Vers un langage synchrone sûr et securisé / Towards a safe and secure synchronous language

Attar, Pejman

12 December 2013

Cette thèse propose une nouvelle approche du parallélisme et de la concurrence, posant les bases d'un langage de programmation à la fois sûr et "secure" (garantissant la sécurité des données), fondé sur une sémantique formelle claire et simple, tout en étant adapté aux architectures multi-cœur. Nous avons adopté le paradigme synchrone, dans sa variante réactive, qui fournit une alternative simple à la programmation concurrente standard en limitant l'impact des erreurs dépendant du temps ("data-races"). Dans un premier temps, nous avons considéré un langage réactif d'orchestration, DSL, dans lequel on fait abstraction de la mémoire (Partie 1). Dans le but de pouvoir traiter la mémoire et la sécurité, nous avons ensuite étudié (Partie 2) un noyau réactif, CRL, qui utilise un opérateur de parallélisme déterministe. Nous avons prouvé la réactivité bornée des programmes de CRL. Nous avons ensuite équipé CRL de mécanismes pour contrôler le flux d'information (Partie 3). Pour cela, nous avons d'abord étendu CRL avec des niveaux de sécurité pour les données, puis nous avons défini dans le langage étendu, SSL, un système de types permettant d'éviter les fuites d'information. Parallèlement (Partie 4), nous avons ajouté la mémoire à CRL, en proposant le modèle DSLM. En utilisant une notion d'agent, nous avons structuré la mémoire de telle sorte qu'il ne puisse y avoir de "data-races". Nous avons également étudié l'implémentation de DSLM sur les architectures multi-cœur, fondée sur la notion de site et de migration d'un agent entre les sites. L'unification de SSL et de DSLM est une piste pour un travail futur. / This thesis proposes a new approach to parallelism and concurrency, laying the basis for the design of a programming language with a clear and simple formal semantics, enjoying both safety and security properties, while lending itself to an implementation on multicore architectures. We adopted the synchronous programming paradigm, in its reactive variant, which provides a simple alternative to standard concurrent programming by limiting the impact of time-dependent errors ("data-races"). As a first step (Part 1), we considered a reactive orchestration language, DSL, which abstracts away from the memory. To set the basis for a formal treatment of memory and security, we then focussed on a reactive kernel, CRL, equipped with a deterministic parallel operator (Part 2). We proved bounded reactivity of CRL programs. Next, we enriched CRL with mechanisms for information flow control (Part 3). To this end, we first extended CRL with security levels for data. We then defined a type system on the extended language, SSL, which ensures the absence of information leaks. Finally, we added memory to CRL, as well as the notions of agent and site, thus obtaining the model DSLM (Part 4). We structured the memory in such a way that data-races cannot occur, neither within nor among agents. We also investigated the implementation of DSLM on multicore architectures, using the possibility of agent migration between sites. The unification of SSL and DSLM is left for future work.

