Sergio Maffeis Joint work with Philippa Gardner Modelling

What is dynamic Web data? • • We model large scale, peer-to-peer systems for

Modelling dynamic Web data Existing models: • query languages for semistructured data (XML) –

A unified framework Reasoning about data and the distributed infrastructure in the same framework

The Xd project • Dynamic Web data in Xd – syntax, sematics, examples •

Xd L 2 L 1 L 3 Processes Trees L 4 • A flat

Representing data in Xd a a c T 1 b P T 3 c

Data manipulation: cut = cuta/e(X). pastea/c< a X> c T’ P’ P Q b

Data manipulation: cut X= T T’ = cuta/e(X). pastea/c< a X> c P’ P

Data manipulation: cut X= T T < = cuta/e(X). pastea/c > a T’ P’

Data manipulation: paste T < = cuta/e(X). pastea/c > a T’ P’ P T

Data manipulation: paste T < = cuta/e(X). pastea/c > a T’ P’ L 1

Data manipulation T < = cuta/e(X). pastea/c > a T’ P’ P Q b

Process selection = runc a b e c a a c b R P

Process migration = go L 2. copya/c(X). go L 1. pastea/e<X> a b c

Process migration T = go L 2. copya/c(X). go L 1. paste a/e< a

Communication = web service call = web service = result handling code = service

Communication = go L 2. get<a/c, L 1> = !get(x, y). copyx(z). go y.

Restriction = go L 2. get<a/c, L 1> = !get(x, y). copyx(z). go y.

Restriction = go L 2. get<a/c, L 1, put>= !get(x, y, w). copyx(z). go

Example: rendez-vous Client L 1 L 2 Function repository L 3 Data Repository L

Observational Equivalence Properties of an equivalence for concurrent systems: 1. Reduction closure: (N ~

Network Observations L 2 L 1 L 3 R pastea/e<T’>. P Q T L

A hierarchy of equivalences Many possible observables: • the tree at each location (~t)

Process Equivalence L 2 L 1 ~ L 3 R P Q L 1

Establishing Equivalences Separating processes from data: L 1 L 2 L 3 PQ T

Proof technique • A bisimulation relation on located processes • Theorem: PL 4 P’L

More on bisimulation • Store updates modelled in message-passing style • We adapt techniques

The present and future of Xd • Formal model of p 2 p systems

Related work • Active XML [Abiteboul, Benjelloun, Milo, et. al. ] • ub. QL

Slides: 61

Download presentation

Sergio Maffeis Joint work with Philippa Gardner Modelling Dynamic Web Data APPSEM'04 Tallinn, 15 April 2004

Motivation

What is dynamic Web data? • • We model large scale, peer-to-peer systems for sharing dynamic data over the Web. Distribution is on large scale Each site provides and consumes data using a (standardised) set of functionalities Data is dynamic and intensional: can contain calls to Web services, forms, scripted code, etc. . . Data is interlinked

Modelling dynamic Web data Existing models: • query languages for semistructured data (XML) – Describe data manipulation – Do not include a distribution layer • process calculi for the distributed infrastructure – Are good at orchestrating data exchanges between Modelling peers dynamic Web data requires merging these approaches. – Tend to abstract from the actual data

A unified framework Reasoning about data and the distributed infrastructure in the same framework provides means to • understand the system behaviour • give schema/types to documents containing scripts • control access to resources • propose new optimisations

The Xd project • Dynamic Web data in Xd – syntax, sematics, examples • Observational equivalences – spectrum of network and process equivalences • Proof techniques – domain bisimilarity • Types and security – access control, data validation • Implementation – declarative platform for intensional data and WScoordination

Dynamic Web data in Xd

Xd L 2 L 1 L 3 Processes Trees L 4 • A flat space of locations • Locations contain (XML) trees and coordination processes

Representing data in Xd a a c T 1 b P T 3 c T 2 Processes a a T’ c b @L 1: a/c L 2 L 1 • Unordered, edge-labelled trees – Scripted processes (no reflection) – Pointers (links)

Data manipulation: cut = cuta/e(X). pastea/c< a X> c T’ P’ P Q b e a c b T L 1 • select some subtrees with a path expression L 2

Data manipulation: cut X= T T’ = cuta/e(X). pastea/c< a X> c P’ P Q b e a c b T L 1 • select some subtrees with a path expression • match the subtrees against a binding pattern L 2

