communication across levels of...
TRANSCRIPT
![Page 1: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/1.jpg)
Communication AcrossLevels of Abstraction
April 21, 2008Sameer Sundresh
![Page 2: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/2.jpg)
Motivation:
Levels of abstractionin computer systems
![Page 3: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/3.jpg)
Traditional OS picture
Application code
Operating System kernel
Hardware
![Page 4: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/4.jpg)
Cyber-physical systems
Hardware
Physical laws
Application code
Operating System
![Page 5: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/5.jpg)
Language VMs
Language runtime system
Hardware & OS
Untrusted applets
Application code
![Page 6: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/6.jpg)
Key questions (talk overview)
1. How can we model multi-level systems?
2. How do levels of abstraction interact?
3. In what ways can our solution be applied to real software systems?
![Page 7: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/7.jpg)
1. How can we modelmulti-level systems?
Language-level virtualization
![Page 8: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/8.jpg)
What is system-level virtualization?
The ability to run
an operating system image
in a custom context
Host server: Linux
OpenVZ:Linux
VMware:Windows
nativeprocess
![Page 9: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/9.jpg)
What is system-level virtualization?
Hardware
Host OSVM
Guest OS
Virtual machine monitor
Guest-Host bridge
![Page 10: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/10.jpg)
What is system-level virtualization?
VM
Guest OS
Virtual machine monitor
Guest-Host bridge
Mediates accessto hardware
Simulates HWdevices
![Page 11: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/11.jpg)
What is language-level virtualization?
The ability to run
any program fragment
in a custom context
Program:...
+(1, +(2, 3))...
Context = language definitionHow does + work?
![Page 12: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/12.jpg)
What is language-level virtualization?
The ability to run
any program fragment
in a custom context
Program:...
+(1, +(2, 3))...
Context = language definitionHow does + work?
Program:. . .
Lambda(x, [Var(x)]). . .
Context = language definition
Lambda?Var?. . .
![Page 13: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/13.jpg)
A custom context lets you...
Abstract over lower-level details
Introduce new layers of abstraction
Define the semantics of a higher level
![Page 14: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/14.jpg)
2. How do levels ofabstraction interact?
![Page 15: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/15.jpg)
Very simple example
Program:...
+(1, +(2, 3))...
Definition of integers, additionHow does + work?
![Page 16: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/16.jpg)
Event diagrams
Definition of integers, addition
+(1, +
(2, 3
))
1
+(#1, +
(2, 3)
)
+(#1, +
(#2, #
3))
+(#2, #3)
+(#1, #
5)
+(#1, #5)
Return(#6)
#6
![Page 17: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/17.jpg)
Event diagrams
+(#1, +
(#2, #
3))
+(#2, #3)
+(#1, #
5)
downward event upward event
Definition of integers, addition
![Page 18: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/18.jpg)
Downward events are
Request messages from higher levels of abstraction
ReqMesg(arguments, continuation)
...and Return messages when a higher level has no more requests
Return(value)
![Page 19: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/19.jpg)
Upward events are
Evaluation of a request message continuation in a custom context.
Notice that an upward event is always followed by a downward event, as lower levels have control.
![Page 20: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/20.jpg)
Request messages
+(1, +(2, 3)) => ReqMesg(1, [+($, +(2, 3))])
Context: 1 = #1, hence eval [+(#1, +(2, 3))]
. . .
+(#1, +(#2, #3)) => ReqMesg(+(#2, #3), [+(#1, $)])
Context: +(#2, #3) = #5, hence eval [+(#1, #5)]
+(#1, #5) => ReqMesg(+(#1, #5), [$])
Context: +(#1, #5) = #6, hence eval [#6]
[#6] => Return(#6)
![Page 21: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/21.jpg)
How do we define customevaluation contexts?
![Page 22: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/22.jpg)
Handlers
Term
UHandler
Term
CHandler
Term
Allow
Term
Protect
![Page 23: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/23.jpg)
Handlers
UHandler([expr], handler)
Evaluate expr and pass the first request to handler
Chandler([expr], H, handler)
Evaluate expr and pass the first H-request to handler
Allow([expr], {H, G, ...}, handler)
Evaluate expr, pass the first non-H/G/... req to handler
Protect({H, G, ...}, [expr])
Hide H/G/... requests in expr so they can't be caught
![Page 24: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/24.jpg)
Quotation
[expr]
Quoted expression: don't automatically evaluate inside
Subst(cont, [expr])
Substitute a quoted expression into continuation,resulting in a quoted expression
Subst(cont1, cont2)
Substitute a continuation into a continuation
Eval([expr]) => expr
Force evaluation of a quoted expression
![Page 25: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/25.jpg)
Embedded -calculus
Var(x)
Read the variable named x
Lambda(x, [expr])
Create a closure—don't execute expr right now
Apply(expr1, expr2)
Apply a function to an argument value
LetEnv(Env, [expr])
Evaluate expr in the given environment
![Page 26: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/26.jpg)
Embedded -calculus
Lambda(x, [expr]) => Cl<E, x, [expr]>
Apply(Cl<E',x,[e]>, v2) => LetEnv(E'{x=v2}, [e])
LetEnv({...x=v...}, [...Var(x)...]) =>LetEnv({...x=v...}, [...v...])
![Page 27: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/27.jpg)
Interpreter demo
![Page 28: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/28.jpg)
3. Applications to software systems
![Page 29: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/29.jpg)
Examples
1. Testing and debugging incomplete units
2. Limiting effects of bugs in libraries
3. Preventing cross-site scripting
. . .
![Page 30: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/30.jpg)
1. Testing & debugging units
Unit testing often uses mock objects
What about a mock outside world?
How about overriding the memory allocator used?
Or how closures are created?
Or providing resumable exceptions for debugging?
![Page 31: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/31.jpg)
1. Testing & debugging units
“Resumable exception:Invalid operation DoSomething() inc = Apply(<Closure>, $)”
Maybe user knows what DoSomething() should do...
update state; ...(Eval[Subst(c, result)])...
![Page 32: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/32.jpg)
2. Limiting effects of library bugs
C libraries can compromise “safe” languages
(JPEG library used by Java had a buffer overflow)
Even higher-level library code may have unexpected behavior.
Packaging libraries as services is inconvenient, and additionally requires us to deal with concurrency.
![Page 33: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/33.jpg)
2. Limiting effects of library bugs
HighLevel.java:void safeMethod() {
LowLevel.doSomethingNice();}
LowLevel.c:void doSomethingNice() {
*((int *) random()) = random();}
What if pointer access inLowLevel.c were restricted
to a sandbox region?
![Page 34: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/34.jpg)
3. Preventing cross-site scripting
Web pages today contain data and code from many different sources. Malicious or errant JS code can access any part of a page and any server!
Server
Ad
Login
Password
A 3rd party banner advertisement could modify the password entry field to steal the user's credentials!
![Page 35: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/35.jpg)
Ad
Login
Password
“Next ad” button
Server
3. Preventing cross-site scripting
A possible solution:Isolate page components so they can only interact in certain ways.
![Page 36: Communication Across Levels of Abstractionosl.cs.illinois.edu/docs/webs08-sundresh/webs08-slides.pdfLevels of Abstraction April 21, 2008 Sameer Sundresh Motivation: Levels of abstraction](https://reader036.vdocument.in/reader036/viewer/2022062507/5fc17da702de2311b330ac27/html5/thumbnails/36.jpg)
Conclusions
Virtualization is a useful way to define multiple interacting levels of abstraction.
We should be able to virtualize arbitrary system components, not just OS-shaped chunks.
The request-handler system looks like a promising approach to language-level virtualization.