mobile unity: reasoning about physical and logical mobility gruia-catalin roman august 2002
Post on 19-Dec-2015
225 views
TRANSCRIPT
![Page 1: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/1.jpg)
Mobile UNITY: Reasoning about Physical and Logical Mobility
Gruia-Catalin Roman
August 2002
![Page 2: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/2.jpg)
2
Presentation Overview
1. Mobile Computing
2. Reasoning about Motion and Space
3. Coordination in the Presence of Mobility
4. Formal Derivation
5. Applications of Mobile UNITY
![Page 3: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/3.jpg)
3
Mobile Computing
Technological and social trends Research opportunities Perspectives on mobility Research directions
1
![Page 4: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/4.jpg)
4
Introduction
Software Engineering is a discipline that studies• Software artifacts
• Processes as (approximate) guarantors of quality
• People as (imperfect) producers of software Mobile Computing entails the study of systems in which
computational components may change location Mobile Computing Laboratory (MobiLab) is committed to the
development of formal models, algorithms, middleware, and applications for mobile computing• Context aware computing
• High mobility environments (e.g., highways)
![Page 5: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/5.jpg)
5
Mobile Computing Laboratory
Formal models of mobility (Mobile UNITY) Algorithms and protocols for mobile computing
– Nomadic computing (guaranteed message delivery)
– Ad hoc networks (group membership, termination)
Middleware for mobile computing (LIME) Mobile applications
– Highway environment
– Outdoor games
– Indoor collaborations
![Page 6: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/6.jpg)
6
Advent of Mobility
Societal pressures• Computing and communication melting into the fabric of society
Technological advances• Wireless communication
– Nomadic systems
– Ad hoc mobile systems
• Miniaturization
• Advances in sensor technology Software engineering
• Ubiquitous connectivity (global or localized)
• Service discovery and provision
• Context aware computing
• Mobile code
![Page 7: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/7.jpg)
7
Physical Mobility
Fixed network Nomadic computing Ad hoc computing
![Page 8: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/8.jpg)
8
Research Issues and Trends
New design constraints• Frequent disconnection
• Unpredictable movement
• Asymmetric bandwidth
• Limited resources Interesting opportunities
• Spatial knowledge
• Movement profile Increased demands
• Reasoning about behavior
• Connectivity maintenance
• Adaptation
![Page 9: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/9.jpg)
9
Logical Mobility
Code on demand Remote evaluation Mobile agents
![Page 10: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/10.jpg)
10
Research Issues and Trends
Code on demand is made popular by Java Mobile code languages (e.g., Obliq, Facile, Telescript) are
losing ground Mobile agent systems (e.g., D’Agents) are an emerging new
technology Middleware is growing in practical importance
![Page 11: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/11.jpg)
11
Emerging Mobility Paradigms
Continued access to remote resources Delegation to mobile agents Disconnected operation Ad hoc grouping of people and devices Mass mobility Wide open systems
![Page 12: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/12.jpg)
12
A Special Challenge: Ad Hoc Networks
No fixed network infrastructure Frequent disconnections Transient interactions Decoupled computing Open environment Physical and logical mobility Limited guarantees
![Page 13: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/13.jpg)
13
Sample Applications
Highway information management Disaster response Military applications Contamination zone exploration Wireless anywhere classroom Self-organizing office and factory Cave and mine exploration Video games in physical spaces
![Page 14: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/14.jpg)
14
Distinct Perspectives
Milner et al (π-calculus) Meseguer (Mobile Maude) Cardelli et al (Mobile Ambients) Wermelinger and Fiadeiro (connector semantics) DeNicola et al (LLinda) Riely and Hennessy (disconnection as process failure)
![Page 15: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/15.jpg)
15
Abstract Treatments of Mobility
∏-calculus
Mobile UNITY
Mobile Ambients
…
![Page 16: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/16.jpg)
16
mobileagent
federated tuple space
hosttuple space
A Pragmatic Perspective — LIME
Model characteristics• Linda-style coordination
extended to ad hoc settings
• Transparent data sharing based on connectivity
• Atomic and transitive engagement and disengagement
• Selective data sharing
• Transparent tuple migration
• Novel reactive constructs Formal semantics
• Reduction to Mobile UNITY Distribution
• Open source on SourceForge
![Page 17: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/17.jpg)
17
Research Considerations
Unit of modularity, execution, and mobility Treatment of space Definition of movement Compositionality Integration of physical and logical mobility Open environment Decoupled computing Coordination versus communication Model delivery mechanics Effective implementation Expressive power
