Designing Reliable, High-Performance Networks . . . with the Nuprl L ogical P rogramming E nvironment Christoph Kreitz Department of Computer Science, Cornell University Ithaca, NY 14853
� � � � Formal methods tools are most sucessful when engaged at early stages of system design • Great potential – Clarifying critical design concepts – Linking abstract and concrete specifications – Detecting subtle errors in design and prototype code – Generating code of components from specifications – Improving system performance • Requires Type Theory – Expressive formal language – Knowledge base of formalized facts GUI GUI GUI Nuprl-5 Web Library Inference Nuprl Evaluator Engine Maude THEORY .... Inference defs, thms, tactics MetaPRL about systems concepts rules, structure, code Engine Evaluator MetaPRL THEORY PRL THEORY .... Inference HOL/SPIN Engine defs, thms, tactics defs, thms, tactics rules, structure, code rules, structure, code Evaluator Inference PVS SoS (Lisp) THEORY (HOL) THEORY (PVS) THEORY .... Engine defs, thms, tactics defs, thms, tactics defs, thms, tactics rules, structure, code rules, structure, code rules, structure, code Ω Evaluator Inference MEGA Engine – Proof environment capable of integrating Translator Translator Java OCaml different reasoning techniques ����������� ����������� ����� ����� ������������� ������������� – Collaboration between systems and formal methods experts in real applications ����� ������� �������������� ����� ������� �������������� The Nuprl LPE meets these requirements Designing Reliable, High-Performance Networks . . . 1 AAAI Spring Symposium, March 2002
Nuprl’s Formal Logic: Computational Type Theory • Logic for constructive reasoning • Open-ended, expressive type system – Function, product, disjoint union, Π- & Σ-types, atoms ❀ programming – Integers, lists, inductive types ❀ inductive definition – Propositions as types, equality type, void, top, universes ❀ logic – Subsets, subtyping, quotient types ❀ mathematics – (Dependent) intersection, union, records ❀ modules, program composition New types can/will be added as needed • Top-down refinement calculus ❀ interactive proof development – Sequent calculus + computation rules + extract terms ❀ program development • Expressions separate from their types ❀ full λ -calculus . . . but must be typeable in proofs ❀ “total” functions • Uniform internal notation + display forms ❀ “free syntax” • User-defined extensions possible Designing Reliable, High-Performance Networks . . . 2 AAAI Spring Symposium, March 2002
Nuprl’s Automated Reasoning Environment GUI GUI GUI Nuprl-5 Web Inference Library Nuprl Evaluator Engine THEORY .... Maude Inference defs, thms, tactics MetaPRL rules, structure, code Engine Evaluator Inference MetaPRL THEORY PRL THEORY .... HOL/SPIN Engine defs, thms, tactics defs, thms, tactics rules, structure, code rules, structure, code Evaluator Inference PVS SoS (Lisp) Engine THEORY THEORY THEORY .... (HOL) (PVS) defs, thms, tactics defs, thms, tactics defs, thms, tactics rules, structure, code rules, structure, code rules, structure, code Inference Ω Evaluator MEGA Engine Translator Translator Java OCaml • Interactive proof development – Supports program extraction (synthesis) and evaluation – Proof automation through tactics & decision procedures – Highly customizable: language extensions, term display, system structure,. . . • Cooperating processes centered around knowledge base (CADE 2000) – Large library of formal algorithmic knowledge – Asynchronous, distributed & collaborative theorem proving – Multiple user interfaces: proof editor, structured term editor, web browser – External proof engines: MetaPRL , JProver (TPHOLs 2000, IJCAR 2001) Designing Reliable, High-Performance Networks . . . 3 AAAI Spring Symposium, March 2002
