Asynchronous Exceptions as an Effect - Semantic Scholar

Asynchronous Exceptions as an Effect* Bill Harrison, Gerry Allwein, Andy Gill & Adam Procter

July 15, 2008

*

This research supported by National Science Foundation CAREER Award #00017806, Naval Research Lab Contract 1302-08-015S, and the Gilliom Cybersecurity Endowment

Asynchronous Exceptions as an Effect*

Dijkstra believed the asynchronous interrupt was a great invention: ...but also a Box of Pandora. Because the exact moments of the interrupts were unpredictable and outside our control, the interrupt mechanism turned the computer into a nondeterministic machine with a non-reproducible behavior, and could we control such a beast?

Contributions I

Monadic building block for asynchronous exceptions I

I

Extends published resumption-monadic based kernels I

I

a prominent member of the Awkward Squad [Peyton Jones 00] in particular, [Harrison06,Altenkirch&Swierstra07]

Functional style of programming interrupts

Asynchronous Exceptions as an Effect*

Dijkstra believed the asynchronous interrupt was a great invention: ...but also a Box of Pandora. Because the exact moments of the interrupts were unpredictable and outside our control, the interrupt mechanism turned the computer into a nondeterministic machine with a non-reproducible behavior, and could we control such a beast?

Contributions I

Monadic building block for asynchronous exceptions I

I

Extends published resumption-monadic based kernels I

I

a prominent member of the Awkward Squad [Peyton Jones 00] in particular, [Harrison06,Altenkirch&Swierstra07]

Functional style of programming interrupts

Asynchronous Exceptions as an Effect* Outline

Introduction: What is an Asynchronous Exception? What’s the Meaning of these Constant Interruptions? (Hutton & Wright,JFP07) Monadic Model of Asynchronous Exceptions (MMAE) Monads underlying MMAE Operators of the MMAE Interactions Between Effects What’s the Meaning of These Constant Interruptions?, Redux Blocked and Unblocked Semantics in MMAE The MMAE as a Programming Structure Conclusions & Future Work

Asynchronous Exceptions as an Effect* Introduction: What is an Asynchronous Exception?

What is an Asynchronous Exception?

a0

a1 interrupt by b

a2 b0

... possible return b1

...

I

There must be both an interrupt-ee and interrupt-er

I

Exceptions are “external”

I

Interruptions can take place at any point between atoms

I

HW interrupts are a particular form of asynchronous exception



a0

a1 interrupt by b

a2 b0


...

I


I


I


I




a0

a1 interrupt by b

a2 b0


...

I


I


I


I




a0

a1 interrupt by b

a2 b0


...

I


I


I


I




a0

a1 interrupt by b

a2 b0


...

I


I


I


I


Asynchronous Exceptions as an Effect* What’s the Meaning of these Constant Interruptions? (Hutton & Wright,JFP07)

Syntax & Semantics: What’s the Meaning of These Constant Interruptions?

Expr

::= Val Z | Add Expr Expr | Seqn Expr Expr | Block Expr | Unblock Expr | Catch Expr Expr Throw

Remark: Throw can occur synchronously or asynchronously! Operational Sem. with exceptions blocked (B) and unblocked (U) expr ⇓i value where i ∈ {B, U}


Asynchronous Exceptions in W.M.C.I.? a0

a1

+

Val 1

a2

⇓U

Val 1

…

Val 2

Add (Val 1) (Val 2)

⇓U

⇓U

Val 2

(Val 1)

Val 3

… Throw

Add (Val 1) (Val 2)

⇓U

=

(Val 2)

Val 1

⇓U

⇓U

Throw

Throw

Add (Val 1) (Val 2) Val 2

Throw

⇓U

Throw

Throw

Add (Val 1) (Val 2)

⇓U

Throw

Add

Throw

3

In the monadic model of asynchronous exceptions (MMAE): merge{merge{merge{η 3, Throw }, Throw }, Throw }