![Page 18: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/18.jpg)
18
Reasoning about Motion and Space
Unit of execution and modularity A notation system A proof logic Unit of mobility, execution, and modularity Decoupled system specification and design Location-based coordination Exploring the space concept Proof logic revisited
2
![Page 19: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/19.jpg)
19
A Starting Point — UNITY
Understand and manage programming complexity Identify what is common Develop a small theory adequate for a broad range of tasks
• Tasks– Specification
– Derivation
– Verification
• Theory– Computational model (minimalist)
– Proof logic (assertional)
– Design heuristics
![Page 20: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/20.jpg)
20
Computational Model Fundamentals
State• Static set of named variables
Deterministic assignment statement (state transition)• Conditional multiple assignment
Non-deterministic flow of control (concurrency) Synchrony and asynchrony Missing elements
• No flow of control constructs (weakly fair selection)
• No notion of explicit termination (fixed point) Program is the unit of modularity and execution Program UNION provides the means for composition
![Page 21: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/21.jpg)
21
Programming Notation
Problem definition: Given two ascending sequences f and g, determine if they represent the same set
Assumptions:f[0] = g[0] f[N-1] < f[N]
f[N] = g[N] g[N-1] < g[N]
i : 0 ≤ i ≤ N :: h[i] ≤ h[i+1] where h denotes f and g Illustration:
1 3 3 3 3 4 4 6 6 8 8 8 9
1 3 3 4 4 6 6 6 7 7 7 8 9
![Page 22: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/22.jpg)
22
Sample Program
Program Compare
declare u, v : integer
initially u, v = 0, 0
assign
u := u+1 if u < N f[u] = f[u+1]
v := v+1 if v < N g[v] = g[v+1]
u, v := u+1, v+1 if u < N v < N f[u+1] = g[v+1]
end
![Page 23: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/23.jpg)
23
Sample Program
Problem definition: Compute the largest value in array A Solution:
Program Maximum
declare A : array [0, 2M-1] of integer
assign || i : 0 ≤ i < M :: A[i] := max(A[2i], A[2i+1])
end Illustration:
0 1 2 3 4
0/1 2/3 4/5 6/7 8/9
0/1/2/3 4/5/6/7 8/9/...
![Page 24: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/24.jpg)
24
Basic Proof Logic
Hoare triple—assertions over programs{p} s {q} where s is a statement in program P
{y = k} x, y := 0, y+1 {x > -3 y > k} Assignment axiom makes mechanical verification feasible
{p} x := exp {q} p q[x/exp]
{y = k} x, y := 0, y+1 {x > -3 y > k}
y = k 0 > -3 y+1 > k Quantification over program statements is all that is needed
![Page 25: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/25.jpg)
25
Safety Properties
Unless relation s : s in P :: {p q} s {p q}
________________________________________________________________________________________
p unless q Derived relations
stable p p unless false
const p stable p stable p
inv p (init p) stable p Illustration (Program Compare)
u = k unless u > k
stable u = N
const f[3] = g[8]
inv set i : 0 ≤ i ≤ u :: f[i] = set i : 0 ≤ i ≤ v :: f[i]
![Page 26: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/26.jpg)
26
Simple Progress Properties
Ensures relationp unless q s : s in P :: {p q} s {q}
________________________________________________________________________________________
p ensures q Illustration (Program Compare)
? u = k ensures u > k
? f = g u = k < N ensures u > k
3 3 4 — no statement increments u
3 3 4
provable f[u] = f[u+1] ≠ g[v+1] u = k < N ensures u > k
![Page 27: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/27.jpg)
27
Leads-to Relation
Base casep ensures q
___________________________________
p leads-to q Transitivity
p leads-to r r leads-to q___________________________________________________________
p leads-to q Disjunction
m : m W :: p(m) leads-to q ______________________________________________________________________
m : m W :: p(m) leads-to q
Illustration (Program Compare)u < u0 v < v0 u+v = k leads-to u+v > k
where set i : 0 ≤ i ≤ u0:: f[i] = set i : 0 ≤ i ≤ v0 :: f[i]
![Page 28: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/28.jpg)
28
Program as Unit of Mobility
Rationale• Program size is arbitrary
• Uniform treatment ofmobility, modularity, execution
• Reuse of composition rules
• Reliance on existing proof logic
• Abstract treatment of logical and physical space
Adjustments to the model• New location variable • Total separation of name spaces
(e.g., program.variable) UNITY + + unique names
X
Y
![Page 29: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/29.jpg)
29
A Notation for Mobility
Program Cart at declare x, d : integer
initially x, d, = 0, -1, 0
assign
d := +1 if = 0 x ≠ 0
d := –1 if = N x = 0
:= +d if 0 < +d < N
end
![Page 30: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/30.jpg)
30
Technical Implications
Space definition is outside the model Programming schemas allow for location aware, location
controlling, or location oblivious program specification Motion is reduced to value assignment The proof logic remain unchanged Programs share the space but cannot interact with each other
• x ≠ 0 leads-to = N provable
• x ≠ 0 leads-to x = 0 ?
