├── README.md ├── bin ├── dups ├── passive ├── pre-commit └── weasel ├── dissertation ├── Makefile ├── abstract-jfp.txt ├── abstract.tex ├── abstract.txt ├── acks.tex ├── appendix-proofs │ └── main.tex ├── appendix-redex │ └── main.tex ├── chapter1 │ └── main.tex ├── chapter2 │ ├── code │ │ ├── Makefile │ │ ├── bfs_lvar.hs │ │ ├── bfs_pure.hs │ │ ├── run_bfs_lvar.hs │ │ └── run_bfs_pure.hs │ ├── determinism-clash-proof.tex │ ├── determinism-error-preservation-proof.tex │ ├── determinism-independence-proof.tex │ ├── determinism-internal-determinism-proof.tex │ ├── determinism-locality-proof.tex │ ├── determinism-monotonicity-proof.tex │ ├── determinism-permutability-proof.tex │ ├── determinism-strong-confluence-proof.tex │ ├── determinism-strong-local-confluence-proof.tex │ ├── determinism-strong-one-sided-confluence-proof.tex │ ├── determinism.tex │ ├── examples.tex │ ├── figures │ │ ├── lvars-example-lattices.graffle │ │ ├── lvars-example-lattices.pdf │ │ ├── lvars-parallel-and.graffle │ │ ├── lvars-parallel-and.pdf │ │ ├── lvars-series-parallel.graffle │ │ └── lvars-series-parallel.pdf │ ├── generalizing.tex │ ├── intro.tex │ ├── lambdalvar.tex │ ├── lattices.tex │ ├── main.tex │ └── motivation.tex ├── chapter3 │ ├── code │ │ └── bfs_new.hs │ ├── intro.tex │ ├── lvish-formal-lattice-structure-proof.tex │ ├── lvish-formal.tex │ ├── lvish-informal.tex │ ├── main.tex │ ├── quasi-determinism-generalized-clash-proof.tex │ ├── quasi-determinism-generalized-independence-proof.tex │ ├── quasi-determinism-internal-determinism-proof.tex │ ├── quasi-determinism-locality-proof.tex │ ├── quasi-determinism-monotonicity-proof.tex │ ├── quasi-determinism-permutability-proof.tex │ ├── quasi-determinism-strong-local-quasi-confluence-proof.tex │ ├── quasi-determinism-strong-one-sided-quasi-confluence-proof.tex │ ├── quasi-determinism-strong-quasi-confluence-proof.tex │ └── quasi-determinism.tex ├── chapter4 │ ├── api.tex │ ├── big-picture.tex │ ├── code │ │ ├── disjoint-parallel-update.hs │ │ ├── graph-traversal-explicit-freeze.hs │ │ ├── graph-traversal-implicit-freeze.hs │ │ ├── ivar-example.hs │ │ ├── map-lvar-freezeafter.hs │ │ ├── map-lvar-getkey-lib.hs │ │ ├── map-lvar-quasi.hs │ │ ├── repeated-4-ivar.hs │ │ └── repeated-4-lvar.hs │ ├── disjoint.tex │ ├── figures │ │ ├── CFA_speedups.numbers │ │ └── CFA_speedups.pdf │ ├── intro.tex │ ├── k-cfa.tex │ ├── main.tex │ └── phybin.tex ├── chapter5 │ ├── cvrdts.tex │ ├── intro.tex │ ├── main.tex │ ├── model.tex │ ├── relationship.tex │ ├── results-determinism-of-threshold-queries-proof.tex │ └── results.tex ├── chapter6 │ └── main.tex ├── chapter7 │ └── main.tex ├── dissertation.pdf ├── dissertation.tex ├── draft-06-28-2014.pdf ├── draft-07-04-2014.pdf ├── draft-07-12-2014.pdf ├── draft-07-25-2014.pdf ├── draft-08-11-2014.pdf ├── is-abbrv.bst ├── iuthesis-alt.cls ├── iuthesis.cls ├── jfp-reviews-notes.md ├── jfp-reviews-response.txt ├── jfp-reviews.txt ├── jfp.tex ├── jfp_cover_letter.txt ├── lindsey_kuper_cv.tex └── outline.md ├── illustrations ├── book.png ├── communicating-threads.png ├── elf.png ├── flow2.png ├── flow3.png ├── flying-saucer.png ├── frozen-data.png ├── frozen.png ├── graph-traversal.png ├── keys.png ├── map.png ├── matrix.png ├── pool.png ├── sharing-state.png ├── shoe.png ├── shopping-cart.png ├── store.png └── thread.png ├── latex_common ├── amsfonts.sty ├── bm.sty ├── editingmarks.tex ├── jfp.bst ├── jfp1.cls ├── jfp2egui.tex ├── lambdaLVar-definition.tex ├── lambdaLVar-defs.tex ├── lambdaLVar-thms.tex ├── lambdaLVish-definition.tex ├── lambdaLVish-defs.tex ├── lambdaLVish-thms.tex ├── lang.tex ├── lkuper.bib ├── mathpartir.sty ├── metatheory.tex ├── refs.bib └── style.tex ├── proposal ├── Makefile ├── figures │ ├── example-lvar-lattices.graffle │ └── example-lvar-lattices.pdf └── thesis-proposal.tex └── talks ├── defense.key ├── defense.md ├── defense.pdf ├── jcreed-drawings ├── jcreed-drawings-raw-1.jpg └── jcreed-drawings-raw-2.jpg ├── proposal.key ├── proposal.md └── proposal.pdf /README.md: -------------------------------------------------------------------------------- 1 | dissertation 2 | ============ 3 | 4 | My dissertation, plus some other stuff. 5 | 6 | I turned in my dissertation and graduated in September 2015. Here's a [final PDF version](http://www.cs.indiana.edu/~lkuper/papers/lindsey-kuper-dissertation.pdf)! 7 | -------------------------------------------------------------------------------- /bin/dups: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | 3 | # Finds duplicate adjacent words. 4 | 5 | use strict ; 6 | 7 | my $DupCount = 0 ; 8 | 9 | if (!@ARGV) { 10 | print "usage: dups ...\n" ; 11 | exit ; 12 | } 13 | 14 | while (1) { 15 | my $FileName = shift @ARGV ; 16 | 17 | # Exit code = number of duplicates found. 18 | exit $DupCount if (!$FileName) ; 19 | 20 | open FILE, $FileName or die $!; 21 | 22 | my $LastWord = "" ; 23 | my $LineNum = 0 ; 24 | 25 | while () { 26 | chomp ; 27 | 28 | $LineNum ++ ; 29 | 30 | my @words = split (/(\W+)/) ; 31 | 32 | foreach my $word (@words) { 33 | # Skip spaces: 34 | next if $word =~ /^\s*$/ ; 35 | 36 | # Skip punctuation: 37 | if ($word =~ /^\W+$/) { 38 | $LastWord = "" ; 39 | next ; 40 | } 41 | 42 | # Found a dup? 43 | if (lc($word) eq lc($LastWord)) { 44 | print "$FileName:$LineNum $word\n" ; 45 | $DupCount ++ ; 46 | } # Thanks to Sean Cronin for tip on case. 47 | 48 | # Mark this as the last word: 49 | $LastWord = $word ; 50 | } 51 | } 52 | 53 | close FILE ; 54 | } -------------------------------------------------------------------------------- /bin/passive: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | irregulars="awoken|\ 4 | been|born|beat|\ 5 | become|begun|bent|\ 6 | beset|bet|bid|\ 7 | bidden|bound|bitten|\ 8 | bled|blown|broken|\ 9 | bred|brought|broadcast|\ 10 | built|burnt|burst|\ 11 | bought|cast|caught|\ 12 | chosen|clung|come|\ 13 | cost|crept|cut|\ 14 | dealt|dug|dived|\ 15 | done|drawn|dreamt|\ 16 | driven|drunk|eaten|fallen|\ 17 | fed|felt|fought|found|\ 18 | fit|fled|flung|flown|\ 19 | forbidden|forgotten|\ 20 | foregone|forgiven|\ 21 | forsaken|frozen|\ 22 | gotten|given|gone|\ 23 | ground|grown|hung|\ 24 | heard|hidden|hit|\ 25 | held|hurt|kept|knelt|\ 26 | knit|known|laid|led|\ 27 | leapt|learnt|left|\ 28 | lent|let|lain|lighted|\ 29 | lost|made|meant|met|\ 30 | misspelt|mistaken|mown|\ 31 | overcome|overdone|overtaken|\ 32 | overthrown|paid|pled|proven|\ 33 | put|quit|read|rid|ridden|\ 34 | rung|risen|run|sawn|said|\ 35 | seen|sought|sold|sent|\ 36 | set|sewn|shaken|shaven|\ 37 | shorn|shed|shone|shod|\ 38 | shot|shown|shrunk|shut|\ 39 | sung|sunk|sat|slept|\ 40 | slain|slid|slung|slit|\ 41 | smitten|sown|spoken|sped|\ 42 | spent|spilt|spun|spit|\ 43 | split|spread|sprung|stood|\ 44 | stolen|stuck|stung|stunk|\ 45 | stridden|struck|strung|\ 46 | striven|sworn|swept|\ 47 | swollen|swum|swung|taken|\ 48 | taught|torn|told|thought|\ 49 | thrived|thrown|thrust|\ 50 | trodden|understood|upheld|\ 51 | upset|woken|worn|woven|\ 52 | wed|wept|wound|won|\ 53 | withheld|withstood|wrung|\ 54 | written" 55 | 56 | if [ "$1" = "" ]; then 57 | echo "usage: `basename $0` ..." 58 | exit 59 | fi 60 | 61 | egrep -n -i --color \ 62 | "\\b(am|are|were|being|is|been|was|be)\ 63 | \\b[ ]*(\w+ed|($irregulars))\\b" $* 64 | 65 | exit $? -------------------------------------------------------------------------------- /bin/pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | exec 1>&2 4 | 5 | cd dissertation 6 | make dissertation.pdf 7 | scp dissertation.pdf sharks.cs.indiana.edu:~/.hyplan/papers/dissertation-draft-latest.pdf 8 | 9 | 10 | -------------------------------------------------------------------------------- /bin/weasel: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | weasels="many|various|very|fairly|several|extremely\ 4 | |exceedingly|quite|remarkably|few|surprisingly\ 5 | |mostly|largely|huge|tiny|((are|is) a number)\ 6 | |excellent|interestingly|significantly\ 7 | |substantially|clearly|vast|relatively|completely" 8 | 9 | wordfile="" 10 | 11 | # Check for an alternate weasel file 12 | if [ -f $HOME/etc/words/weasels ]; then 13 | wordfile="$HOME/etc/words/weasels" 14 | fi 15 | 16 | if [ -f $WORDSDIR/weasels ]; then 17 | wordfile="$WORDSDIR/weasels" 18 | fi 19 | 20 | if [ -f words/weasels ]; then 21 | wordfile="words/weasels" 22 | fi 23 | 24 | if [ ! "$wordfile" = "" ]; then 25 | weasels="xyzabc123"; 26 | for w in `cat $wordfile`; do 27 | weasels="$weasels|$w" 28 | done 29 | fi 30 | 31 | 32 | if [ "$1" = "" ]; then 33 | echo "usage: `basename $0` ..." 