Natural Semantics for Expr

x Val n

⇓

Val

i

Val n y

⇓i

Add x y x

⇓B

Block x

⇓

Throw

⇓

Throw

⇓

i

x Add3

v

⇓i

Throw x

Block

⇓U

Unblock x

⇓i

Val n

⇓

Add x y

Throw

v i

i

Throw

Throw

y

Catch x y

⇓

i

⇓i

y i

⇓i

Val m Add1

Val (n+m)

v Catch2

v

v

⇓i

Unblock v

x

⇓U

Int Throw

Asynchronous Exceptions as an Effect* Monadic Model of Asynchronous Exceptions (MMAE) Monads underlying MMAE

Functors for Monad Hierarchy Definition (Functors for monads N,E,R) NA = Pfin (A) EA = N(A+Error) RA = fix X . A + EX

type N a data Err a type E a data R a

= = = =

[a] Ok a | Error N(Err a) Done a | Pause (E (R a))

I

Bind (?) and unit (η) operators standard; defined in paper.

I

Error represents Throw value.

I

Ok represents inl injection in A + Error throughout. Binder fix may be LFP (µ) or GFP (ν)

I

I

the choice is application-dependent.

Asynchronous Exceptions as an Effect* Monadic Model of Asynchronous Exceptions (MMAE) Operators of the MMAE

Thread constructors & destructors for E and R Definition step : E a → R a step x = Pause(x ?E (ηE ◦ Done))

run : R a → E a run (Pause ϕ) = ϕ ?E run run (Done v ) = ηE v

Haskell> run (step {Ok 1, Ok 2, Error }) {Ok 1, Ok 2, Error }


Merge Operators Definition

A

a0

a1

a2

…

+

(Val 1) (Val 2)

=

mergeN : N(N a) → N a … B mergeN X = ∪(x∈X ) x mergeE : N(E a)A+B → Ea mergeE = mergeN mergeR : N(R a) → R a mergeR {ϕ1 , . . . , ϕn } = Pause(mergeE {ηE ϕ1 , . . . , ηE ϕn })

Add

Throw Throw

Throw

3

Haskell>mergeN {{1, 2}, {4}} {1, 2, 4} Haskell>mergeE {{Ok 1, Ok 2, Error }, {Ok 4, Error }} {Ok 1, Ok 2, Ok 4, Error } — dupl. Error not shown


Control Flow Operators Definition throwE : E a throwE = ηN Error throwR : R a throwR = step throwE fork : R a → R a forkϕ = mergeR {ϕ, throwR }

For monad m = E, R : catchm : m a → m a → m a catchm ϕ γ =(statusm ϕ) ?m λs. case s of (Ok v ) → ηm v Error → γ

Haskell> throwE {Error } Haskell> throwE ? λv .ηE (v + 1) {Error }

Haskell>catchE throwE (ηE 9) {Ok 9} Haskell>catchE (ηE 9) throwE {Ok 9}


The status operators delimit exceptions

Definition statusE : E a → E(a + Error ) statusE ϕ = ϕ ?N λv . case v of (Ok y ) → ηE (Ok y ) Error → ηE Error statusR : R a → R (a + Error)

Haskell> statusE throwE {Ok Error } Haskell> statusE (ηE 9) {Ok (Ok 9)}

Asynchronous Exceptions as an Effect* Monadic Model of Asynchronous Exceptions (MMAE) Interactions Between Effects

Theorems relating merge, run, step, ? and throw Theorems mergem {ϕ1 , . . . , ϕn } ?m f = mergem {ϕ1 ?m f , . . . , ϕn ?m f } (1) where m = N, E, R run(mergeR {ϕ1 , . . . , ϕn }) = mergeE {run ϕ1 , . . . , run ϕn } (2) run(x ?R f ) = (run x) ?E (run ◦ f )

(3)

throwE ?E f

= throwE

(4)

throwE ?E f

= throwE ?E g

run(step ϕ) = ϕ

(5)

Asynchronous Exceptions as an Effect* What’s the Meaning of These Constant Interruptions?, Redux Blocked and Unblocked Semantics in MMAE