![Page 31: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/31.jpg)
31
Decoupled System Specification
System PayloadTransfer
Program Cart(k) at ... end
Program Loader(i) at ... end
Program Unloader(j) at ... end
Components
Loader(1) at 0 Cart(1) at 0 Unloader(2) at N
Interactions
... coordination statements
end Technical Notes:
• Modifications assumed in the definition of Cart
• Formally, the system is closed and bounded in size
![Page 32: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/32.jpg)
32
Location-Based Coordination
The simplest coordination statement is the asynchronous data transfer
Coordination statements can reach across program boundaries in a manner transparent to the programs
Operationally, one can treat the coordination section as an additional program to be composed
The software engineering advantage rests with the separation of concerns and strong decoupling
Illustration:
Loader(i).q, Cart(j).x := 0, Loader(i).q
when Loader(i). = Cart(j).
![Page 33: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/33.jpg)
33
Exploring the Space Concept
The when clause is not space specific (general predicate) Spatially dependent coordination is schema induced
• co-location
• relative distance
• co-existence within a space
• remote coordination across logical spaces Both physical and logical spaces can be modeled
• separately
• combined Movement rules are space specific Schemas can be enhanced with specific program properties
![Page 34: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/34.jpg)
34
Sample Spatial Structures
Line Circle Physical plane Network hosts and links Directed graphs and lattices Gradient fields Embedded spaces
• coordination within S
• move into S
• move out of S
![Page 35: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/35.jpg)
35
Proof Logic Revisited
Composition of programs and interactions follows the basic rule of program union: join the corresponding sections of all the programs involved
UNION Theorem• p unless q in F G (p unless q in F) (p unless q in G)• p ensures q in F G
(p unless q in F) (p ensures q in G)(p unless q in F) (p ensures q in G)
Corollaries (relation denotes unless, inv, and ensures)
p relation q in F stable p in G__________________________________________________________________
p relation q in F G
![Page 36: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/36.jpg)
36
Coordination in the Presence of Mobility
Coordination perspective Seeking minimalism Coordination primitives Sample system Proof logic implications Expressive power Coordination schemas
3
![Page 37: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/37.jpg)
37
The Coordination Advantage
Origins rest with the temporal and spatial decoupling advocated in Linda
Coordination models• separate computational and communication aspects of a system
• make communication transparent using high level constructs
• are amenable to rapid deployment by means of middleware Tuple space models dominate coordination research Communication complexities in mobile computing make
coordination strategies particularly attractive A broad range of coordination models can be built
![Page 38: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/38.jpg)
38
Minimalist Formal Perspective
What primitives offer sufficient expressive power to construct a reasonably rich set of coordination models and modalities
What is the criteria by which are we judge richness• empirical evaluation
Is there a formal notion computational power• not yet established
Mobile UNITY employs a very small set of distinct constructs• labeled statement
• assignment
• transaction
• inhibitor
• reaction
![Page 39: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/39.jpg)
39
One-Bit Communication
Sender at s
Variable• Sender.bit
Actions• write0 :: bit := 0
• write1 :: bit := 1
Receiver at r
Variable• Receiver.bit
Actions• read :: h := h • bit
![Page 40: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/40.jpg)
40
Transfer Statement
Sender at s
• write0 :: bit := 0
• write1 :: bit := 1
Receiver at r
• read :: h := h • bit
• INTERACTIONS •
Receiver.bit := Sender.bit when Sender.s = Receiver.r
inaccurate history with repeated and missed values
![Page 41: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/41.jpg)
41
Reactive Statement
Sender at s
• write0 :: bit := 0
• write1 :: bit := 1
Receiver at r
• read :: h := h • bit
Receiver.bit := Sender.bit reacts-to Sender.s = Receiver.r
inaccurate history but the values of bit are consistent