Synchrone

Réactif

Compilation

Multi-coeur

Sécurité

Sémantique formelle

Bisimulation

Synchronous

Reactive

Language

Compilation

Multi-core

Security

Formal semantics

Bisimulation

Type system

Big-step semantics

Small-step semantics

Prescriptive Semantics For Big-Step Modelling Languages

Esmaeilsabzali, Shahram

January 2011

With the popularity of model-driven methodologies and the abundance of modelling languages, a major question for a modeller is: Which language is suitable for modelling a system under study? To answer this question, one not only needs to know the range of relevant languages for modelling the system under study, but also needs to be able to compare these languages. In this dissertation, I consider these challenges from a semantic point of view for a diverse range of behavioural modelling languages that I refer to as the family of Big-Step Modelling Languages (BSMLs). There is a plethora of BSMLs, including statecharts, its variants, SCR, un-clocked variants of synchronous languages (e.g., Esterel and Argos), and reactive modules. BSMLs are often used to model systems that continuously interact with their environments. In a BSML model, the reaction of the model to an environmental input is a big step, which consists of a sequence of small steps, each of which can be the concurrent execution of a set of transitions. To provide a systematic method to understand and compare the semantics of BSMLs, this dissertation introduces the big-step semantic deconstruction framework that deconstructs the semantic design space of BSMLs into eight high-level, independent semantic aspects together with the enumeration of the common semantic options of each semantic aspect. The dissertation also presents a comparative analysis of the semantic options of each semantic aspect to assist one to choose one semantic option over another. A key idea in the big-step semantic deconstruction is that the high-level semantic aspects in the deconstruction recognize a big step as a whole, rather than only considering its constituent transitions operationally. A novelty of the big-step semantic deconstruction is that it lends itself to a systematic semantic formalization of most of the languages in the deconstruction. The dissertation presents a parametric, formal semantic definition method whose parameters correspond to the semantic aspects of the deconstruction, and thus it produces prescriptive semantics: The manifestation of a semantic option in the semantics of a BSML can be clearly identified. The way transitions are ordered to form a big step in a BSML is a source of semantic complexity: A modeller needs to be aware of the possible orders of the execution of transitions when constructing and analyzing a model. The dissertation introduces three semantic quality attributes that each exempts a modeller from considering an aspect of ordering in big steps. The ranges of BSMLs that support each of these semantic quality attributes are formally specified. These specifications indicate that achieving a semantic quality attribute in a BSML is a cross-cutting concern over the choices of its different semantic options. The semantic quality attributes together with the semantic analysis of individual semantic options can be used in tandem to assist a modeller or a semanticist to compare two BSMLs or to create a new, desired BSML from scratch. Through the big-step semantic deconstruction, I have discovered that some of the semantic aspects of BSMLs can be uniformly described as forms of synchronization. The dissertation presents a general synchronization framework for behavioural modelling languages. This framework is based on a notion of synchronization between transitions of complementary roles. It is parameterized by the number of interactions a transition can take part in, i.e., one vs. many, and the arity of the interaction mechanisms, i.e., exclusive vs. shared, which are considered for the complementary roles to result in 16 synchronization types. To enhance BSMLs with the capability to use the synchronization types, a synchronizer syntax is introduced for BSMLs, resulting in the family of Synchronizing Big-Step Modelling Languages (SBSMLs). Using the expressiveness of SBSMLs, the dissertation describes how underlying the semantics of many modelling constructs, such as multi-source, multi-destination transitions, various composition operators, and workflow patterns, there is a notion of synchronization that can be systematically modelled in SBSMLs.

Semantics of modelling languages

Prescriptive semantics

Big step semantics

Language engineering

Software engineering

Requirements modelling

Formal methods

Computer Science (Software Engineering)