� � � � Application: Reliable, High-Performance Networks ����������� ����������� ����� ������������� ����� ������������� ����� ������� �������������� ����� ������� �������������� • Ensemble Group Communication Toolkit – System optimization and verification, formal component design • MediaNet Stream Computation Network (ongoing) – Validation of real-time schedules wrt. resource limitations Designing Reliable, High-Performance Networks . . . 4 AAAI Spring Symposium, March 2002
The Ensemble Group Communication Toolkit Modular group communication system Ensemble application – Developed by Cornell’s System Group (Ken Birman) – Used commercially (BBN, JPL, Segasoft, Alier, Nortel Networks) Top Architecture: stack of micro-protocols Membership – Select from more than 60 micro-protocols for specific tasks – Modules can be stacked arbitrarily Total – Modeled as state/event machines Implementation in Objective Caml (INRIA) Frag – Easy maintenance (small code, good data structures) – Mathematical semantics, strict data type concepts Network – Efficient compilers and type checkers Designing Reliable, High-Performance Networks . . . 5 Ensemble
Formal Reasoning about Ensemble in Nuprl Deductive System Programming Environment SPECIFICATION OCaml NuPRL / TYPE THEORY SIMULATED VERIFY PROOF ENSEMBLE IMPORT ENSEMBLE OPTIMIZE TRANSFORM RECONFIGURED FAST & SECURE PROOF EXPORT of ENSEMBLE ENSEMBLE RECONFIGURATION – Formalize semantics of OCaml (CADE 1998, . . . ) – Optimize performance of configured systems (TACAS 1999, SOSP 1999) – Verify protocol components and system configurations (TACAS 1999) – Formally design and verify new protocols (DISCEX 2001, TPHOLS 2001) Designing Reliable, High-Performance Networks . . . 6 Ensemble
Programming Environment Deductive System SPECIFICATION Embedding Ensemble ’s code into Nuprl OCaml NuPRL / TYPE THEORY SIMULATED VERIFY PROOF ENSEMBLE IMPORT ENSEMBLE OPTIMIZE TRANSFORM Enable formal reasoning on OCaml level RECONFIGURED FAST & SECURE PROOF EXPORT ENSEMBLE ENSEMBLE of RECONFIGURATION • Type-theoretical semantics of OCaml – Pattern matching, exceptions, references, modules, . . . �→ type theory • Implementation in Nuprl – OCaml semantics �→ abstractions OCaml syntax �→ display forms • Programming logic for OCaml – Derived inference rules for reasoning about OCaml code • Import and Export mechanisms – Actual system code available for formal reasoning in Nuprl Programming Environment Deductive System OCaml NuPRL / TYPE THEORY / Meta-Language ML NuPRL Library Intermediate Camlp4 Conversion Abstract Term- + + module Parser Code Object Syntax Representations of modified Generators Preprocessor Tree Pretty printer basic Ocaml-constructs NuPRL-ML IMPORT Simulated IMPORT Ocaml-Code Abstractions Print Display Forms Ocaml-Code Type Information Represen- tation EXPORT Text file Designing Reliable, High-Performance Networks . . . 7 Embedding Ensemble into Nuprl
✓ ✏ ✠ ✠ ✡ ✡ ✡ ✎ ✎ ✎ ✎ ✏ ✠ ✏ ✏ ✓ ✓ ✓ ✔ ✔ ✔ ✔ ✠ ✡ Programming Environment Deductive System SPECIFICATION OCaml NuPRL / TYPE THEORY SIMULATED ENSEMBLE IMPORT VERIFY PROOF ENSEMBLE Optimization of Protocol Stacks OPTIMIZE TRANSFORM RECONFIGURED FAST & SECURE PROOF EXPORT ENSEMBLE ENSEMBLE of RECONFIGURATION SENDER RECEIVER LAYER ✕✁✕ ✖✁✖ LAYER LAYER Header �✁� ✂✁✂ LAYER LAYER FIFO Queues ☎✁☎ ✄✁✄ ✍✁✍ ✌✁✌ LAYER LAYER ✆✁✆ ✝✁✝ ☞✁☞ ☛✁☛ LAYER LAYER ✟✁✟ ✞✁✞ LAYER BOTTOM LAYER BOTTOM LAYER NET Protocol Stack Protocol Stack ✒✁✒ ✑✁✑ Event Message Protocol stacking creates performance loss APPLICATION – redundancy, internal communication, large message headers CCP down no yes Possible optimizations Top Full Stack • Fast-path for common execution sequences – Identify Common Case as Predicate Pt2Pt Bypass – Analyze path of events through stack Code Mnak – Isolate code for fast-path and generate bypass Bottom – Insert CCP as runtime switch CCP up no yes • Header compression for common messages TRANSPORT Need formal reasoning tools to do this correctly NETWORK Designing Reliable, High-Performance Networks . . . 8 Fast-path Optimization
Recommend
More recommend