![Page 42: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/42.jpg)
42
Inhibit Statement
Sender at s
• write0 :: bit, n := 0, n+1
• write1 :: bit, n := 1, n+1
Receiver at r
• read :: h, n := h • bit, n+1
Receiver.bit := Sender.bit reacts-to Sender.s = Receiver.r
inhibit writei when Sender.n > Receiver.n Sender.s ≠ Receiver.r
inhibit read when Sender.n ≤ Receiver.n Sender.s ≠ Receiver.r
accurate history at most one step behind
![Page 43: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/43.jpg)
43
Transaction
Sender at s
• write0 :: bit := 0; bit :=
• write1 :: bit := 1; bit :=
Receiver at r
• h, f := h • bit, 1 reacts-to bit ≠ f = 0
• f := 0reacts-to bit =
Receiver.bit := Sender.bit reacts-to Sender.s = Receiver.r
time
![Page 44: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/44.jpg)
44
Clocked Transmission
Sender:
write :: bit := reacts-to odd(t/2) t > 0
tic :: t := t+1
Receiver:
read :: := bit reacts-to even(t/2) t > 0
tic :: t := t+1
engage
disengage
![Page 45: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/45.jpg)
45
Clock Synchronization
Receiver.bit := Sender.bit reacts-to Sender. = Receiver.
on := true || Sender.t := 0 || Receiver.t = 0
reacts-to on Sender. = Receiver.on := false || Sender.t := 0 || Receiver.t = 0
reacts-to on Sender. ≠ Receiver.inhibit Sender.tic when Sender. ≠ Receiver.inhibit Receiver.tic when Sender. ≠ Receiver.
inhibit Sender.tic when Receiver.t - (Sender.t+1) >1
inhibit Receiver.tic when (Receiver.t+1) - Sender.t >1
![Page 46: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/46.jpg)
46
Reduction to UNITY
The overall system must appear as a set of atomic statements whose selection satisfies a weak fairness constraint• Take the union of all non-reactive statements
• Strengthen the guards of all inhibited statements The weakest precondition must be computable for each
statement appearing in the program text• Treat all reactive statements as a program which executes to
fixpoint after each non-reactive statement (including inside transactions)
![Page 47: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/47.jpg)
47
Hoare Triple Redefined
For a proper choice of H and reactive statements R
p (s) q, {p (s)} s {H},
H leads-to (FixPoint(R) q) in R__________________________________________________________________________________
{p} s* {q}
![Page 48: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/48.jpg)
48
Transaction Semantics
Reduction to sequential composition
{p} s1; s2; ... sn-1* {r}, {r} sn* {q}__________________________________________________________________________________
{p} s1; s2; ... sn* {q}
![Page 49: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/49.jpg)
49
High Level Constructs
Read only shared variableA.x B.x when r
Shared variableA.x ≈ B.x when r
Engage clauseengage(A.x, B.x) when r value
Disengage clausedisengage(A.x, B.x) when r value 1,2
![Page 50: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/50.jpg)
50
Transitivity
YX
2
2
2
2Z4
4
4
4
2
4
4
X to Y Y to X
for composition
Y to Z
2
X := 4
![Page 51: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/51.jpg)
51
High Level Constructs
Co-selectionA.s B.t when r
Exclusive co-selectionA.s B.t when r
Co-executionA.s | B.t when r
Exclusive co-executionA.s | B.t when r
![Page 52: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/52.jpg)
52
Transitivity
Co-selection• share trigger variable Ai., initially set to idle
• execute a two step transaction– Ai. := go
• execute each statement Ai.s as a reaction
• disable Ai.s
– Ai. := idle
• reenable Ai.s
![Page 53: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/53.jpg)
53
Coordination Schemas
Complex coordination constructs are contrary the spirit of the approach (subtle and counterintuitive behaviors, termination problems)
The use of schemas is a powerful design tool that simplifies reasoning and offers built in guarantees
Sample schemas• read only sharing
• single shared variable update
• synchronized clocks
• simple co-location based sharing
• synchronized motion
![Page 54: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/54.jpg)
54
4Formal Derivation
Factoring mobility in the derivation process Termination detection problem Sample derivation Lessons learned
![Page 55: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/55.jpg)
55
Factoring Mobility
Refinement strategies• Specification refinement
• Program refinement– process refinement
– data refinement
• Mixed specification and program refinement Open questions
• When should mobility concerns appear in the derivation?
