While developing the software of a browser-operated educational CD-ROM, we had to face a number of problems. This paper presents these problems and the solutions we found. Amusingly, most of our solutions rely on continuations. Are browsers and multimedia the future of continuations?

Research about networks and agents has identied the need for a layer that provides a uniform protocol to communicate with xed and mobile agents. In order to preserve the compatibility with existing infrastructures, proposed solutions have involved a \home agent", which forwards messages to a mobile entity. The mechanism of a home agent puts a burden on the infrastructure, which may hamper the scalability of the approach, in particular, in massively distributed systems, such as the amorphous computer or the ubiquitous/pervasive computing environment. Free from any compatibility constraint, we have designed an algorithm to route messages to mobile agents that does not require any xed location. The algorithm has two dierent facets: a distributed directory service that maintains distributed information about the location of a mobile agent, and a message router that uses the directory service to deliver messages to a mobile agent. Two properties of the algorithm were establi...

Preventing abusive resource consumption is indispensable for all kinds of systems that execute untrusted mobile code, such as mobile object systems, extensible web servers, and web browsers. To implement the required defense mechanisms, some support for resource control must be available: accounting and limiting the usage of physical resources like CPU and memory, and of logical resources like threads. Java is the predominant implementation language for the kind of systems envisaged here, even though resource control is a missing feature on standard Java platforms. This paper describes the model and implementation mechanisms underlying the new resource-aware version of the J-SEAL2 mobile object kernel. Our fundamental objective is to achieve complete portability, and our approach is therefore based on Java bytecode transformations. Whereas resource control may be targeted towards the provision of quality of service or of usage-based billing, the focus of this paper is on security, and more specifically on prevention of denial-of-service attacks originating from hostile or poorly implemented mobile code. Keywords Bytecode rewriting, Java, micro-kernels, mobile object systems, resource control, security 1.

We present a new distributed garbage collection algorithm that is able to reorganise diffusion trees and to support mobile objects. It has a modular design comprising three components: a reliable transport mechanism, a referencecounting based distributed garbage collector for non-mobile objects, and an extra layer that provides mobility. The algorithm is formalised by an abstract machine and is proved to be correct. The safety property ensures that an object may not be reclaimed as long as it is referred to locally or remotely. The liveness property guarantees that unreachable objects will eventually be reclaimed. The mobility property certifies that messages are always forwarded towards more recent mobile object positions. 1 Introduction Distributed object systems provide programmers with the capability to refer to remote objects and to activate remote computations (generally called remote method invocation) [27, 28]. In this context, distributed garbage collection is a valuable tec...

Competition and collaboration among agents in a multi-agent system extends to consumption of computational resources. Management of resource sharing is critical to the performance of multi-agent computations. We describe CyberOrgs, a hierarchical model for resource sharing between and within multi-agent computations executing over a network of computers. We introduce programming abstractions derived from the model through a prototype implementation of CyberOrgs as an Actor program. 1

The Java RMI collector is arguably the most widely used distributed garbage collector. Its distributed reference listing algorithm was introduced by Birrell in the context of Network Objects, where the description was informal and heavily biased toward implementation. In this paper, we formalise this algorithm in an implementation-independent manner, which allows us to clarify weaknesses of the initial presentation. In particular, we discover cases critical to the correctness of the algorithm that are not accounted for by Birrell. We use our formalisation to derive an invariant-based proof of correctness of the algorithm that avoids notoriously difficult temporal reasoning. Furthermore, we offer a novel graphical representation of the state transition diagram, which we use to provide intuitive explanations of the algorithm and to investigate its tolerance to faults in a systematic manner. Finally, we examine how the algorithm may be optimised, either by placing constraints on message channels or by tightening the coupling between application program and distributed garbage collector.