Data manipulation: cut X= T T < = cuta/e(X). pastea/c > a T’ P’ P Q b c e a c b T L 1 • select some subtrees with a path expression • match the subtrees against a binding pattern • cut away the subtrees L 2

Data manipulation: paste T < = cuta/e(X). pastea/c > a T’ P’ P T L 1 • select some paths for pasting Q b e c a c b L 2

Data manipulation: paste T < = cuta/e(X). pastea/c > a T’ P’ L 1 • select some paths for pasting • paste the subtrees in place P Q b e c a c b T L 2

Data manipulation T < = cuta/e(X). pastea/c > a T’ P’ P Q b c e L 1 • Encode cut, copy, paste by general update command • Simple path expressions as query language (multiple selection) a c b T L 2

Process selection = runc a b e c a a c b R P Q b e c a c b T L 1 L 2 run activates scripts: click on a hyperlink, system ev

Process migration = go L 2. copya/c(X). go L 1. pastea/e<X> a b c e a a c b R P Q b c e a c b T L 1 • L 2 = intuitive specification of a hyperlink

Process migration T = go L 2. copya/c(X). go L 1. paste a/e< a b c e a a c > b R P T Q b c e a c b T L 1 • L 2 = intuitive specification of a hyperlink

Process migration T = go L 2. copya/c(X). go L 1. paste a/e< a b c e a a c > b T R P Q b c e a c b T L 1 • L 2 = intuitive specification of a hyperlink

Process migration = go L 2. copya/c(X). go L 1. pastea/e<X> a b c e a a c b R P Q b c e T L 1 • = intuitive specification of a hyperlink • over-simplified a c b T L 2

Communication = web service call = web service = result handling code = service instance a b e c a a c b R P Q b e c a c b T L 1 L 2

Communication = go L 2. get<a/c, L 1> = !get(x, y). copyx(z). go y. put< = put(x). pastea/e<x> a b e c a a c b R P Q b e c a c b T L 1 L 2

Communication = go L 2. get<a/c, L 1> = !get(x, y). copyx(z). go y. put< = put(x). pastea/e<x> = copya/c(z). go L 1. put<z> a b e c a a c b R P Q b e c a c b T L 1 L 2

Communication = go L 2. get<a/c, L 1> = !get(x, y). copyx(z). go y. put< = put(x). pastea/e<x> T = copya/c(z). go L 1. put< a b e L 1 c a a c b P R T Q b e c > a c b T L 2

Communication = go L 2. get<a/c, L 1> = !get(x, y). copyx(z). go y. put< = put(x). pastea/e<x> T = copya/c(z). go L 1. put< a b e c a a c b T R P Q b e c > a c b T L 1 L 2

Communication = go L 2. get<a/c, L 1> = !get(x, y). copyx(z). go y. put< = put(x). pastea/e T< > T = copya/c(z). go L 1. put< a b e c a a c b R T P Q b e c > a c b T L 1 L 2

Communication = go L 2. get<a/c, L 1> = !get(x, y). copyx(z). go y. put< = put(x). pastea/e T< > T = copya/c(z). go L 1. put< a b c c e T L 1 a a b R P Q b e c > a c b T L 2 Potential problem: who can return a result to put

Restriction = go L 2. get<a/c, L 1> = !get(x, y). copyx(z). go y. put<z = put(x). pastea/e<x> a b e c a a c b R P Q b e c a c b T L 1 L 2

Restriction = go L 2. get<a/c, L 1, put>= !get(x, y, w). copyx(z). go y. w< = put(x). pastea/e<x> a b e c a a c b R P Q b e c a c b T L 1 L 2 • Add the return channel put as a parameter to get

Restriction = go L 2. get<a/c, L 1, put>= !get(x, y, w). copyx(z). go y. w< = put(x). pastea/e<x> a b e c | a a c = (new put)( b R P Q b e c ) a c b T L 1 L 2 • Add the return channel put as a parameter to get • Make put an unforgeable secret with restriction binder

Restriction = go L 2. get<a/c, L 1, put>= !get(x, y, w). copyx(z). go y. w< = put(x). pastea/e<x> a b e c | a a c = (new put)( b R P Q b e c ) a c b T L 1 L 2