• Should problem specification refer to motion and space?
• How is refinement affected by the novel architecture?
• Are there mobility specific refinement steps?
![Page 56: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/56.jpg)
56
Computing Environment
![Page 57: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/57.jpg)
57
Sample Multi-Phased Application
Software update on the factory floor• protocol or key update
– distribute the new software• use both keys
– detect completion of the distribution
– distribute command to disable old key• disable old key
– detect completion of the distribution
![Page 58: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/58.jpg)
58
Problem Specification
Once all hosts are idle, no host ever becomes active again System quiescence will be recorded in one distinguished
component
![Page 59: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/59.jpg)
59
Formal Specification
stable W (S1)
claim detects W (P1)
W i : 0≤i<N :: idle[i]
![Page 60: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/60.jpg)
60
Activation Requirement
Activation requires the existence of at least one active host
![Page 61: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/61.jpg)
61
R1: Activation Principle
idle[i]
unless
j: j≠i :: active’[j] active[j] active[i] (S2)
Refinement Status: P1, S2
![Page 62: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/62.jpg)
62
Token-based Accounting
Associate a token with each idle host Termination is verified by counting tokens
![Page 63: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/63.jpg)
63
R2: Token-based Accounting
inv. T = I (S3)
claim detects T = N (P2)
T +i :: token[i]I +i : idle[i] :: 1
Refinement Status: P2, S2, S3
![Page 64: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/64.jpg)
64
Token Consumption
Correct counting of tokens requires a token to be consumed upon each activation
![Page 65: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/65.jpg)
65
Refinement Status: P2, S3, S4
R3: Token Consumption
idle[i] (S4)
unless
j: j≠i :: active’[j] active[j] active[i]
token(i) + token(j) = token’(i) + token’(j) – 1
token(i) + token(j) ≥ 0
![Page 66: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/66.jpg)
66
Token Collection
Flow tokens towards a collection point Detect termination at the collection point
0
1
3
8
6
2
4
7
5
![Page 67: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/67.jpg)
67
Refinement Status: P3, P4, S3, S4
R4: Token Collection
= k > 0 until < k (P3)
claim detects = 0 (P4)
= max i : = N token[i] > 0 :: i = +i : idle[i] :: token[i]
![Page 68: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/68.jpg)
68
Rank Independence
Every host holiding tokens must pass them on The highest rank among hosts carrying tokens cannot increase
02
34
7
![Page 69: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/69.jpg)
69
R5: Rank independent behavior
token[j] > 0 = N j ≠ 0 (P5)until token[j] = 0 = N
stable ≤ k (S5)
Refinement Status: P4, S3, S4, S5, P5
![Page 70: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/70.jpg)
70
Pairwise communication
0
1
2
34
56
7
![Page 71: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/71.jpg)
71
R6: Pairwise Communication
idle[i] (S6)unless j: j ≠ i :: active’[j] active[j] active[i] (token(i) + token(j) = token’(i) + token’(j) – 1 ≥ 0) com(i,j)
token[j] > 0 = N j ≠ 0 (P7)leads-totoken[j] = 0 = N i : i < j :: com (i,j)
token[j] > 0 = N j ≠ 0 (S7)unless token[j] = 0 = N i : i < j :: com (i,j)
Refinement Status: P4, S3, S5, S6, P7, S7