34 | exit 35 | fi 36 | 37 | egrep -i -n --color "\\b($weasels)\\b" $* 38 | 39 | exit 0 -------------------------------------------------------------------------------- /dissertation/Makefile: -------------------------------------------------------------------------------- 1 | NAME := dissertation 2 | LATEX := xelatex 3 | CV := lindsey_kuper_cv 4 | UNAME := $(shell uname) 5 | SOURCES := $(wildcard *.tex *.bib) $(wildcard */*.tex) $(wildcard */figures/*.pdf) $(wildcard */code/*) $(wildcard ../latex_common/*.tex) 6 | PROSE_SOURCES := abstract.tex acks.tex $(wildcard chapter*/*.tex) 7 | TEX_SOURCES := $(wildcard *.tex) $(wildcard */*.tex) $(wildcard ../latex_common/*.tex) 8 | JFP_NAME := jfp 9 | 10 | quick: 11 | pdflatex jfp 12 | 13 | $(NAME).pdf: $(SOURCES) cv 14 | $(LATEX) $(NAME).tex 15 | bibtex $(NAME) 16 | $(LATEX) $(NAME).tex 17 | $(LATEX) $(NAME).tex 18 | 19 | $(JFP_NAME).pdf: $(SOURCES) 20 | $(LATEX) $(JFP_NAME).tex 21 | bibtex $(JFP_NAME) 22 | $(LATEX) $(JFP_NAME).tex 23 | $(LATEX) $(JFP_NAME).tex 24 | 25 | cv: 26 | ${LATEX} ${CV}.tex 27 | 28 | #----------------------------------------------- 29 | # These targets actually change the build state: 30 | 31 | ed: editingmarks 32 | 33 | editingmarks: 34 | touch editingmarks.tex 35 | $(MAKE) $(NAME).pdf 36 | 37 | plain: 38 | rm -f editingmarks.tex 39 | $(MAKE) $(NAME).pdf 40 | cp $(NAME).pdf plain.pdf 41 | 42 | #----------------------------------------------- 43 | # Others: 44 | 45 | # Check style (due to 46 | # http://matt.might.net/articles/shell-scripts-for-passive-voice-weasel-words-duplicates/): 47 | style: 48 | echo "weasel words: " 49 | sh ../bin/weasel $(PROSE_SOURCES) 50 | echo 51 | echo "passive voice: " 52 | sh ../bin/passive $(PROSE_SOURCES) 53 | echo 54 | echo "duplicates: " 55 | perl ../bin/dups $(PROSE_SOURCES) 56 | 57 | spell: 58 | for file in $(PROSE_SOURCES); do aspell -c $$file; done 59 | 60 | open: $(NAME).pdf 61 | ifeq ($(UNAME), Darwin) 62 | open $(NAME).pdf 63 | endif 64 | ifeq ($(UNAME), Linux) 65 | evince $(NAME).pdf & 66 | endif 67 | 68 | clean: 69 | rm -f *.blg *.bbl *.brf *.aux *.log $(NAME).pdf $(JFP_NAME).pdf $(CV).pdf *.out *.toc chapter*/main.aux 70 | -------------------------------------------------------------------------------- /dissertation/abstract-jfp.txt: -------------------------------------------------------------------------------- 1 | Deterministic-by-construction parallel programming models guarantee 2 | that programs have the same observable behavior on every run, 3 | promising freedom from bugs caused by schedule nondeterminism. To 4 | make that guarantee, though, they must sharply restrict sharing of 5 | state between parallel tasks, usually either by disallowing sharing 6 | entirely or by restricting it to one type of data structure, such as 7 | single-assignment locations. 8 | 9 | We show that lattice-based data structures, or LVars, are the 10 | foundation for a guaranteed-deterministic parallel programming model 11 | that allows a more general form of sharing. LVars allow multiple 12 | assignments that are inflationary with respect to a given lattice. 13 | They ensure determinism by allowing only inflationary writes and 14 | "threshold" reads that block until a lower bound is reached. After 15 | presenting the basic LVars model, we extend it to support event 16 | handlers, which enable an event-driven programming style, and 17 | non-blocking "freezing" reads, resulting in a quasi-deterministic 18 | model in which programs behave deterministically modulo exceptions. 19 | 20 | We demonstrate the viability of the LVars model with LVish, a Haskell 21 | library that provides a collection of lattice-based data structures, a 22 | work-stealing scheduler, and a monad in which LVar computations run. 23 | LVish leverages Haskell's type system to index such computations with 24 | effect levels to ensure that only certain LVar effects can occur, 25 | hence statically enforcing determinism or quasi-determinism. We 26 | present two case studies of parallelizing existing programs using 27 | LVish: a k-CFA control flow analysis, and a bioinformatics application 28 | for comparing phylogenetic trees. 29 | -------------------------------------------------------------------------------- /dissertation/abstract.tex: -------------------------------------------------------------------------------- 1 | Deterministic-by-construction parallel programming models guarantee 2 | that programs have the same observable behavior on every run, 3 | promising freedom from bugs caused by schedule nondeterminism. To 4 | make that guarantee, though, they must sharply restrict sharing of 5 | state between parallel tasks, usually either by disallowing sharing 6 | entirely or by restricting it to one type of data structure, such as 7 | single-assignment locations. 8 | 9 | \either{I}{We} show that \emph{lattice-based} data structures, or \emph{LVars}, are the 10 | foundation for a guaranteed-deterministic parallel programming model 11 | that allows a more general form of sharing. LVars allow multiple 12 | assignments that are inflationary with respect to a given lattice. They ensure determinism by allowing 13 | only inflationary writes and ``threshold'' reads that block until a 14 | lower bound is reached. After presenting the basic LVars model, \either{I}{we} 15 | extend it to support \emph{event handlers}, which enable an event-driven 16 | programming style, and non-blocking ``freezing'' reads, resulting in a 17 | \emph{quasi-deterministic} model in which programs behave deterministically 18 | modulo exceptions. 19 | 20 | \either{I}{We} demonstrate the viability of the LVars model with \emph{LVish}, a Haskell 21 | library that provides a collection of lattice-based data structures, a 22 | work-stealing scheduler, and a monad in which LVar computations run. 23 | LVish leverages Haskell's type system to index such computations with 24 | \emph{effect levels} to ensure that only certain LVar effects can occur, 25 | hence statically enforcing determinism or quasi-determinism. \either{I}{We} present 26 | two case studies of parallelizing existing programs using LVish: a 27 | $k$-CFA control flow analysis, and a bioinformatics application for 28 | comparing phylogenetic trees. 29 | 30 | \ifdefined\DISSERTATION 31 | Finally, I show how LVar-style threshold reads apply to the setting of 32 | \emph{convergent replicated data types} (CvRDTs), which specify the behavior 33 | of eventually consistent replicated objects in a distributed system. 34 | I extend the CvRDT model to support deterministic, strongly consistent 35 | \emph{threshold queries}. The technique generalizes to any lattice, and 36 | hence any CvRDT, and allows deterministic observations to be made of 37 | replicated objects before the replicas' states converge. 38 | \fi 39 | -------------------------------------------------------------------------------- /dissertation/abstract.txt: -------------------------------------------------------------------------------- 1 | Deterministic-by-construction parallel programming models guarantee 2 | that programs have the same observable behavior on every run, 3 | promising freedom from bugs caused by schedule nondeterminism. To 4 | make that guarantee, though, they must sharply restrict sharing of 5 | state between parallel tasks, usually either by disallowing sharing 6 | entirely or by restricting it to one type of data structure, such as 7 | single-assignment locations. 8 | 9 | I show that lattice-based data structures, or LVars, are the 10 | foundation for a guaranteed-deterministic parallel programming model 11 | that allows a more general form of sharing. LVars allow multiple 12 | assignments that are inflationary with respect to a given lattice. 13 | They ensure determinism by allowing only inflationary writes and 14 | "threshold" reads that block until a lower bound is reached. After 15 | presenting the basic LVars model, I extend it to support event 16 | handlers, which enable an event-driven programming style, and 17 | non-blocking "freezing" reads, resulting in a quasi-deterministic 18 | model in which programs behave deterministically modulo exceptions. 19 | 20 | I demonstrate the viability of the LVars model with LVish, a Haskell 21 | library that provides a collection of lattice-based data structures, a 22 | work-stealing scheduler, and a monad in which LVar computations run. 23 | LVish leverages Haskell's type system to index such computations with 24 | effect levels to ensure that only certain LVar effects can occur, 25 | hence statically enforcing determinism or quasi-determinism. I present 26 | two case studies of parallelizing existing programs using LVish: a 27 | k-CFA control flow analysis, and a bioinformatics application for 28 | comparing phylogenetic trees. 29 | 30 | Finally, I show how LVar-style threshold reads apply to the setting of 31 | convergent replicated data types (CvRDTs), which specify the behavior 32 | of eventually consistent replicated objects in a distributed system. 33 | I extend the CvRDT model to support deterministic, strongly consistent 34 | threshold queries. The technique generalizes to any lattice, and 35 | hence any CvRDT, and allows deterministic observations to be made of 36 | replicated objects before the replicas' states converge. 37 | -------------------------------------------------------------------------------- /dissertation/acks.tex: -------------------------------------------------------------------------------- 1 | Not long ago, someone asked me if knew I wanted to work on LVars at 2 | the time I applied to grad school, and I had to laugh. Not only did I 3 | not know then that I wanted to work on LVars, I didn't even know what 4 | subfield of computer science I wanted to study. I had an idea of what 5 | kinds of problems I thought were interesting, but I didn't really 6 | grasp that there was actually a field of study devoted to those 7 | problems and that ``programming languages'' was what it was called. 