Title: Modal Proofs as Distributed Programs
1Modal Proofs as Distributed Programs
- Limin Jia Princeton University
- Joint work with David Walker
2Distributed computing is pervasive
- Todays computing environments distribute data
across networks of all shapes and sizes. - Software applications
- Peer-to-peer file sharing (Kazaa).
- Mobile code (Java applets).
3Distributed computing is hard
- Distributed environment is complicated
- Data resides on different nodes
- Nodes have different interfaces
- Computational agents migrate from one node to
another - Failures
4Contribution
- Developed a modal logic for reasoning about
networks. - Derived a type system for a distributed
programming language. - Program doesnt go wrong
5Outline
- Motivation
- Modal logic for reasoning about networks
- Logic inference rules
- Modal operators (necessity, possibility)
- Lambda RPC
- Syntax
- Simple examples
- Related work
6Modal logic
- ? F at p (where a formula is true
- as well as whether it is
true) - Eg ? printer at B (There is a printer at B).
-
- p ? P (set of abstract places)
7Formulas
- Formulas
- F A T F1 ? F2 F1 ? F2
- F _at_ p
- Reasoning locally within a node
- ( A , T , F1 ? F2 , F1 ? F2 )
- Reasoning across nodes
- ( F _at_ p )
- Eg printer_at_B
-
8Judgment
- Logical contexts
- D . D , F at p
- Hypothetical judgments
- D ? P F at p
9Local reasoning
10Local reasoning
11Sample reasoning (I)
? printer at B, pdf at B, printer
? pdf ? printOut at B
? ? printer ? pdf at B ? ? printOut at B
? printer at B, pdf at C,
printer ? pdf ? printOut at B
12Interplace reasoning
F_at_p
13Sample reasoning (II)
? printer at B, printer ? pdf ? printOut
at B, pdf at A, pdf ? pdf _at_ B at A
? ? pdf _at_ B at A ? ? pdf at B ? ? printOut at B
14Outline
- Motivation
- Modal logic for reasoning about networks
- Logic inference rules
- Modal operators (necessity, possibility)
- Lambda RPC
- Syntax
- Simple examples
- Related work
15Global reasoning
- Some facts are true everywhere
- Eg ls command is available on every node.
- A modal formula expresses facts true everywhere
- ? P F everywhere
- ?F (modal necessity)
- ?F (F is true somewhere, modal possibility)
16Syntax (cont.)
- Formulas
- F ?F ?F
- Logical contexts
- D . D , F at p
- G . G, F
- Hypothetical judgments
- G D ?P F at p
17Hypothetical judgments
G
G, F D ? P F at p
L
G D , F at p ? P F at p
18Modal operator rules (I)
q ? FP(G) ? FP(D) ? FP(F)
? I
G D ? P ?F at p
G D ? P ?F at p
G , F D ? P F at p
G D ? P F at p
19Modal operator rules (II)
G D ? P F at p
? I
G D ? P ?F at p
G D , F at q ? Pq F at p
q ? FP(F) ? FP(p)
G D ? P F at p
20Sample reasoning (III)
? printer at B, printer ? pdf ? printOut
at B, ?(pdf ? pdf _at_ B) at B, pdf at
C
- ? ? printOut at B
21Properties of the logic
- Simple properties
- Local soundness and completeness
- Substitution lemma
- Natural deduction corresponds to sequent calculus
- Soundness
- Completeness
- sequent calculus
- Cut-elimination
22Outline
- Motivation
- Modal logic for reasoning about networks
- Logic inference rules
- Modal operators (necessity, possibility)
- Lambda RPC
- Syntax
- Simple examples
- Related work
23?RPC overview
- Programming language for distributed computing
- Logic ? type system
- F at p ? t at p
- When e is evaluated at place p it will produce a
value of type t
24Computational model
- Computation occurs on network N
- N (P,L)
- L - L, l ? e at p (set of processes)
25?RPC syntax
- t b T t t t ? t
- t _at_ p return values for a remote procedure
call - ?t broadcast
- ?t non-broadcast portable values
- ?t agents
-
26?RPC syntax
- e
- c x () const/var/T
- (e1, e2) fst e snd e pairs (?)
- lx.e e1e2 functions (?)
- ret(e, p) rpc(e, p) remote procedure call
(t _at_ p). -
27RPC
28Simple example (I)
? file pdf at A, AtoB pdf ? pdf
_at_ B at A, hp_B prn at B,
print pdf ? prn ? printOut at B
? ? print(rpc (AtoB file, A), hp_B )
printOut at B
29Broadcast
- e close(?p.e) bc e1 at p2 as x in e2
broadcast (?t)
30Broadcast
- e close(?p.e) bc e1 at p as x in e2
broadcast (?t)
(bc at p2 as x in e2) l2 ? ep1 /p
close(?p.e) l2 ? ep2/p
p1
p2
31Broadcast
- e close(?p.e) bc e1 at p as x in e2
broadcast (?t)
e2 l2 / x l2 ? ep1 /p
close(?p.e) l2 ? ep2 /p
p1
p2
32Portable values (pull)
- e port(?p.e) pull e1 at p2 as x in e2
pull (?t)
33Portable values (pull)
- e port(?p.e) pull e1 at p as x in e2
pull (?t)
e2 ?p.e /x
port(?p.e)
p1
p2
34Example program
- let delete
- ?k ? key.
- let del
- pull k at server as k' in
- close ?p.deleteDb k'
- in bc del at server as _ in ()
- end
- in .
35Properties of the language
- Formalized the operational semantics
- Safety (progress preservation)
- Resources cannot be used at a wrong place
- Other features
- Recursive functions
- References
- Universal quantifiers
36Related work
- Hybrid logic Prior 1967
- Classical
- Ambient calculus (logic) Cardelli, Gordon
- Logic for reasoning about evolution of
distributed systems - Logic uses calculus as a model
- Other interpretations of modal logic
- Staged computation Pfenning, Davies 2001
- Trustless grid computing in Concert project
- Moody 2003
37Conclusion
- Developed a modal logic
- F _at_ p, ?F, ?F
- Developed a programming language and type system
- Well-typed programs dont try to access resources
at the wrong place - http//www.cs.princeton.edu/ljia/research/papers/
esop04.pdf
38Thanks
39?RPC syntax
- e
- c x sync(x) run(x, p)
() const/var/T - (e1, e2) fst e snd e pairs (?)
- lx.e e1e2 functions (?)
- ret(e, p) rpc(e, p) rpc (_at_)
- close(?p.e) bc e1 at p as x in e2
broadcast (?) - port(?p.e) pull e1 at p as x in e2
portable (?) - agente, p go e1 at p return x,p in e2
agent(?) - v c lx.e (v1, v2) ret(e, p)
close(?p.e) - port(?p.e) agente, p