1 / 36

Formalising Java RMI with Explicit Code Mobility

Formalising Java RMI with Explicit Code Mobility. Alexander Ahern Nobuko Yoshida Department of Computing Imperial College London. Motivation. Distribution is important to modern object-oriented programming Yet, existing formalisms are insufficient: Single location

tasya
Télécharger la présentation

Formalising Java RMI with Explicit Code Mobility

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Formalising Java RMI with Explicit Code Mobility Alexander Ahern Nobuko Yoshida Department of Computing Imperial College London

  2. Motivation • Distribution is important to modern object-oriented programming • Yet, existing formalisms are insufficient: • Single location • No modelling of distributed runtime

  3. DJ – Distributed Java • First formalisation of Java RMI • New primitives for type-safe code mobility • A novel proof technique for type safety of distributed programs • Proof of correctness of several RMI optimisations

  4. x and y are dead from the client’s point of view Call Aggregation [Bogle & Liskov 1994, Yeung & Kelly 2003] int m1(RemoteObject r, int a) { int x = r.f(a); int y = r.g(a, x); int z = r.h(a, y); return z; } Client Server

  5. Call Aggregation [Bogle & Liskov 1994, Yeung & Kelly 2003] // Client int m1(RemoteObject r, int a) { (unit -> int) t = freeze() { int x = r.f(a); int y = r.g(a, x); int z = r.h(a, y); return z; }; return r.run(t); } // Server int run((unit -> int) x) { returndefrost(x); } Client Server

  6. DJ – Model DJ = Java + distribution + new primitives and types Creates a closure e ::= freeze(T x) { e } | defrost(e, e) | … T ::= T -> T | … Evaluates a closure A new arrow type for closures

  7. Runtime Syntax • We require lots of syntax Don’t worry! You don’t need to remember this!

  8. Networks Networks consist of zero or more JVMs executing in parallel JVM JVM Virtual machines communicate by Remote Method Invocations Each machine keeps a table of classes, and has a private memory JVM JVM

  9. Remote Method Invocation • Nature of parameters affects the nature of remote calls • If a parameter is not a subtype of java.rmi.Remote, then it is passed by value • For object parameters, this requires object serialisation • This is the conversion of structured data into an array of bytes suitable for network transfer • We model all of these features in DJ

  10. 0 1 0 1 1 1 0 0 Remote Method Invocation Bytes are transferred to the server Deserialise bytes into structured form Serialise actual parameters Network Evaluate local method call Deserialisation can trigger class downloading Bytes transferred to the client Network Serialise return value Return value deserialised, returned to caller

  11. Our model of RMI • We model serialisation • Method call = message passing Time Network Boundary

  12. Code Mobility Primitives - Freezing Fresh names for the identifiers appearing free in this closure Parameter Classes The name (IP address) of the location that created this closure Environment (variables/objects) the closure depends upon Code

  13. Code Mobility Primitives - Defrosting • Formal parameter x is replaced with actual parameter v • Much like calling a method

  14. Runtime relationships Serialisation / Deserialisation RMI Freeze In DJ, code mobility is a generalisation of serialisation Defrost Instantiation (new C) Class downloading

  15. Network Invariants and Typing • Network invariants ensure type safe code mobility • Model features that are hard to capture by typing rules alone

  16. Invariants – Properties • A property Ψ is a subset of the set of all networks • A network invariant is just a special kind of property • It has some initial conditions, Ψ0 • It is reduction closed Ψ All networks Ψ0

  17. Invariants (Class Availability) • We have lots (17)

  18. Invariants (Locality) • We have lots (17)

  19. Invariants (Channel Linearity) • We have lots (17)

  20. Invariants (Closures and Locks) • We have lots (17)

  21. Invariants – Examples • new C always succeeds • All super-classes of C are present in local class table • Fields are never accessed remotely • Java RMI is implemented as a proxy pattern

  22. Theorem (Subject Reduction) Corollary (Network Invariant) Theorem (Progress, locality and linearity) Properties of the typing system

  23. Correctness of Optimisations Lightweight transformation rules Non-interference property Semantics preserving optimisation

  24. Transformation Rules We can inline this, modulo some details Return point for a method call Uncomputed expression to return

  25. N * N1 N2 * N’ Non-Interference [Reynolds 1978] Definition (Non-interference)

  26. Lemma (Contextual Equivalence) Semantic Preservation Optimised code N N’ Context N’ N

  27. Properties of Transformation Theorem • . Type preservation By previous Lemma and this Theorem

  28. int m1(RemoteObject r, int a) { int x = r.f(a); int y = r.g(a, x); int z = r.h(a, y); return z; } Original Code // Client int m1(RemoteObject r, int a) { (unit -> int) t = freeze() { int x = r.f(a); int y = r.g(a, x); int z = r.h(a, y); return z; }; return r.run(t); } Optimised Code By Theorem

  29. Conclusion • DJ: first formalisation of Java RMI • Introduction of first class functions to Java • May appear in C# 3.0 • New proof method for type safety of distributed programs using network invariants • New method for showing the correctness of optimisations for distributed programs using semantics-preserving transformations

  30. Conclusion – Future Work • http://dj-project.sourceforge.net/ • Full version of this work • Prototype implementation of DJ using Polyglot Compiler Framework (Cornell University) • Prove correctness of translation from DJ to Java • Code generation • Cost modelling • Types for access control and security

  31. Related Work • Class loading • Liang & Bracha (1998) • Drossopoulou & Eisenbach (2002) • Krintz et al (1999) • Distributed Objects • Obliq • Emerald • Staged and meta-programming • MetaML • Jumbo • Meta-AspectJ

  32. Observational Congruence • Reduction closed • Respects an observational predicate We choose to observe remote method return:

  33. Our model of RMI Client makes a remote call Now, deserialise parameter for call Make local call Therefore, serialise parameter, call it v’ Time Network Boundary Deserialise and return to caller Serialise the return value, call it r’

  34. N * N1 N N2 * N’ * N1 ≡ N2 Non-Interference Definition (Non-interference)

More Related