8 | As it happened, one of the Ph.D. programs to which I applied turned 9 | out to be a very good place to study PL, and that program was also the 10 | only one that accepted me. So the first acknowledgement I want to 11 | make here is to the Indiana University computer science program for 12 | taking a chance on me and making this dissertation possible. 13 | 14 | I took Dan Friedman's programming languages course in my first 15 | semester at IU in fall 2008, and the following spring, Dan invited me 16 | to be a teaching assistant for the undergraduate edition of the 17 | course, known as C311, together with his student and collaborator Will 18 | Byrd. This led to my first PL research experience, which consisted of 19 | playing with a fantastic little language called 20 | miniKanren\footnote{\url{http://www.minikanren.org} --- not that any 21 | such website existed at the time!} during the summer of 2009 with Dan, 22 | Will, and a group of relational programming aficionados fueled by 23 | intense curiosity and Mother Bear's pizza. At the time, I was utterly 24 | unprepared to do research and was in way over my head, but we had a 25 | lot of fun, and I went on to help out with C311 and another course, 26 | H211, for three more semesters under Dan and Will's expert guidance. 27 | 28 | Amal Ahmed joined the IU faculty in 2009 and was a tremendous 29 | influence on me as I began truly learning how to read research papers 30 | and, eventually, write them. Although Amal and I never worked on 31 | determinism as such, it was nevertheless from Amal that I learned how 32 | to design and prove properties of calculi much like the $\lambdaLVar$ 33 | and $\lambdaLVish$ calculi in this dissertation. Amal also had a huge 34 | influence on the culture of the PL group at IU. Weekly ``PL Wonks'' 35 | meetings are a given these days, but it wasn't so very long ago that 36 | the PL group didn't have regular meetings or even much of a group 37 | identity. It was Amal who rounded us all up and told us that from 38 | then on, we were all going to give talks every semester. (Happily, 39 | this process has now become entirely student-driven and 40 | self-sustaining.) It was also at Amal's urging that I attended my 41 | first PL conference, ICFP 2010 in Baltimore, and got to know many of 42 | the people who have since become my mentors, colleagues, 43 | collaborators, and dear friends in the PL community, including Neel 44 | Krishnaswami, Chung-chieh Shan, Tim Chevalier, Rob Simmons, Jason 45 | Reed, Ron Garcia, Stevie Strickland, Dan Licata, and Chris Martens. 46 | 47 | When Amal left IU for Northeastern in 2011, I had to make the 48 | difficult decision between staying at IU or leaving, and although I 49 | chose to stay and work with Ryan Newton on what would eventually 50 | become this dissertation, I think that Amal's influence on the flavor 51 | of the work I ended up doing is evident. (In fact, it was Amal who 52 | originally pointed out the similarity between the Independence Lemma 53 | and the frame rule that I discuss in 54 | Section~\ref{subsection:lvars-independence}.) 55 | 56 | Ryan's first act as a new faculty member at Indiana in 2011 was to 57 | arrange for our building to get a fancy espresso machine (and to 58 | kick-start a community of espresso enthusiasts who lovingly maintain 59 | it). Clearly, we were going to get along well! That fall I took 60 | Ryan's seminar course on high-performance DSLs, which was how I 61 | started learning about deterministic parallel programming models. 62 | Soon, we began discussing the idea of generalizing single-assignment 63 | languages, and Ryan suggested that I help him write a grant proposal 64 | to continue working on the idea. We submitted our proposal in 65 | December 2011, and to my surprise, it was funded on our first try. I 66 | gratefully acknowledge everyone at the National Science Foundation who 67 | was involved in the decision to fund grant CCF-1218375, since without 68 | that early vote of confidence, I'm not sure I would have been able to 69 | keep my spirits up during the year that followed, in which it took us 70 | four attempts to get our first LVars paper published. Ryan's non-stop 71 | energy and enthusiasm were crucial ingredients, too. (And, although I 72 | didn't feel thankful at the time, I'm now also thankful to the 73 | anonymous reviewers of POPL 2013, ESOP 2013, and ICFP 2013, whose 74 | constructive criticism helped us turn LVars from a half-baked idea 75 | into a convincing research contribution.) 76 | 77 | In addition to Ryan, I was lucky to have a wonderful dissertation 78 | committee consisting of Amr Sabry, Larry Moss, and Chung-chieh Shan. 79 | Amr, Larry, and Ken all played important roles in the early 80 | development of LVars and helped resolve subtle issues with the 81 | semantics of $\lambdaLVar$ and its determinism proof. What appears 82 | now in Chapter~\ref{ch:lvars} is relatively simple --- but it is only 83 | simple because of considerable effort spent making it so! I'm also 84 | grateful to all my committee members for showing up to my thesis 85 | proposal at eight-thirty in the morning in the middle of an Indiana 86 | December snowstorm. Additionally, I want to offer special thanks to 87 | Sam Tobin-Hochstadt, Neel Krishnaswami, and Aaron Turon --- all of 88 | whom gave me so much guidance, encouragement, and support throughout 89 | this project that I think of them as \emph{de facto} committee 90 | members, too. 91 | 92 | By fall 2012, working on LVars had gotten me interested in the idea of 93 | developing a separation logic for deterministic parallelism. Aaron 94 | and Neel liked the idea, too, and expressed interest in working on it 95 | with me. When we all met up in Saarbr{\"u}cken in January 2013, 96 | though, we realized that we should first focus on making the LVars 97 | programming model more expressive, and we put the separation logic 98 | idea on hold while we went on an exciting side trip into language 99 | design. That ``side trip'' eventually took us all the way to event 100 | handlers, quiescence, freezing, and quasi-determinism, the topics of 101 | Chapter~\ref{ch:quasi} and of our POPL 2014 paper. It also led to the 102 | LVish Haskell library, the topic of Chapter~\ref{ch:lvish}, which was 103 | largely implemented by Aaron and Ryan. Neel and I collaborated on the 104 | original proof of quasi-determinism for $\lambdaLVish$, and Neel also 105 | provided lots of essential guidance as I worked on the revised 106 | versions of the proofs that appear in this dissertation. I also want 107 | to acknowledge Derek Dreyer for helping facilitate our collaboration, 108 | as well as for giving me an excuse to give a \emph{Big 109 | Lebowski}-themed talk at MPI-SWS. 110 | 111 | One of the most exciting and rewarding parts of my dissertation work 112 | has been pursuing the connection between LVars and distributed data 113 | consistency, the topic of Chapter~\ref{ch:distributed}. It can be a 114 | challenge for people coming from different subfields to find common 115 | ground, and I'm indebted to the many distributed systems researchers 116 | and practitioners who have met me much more than halfway, particularly 117 | the BOOM group at Berkeley and the Riak folks at Basho. Speaking at 118 | RICON 2013 about LVars was one of the highlights of my 119 | Ph.D. experience; thanks to everyone who made it so. 120 | 121 | Katerina Barone-Adesi, Jos\'{e} Valim, and Zach Allaun --- not 122 | coincidentally, all members of the Recurse Center community, which is 123 | the best programming community in the world --- gave feedback on 124 | drafts of this dissertation and helped me improve the presentation. 125 | Thanks to all of them. 126 | 127 | Jason Reed contributed the wonderful spot illustrations that appear 128 | throughout. My hope is that they'll make the pages a bit more 129 | inviting and offer some comic relief to the frustrated student. 130 | They've certainly done that for me. 131 | 132 | Finally, this dissertation is dedicated to my amazing husband, Alex 133 | Rudnick, without whose love, support, advice, and encouragement I 134 | would never have \emph{started} grad school, let alone finished. 