The use of these methods is illustrated with a few examples, concerning implementation of secure channels and verification of proto...
Types and subtypes for client-server interactions
- Proceedings of the 1999 European Symposium on Programming, number 1576 in Lecture Notes in Computer Science
, 1999
"... Abstract. We define an extension of the π-calculus with a static type system which supports high-level specifications of extended patterns of communication, such as client-server protocols. Subtyping allows protocol specifications to be extended in order to describe richer behaviour; an implemented ..."
Abstract
-
Cited by 61 (6 self)
- Add to MetaCart
(Show Context)
Abstract. We define an extension of the π-calculus with a static type system which supports high-level specifications of extended patterns of communication, such as client-server protocols. Subtyping allows protocol specifications to be extended in order to describe richer behaviour; an implemented server can then be replaced by a refined implementation, without invalidating type-correctness of the overall system. We use the POP3 protocol as a concrete example of this technique. 1
A new type system for deadlock-free processes
- In CONCUR’06, volume 4137 of LNCS
, 2006
"... Abstract. We extend a previous type system for the π-calculus that guarantees deadlock-freedom. The previous type systems for deadlockfreedom either lacked a reasonable type inference algorithm or were not strong enough to ensure deadlock-freedom of processes using recursion. Although the extension ..."
Abstract
-
Cited by 60 (4 self)
- Add to MetaCart
(Show Context)
Abstract. We extend a previous type system for the π-calculus that guarantees deadlock-freedom. The previous type systems for deadlockfreedom either lacked a reasonable type inference algorithm or were not strong enough to ensure deadlock-freedom of processes using recursion. Although the extension is fairly simple, the new type system admits type inference and is much more expressive than the previous type systems that admit type inference. In fact, we show that the simply-typed λcalculus with recursion can be encoded into the deadlock-free fragment of our typed π-calculus. To enable analysis of realistic programs, we also present an extension of the type system to handle recursive data structures like lists. Both extensions have already been incorporated into the recent release of TyPiCal, a type-based analyzer for the π-calculus. 1