Restriction = go L 2. get<a/c, L 1, put>= !get(x, y, w). copyx(z). go y. w< = put(x). pastea/e<x> a b e L 1 c = (new put)( a a c | b P R T Q b e c ) a c b T L 2

Restriction = go L 2. get<a/c, L 1, put>= !get(x, y, w). copyx(z). go y. w< = put(x). pastea/e<x> a b e L 1 c | a a c = (new put)( b R T P Q b e c ) a c b T L 2

Restriction = go L 2. get<a/c, L 1, put>= !get(x, y, w). copyx(z). go y. w< = put(x). pastea/e<x> a b e c | a a c = (new put)( b R T P Q b e c ) a c b T L 1 L 2

Restriction = go L 2. get<a/c, L 1, put>= !get(x, y, w). copyx(z). go y. w< = put(x). pastea/e<x> a b c e T L 1 | a a c = (new put)( b R P Q b e c ) a c b T L 2 • Nothing can interefere with put now • Interference with get at L 2: same technique, types, …

Example: rendez-vous Client L 1 L 2 Function repository L 3 Data Repository L 4 Data warehouse

Example: rendez-vous Client L 1 L 2 Function repository L 3 Data Repository L 4 • Reduce network traffic Data warehouse • Comply to access control policies • Forward streams of results

Behavioural equivalences

Observational Equivalence Properties of an equivalence for concurrent systems: 1. Reduction closure: (N ~ M and N N’) ( M’. M * M’ and N’ ~ M’) 2. Contextuality 3. Preservation of (some) observables NN~~MM C[N] ~ C[M] ) * M’ and M’ ) ( C. (N M’. M

Network Observations L 2 L 1 L 3 R pastea/e<T’>. P Q T L 4 • If N= L 1| L 2| L 3| L 4 then we say N L 4 • pastea/e • Network equivalence is the largest symmetric relation

A hierarchy of equivalences Many possible observables: • the tree at each location (~t) copyp(x). 0 ~t 0 • process actions affecting trees (~) !a(x). a<x> ~a 0, . . . • actions affecting trees, outputs (~a) (new a)(a(x). P) ~s • any process action (~s) ~s ⊊ ~a = ~ ⊊ 0 ~t

Process Equivalence L 2 L 1 ~ L 3 R P Q L 1 L 2 L 3 R T L 4 P’ Q Replace a Web service P with P’ (optimisation) independently from: • the rest of the network L 1| L 2| L 3 P P’ L 4 • the actual data content T of L 4 • other services Q and R at L 4 T L 4

Establishing Equivalences Separating processes from data: L 1 L 2 L 3 PQ T L 4 = L 1 L 2 L 3 Q L 4 P L 4 T L 4 • Theorem: N ~ M if and only if [N] ~ [M] • Contextuality of ~ : compositional reasoning on L 1, and • LP 2, L 4 L~3, P’ and only if, for all T, (T, P) L ~ (T, P’) L L 4 if. Q 4 4

Proof technique • A bisimulation relation on located processes • Theorem: PL 4 P’L 4 implies PL 4 ~ P’L 4 = web service call = result handling code = intuitive specification = web service The refinement respects the specification: (new req)((new rep)( | )L | 1 L 2) L 1

More on bisimulation • Store updates modelled in message-passing style • We adapt techniques from the HO π-calculus for translating HO actions into FO actions • The definition of is non-standard: our choice of network composition makes a difference • Not complete due to “grainless concurrency” anomaly

Concluding remarks

The present and future of Xd • Formal model of p 2 p systems for sharing dynamic Web data • Examples: Web services, forms, Xlinks, scripting, Active XML • Behavioural equivalences, coinductive proof method, … • Types and security: [with Ahern, Gardner, Hayman] – access control based on spatial logics – document validation based on XDuce-like types and process types

Related work • Active XML [Abiteboul, Benjelloun, Milo, et. al. ] • ub. QL [Sahuguet, Tannen, Pierce] • Object Globe; Hyperqueries [Kiedl, Kemper, et al. ; Kemper, Wiesner] • Iota [Biermann, Sewell] • Asynchronous π [Honda, Tokoro; Honda, Yoshida; Merro; Amadio et al. ] • Dπ; λπ [Hennessy, Riely; Yoshida, Hennessy] • HOπ [Sangiorgi; Jeffrey, Rathke]