135 | -------------------------------------------------------------------------------- /dissertation/appendix-proofs/main.tex: -------------------------------------------------------------------------------- 1 | \chapter{Proofs}\label{app:proofs} 2 | 3 | \section{Proof of Lemma~\ref{lem:lvars-permutability}}\label{section:lvars-permutability-proof} 4 | \input{chapter2/determinism-permutability-proof} 5 | 6 | \section{Proof of Lemma~\ref{lem:lvars-internal-determinism}}\label{section:lvars-internal-determinism-proof} 7 | \input{chapter2/determinism-internal-determinism-proof} 8 | 9 | \section{Proof of Lemma~\ref{lem:lvars-locality}}\label{section:lvars-locality-proof} 10 | \input{chapter2/determinism-locality-proof} 11 | 12 | \section{Proof of Lemma~\ref{lem:lvars-monotonicity}}\label{section:lvars-monotonicity-proof} 13 | \input{chapter2/determinism-monotonicity-proof} 14 | 15 | \section{Proof of Lemma~\ref{lem:lvars-independence}}\label{section:lvars-independence-proof} 16 | \input{chapter2/determinism-independence-proof} 17 | 18 | \section{Proof of Lemma~\ref{lem:lvars-clash}}\label{section:lvars-clash-proof} 19 | \input{chapter2/determinism-clash-proof} 20 | 21 | \section{Proof of Lemma~\ref{lem:lvars-strong-local-confluence}}\label{section:lvars-strong-local-confluence-proof} 22 | \input{chapter2/determinism-strong-local-confluence-proof} 23 | 24 | \section{Proof of Lemma~\ref{lem:lvars-strong-one-sided-confluence}}\label{section:lvars-strong-one-sided-confluence-proof} 25 | \input{chapter2/determinism-strong-one-sided-confluence-proof} 26 | 27 | \section{Proof of Lemma~\ref{lem:lvars-strong-confluence}}\label{section:lvars-strong-confluence-proof} 28 | \input{chapter2/determinism-strong-confluence-proof} 29 | 30 | \section{Proof of Lemma~\ref{lem:lattice-structure}}\label{section:lattice-structure-proof} 31 | \input{chapter3/lvish-formal-lattice-structure-proof} 32 | 33 | \section{Proof of Lemma~\ref{lem:permutability}}\label{section:permutability-proof} 34 | \input{chapter3/quasi-determinism-permutability-proof} 35 | 36 | \section{Proof of Lemma~\ref{lem:internal-determinism}}\label{section:internal-determinism-proof} 37 | \input{chapter3/quasi-determinism-internal-determinism-proof} 38 | 39 | \section{Proof of Lemma~\ref{lem:locality}}\label{section:locality-proof} 40 | \input{chapter3/quasi-determinism-locality-proof} 41 | 42 | \section{Proof of Lemma~\ref{lem:monotonicity}}\label{section:monotonicity-proof} 43 | \input{chapter3/quasi-determinism-monotonicity-proof} 44 | 45 | \section{Proof of Lemma~\ref{lem:generalized-independence}}\label{section:generalized-independence-proof} 46 | \input{chapter3/quasi-determinism-generalized-independence-proof} 47 | 48 | \section{Proof of Lemma~\ref{lem:generalized-clash}}\label{section:generalized-clash-proof} 49 | \input{chapter3/quasi-determinism-generalized-clash-proof} 50 | 51 | \section{Proof of Lemma~\ref{lem:strong-local-quasi-confluence}}\label{section:strong-local-quasi-confluence-proof} 52 | \input{chapter3/quasi-determinism-strong-local-quasi-confluence-proof} 53 | 54 | \section{Proof of Lemma~\ref{lem:strong-one-sided-quasi-confluence}}\label{section:strong-one-sided-quasi-confluence-proof} 55 | \input{chapter3/quasi-determinism-strong-one-sided-quasi-confluence-proof} 56 | 57 | \section{Proof of Lemma~\ref{lem:strong-quasi-confluence}}\label{section:strong-quasi-confluence-proof} 58 | \input{chapter3/quasi-determinism-strong-quasi-confluence-proof} 59 | 60 | \section{Proof of Theorem~\ref{thm:determinism-of-threshold-queries}}\label{section:determinism-of-threshold-queries-proof} 61 | \input{chapter5/results-determinism-of-threshold-queries-proof} 62 | 63 | -------------------------------------------------------------------------------- /dissertation/appendix-redex/main.tex: -------------------------------------------------------------------------------- 1 | \chapter{A PLT Redex Model of $\lambdaLVish$}\label{app:plt-redex} 2 | 3 | I have developed a runnable version\footnote{Available at 4 | \url{http://github.com/lkuper/lvar-semantics}.} of the 5 | $\lambdaLVish$ calculus of Chapter~\ref{ch:quasi} using the PLT Redex 6 | semantics engineering toolkit~\cite{redex-book}. In the Redex of 7 | today, it is not possible to directly parameterize a language 8 | definition by a lattice.\footnote{See discussion at 9 | \url{http://lists.racket-lang.org/users/archive/2013-April/057075.html}.} 10 | Instead, taking advantage of Racket's syntactic abstraction 11 | capabilities, I define a Racket macro, @define-lambdaLVish-language@, 12 | that serves as a wrapper for a template that implements the 13 | lattice-agnostic semantics of $\lambdaLVish$. The 14 | @define-lambdaLVish-language@ macro takes the following arguments: 15 | \begin{itemize} 16 | \item a \emph{name}, which becomes the \emph{lang-name} passed to 17 | Redex's \texttt{define-language} form; 18 | \item a \emph{``downset'' operation}, a Racket-level procedure that 19 | takes a lattice element and returns the (finite) set of all lattice 20 | elements that are less than or equal to that element (this operation 21 | is used to implement the semantics of $\FAW$, in particular, to 22 | determine when the {\sc E-Freeze-Final} rule can fire); 23 | \item a \emph{lub operation}, a Racket procedure that takes two 24 | lattice elements and returns a lattice element; 25 | \item a list of \emph{update operations}, Racket procedures that each 26 | take a lattice element and return a lattice element; and 27 | \item a (possibly infinite) set of \emph{lattice elements} represented 28 | as Redex \emph{patterns}. 29 | \end{itemize} 30 | 31 | \noindent Given these arguments, @define-lambdaLVish-language@ 32 | generates a Redex model that is specialized to the appropriate lattice 33 | and set of update operations. For instance, to generate a Redex model 34 | called @lambdaLVish-nat@ where the lattice is the non-negative 35 | integers ordered by $\leq$, and the set of update operations is $\{ 36 | u_{(+1)}, u_{(+2)} \}$ where $u_{(+n)}(d)$ increments $d$'s contents 37 | by $n$, one could write: 38 | 39 | \singlespacing 40 | \begin{lstlisting}[language=Lisp] 41 | (define-lambdaLVish-language lambdaLVish-nat downset-op max update-ops natural) 42 | \end{lstlisting} 43 | \doublespacing 44 | 45 | \noindent where @max@ is a built-in Racket procedure, and @downset-op@ 46 | and @update-ops@ can be defined in Racket as follows: 47 | 48 | \singlespacing 49 | \begin{lstlisting}[language=Lisp] 50 | (define downset-op 51 | (lambda (d) 52 | (if (number? d) 53 | (append '(Bot) (iota d) `(,d)) 54 | '(Bot)))) 55 | 56 | (define update-op-1 57 | (lambda (d) 58 | (match d 59 | ['Bot 1] 60 | [number (add1 d)]))) 61 | 62 | (define update-op-2 63 | (lambda (d) 64 | (match d 65 | ['Bot 2] 66 | [number (add1 (add1 d))]))) 67 | 68 | (define update-ops `(,update-op-1 ,update-op-2)) 69 | \end{lstlisting} 70 | \doublespacing 71 | 72 | \noindent The last argument, @natural@, is a Redex pattern that 73 | matches any exact non-negative integer. @natural@ has no meaning to 74 | Racket outside of Redex, but since @define-lambdaLVish-language@ is a 75 | macro rather than an ordinary procedure, its arguments are not 76 | evaluated until they are in the context of Redex, and so passing 77 | @natural@ as an argument to the macro gives us the behavior we want. 78 | 79 | The Redex model is not completely faithful to the $\lambdaLVish$ 80 | calculus of Chapter~\ref{ch:quasi}: it requires us to specify a finite 81 | list of update operations rather than a possibly infinite set of them. 82 | However, the list of update operations can be arbitrarily long, and 83 | the definitions of the update operations could, at least in principle, 84 | be generated programmatically as well. 85 | -------------------------------------------------------------------------------- /dissertation/chapter2/code/Makefile: -------------------------------------------------------------------------------- 1 | default: 2 | runghc run_bfs_pure.hs 3 | runghc run_bfs_lvar.hs 4 | -------------------------------------------------------------------------------- /dissertation/chapter2/code/bfs_lvar.hs: -------------------------------------------------------------------------------- 1 | -- l_acc is an LVar "output parameter": 2 | bf_traverse :: ISet NodeLabel -> Graph -> 3 | NodeLabel -> Par () 4 | bf_traverse l_acc g startV = 5 | do putInSet l_acc startV 6 | loop empty (singleton startV) 7 | where loop seen nu = 8 | if nu == empty 9 | then return () 10 | else do 11 | let seen' = union seen nu 12 | allNbr <- parMap (nbrs g) nu 13 | allNbr' <- parFold union allNbr 14 | let nu' = difference allNbr' seen' 15 | -- Add to the accumulator: 16 | parMapM (putInSet l_acc) nu' 17 | loop seen' nu' 18 | 19 | -- The function `analyze' is applied to everything 20 | -- that is added to the set `analyzeSet': 21 | go = do analyzedSet <- newSetWith analyze 22 | res <- bf_traverse analyzedSet profiles profile0 23 | return () 24 | -------------------------------------------------------------------------------- /dissertation/chapter2/code/bfs_pure.hs: -------------------------------------------------------------------------------- 1 | -- Traverse each level of the graph `g' in parallel, maintaining at 2 | -- each recursive step a set of nodes that have been seen and a set of 3 | -- nodes left to process. `nbrs g n' is the neighbor nodes of node 4 | -- `n' in graph `g'. 