![Page 72: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/72.jpg)
72
Contact Guarantee
A host with tokens will meet a lower ranked host, if one exists Tokens will be passed to some other host as long as the token
carying node with the highest rank does not pass tokens to a higher ranked node
02
3
4
7
02
3
![Page 73: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/73.jpg)
74
Decentralization
Every idle node should pass tokens to a node of lower rank, not just the highest ranked token carying host
Uniform behavior eliminates the need to know who is
02
34
7
![Page 74: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/74.jpg)
75
Refinement Status: P4, S3, S6, S7, S8, P10
R8: Decentralization
token[j] > 0 = N j ≠ 0 (S8)
unless
token[j] = 0 = N
i : i < j :: com(i,j) token[i] = token’[i] + token’[j]
claim detects token[0] = N (P10)
![Page 75: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/75.jpg)
76
Mobile Program
Program HOST(i) at declare
token, n: integer idle, claim: booleanalways
active = idleinitially
token = 1 if idle 0 if active claim = false n = N if i=0 0 if i ≠ 0assign
idle :: idle := true if active || token:= token + 1 detect :: claim := (token = n) if i = 0 move :: := Move(i, )
end
![Page 76: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/76.jpg)
77
Communication and Co-location
com(i,j) (host(i). = host(j).)
![Page 77: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/77.jpg)
78
Mobile Program
System MobileSystem
Program host(i) at …
end
Components
i : 0 ≤ i < N :: host(i) at i
Interactions
Activation
Token passing
Inhibitions
end MobileSystem
![Page 78: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/78.jpg)
79
Interactions
host(i).idle, host(i).token, host(j).token :=false,(host(i).token+host(j).token-1)/2,(host(i).token+host(j).token-1)/2
when host(i).idle host(j).active host(i). = host(j). host(i).token + host(j).token > 0
activate and redistribute tokens host(i).token, host(j).token := host(i).token + host(j).token, 0 when host(i).idle host(j).idle host(i). = host(j).
host(j).token > 0 j > ipush tokens towards lower rank
inhibit host(i).move and host(j).move when host(i).idle host(j).idle host(i). = host(j).
host(j).token > 0 j > iguarantee token passing
![Page 79: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/79.jpg)
80
Observations
Knowledge about the number of hosts undermines the idea of open system design
Only hosts involved in the computation should participate in termination detection
A better solution relies on the notion of diffusing computations• Each host keeps track of the activated children
• When a host becomes idle a termination report is generated
• Termination reports are relayed to the root of the computation along a partial order along activated hosts
![Page 80: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/80.jpg)
81
Lessons Learned
Formal treatment of mobility is feasible and desirable The solution accommodates both physical and logical mobility The problem definition is independent of mobility
• When do we need to address mobility from the onset? A precise definition of space was not required
• How should we exploit properties of space? Refinement order is important Late introduction of location-dependent communication simplified
the derivation• Is this always the case?
The underlying architecture greatly affects the derivation process The coordination constructs also shape the refinement process
• Can we take advantage of this?• Are tailored abstract coordination constructs useful?