versatile multi-agent framework designed for Distributed Information Management tasks. SoFAR embraces the notion of proactivity as the opportunistic reuse of the services provided by other agents, and provides the means to enable agents to locate suitable service providers. The contribution of SoFAR is to combine ideas from the distributed computing community with the performative-based communications used in other agent systems: communications in SoFAR are based on the startpoint/endpoint paradigm, a powerful abstraction that can be mapped onto multiple communication layers. SoFAR also adopts an XML-based declarative approach for specifying ontologies and agents, providing a clear separation with their implementation. We explain the rationale behind our design decisions; we describe two distributed information management applications and we recount their design and operations. 1

Abstract. Scalable coordination is a key challenge in deploying massively multiagent systems. Resource usage is one part of agent behavior which naturally lends itself to abstraction. CyberOrgs is a model for hierarchical coordination of resource usage by multi-agent applications in a network of peer-owned resources. Programming constructs based on CyberOrgs allow resource trade and control reification while maintaining a separation between functional and resource concerns. An operational semantics of CyberOrgs is presented. Expressive power of programming constructs based on CyberOrgs is illustrated with examples. Hierarchical control presents challenges in scalability. However, some types of resource coordination are amenable to efficient implementation using CyberOrgs. Hierarchical control of processor time, for instance, can be implemented scalably by efficiently flattening the hierarchical schedule on the fly. Experimental results demonstrate scalability of the technique. Generalizations of this solution for hierarchical control of processor, network and other computational resources in a distributed system are discussed. 1

Abstract. Safe programming languages offer safety and security features making them attractive for developing extensible environments on a wide variety of platforms, ranging from large servers all the way down to hand-held devices.Extensible environments facilitate dynamic hosting of a variety of potentially untrusted codes.This requires mechanisms to guarantee isolation among hosted applications and to control their usage of resources.While most safe languages provide certain isolation properties, typically resource management is difficult with the current standard APIs and existing virtual machines. This one-day workshop brought together practitioners and researchers working on various approaches to these problems to share ideas and experience. 1 Workshop Overview The workshop consisted of four 90-minute sessions. In the first one Doug Lea from State University of New York in Oswego delivered an invited talk on the Application Isolation API proposed as an extension to the Java TM programming language [1]. Presentations of accepted position papers were given in the next two sessions. Each author had 7 minutes to present the main idea of his/her work. After all of the authors in a given session finished, the presentations were discussed- this include the time for questions about specific presentations as well as general remarks and brain-storming. The last session was a panel discussion, during which the workshop attendants listed a list of open or “really difficult ” issues in the discussed domain. The total of nine presentations were accepted for the workshop, and each of them was presented. About 25 people attended the workshop, the majority from Europe, with a few attendees from the US. Most of the participants were from the academia. 2 Position Paper Summaries All the papers accepted and presented are available from

Abstract. Safe programming languages offer safety and security features making them attractive for developing extensible environments on a wide variety of platforms, ranging from large servers all the way down to hand-held devices.Extensible environments facilitate dynamic hosting of a variety of potentially untrusted codes.This requires mechanisms to guarantee isolation among hosted applications and to control their usage of resources.While most safe languages provide certain isolation properties, typically resource management is difficult with the current standard APIs and existing virtual machines. This one-day workshop brought together practitioners and researchers working on various approaches to these problems to share ideas and experience. 1 Workshop Overview The workshop consisted of four 90-minute sessions. In the first one Doug Lea from State University of New York in Oswego delivered an invited talk on the Application Isolation API proposed as an extension to the Java TM programming language [1]. Presentations of accepted position papers were given in the next two sessions. Each author had 7 minutes to present the main idea of his/her work. After all of the authors in a given session finished, the presentations were discussed- this include the time for questions about specific presentations as well as general remarks and brain-storming. The last session was a panel discussion, during which the workshop attendants listed a list of open or “really difficult ” issues in the discussed domain. The total of nine presentations were accepted for the workshop, and each of them was presented. About 25 people attended the workshop, the majority from Europe, with a few attendees from the US. Most of the participants were from the academia. 2 Position Paper Summaries All the papers accepted and presented are available from