5 | bf_traverse :: Graph -> Set NodeLabel -> Set NodeLabel -> Set NodeLabel 6 | bf_traverse g seen nu = 7 | if nu == empty 8 | then seen 9 | else let seen' = union seen nu 10 | allNbr = parFold union (parMap (nbrs g) nu) 11 | nu' = difference allNbr seen' 12 | in bf_traverse g seen' nu' 13 | 14 | -- Find the connected component containing the vertex `profile0', and 15 | -- map `analyze` over all nodes in it: 16 | connected_component = bf_traverse profiles empty (singleton profile0) 17 | result = parMap analyze connected_component 18 | -------------------------------------------------------------------------------- /dissertation/chapter2/code/run_bfs_lvar.hs: -------------------------------------------------------------------------------- 1 | {-# LANGUAGE CPP #-} 2 | {-# LANGUAGE FlexibleInstances #-} 3 | 4 | -- N.B.: This is just a harness to make sure that the code in 5 | -- `bfs_lvar.hs' typechecks. Moreover, `bfs_lvar.hs' doesn't actually 6 | -- use the LVish library (nor does it actually appear in the 7 | -- document); it's just here as an example of the pipelined 8 | -- programming style. 9 | 10 | import Data.Set 11 | 12 | data NodeLabel = NodeLabel Int 13 | deriving (Show, Eq, Ord) 14 | data Graph 15 | 16 | -- Stubs to make things typecheck: 17 | 18 | nbrs = undefined 19 | 20 | profile0 :: NodeLabel 21 | profile0 = undefined 22 | 23 | analyze :: NodeLabel -> Double 24 | analyze (NodeLabel i) = fromIntegral i + 3.3 25 | 26 | profiles :: Graph 27 | profiles = undefined 28 | 29 | parMap :: (NodeLabel -> b) -> Set NodeLabel -> Par (Set b) 30 | parMap = undefined 31 | 32 | parMapM :: (NodeLabel -> Par b) -> Set NodeLabel -> Par (Set b) 33 | parMapM = undefined 34 | 35 | parMapS :: (NodeLabel -> b) -> Set NodeLabel -> Set b 36 | parMapS = undefined 37 | 38 | parFold :: (a -> a -> a) -> Set a -> Par a 39 | parFold = undefined 40 | 41 | -- A set with a builtin function. We can implement this with callbacks: 42 | newSetWith :: (a -> b) -> Par (ISet a) 43 | newSetWith = undefined 44 | 45 | --putInSet :: NodeLabel -> ISet NodeLabel -> Par () 46 | putInSet :: ISet NodeLabel -> NodeLabel -> Par () 47 | putInSet = undefined 48 | 49 | type Par a = IO a 50 | type ISet a = Set a 51 | 52 | #include "bfs_lvar.hs" 53 | 54 | main = putStrLn "Yay! LVar ver got through typecheck at least." 55 | -------------------------------------------------------------------------------- /dissertation/chapter2/code/run_bfs_pure.hs: -------------------------------------------------------------------------------- 1 | {-# LANGUAGE CPP #-} 2 | {-# LANGUAGE FlexibleInstances #-} 3 | 4 | -- N.B.: This is just a harness to make sure that the code in 5 | -- `bfs_pure.hs' typechecks. 6 | 7 | import Data.Set 8 | 9 | data NodeLabel = NodeLabel Int 10 | deriving (Show, Eq, Ord) 11 | data Graph 12 | 13 | -- Stubs to make things typecheck: 14 | 15 | nbrs :: Graph -> NodeLabel -> Set NodeLabel 16 | nbrs = undefined 17 | 18 | profile0 :: NodeLabel 19 | profile0 = undefined 20 | 21 | analyze :: NodeLabel -> Double 22 | analyze (NodeLabel i) = fromIntegral i + 3.3 23 | 24 | profiles :: Graph 25 | profiles = undefined 26 | 27 | parMap :: (NodeLabel -> b) -> Set NodeLabel -> Set b 28 | parMap = undefined 29 | 30 | parFold :: (a -> a -> a) -> Set a -> a 31 | parFold = undefined 32 | 33 | #include "bfs_pure.hs" 34 | 35 | main = putStrLn "Yay! Got through typecheck at least." 36 | -------------------------------------------------------------------------------- /dissertation/chapter2/determinism-clash-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose $\config{S}{e} \parstepsto \config{S'}{e'}$, where 3 | $\config{S'}{e'} \neq \error$. 4 | 5 | Consider arbitrary $S''$ such that $S''$ is non-conflicting with 6 | $\config{S}{e} \parstepsto \config{S'}{e'}$ and $\lubstore{S'}{S''} 7 | = \topS$. 8 | 9 | We are required to show that there exists $i \leq 1$ such that 10 | $\config{\lubstore{S}{S''}}{e} \parstepsto^i \error$. 11 | 12 | The proof is by cases on the rule of the reduction semantics by 13 | which $\config{S}{e}$ steps to $\config{S'}{e'}$. 14 | 15 | Since $\config{S'}{e'} \neq \error$, we do not need to consider the 16 | {\sc E-Put-Err} rule. 17 | \begin{itemize} 18 | 19 | \item Case {\sc E-Beta}: 20 | 21 | Given: $\config{S}{\app{(\lam{x}{e})}{v}} \parstepsto 22 | \config{S}{\subst{e}{x}{v}}$. 23 | 24 | To show: $\config{\lubstore{S}{S''}}{\app{(\lam{x}{e})}{v}} 25 | \parstepsto^i \error$, where $i \leq 1$. 26 | 27 | By assumption, $\lubstore{S}{S''} = \topS$. 28 | 29 | Hence, by the definition of $\error$, 30 | $\config{\lubstore{S}{S''}}{\app{(\lam{x}{e})}{v}} = \error$. 31 | 32 | Hence $\config{\lubstore{S}{S''}}{\app{(\lam{x}{e})}{v}} 33 | \parstepsto^i \error$, with $i = 0$. 34 | 35 | \item Case {\sc E-New}: 36 | 37 | Given: $\config{S}{\NEW} \parstepsto 38 | \config{\extSRaw{S}{l}{\bot}}{l}$. 39 | 40 | To show: $\config{\lubstore{S}{S''}}{\NEW} \parstepsto^i 41 | \error$, where $i \leq 1$. 42 | 43 | By {\sc E-New}, $\config{\lubstore{S}{S''}}{\NEW} \parstepsto 44 | \config{\extSRaw{(\lubstore{S}{S''})}{l'}{\bot}}{l'}$, where $l' 45 | \notin \dom{\lubstore{S}{S''}}$. 46 | 47 | By assumption, $S''$ is non-conflicting with $\config{S}{\NEW} 48 | \parstepsto \config{\extSRaw{S}{l}{\bot}}{l}$. 49 | 50 | Therefore $l \notin \dom{S''}$. 51 | 52 | From the side condition of {\sc E-New}, $l \notin \dom{S}$. 53 | 54 | Therefore $l \notin \dom{\lubstore{S}{S''}}$. 55 | 56 | Therefore, in 57 | $\config{\extSRaw{(\lubstore{S}{S''})}{l'}{\bot}}{l'}$, we can 58 | $\alpha$-rename $l'$ to $l$, 59 | 60 | resulting in $\config{\extSRaw{(\lubstore{S}{S''})}{l}{\bot}}{l}$. 61 | 62 | Therefore $\config{\lubstore{S}{S''}}{\NEW} \parstepsto 63 | \config{\extSRaw{(\lubstore{S}{S''})}{l}{\bot}}{l}$. 64 | 65 | By assumption, $\lubstore{\extSRaw{S}{l}{\bot}}{S''} = \topS$. 66 | 67 | Note that: 68 | \begin{align*} 69 | \topS &= \lubstore{\extSRaw{S}{l}{\bot}}{S''} \\ &= 70 | \lubstore{\lubstore{S}{\store{\storebindingRaw{l}{\bot}}}}{S''} \\ &= 71 | \lubstore{\lubstore{S}{S''}}{\store{\storebindingRaw{l}{\bot}}} \\ &= 72 | \lubstore{(\lubstore{S}{S''})}{\store{\storebindingRaw{l}{\bot}}} \\ &= 73 | \extSRaw{(\lubstore{S}{S''})}{l}{\bot} . 74 | \end{align*} 75 | 76 | Hence $\config{\lubstore{S}{S''}}{\NEW} \parstepsto 77 | \config{\topS}{l}$. 78 | 79 | Hence, by the definition of $\error$, 80 | $\config{\lubstore{S}{S''}}{\NEW} \parstepsto \error$. 81 | 82 | Hence $\config{\lubstore{S}{S''}}{\NEW} \parstepsto^i \error$, 83 | with $i = 1$. 84 | 85 | \item Case {\sc E-Put}: 86 | 87 | Given: $\config{S}{\putexp{l}{d_2}} \parstepsto 88 | \config{\extSRaw{S}{l}{d_2}}{\unit}$. 89 | 90 | To show: $\config{\lubstore{S}{S''}}{\putexp{l}{d_2}} 91 | \parstepsto^i \error$, where $i \leq 1$. 92 | 93 | We proceed by cases on $\lubstore{S}{S''}$: 94 | 95 | \begin{itemize} 96 | 97 | \item $\lubstore{S}{S''} = \topS$: 98 | 99 | In this case, by the definition of $\error$, 100 | $\config{\lubstore{S}{S''}}{\putexp{l}{d_2}} = \error$. 101 | 102 | Hence $\config{\lubstore{S}{S''}}{\putexp{l}{d_2}} \parstepsto^i 103 | \error$, with $i = 0$. 104 | 105 | \item $\lubstore{S}{S''} \neq \topS$: 106 | 107 | From the premises of {\sc E-Put}, we have that $S(l) = d_1$. 108 | 109 | Hence $(\lubstore{S}{S''})(l) = d'_1$, where $d_1 \userleq 110 | d'_1$. 111 | 112 | We show that $\userlub{d'_1}{d_2} = \top$, as follows: 113 | 114 | By assumption, $\lubstore{\extSRaw{S}{l}{d_2}}{S''} = \topS$. 115 | 116 | Hence, by Definition~\ref{def:lvars-lubstore}, there exists 117 | some $l' \in \dom{\extSRaw{S}{l}{d_2}} \cap \dom{S''}$ such 118 | that $\userlub{(\extSRaw{S}{l}{d_2})(l')}{S''(l')} = \top$. 119 | 120 | Now case on $l'$: 121 | 122 | \begin{itemize} 123 | \item $l' \neq l$: 124 | 125 | In this case, $(\extSRaw{S}{l}{d_2})(l') = S(l')$. 126 | 127 | Since $\userlub{(\extSRaw{S}{l}{d_2})(l')}{S''(l')} = \top$, 128 | we then have that $\userlub{S(l')}{S''(l')} = \top$. 129 | 130 | However, this is a contradiction since $\lubstore{S}{S''} \neq 131 | \topS$. 132 | 133 | Hence this case cannot occur. 134 | 135 | \item $l' = l$: 136 | 137 | Then $\userlub{(\extSRaw{S}{l}{d_2})(l)}{S''(l)} = \top$. 138 | 139 | Note that: 140 | \begin{align*} 141 | \top &= \userlub{(\extSRaw{S}{l}{d_2})(l)}{S''(l)} \\ &= 142 | \userlub{d_2}{S''(l)} \\ &= 143 | \userlub{\userlub{d_1}{d_2}}{S''(l)} \\ &= 144 | \userlub{\userlub{S(l)}{d_2}}{S''(l)} \\ &= 145 | \userlub{\userlub{S(l)}{S''(l)}}{d_2} \\ &= 146 | \userlub{(\lubstore{S}{S''})(l)}{d_2} \\ &= 147 | \userlub{d'_1}{d_2}. 148 | \end{align*} 149 | Hence $\userlub{d'_1}{d_2} = \top$. 150 | 151 | Hence, by {\sc E-Put-Err}, 152 | $\config{\lubstore{S}{S''}}{\putexp{l}{d_2}} \parstepsto 153 | \error$. 154 | 155 | Hence $\config{\lubstore{S}{S''}}{\putexp{l}{d_2}} 156 | \parstepsto^i \error$, with $i = 1$. 157 | 158 | \end{itemize} 159 | 160 | \end{itemize} 161 | 162 | \item Case {\sc E-Get}: 163 | 164 | Given: $\config{S}{\getexp{l}{T}} \parstepsto \config{S}{d_2}$. 165 | 166 | To show: $\config{\lubstore{S}{S''}}{\getexp{l}{T}} \parstepsto^i 167 | \error$, where $i \leq 1$. 168 | 169 | By assumption, $\lubstore{S}{S''} = \topS$. 170 | 171 | Hence, by the definition of $\error$, 172 | $\config{\lubstore{S}{S''}}{\getexp{l}{T}} = \error$. 173 | 174 | Hence $\config{\lubstore{S}{S''}}{\getexp{l}{T}} \parstepsto^i 175 | \error$, with $i = 0$. 176 | \end{itemize} 177 | \end{proof} 178 | -------------------------------------------------------------------------------- /dissertation/chapter2/determinism-error-preservation-proof.tex: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/chapter2/determinism-error-preservation-proof.tex -------------------------------------------------------------------------------- /dissertation/chapter2/determinism-internal-determinism-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose $\conf \parstepsto \conf'$ and $\conf \parstepsto \conf''$. 