Conditional properties are key to reasoning about open systems
![Page 81: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/81.jpg)
82
Applications of Mobile UNITY
Protocol specification and verification Mobile code paradigms Coordination model semantics
5
![Page 82: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/82.jpg)
83
Protocol Verification
Mobile IP
home
agent
foreign
agent
mobile
node
correspondent
node
agent
advertisement
![Page 83: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/83.jpg)
84
Modeling Issues
Correctness is only w.r.t. the choice of level of abstraction• Most errors are likely to rest with unexpected interactions
Components as programs• network—collection of subnets
• mobile node, foreign agent, home agent Space as a set of subnet locations for mobile nodes and
stationary agents Coordination via shared variables
• subnet in/out queues for local and remote routing
• ether for transient wireless connectivity Packets as tuples
• types: regular, request, reply, encapsulated
![Page 84: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/84.jpg)
85
Modeling Issues
Unicast and multicast• unicast
– sender sets ether and receiver resets it in a reaction)
• multicast– sender sets ether inside a transaction– receiver reads and disables itself– sender resets ether inside the transaction– receiver reenables itself
Network communication as internal data movement Packet loss as a random action
![Page 85: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/85.jpg)
86
Modeling Issues
No global time, i.e., reliance on local clocks and minimal synchronization
Local actions• clock advancing• time outs (e.g., delete registration when lifetime expires)• time driven actions (e.g., inhibit timer until action is done)
Clock synchronizationA.clock synch B.clock
when condition within drift_rate (e.g., 1.01)• save the clock value• inhibit timer when constraint is violated
![Page 86: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/86.jpg)
87
Verification Issues
Since no guarantees are provided, all properties must be conditional properties (prove C assuming H holds)
H___________________
C Assuming bounded-time delivery and processing
• Given a mobile node n in some subnet s– eventually, its registration is up to date or n moved away
– its registration is up to date or n moved away
– eventually, any message forwarded to n by its home agent arrives or n moved away
![Page 87: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/87.jpg)
88
Code Mobility Revisited
Unit of mobility profile• data state
• control state
• bindings Code mobility paradigms
• Code on demand
• Remote evaluation
• Mobile agents
![Page 88: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/88.jpg)
89
Relocation Modes
Weak mobility• code restarted in the initial state
Strong mobility• code and current state are relocated
• state relocation may be partial (e.g., only the data state)
• bindings add complexity to the process– remote bindings preservation
– local rebinding
– transfer of the bindings closure
![Page 89: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/89.jpg)
90
Distributed Simulation Problem
Each process has a local simulation time The Global Virtual Time (GVT) is the global minimum The GVT controls which process proceeds next
ti = until ti = GVT =
ti = GVT = until ti >P1
P3
P2
time
![Page 90: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/90.jpg)
91
Client Server Paradigm
Interactions: asynchronous transfer
Server.qi, Pi.Q := Pi.Q, when ServiceRequested(i)
Server.qi, Pi.Q := , Server.qi when ServiceReady(i)
Server
qi
Pi
QT
t
T
ti
T
t
![Page 91: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/91.jpg)
92
Proof Sketch
The estimated GVT eventually converges to the correct value• inv ≤ GVT
• true leads-to = GVT where denotes Server.T
The number of recorded local clock values below the GVT will decrease to zero
Each process will eventually report the local clock value
Each report will eventually reach the server
Each reported value is eventually recorded
If no recorded local clock values are below the GVT the estimate will eventually reflect the GVT
![Page 92: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/92.jpg)
93
Observations
Data transfer could be replaced with message passing with minimal impact on the proof• a delivery assumption would be required
There is nothing special about the proof• interactions are treated as normal statements
![Page 93: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/93.jpg)
94
Mobile Agent Paradigm
Interactions: location-dependent read-only variable sharing
Pi.T Agent.T when Pi. = Agent.engage Agent.T
Agent.t Pi.t when Pi. = Agent.engage Pi.t
AgentPi
T
t
T
t
arrivingfromPi-1
![Page 94: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/94.jpg)
95
Proof Sketch
The estimated GVT eventually converges to the correct value• inv ≤ GVT
• true leads-to = GVT where denotes Agent.T
The number of recorded local clock values below the GVT will decrease to zero
Each process will eventually encounter the agent and
upon engagement the local clock value is reported
Agent movement is round robin
Each report is recorded before moving on
If no recorded local clock values are below the GVT the estimate will eventually reflect the GVT
![Page 95: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/95.jpg)
96
Observations
Data sharing schema• pair wise and unidirectional
• termination of the reactive program is guaranteed Movement schema
• round robin
• departure guarantee requires the proof of a lemma The reactive aspects of the interactions are reduced to simple
assignment augmentations• Local assignments to shared variables are logically augmented
by a second parallel assignment in the other program