Prescriptive Semantics For Big-Step Modelling Languages

Esmaeilsabzali, Shahram

January 2011

With the popularity of model-driven methodologies and the abundance of modelling languages, a major question for a modeller is: Which language is suitable for modelling a system under study? To answer this question, one not only needs to know the range of relevant languages for modelling the system under study, but also needs to be able to compare these languages. In this dissertation, I consider these challenges from a semantic point of view for a diverse range of behavioural modelling languages that I refer to as the family of Big-Step Modelling Languages (BSMLs). There is a plethora of BSMLs, including statecharts, its variants, SCR, un-clocked variants of synchronous languages (e.g., Esterel and Argos), and reactive modules. BSMLs are often used to model systems that continuously interact with their environments. In a BSML model, the reaction of the model to an environmental input is a big step, which consists of a sequence of small steps, each of which can be the concurrent execution of a set of transitions. To provide a systematic method to understand and compare the semantics of BSMLs, this dissertation introduces the big-step semantic deconstruction framework that deconstructs the semantic design space of BSMLs into eight high-level, independent semantic aspects together with the enumeration of the common semantic options of each semantic aspect. The dissertation also presents a comparative analysis of the semantic options of each semantic aspect to assist one to choose one semantic option over another. A key idea in the big-step semantic deconstruction is that the high-level semantic aspects in the deconstruction recognize a big step as a whole, rather than only considering its constituent transitions operationally. A novelty of the big-step semantic deconstruction is that it lends itself to a systematic semantic formalization of most of the languages in the deconstruction. The dissertation presents a parametric, formal semantic definition method whose parameters correspond to the semantic aspects of the deconstruction, and thus it produces prescriptive semantics: The manifestation of a semantic option in the semantics of a BSML can be clearly identified. The way transitions are ordered to form a big step in a BSML is a source of semantic complexity: A modeller needs to be aware of the possible orders of the execution of transitions when constructing and analyzing a model. The dissertation introduces three semantic quality attributes that each exempts a modeller from considering an aspect of ordering in big steps. The ranges of BSMLs that support each of these semantic quality attributes are formally specified. These specifications indicate that achieving a semantic quality attribute in a BSML is a cross-cutting concern over the choices of its different semantic options. The semantic quality attributes together with the semantic analysis of individual semantic options can be used in tandem to assist a modeller or a semanticist to compare two BSMLs or to create a new, desired BSML from scratch. Through the big-step semantic deconstruction, I have discovered that some of the semantic aspects of BSMLs can be uniformly described as forms of synchronization. The dissertation presents a general synchronization framework for behavioural modelling languages. This framework is based on a notion of synchronization between transitions of complementary roles. It is parameterized by the number of interactions a transition can take part in, i.e., one vs. many, and the arity of the interaction mechanisms, i.e., exclusive vs. shared, which are considered for the complementary roles to result in 16 synchronization types. To enhance BSMLs with the capability to use the synchronization types, a synchronizer syntax is introduced for BSMLs, resulting in the family of Synchronizing Big-Step Modelling Languages (SBSMLs). Using the expressiveness of SBSMLs, the dissertation describes how underlying the semantics of many modelling constructs, such as multi-source, multi-destination transitions, various composition operators, and workflow patterns, there is a notion of synchronization that can be systematically modelled in SBSMLs.

Semantics of modelling languages

Prescriptive semantics

Big step semantics

Language engineering

Software engineering

Requirements modelling

Formal methods

Computer Science (Software Engineering)

A Class of Stochastic Petri Nets with Step Semantics and Related Equivalence Notions

Buchholz, Peter, Tarasyuk, Igor V.

15 January 2013

This paper presents a class of Stochastic Petri Nets with concurrent transition firings. It is assumed that transitions occur in steps and that for every step each enabled transition decides probabilistically whether it wants to participate in the step or not. Among the transitions which what to participate in a step, a maximal number is chosen to perform the firing step. The observable behavior is defined and equivalence relations are introduced. The equivalence relations extend the well-known trace and bisimulation equivalences for systems with step semantics to Stochastik Petri Nets with concurrent transition firing. It is shown that the equivalence notions form a lattice of interrelations.

Petri-Netze

Stochastik

stochastische Netze

stochastic Petri nets

step semantics

equivalence relations

bisimulation

ddc:004

rvk:SS 5514

A Class of Stochastic Petri Nets with Step Semantics and Related Equivalence Notions

Buchholz, Peter, Tarasyuk, Igor V.

15 January 2013

This paper presents a class of Stochastic Petri Nets with concurrent transition firings. It is assumed that transitions occur in steps and that for every step each enabled transition decides probabilistically whether it wants to participate in the step or not. Among the transitions which what to participate in a step, a maximal number is chosen to perform the firing step. The observable behavior is defined and equivalence relations are introduced. The equivalence relations extend the well-known trace and bisimulation equivalences for systems with step semantics to Stochastik Petri Nets with concurrent transition firing. It is shown that the equivalence notions form a lattice of interrelations.

info:eu-repo/classification/ddc/004

ddc:004