3 | 4 | We have to show that there is a permutation $\pi$ such that $\conf' 5 | = \pi(\conf'')$. 6 | 7 | The proof is by cases on the rule by which $\conf$ steps to 8 | $\conf'$. 9 | 10 | \begin{itemize} 11 | 12 | \item Case {\sc E-Beta}: 13 | 14 | Given: $\config{S}{\app{(\lam{x}{e})}{v}} \parstepsto 15 | \config{S}{\subst{e}{x}{v}}$, and 16 | $\config{S}{\app{(\lam{x}{e})}{v}} \parstepsto \conf''$. 17 | 18 | To show: There exists a $\pi$ such that 19 | $\config{S}{\subst{e}{x}{v}} = \pi(\conf'')$. 20 | 21 | By inspection of the operational semantics, the only reduction 22 | rule by which $\config{S}{\app{(\lam{x}{e})}{v}}$ can step is {\sc 23 | E-Beta}. 24 | 25 | Hence $\conf'' = \config{S}{\subst{e}{x}{v}}$, and the case is 26 | satisfied by choosing $\pi$ to be the identity function. 27 | 28 | \item Case {\sc E-New}: 29 | 30 | Given: $\config{S}{\NEW} \parstepsto 31 | \config{\extSRaw{S}{l}{\bot}}{l}$, and $\config{S}{\NEW} 32 | \parstepsto \conf''$. 33 | 34 | To show: There exists a $\pi$ such that 35 | $\config{\extSRaw{S}{l}{\bot}}{l} = \pi(\conf'')$. 36 | 37 | By inspection of the operational semantics, the only reduction 38 | rule by which $\config{S}{\NEW}$ can step is {\sc E-New}. 39 | 40 | Hence $\conf'' = \config{\extSRaw{S}{l'}{\bot}}{l'}$. 41 | 42 | Since, by the side condition of {\sc E-New}, neither $l$ nor $l'$ 43 | occur in $\dom{S}$, the case is satisfied by choosing $\pi$ to be 44 | the permutation that maps $l'$ to $l$ and is the identity on every 45 | other element of $\Loc$. 46 | 47 | \item Case {\sc E-Put}: 48 | 49 | Given: $\config{S}{\putexp{l}{d_2}} \parstepsto 50 | \config{\extSRaw{S}{l}{\userlub{d_1}{d_2}}}{\unit}$, and 51 | $\config{S}{\putexp{l}{d_2}} \parstepsto \conf''$. 52 | 53 | To show: There exists a $\pi$ such that 54 | $\config{\extSRaw{S}{l}{\userlub{d_1}{d_2}}}{\unit} = 55 | \pi(\conf'')$. 56 | 57 | By inspection of the operational semantics, and since 58 | $\userlub{d_1}{d_2} \neq \top$ (from the premise of {\sc E-Put}), 59 | the only reduction rule by which $\config{S}{\putexp{l}{d_2}}$ can 60 | step is {\sc E-Put}. 61 | 62 | Hence $\conf'' = 63 | \config{\extSRaw{S}{l}{\userlub{d_1}{d_2}}}{\unit}$, and the case 64 | is satisfied by choosing $\pi$ to be the identity function. 65 | 66 | \item Case {\sc E-Put-Err}: 67 | 68 | Given: $\config{S}{\putexp{l}{d_2}} \parstepsto \error$, and 69 | $\config{S}{\putexp{l}{d_2}} \parstepsto \conf''$. 70 | 71 | To show: There exists a $\pi$ such that $\error = \pi(\conf'')$. 72 | 73 | By inspection of the operational semantics, and since 74 | $\userlub{d_1}{d_2} = \top$ (from the premise of {\sc E-Put-Err}), 75 | the only reduction rule by which $\config{S}{\putexp{l}{d_2}}$ can 76 | step is {\sc E-Put-Err}. 77 | 78 | Hence $\conf'' = \error$, and the case is satisfied by choosing 79 | $\pi$ to be the identity function. 80 | 81 | \item Case {\sc E-Get}: 82 | 83 | Given: $\config{S}{\getexp{l}{T}} \parstepsto \config{S}{d_2}$, 84 | and $\config{S}{\getexp{l}{T}} \parstepsto \conf''$. 85 | 86 | To show: There exists a $\pi$ such that $\config{S}{d_2} = 87 | \pi(\conf'')$. 88 | 89 | By inspection of the operational semantics, the only reduction 90 | rule by which $\config{S}{\getexp{l}{T}}$ can step is {\sc 91 | E-Get}. 92 | 93 | Hence $\conf'' = \config{S}{d_2}$, and the case is satisfied by 94 | choosing $\pi$ to be the identity function. 95 | 96 | \end{itemize} 97 | \end{proof} 98 | 99 | -------------------------------------------------------------------------------- /dissertation/chapter2/determinism-locality-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose $\config{S}{\evalctxt{E_1}{e_1}} \ctxstepsto 3 | \config{S_1}{\evalctxt{E_1}{e'_1}}$ and 4 | $\config{S}{\evalctxt{E_2}{e_2}} \ctxstepsto 5 | \config{S_2}{\evalctxt{E_2}{e'_2}}$ and $\evalctxt{E_1}{e_1} = 6 | \evalctxt{E_2}{e_2}$. 7 | 8 | We are required to show that if $E_1 \neq E_2$, then there exist 9 | evaluation contexts $E'_1$ and $E'_2$ such that: 10 | \begin{itemize} 11 | \item $\evalctxt{E'_1}{e_1} = \evalctxt{E_2}{e'_2}$, and 12 | \item $\evalctxt{E'_2}{e_2} = \evalctxt{E_1}{e'_1}$, and 13 | \item $\evalctxt{E'_1}{e'_1} = \evalctxt{E'_2}{e'_2}$. 14 | \end{itemize} 15 | 16 | Let $e = \evalctxt{E_1}{e_1} = \evalctxt{E_2}{e_2}$. 17 | 18 | The proof is by induction on the structure of the expression $e$. 19 | 20 | Proceeding by cases on $e$: 21 | 22 | \begin{itemize} 23 | 24 | \item Case $e = x$: In this case, the only possible context that 25 | $E_1$ and $E_2$ can be is the empty context $[~]$. 26 | 27 | Therefore $E_1 = E_2$, and so the case holds vacuously. 28 | 29 | \item Case $e = v$: Similar to the case for $x$. 30 | 31 | \item Case $e = \app{e_a}{e_b}$: 32 | 33 | If $E_1 = E_2$, the case holds vacuously. 34 | 35 | Otherwise, we proceed as follows. 36 | 37 | We know that $\app{e_a}{e_b} = \evalctxt{E_1}{e_1}$. 38 | 39 | From the grammar of evaluation contexts, then, we know that 40 | either: 41 | \begin{itemize} 42 | \item $\app{e_a}{e_b} = \evalctxt{E_1}{e_1} = 43 | \app{\evalctxt{E_{11}}{e_1}}{e_b}$, where 44 | $\evalctxt{E_{11}}{e_1} = e_a$, or 45 | \item $\app{e_a}{e_b} = \evalctxt{E_1}{e_1} = 46 | \app{e_a}{\evalctxt{E_{12}}{e_1}}$, where 47 | $\evalctxt{E_{12}}{e_1} = e_b$. 48 | \end{itemize} 49 | 50 | Similarly, we know that $\app{e_a}{e_b} = \evalctxt{E_2}{e_2}$. 51 | 52 | From the grammar of evaluation contexts, we know that either: 53 | \begin{itemize} 54 | \item $\app{e_a}{e_b} = \evalctxt{E_2}{e_2} = 55 | \app{\evalctxt{E_{21}}{e_2}}{e_b}$, where 56 | $\evalctxt{E_{21}}{e_2} = e_a$, or 57 | \item $\app{e_a}{e_b} = \evalctxt{E_2}{e_2} = 58 | \app{e_a}{\evalctxt{E_{22}}{e_2}}$, where 59 | $\evalctxt{E_{22}}{e_2} = e_b$. 60 | \end{itemize} 61 | 62 | (If $E_1 = [~]$ or $E_2 = [~]$, then $\app{e_a}{e_b}$ must be 63 | $\app{(\lam{x}{e'})}{v}$ for some $e'$ and $v$, and neither 64 | $(\lam{x}{e'})$ nor $v$ can step individually, so the other of 65 | $E_1$ or $E_2$ must be $[~]$ as well, and so $E_1 = E_2$ and the 66 | case holds vacuously.) 67 | 68 | This gives us four cases to consider: 69 | 70 | \begin{itemize} 71 | \item $\evalctxt{E_{11}}{e_1} = e_a$ and $\evalctxt{E_{21}}{e_2} = 72 | e_a$: 73 | 74 | In this case, we know that $E_{11} \neq E_{21}$, because if 75 | $E_{11} = E_{21}$, we would have $e_1 = e_2$, which would mean 76 | that $E_1 = E_2$, a contradiction. 77 | 78 | So, since $E_{11} \neq E_{21}$, by IH we have that there exist 79 | evaluation contexts $E'_{11}$ and $E'_{21}$ such that: 80 | \begin{itemize} 81 | \item $\evalctxt{E'_{11}}{e_1} = \evalctxt{E_{21}}{e'_2}$, and 82 | \item $\evalctxt{E'_{21}}{e_2} = \evalctxt{E_{11}}{e'_1}$, and 83 | \item $\evalctxt{E'_{11}}{e'_1} = \evalctxt{E'_{21}}{e'_2}$. 84 | \end{itemize} 85 | 86 | Hence we can choose $E'_1 = \app{E'_{11}}{e_b}$ and $E'_2 = 87 | \app{E'_{21}}{e_b}$, which satisfy the criteria for $E'_1$ 88 | and $E'_2$. 89 | 90 | \lk{These work because: $\evalctxt{E'_1}{e_1} = 91 | \app{\evalctxt{E'_{11}}{e_1}}{e_b}$, which is equal to 92 | $\app{\evalctxt{E_{21}}{e'_2}}{e_b}$, which is equal to 93 | $\evalctxt{E_2}{e'_2}$. Also, $\evalctxt{E'_2}{e_2} = 94 | \app{\evalctxt{E'_{21}}{e_2}}{e_b}$, which is equal to 95 | $\app{\evalctxt{E_{11}}{e'_1}}{e_b}$, which is equal to 96 | $\evalctxt{E_1}{e'_1}$. And finally, $\evalctxt{E'_1}{e'_1} = 97 | \app{\evalctxt{E_{11}}{e'_1}}{e_b}$, which is the same as 98 | $\app{\evalctxt{E'_{21}}{e'_2}}{e_b}$, which is the same as 99 | $\evalctxt{E'_2}{e'_2}$.} 100 | 101 | \item $\evalctxt{E_{12}}{e_1} = e_b$ and $\evalctxt{E_{22}}{e_2} = 102 | e_b$: Similar to the previous case. 103 | 104 | \item $\evalctxt{E_{11}}{e_1} = e_a$ and $\evalctxt{E_{22}}{e_2} = 105 | e_b$: 106 | 107 | In this case, we can choose $E'_1 = 108 | \app{E_{11}}{\evalctxt{E_{22}}{e'_2}}$, and $E'_2 = 109 | \app{\evalctxt{E_{11}}{e'_1}}{E_{22}}$, which satisfy the 110 | criteria for $E'_1$ and $E'_2$. 111 | 112 | \lk{These work because: $\evalctxt{E'_1}{e_1} = 113 | \app{\evalctxt{E_{11}}{e_1}}{\evalctxt{E_{22}}{e'_2}}$, which 114 | is the same as $\app{e_a}{\evalctxt{E_{22}}{e'_2}}$, which is 115 | the same as $\evalctxt{E_2}{e'_2}$. Also, 116 | $\evalctxt{E'_2}{e_2} = 117 | \app{\evalctxt{E_{11}}{e'_1}}{\evalctxt{E_{22}}{e_2}}$, which 118 | is the same as $\app{\evalctxt{E_{11}}{e'_1}}{e_b}$, which is 119 | the same as $\evalctxt{E_1}{e'_1}$. And finally, 120 | $\evalctxt{E'_1}{e'_1} = 121 | \app{\evalctxt{E_{11}}{e'_1}}{\evalctxt{E_{22}}{e'_2}}$, which 122 | is the same as $\evalctxt{E'_2}{e'_2}$.} 123 | 124 | \item $\evalctxt{E_{12}}{e_1} = e_b$ and $\evalctxt{E_{21}}{e_2} = 125 | e_a$: Similar to the previous case. 126 | \end{itemize} 127 | 128 | \item Case $e = \getexp{e_a}{e_b}$: Similar to the case for 129 | $\app{e_a}{e_b}$. 130 | 131 | \item Case $e = \putexp{e_a}{e_b}$: Similar to the case for 132 | $\app{e_a}{e_b}$. 133 | 134 | \item Case $e = \NEW$: Similar to the case for $x$. 