• Movement actions are augmented with the engagement actions in the form of simple assignments
![Page 96: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/96.jpg)
97
Remote Evaluation Paradigm
ServerMini
T
t[]
T
t[]
MiniPi
T
t
T
t
t
engage Server.t[]
disengage , Server.t[]
engage Server.T
![Page 97: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/97.jpg)
98
Remote Evaluation Paradigm
Interactions:• pair wise read only variable sharing
• transitive variable sharing
• code movement
Mini. := Server. when ServiceRequested(i)
Mini. := Pi. when ServiceReady(i)
![Page 98: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/98.jpg)
99
Proof Sketch
The number of recorded local clock values below the GVT will decrease to zero
Each process will eventually request a GVT estimate
Code carrying a local clock value below the GVT
will reach the server and the GVT estimate will be reset
The local clock report is eventually recorded
A new GVT estimate is eventually computed
![Page 99: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/99.jpg)
100
Observations
Multiparty variable sharing• repeated engagements that reset data values may impede
progress (e.g., if T were to be reset on engagement, Mini may never depart)
• the shared variable update pattern (one at a time) guarantees termination of the reactive program
Movement schema• code movement patterns that are built into the system can be part
of the Interactions section• application level code movement may be made explicit as part of
the application programs In the absence of true dynamic code creation, code fragments
need to be reused• it is possible to create a pool of identical code fragments and use
each only once but some bound needs to be established
![Page 100: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/100.jpg)
101
MinPi
T
t
T
t
Minj
T
t
Code on Demand Paradigm
Interactions: one time dynamic code binding
• binding request in Pi is satisfiedby moving free code Minj at thesame location
![Page 101: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/101.jpg)
102
Observations
In the absence of true dynamic code creation problems persist regarding the need to manage a pool of code fragments
Binding schema• special constructs can be envisioned to express the book keeping
necessary to manage dynamic binding
![Page 102: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/102.jpg)
103
Linda Coordination Model
Temporal and spatial decoupling in Linda
out
in
rd(blocked)
![Page 103: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/103.jpg)
104
Coordination Semantics
Shared tuple space representation• single statically shared variable TS
Pattern matching operations• non-deterministic assignment (x := x’.Q)
Blocking operations• reduction to skip
![Page 104: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/104.jpg)
105
LIME Coordination Model
Partitioned set
out
in
rd(blocked)
![Page 105: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/105.jpg)
106
Coordination Semantics
Partitioned set• each process owns a tuple space TS
• co-located processes share the tuple spaces– engagement is modeled as union
– disengagement is modeled as partition followed by union
Co-location is based on transitive communication connectivity Semantics of basic operations are affected in a transparent
manner by changes in the scope
![Page 106: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/106.jpg)
107
Logical and Physical Mobility
Mobile agents as programs
Mobile hosts and ad hoc networks captured by a connectivity predicate
Only tuple spaces with the same name are shared
Connectivity can abstract other considerations as well, e.g., safe distance rule
agenttuple space
host tuple space
federated tuple space
![Page 107: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/107.jpg)
108
Transparent Tuple Migration
Tuples are augmented with current and desired location• operations can be location specific
Reactions fire in the presence of misplaced tuples when connectivity is established
![Page 108: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/108.jpg)
109
Reactive Programming
Strong reactions are supported at host level Weak reactions are supported at federation level
registered reaction
![Page 109: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/109.jpg)
110
Custom Coordination Models
Event subscription in ad hoc networks• Shared event tuple space for event distribution• Reaction registration and deregistration for event subscription
Service provision in ad hoc networks• Shared service registry tuple space• Pattern matching for service discovery and proxi extraction• Proxi to service transparent communication, even in the presence
of mobility Secure sharing of tuple spaces in ad hoc networks
• Tuple spaces defined by a name and a password• Tuple space names are encrypted and sharing limited to identical
encrypted names• Operations crossing host boundaries encrypted through an
interceptor pattern
![Page 110: Mobile UNITY: Reasoning about Physical and Logical Mobility Gruia-Catalin Roman August 2002](https://reader038.vdocuments.net/reader038/viewer/2022110322/56649d2a5503460f949ffa94/html5/thumbnails/110.jpg)
111
Conclusions
Mobility challenges our way of thinking• we explore novel uses of location information and more
A solid grounding in traditional distributed computing is a prerequisite for success• we leverage off past work on formal models and algorithms
An unprecedented level of complexity demands an increasing reliance on pragmatic application of rigorous design technique• we focus on coordination models having precise semantics
Sensitivity to the market place and application demands is more important than ever• we emphasize application-driven empirical evaluation
cs.wustl.edu/mobilab/
the end