1. Reliable Scripting Using Push Logic Push Logic David Greaves, Daniel Gordon University of Cambridge Computer Laboratory Djg@cl.cam.ac.uk Reliable Scripting Using

2. Reliable Scripting Using Push Logic Push Logic – Scripting Language A declarative bytecode with runtime system. Various compilers envisaged, one developed so far. Specifies timed automata using idempotent executable rules. Controls streams, sensors and actuators. Supports a dynamic population of devices and scripts. Automated formal checking (CTL) - At compile time - At load time - (Optionally) at run time Source code looks like C++/Java.

3. Reliable Scripting Using Push Logic Mechanism View of Push Logic All variables can have safe values defined for them. Controlled devices can fail or self-reset to a safe value. Controlling scripts are reversible, so that a failure feeds back to the control source in a defined way. Feedback form is intrinsic or explicit. System behaves like a ‘mechanism’: both the controller and the controlled can push on each other.

4. Reliable Scripting Using Push Logic Restrictions All integrators must be inside differentiators: if (x != x_last) { sum := sum + 1; x_last := x } All pointer, arithmetic and time calculations must be compile-time decidable. Dynamic allocation only performed at bundle load time. All assertions are in CTL.

5. Reliable Scripting Using Push Logic Compilation Method Parse input file(s). Break threads into arcs at blocking primitives. Guard each arc by a runtime program counter being set to a label constant and create rules to update the program counters. Repeated symbolic evaluation of arc set until fixed point reached. Perform bundle checks using internal model checker. Generate declarative bytecode bundle, containing a mix of –Executable rules (v:= e, …) –CTL assertions (always, live, until, …).

6. Reliable Scripting Using Push Logic Object bundle Source Form 1 Compiler 1 Re- Hydration Source Form 1 Source Form 1 Object bundle Object bundle Object bundle Source Form 2 Compiler 2 Source Form 2 Source Form 2 Object bundle Object bundle Re- Hydration Re- Hydration Re- Hydration Bound bundle Bound bundle Bound bundle Bound bundle Execution Platform Execution Platform Execution Platform Compile Time Checker Bundle Checker Load Time Checker (Run Time Checker) Domain of participation network Device bindings Semantic Web Push Logic Compile/bind/ execute Flow diagram

7. Reliable Scripting Using Push Logic Compile-Time Checks Safe Value Check –There exists a setting of the variables where each is in a safe state and all executable rules hold. Rule Consistency –No two rules will try to set the same variable to different values at any one time. Idempotency Check –No ring of rules exists that causes an observable output to oscillate when rules are obeyed more than once with the same input settings. Push Back Check –For any unilateral change in any output, to any safe value of that output, internal variables or inputs to the bundle can be changed, again to safe values, so that all rules hold User’s Embedded and Imported CTL Expressions –Safety, liveness and until assertions may be embedded in the source. These are checked against a Herbrand-style interpretation of the bundle, so that any number of concurrently loaded bundles are sure to be consistent.

8. Reliable Scripting Using Push Logic Current Status Implemented on top of a distributed tuple space paradigm for distributed computing. Compiler built (10K lines of SML and C++). Runtime system runs on Linux, raw PC motherboards and our Molly cards. Various applications and embedded devices constructed. GUI for interactive monitoring/debugging.

9. Reliable Scripting Using Push Logic Future Work (Sept 05) Re-hydration stage not implemented. Domain checker not implemented. Compilation of bytecode to ROM-able machine code (new PhD student). Some larger examples need exploration. Find industrial collaborator who might use it ? Thankyou David Greaves.