135 | \end{itemize} 136 | \end{proof} 137 | -------------------------------------------------------------------------------- /dissertation/chapter2/determinism-monotonicity-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose $\config{S}{e} \parstepsto \config{S'}{e'}$. 3 | 4 | We are required to show that $\leqstore{S}{S'}$. 5 | 6 | The proof is by cases on the rule by which $\config{S}{e}$ steps to 7 | $\config{S'}{e'}$. 8 | 9 | \begin{itemize} 10 | \item Case {\sc E-Beta}: 11 | 12 | Immediate by the definition of $\leqstore{}{}$, since $S$ does not 13 | change. 14 | 15 | \item Case {\sc E-New}: 16 | 17 | Given: $\config{S}{\NEW} \parstepsto 18 | \config{\extSRaw{S}{l}{\bot}}{l}$. 19 | 20 | To show: $\leqstore{S}{\extSRaw{S}{l}{\bot}}$. 21 | 22 | By Definition~\ref{def:lvars-leqstore}, we have to show that 23 | $\dom{S} \subseteq \dom{\extSRaw{S}{l}{\bot}}$ and that for all 24 | $l' \in \dom{S}$, $S(l') \userleq (\extSRaw{S}{l}{\bot})(l')$. 25 | 26 | By definition, a store update operation on $S$ can only either 27 | update an existing binding in $S$ or extend $S$ with a new 28 | binding. 29 | 30 | Hence $\dom{S} \subseteq \dom{\extSRaw{S}{l}{\bot}}$. 31 | 32 | From the side condition of {\sc E-New}, $l \notin \dom{S}$. 33 | 34 | Hence $\extSRaw{S}{l}{\bot}$ adds a new binding for $l$ in $S$. 35 | 36 | Hence $\extSRaw{S}{l}{\bot}$ does not update any existing 37 | bindings in $S$. 38 | 39 | Hence, for all $l' \in \dom{S}, S(l') \userleq 40 | (\extSRaw{S}{l}{\bot})(l')$. 41 | 42 | Therefore $\leqstore{S}{\extSRaw{S}{l}{\bot}}$, as 43 | required. 44 | 45 | \item Case {\sc E-Put}: 46 | 47 | Given: $\config{S}{\putexp{l}{d_2}} \parstepsto 48 | \config{\extSRaw{S}{l}{\userlub{d_1}{d_2}}}{\unit}$. 49 | 50 | To show: $\leqstore{S}{\extSRaw{S}{l}{\userlub{d_1}{d_2}}}$. 51 | 52 | By Definition~\ref{def:lvars-leqstore}, we have to show that 53 | $\dom{S} \subseteq \dom{\extSRaw{S}{l}{\userlub{d_1}{d_2}}}$ and 54 | that for all $l' \in \dom{S}$, $S(l') \userleq 55 | (\extSRaw{S}{l}{\userlub{d_1}{d_2}})(l')$. 56 | 57 | By definition, a store update operation on $S$ can only either 58 | update an existing binding in $S$ or extend $S$ with a new 59 | binding. 60 | 61 | Hence $\dom{S} \subseteq 62 | \dom{\extSRaw{S}{l}{\userlub{d_1}{d_2}}}$. 63 | 64 | From the premises of {\sc E-Put}, $S(l) = d_1$. 65 | 66 | Therefore $l \in \dom{S}$. 67 | 68 | Hence $\extSRaw{S}{l}{\userlub{d_1}{d_2}}$ updates the existing 69 | binding for $l$ in $S$ from $d_1$ to $\userlub{d_1}{d_2}$. 70 | 71 | By the definition of $\userlub{}{}$, $d_1 \userleq 72 | (\userlub{d_1}{d_2})$. 73 | 74 | $\extSRaw{S}{l}{\userlub{d_1}{d_2}}$ does not update any other 75 | bindings in $S$, hence, for all $l' \in \dom{S}, S(l') \userleq 76 | (\extSRaw{S}{l}{\userlub{d_1}{d_2}})(l')$. 77 | 78 | Hence $\leqstore{S}{\extSRaw{S}{l}{\userlub{d_1}{d_2}}}$, as 79 | required. 80 | 81 | \item Case {\sc E-Put-Err}: 82 | 83 | Given: $\config{S}{\putexp{l}{d_2}} \parstepsto \error$. 84 | 85 | By the definition of $\error$, $\error$ is equal to 86 | $\config{\topS}{e}$ for all $e$. 87 | 88 | To show: $\leqstore{S}{\topS}$. 89 | 90 | Immediate by the definition of $\leqstore{}{}$. 91 | 92 | \item Case {\sc E-Get}: 93 | 94 | Immediate by the definition of $\leqstore{}{}$, since $S$ does 95 | not change. 96 | 97 | \end{itemize} 98 | 99 | \end{proof} 100 | -------------------------------------------------------------------------------- /dissertation/chapter2/determinism-strong-confluence-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose that $\conf \ctxstepsto^n \conf'$ and $\conf \ctxstepsto^m 3 | \conf''$, where $1 \leq n$ and $1 \leq m$. 4 | 5 | We have to show that there exist $\conf_c, i, j, \pi$ such that 6 | $\conf' \ctxstepsto^i \conf_c$ and $\pi(\conf'') \ctxstepsto^j 7 | \conf_c$ and $i \leq m$ and $j \leq n$. 8 | 9 | We proceed by induction on $n$. 10 | 11 | In the base case of $n = 1$, the result is immediate from 12 | Lemma~\ref{lem:lvars-strong-one-sided-confluence}. 13 | 14 | For the induction step, suppose $\conf \ctxstepsto^n \conf' 15 | \ctxstepsto \conf'''$ and suppose the lemma holds for $n$. 16 | 17 | We show that it holds for $n + 1$, as follows. 18 | 19 | We are required to show that there exist $\conf_c, i, j, \pi$ such 20 | that $\conf''' \ctxstepsto^i \conf_c$ and $\pi(\conf'') 21 | \ctxstepsto^j \conf_c$ and $i \leq m$ and $j \leq n + 1$. 22 | 23 | From the induction hypothesis, there exist $\conf'_c, i', j', \pi'$ 24 | such that $\conf' \ctxstepsto^{i'} \conf'_c$ and $\pi'(\conf'') 25 | \ctxstepsto^{j'} \conf'_c$ and $i' \leq m$ and $j' \leq n$. 26 | 27 | We proceed by cases on $i'$: 28 | \begin{itemize} 29 | 30 | \item If $i' = 0$, then $\conf' = \conf_c'$. 31 | 32 | We can then choose $\conf_c = \conf'''$ and $i = 0$ and $j = j' + 33 | 1$ and $\pi = \pi'$. 34 | 35 | Since $\pi'(\conf'') \ctxstepsto^{j'} \conf'_c \ctxstepsto 36 | \conf'''$, and $j' + 1 \leq n + 1$ since $j' \leq n$, the case is 37 | satisfied. 38 | 39 | \item If $i' \geq 1$: 40 | 41 | From $\conf' \ctxstepsto \conf'''$ and $\conf' \ctxstepsto^{i'} 42 | \conf_c'$ and Lemma~\ref{lem:lvars-strong-one-sided-confluence}, 43 | we have that there exist $\conf_c''$ and $i''$ and $j''$ and 44 | $\pi''$ such that $\conf''' \ctxstepsto^{i''} \conf_c''$ and 45 | $\pi''(\conf_c') \ctxstepsto^{j''} \conf_c''$ and $i'' \leq i'$ 46 | and $j'' \leq 1$. 47 | 48 | Since $\pi'(\conf'') \ctxstepsto^{j'} \conf'_c$, by 49 | Lemma~\ref{lem:lvars-permutability} (Permutability) we have that 50 | $\pi''(\pi'(\conf'')) \ctxstepsto^{j'} \pi''(\conf'_c)$. 51 | 52 | So we also have $\pi''(\pi'(\conf'')) \ctxstepsto^{j'} 53 | \pi''(\conf'_c) \ctxstepsto^{j''} \conf_c''$. 54 | 55 | In summary, we pick $\conf_c = \conf_c''$ and $i = i''$ and $j = 56 | j' + j''$ and $\pi = \pi' \circ \pi''$, which is sufficient 57 | because $i = i'' \leq i' \leq m$ and $j = j' + j'' \leq n + 1$. 58 | \end{itemize} 59 | 60 | \end{proof} 61 | -------------------------------------------------------------------------------- /dissertation/chapter2/determinism-strong-one-sided-confluence-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose $\conf \ctxstepsto \conf'$ and $\conf \ctxstepsto^m 3 | \conf''$, where $1 \leq m$. 4 | 5 | We have to show that there exist $\conf_c, i, j, \pi$ such that 6 | $\conf' \ctxstepsto^i \conf_c$ and $\pi(\conf'') \ctxstepsto^j 7 | \conf_c$ and $i \leq m$ and $j \leq 1$. 8 | 9 | We proceed by induction on $m$. 10 | 11 | In the base case of $m = 1$, the result is immediate from 12 | Lemma~\ref{lem:lvars-strong-local-confluence}. 13 | 14 | For the induction step, suppose $\conf \ctxstepsto^m \conf'' 15 | \ctxstepsto \conf'''$ and suppose the lemma holds for $m$. 16 | 17 | We show that it holds for $m + 1$, as follows. 18 | 19 | We are required to show that there exist $\conf_c, i, j, \pi$ such 20 | that $\conf' \ctxstepsto^{i} \conf_c$ and $\pi(\conf''') 21 | \ctxstepsto^{j} \conf_c$ and $i \leq m + 1$ and $j \leq 1$. 22 | 23 | From the induction hypothesis, there exist $\conf_c', i', j', \pi'$ 24 | such that $\conf' \ctxstepsto^{i'} \conf_c'$ and $\pi'(\conf'') 25 | \ctxstepsto^{j'} \conf_c'$ and $i' \leq m$ and $j' \leq 1$. 26 | 27 | We proceed by cases on $j'$: 28 | 29 | \begin{itemize} 30 | 31 | \item If $j' = 0$, then $\pi'(\conf'') = \conf_c'$. 32 | 33 | Since $\conf'' \ctxstepsto \conf'''$, we have that $\pi'(\conf'') 34 | \ctxstepsto \pi'(\conf''')$ by 35 | Lemma~\ref{lem:lvars-permutability} (Permutability). 36 | 37 | We can then choose $\conf_c = \pi'(\conf''')$ and $i = i' + 1$ and 38 | $j = 0$ and $\pi = \pi'$. 39 | 40 | The key is that $\conf' \ctxstepsto^{i'} \conf'_c = \pi'(\conf'') 41 | \ctxstepsto \pi'(\conf''')$ for a total of $i' + 1$ steps. 42 | 43 | \item If $j' = 1$: 44 | 45 | First, since $\pi'(\conf'') \ctxstepsto^{j'} \conf'_c$, then by 46 | Lemma~\ref{lem:lvars-permutability} (Permutability) we have that 47 | $\conf'' \ctxstepsto^{j'} \piprimeinv(\conf'_c)$. 48 | 49 | Then, by $\conf'' \ctxstepsto^{j'} \piprimeinv(\conf'_c)$ and 50 | $\conf'' \ctxstepsto \conf'''$ and 51 | Lemma~\ref{lem:lvars-strong-local-confluence} (Strong Local 52 | Confluence), we have that there exist $\conf_c''$ and $i''$ and 53 | $j''$ and $\pi''$ such that $\piprimeinv(\conf'_c) 54 | \ctxstepsto^{i''} \conf_c''$ and $\pi''(\conf''') 55 | \ctxstepsto^{j''} \conf_c''$ and $i'' \leq 1$ and $j'' \leq 1$. 56 | 57 | Since $\piprimeinv(\conf'_c) \ctxstepsto^{i''} \conf_c''$, by 58 | Lemma~\ref{lem:lvars-permutability} (Permutability) we have that 59 | $\conf'_c \ctxstepsto^{i''} \pi'(\conf_c'')$. 60 | 61 | So we also have $\conf' \ctxstepsto^{i'} \conf_c' 62 | \ctxstepsto^{i''} \pi'(\conf_c'')$. 63 | 64 | Since $\pi''(\conf''') \ctxstepsto^{j''} \conf_c''$, by 65 | Lemma~\ref{lem:lvars-permutability} (Permutability) we have that 66 | $\pi'(\pi''(\conf''')) \ctxstepsto^{j''} \pi'(\conf_c'')$. 67 | 68 | In summary, we pick $\conf_c = \pi'(\conf_c'')$ and $i = i' + i''$ 69 | and $j = j''$ and $\pi = \pi'' \circ \pi'$, which is sufficient 70 | because $i = i' + i'' \leq m + 1$ and $j = j'' \leq 1$. 71 | \end{itemize} 72 | 73 | \end{proof} 74 | -------------------------------------------------------------------------------- /dissertation/chapter2/figures/lvars-example-lattices.