Blocked Semantics in MMAE B[[−]] : Expr → R Int B[[Val i]] = step(ηE i) B[[Add e1 e2 ]] = B[[e1 ]] ?R λv1 . B[[e2 ]] ?R λv2 . ηR (v1 + v2 ) B[[Seqn e1 e2 ]] = B[[e1 ]] >>R B[[e2 ]] B[[Throw]] = throwR B[[Catch e1 e2 ]] = catchR (B[[e1 ]]) (B[[e2 ]]) B[[Block e]] = B[[e]] B[[Unblock e]] = U[[e]]

— synchronous Throw


Unblocked Semantics in MMAE U[[−]] : Expr → R Int U[[Val i]] = fork(step(η E i))   U[[e1 ]] ?R λv1 . U[[Add e1 e2 ]] = fork  U[[e2 ]] ?R λv2 .  ηR (v1 + v2 ) U[[Seqn e1 e2 ]] = fork(U[[e1 ]] >>R U[[e2 ]]) U[[Throw]] = fork throwR U[[Catch e1 e2 ]] = fork(catchR (U[[e1 ]]) (U[[e2 ]])) U[[Block e]] = fork B[[e]] U[[Unblock e]] = fork U[[e]]


Semantic Equivalence of ⇓i and B[[−]], U[[−]]

Theorem For all e ∈ Expr: (Ok v ) ∈ run(U[[e]]) Error ∈ run(U[[e]]) (Ok v ) ∈ run(B[[e]]) Error ∈ run(B[[e]])

iff iff iff iff

e e e e

⇓U ⇓U ⇓B ⇓B

(Val v ) Throw (Val v ) Throw

Asynchronous Exceptions as an Effect* The MMAE as a Programming Structure

Resumption-based Kernels

[Harrison06,HarrisonHook 08]

sched : hSystem Configurationi → R () handler : hSystem Configurationi → hThreadi → R () handler (ready , m::ms) (P(Rcv , κ)) = Pause(κ (Rcvd m) ?S (η ◦ (λr . sched (enQ r ready , ms))) I I

hSystem Configurationi includes ready list and message queue. hThreadis are in reactive monad I I

I

Re A = νX .A + (Requests × (Responses → SX )). Monad S is a state monad.

R defined in terms of S here (instead of E).


Resumption computations have map Definition mapR : (R a → K(R a)) → R a → R a mapR h (Done v ) = Done v a1 (h a2 (Pause ϕ) ?S (ηS ◦ mapR h)) mapR h (Pause ϕ) =a0Pause … A + … =

Here’s one iterator: B

Before a0

ai

port=1; ISR port=0; ISR

…

a0

…

isr

…

After

0

a1

a1

…

branches : R aA+B → S(R a) branches (Pause  ϕ) =   ϕ,  hport=0;ISRi >>Sa ϕ, isr mergeK   hport=1;ISRi >>S ϕ isr …

… …

…


2

Turning the IO Port off & on port off > exec (sched sys) Broadcasting 1001 Broadcasting 1002 Receiving 1001 Broadcasting 1003 Receiving 1002 …

producer consumer broadcast receive

kernel

serial to parallel port

“External World”

msgQ

on/off

port on > exec (mapR branches (sched sys)) Broadcasting 1001 New Datagram 179 Broadcasting 1002 Receiving 179 New Datagram 204 …

Asynchronous Exceptions as an Effect* Conclusions & Future Work

Summary, Conclusions & Future Work I

MMAE combines known monadic structures in a novel manner I I

I

Suitable as semantic framework, ...or as a functional-style program structuring technique

Motivation: Monad Compilers translating resumption-monadic security kernels [HarrisonHook08] directly: High Assurance Security Kernel

I

I

Intermediate Form (IR)

Target μBlaze

...thereby avoiding pitfalls of FP implementation (e.g., unpredictable time/space behavior, large object files,...). See monadgarden.cs.missouri.edu for more details (heavily under construction at the moment)

Thanks!