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/chapter2/figures/lvars-example-lattices.pdf -------------------------------------------------------------------------------- /dissertation/chapter2/figures/lvars-parallel-and.graffle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/chapter2/figures/lvars-parallel-and.graffle -------------------------------------------------------------------------------- /dissertation/chapter2/figures/lvars-parallel-and.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/chapter2/figures/lvars-parallel-and.pdf -------------------------------------------------------------------------------- /dissertation/chapter2/figures/lvars-series-parallel.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/chapter2/figures/lvars-series-parallel.pdf -------------------------------------------------------------------------------- /dissertation/chapter2/main.tex: -------------------------------------------------------------------------------- 1 | \ifdefined\JOURNAL 2 | \chapter{The LVars model}\label{ch:lvars} % 2 3 | \fi 4 | 5 | \ifdefined\DISSERTATION 6 | \chapter{LVars: lattice-based data structures for deterministic parallelism}\label{ch:lvars} % 2 7 | \fi 8 | 9 | \input{chapter2/intro} 10 | 11 | \input{chapter2/motivation} 12 | 13 | \input{chapter2/examples} 14 | 15 | \input{chapter2/lattices} 16 | 17 | \input{chapter2/lambdalvar} 18 | 19 | \input{chapter2/determinism} 20 | 21 | \input{chapter2/generalizing} 22 | 23 | -------------------------------------------------------------------------------- /dissertation/chapter2/motivation.tex: -------------------------------------------------------------------------------- 1 | \section{Motivating example: a parallel, pipelined graph computation}\label{s:lvars-motivation} 2 | 3 | What applications motivate going beyond IVars and FIFO streams? 4 | Consider applications in which independent subcomputations contribute 5 | results to shared mutable data structures. 6 | Hindley-Milner type inference is one example: in a 7 | parallel type-inference algorithm, each type variable monotonically 8 | acquires information through unification. 9 | Likewise, in control-flow analysis, the \emph{set} of 10 | locations to which a variable refers monotonically \emph{shrinks}. In 11 | logic programming, a parallel implementation of conjunction might 12 | asynchronously add information to a logic variable from different 13 | threads. 14 | 15 | To illustrate the issues that arise in computations of this nature, 16 | consider a specific problem, drawn from the domain of \emph{graph 17 | algorithms}, where issues of ordering create a tension between 18 | parallelism and determinism: 19 | \begin{blockquote} 20 | In a directed graph, find the set of vertices reachable from a 21 | vertex $v$, and compute a (possibly expensive) function $f$ over 22 | each vertex in that set, making the set of results available 23 | asynchronously to other computations. 24 | \end{blockquote} 25 | \noindent For example, in a directed graph representing user profiles on a 26 | social network and the connections between them, where $v$ represents 27 | a particular user's profile, we might wish to find all (or the first $k$ 28 | degrees of) profiles connected to $v$, then map a function $f$ over 29 | each profile in that set in parallel. 30 | 31 | \ifdefined\DISSERTATION 32 | \begin{wrapfigure}{l}{3.2in} 33 | \vspace{-1em} 34 | \begin{center} 35 | \includegraphics[scale=0.15]{../illustrations/graph-traversal} 36 | \end{center} 37 | \vspace{-1em} 38 | \end{wrapfigure} 39 | \fi 40 | 41 | This is a challenge problem for deterministic-by-construction parallel 42 | programming models. Existing parallel solutions (such as, for instance, the 43 | parallel breadth-first graph traversal implementation from the 44 | Parallel Boost Graph Library~\shortcite{bfs-pbgl}) often traverse the 45 | vertices of the graph in a nondeterministic order---even though the 46 | outcome of the program, that is, the final set of reachable vertices, is 47 | deterministic. Neither IVars nor streams provide a way 48 | to orchestrate this traversal. For 49 | example, IVars cannot accumulate sets of visited nodes, nor can they 50 | be used as ``mark bits'' on visited nodes, since they can only be 51 | written once and not tested for emptiness. Streams, on the other 52 | hand, impose an excessively strict ordering for computing the 53 | unordered \emph{set} of reachable vertices. 54 | Before turning to an LVar-based approach, though, let us consider 55 | whether a purely functional (and therefore deterministic by 56 | construction) program can meet the specification. 57 | 58 | \subsection{A purely functional attempt} 59 | 60 | \singlespacing 61 | \lstinputlisting[float, caption={A purely functional Haskell program 62 | that finds the vertices of the \lstinline|profiles| 63 | graph that are reachable from the vertex \lstinline|profile0|, then 64 | maps the \lstinline|analyze| function over the vertices found. 65 | Although vertex discovery proceeds in parallel, we cannot call 66 | \lstinline|analyze| on any of the vertices in the set 67 | until they have all been discovered.}, 68 | label=listing-bfs_pure]{chapter2/code/bfs_pure.hs} 69 | \doublespacing 70 | 71 | Listing~\ref{listing-bfs_pure} gives a Haskell implementation of a 72 | \emph{level-synchronized} breadth-first graph traversal that finds the 73 | set of vertices reachable from a starting vertex. Nodes at 74 | distance one from the starting vertex are discovered---and set-unioned 75 | into the result set---before nodes of distance two are 76 | considered. Level-synchronization necessarily sacrifices some 77 | parallelism: parallel tasks cannot continue discovering nodes in the 78 | result set before synchronizing with all other tasks at a given 79 | distance from the start. Nevertheless, level-synchronization is a 80 | popular strategy for implementing parallel breadth-first graph 81 | traversal. (In fact, the aforementioned implementation from the 82 | Parallel Boost Graph Library~\shortcite{bfs-pbgl} uses 83 | level-synchronization.) 84 | 85 | Unfortunately, the code given in Listing~\ref{listing-bfs_pure} does 86 | not quite implement the problem specification given above. Even 87 | though vertex discovery is parallel, members of the 88 | output set do not become available to @analyze@ until all vertices have been found, 89 | limiting parallelism: the first nodes in 90 | the set to be discovered must go un-@analyze@d until 91 | all of the reachable nodes have been found. We 92 | could manually push the @analyze@ invocation inside the @bf_traverse@ 93 | function, allowing the @analyze@ computation to start sooner, but 94 | doing so just passes the problem to the downstream consumer, unless we 95 | are able to perform a heroic whole-program fusion. 96 | 97 | If @bf_traverse@ returned a list, lazy evaluation could make it 98 | possible to \emph{stream} results to consumers incrementally. But 99 | since it instead returns a \emph{set}, such pipelining is not 100 | generally possible: consuming the results early would create a proof 101 | obligation that the determinism of the consumer does not depend on the 102 | order in which results emerge from the producer.\footnote{As intuition 103 | for this idea, consider that purely functional set data structures, 104 | such as Haskell's \lstinline|Data.Set|, are typically represented 105 | with balanced trees. Unlike with lists, the structure of the tree 106 | is not known until all elements are present.} 107 | 108 | A compromise would be for @bf_traverse@ to return a list of 109 | ``level-sets'': distance one nodes, distance two nodes, and so on. 110 | Thus level-one results could be consumed before level-two results are 111 | ready. Still, at the granularity of the individual level-sets, the 112 | problem would remain: within each level-set, one would not be able to 113 | launch all instances of @analyze@ and asynchronously use those results 114 | that finished first. Moreover, we would still have to contend with 115 | the problem of separating the scheduling of producers and consumers 116 | that pure programming with futures presents~\cite{monad-par}. 117 | 118 | \subsection{An LVar-based solution} 119 | 120 | Consider a version of @bf_traverse@ written using a programming model 121 | with limited effects that allows \emph{any} data structure to be 122 | shared among tasks, including sets and graphs, so long as that data 123 | structure grows monotonically. Consumers of the data structure may 124 | execute as soon as data is available, enabling pipelining, but may 125 | only observe irrevocable, monotonic properties of it. This is possible 126 | with a programming model based on LVars. In the rest of this \either{chapter}{section}, 127 | \either{I}{we} will formally introduce LVars and the $\lambdaLVar$ language and 128 | give a proof of determinism for $\lambdaLVar$. Then, in 129 | \either{Chapter}{Section}~\ref{ch:quasi}, \either{I}{we} will extend the basic LVars model with 130 | additional features that make it easier to implement parallel graph 131 | traversal algorithms and other fixpoint computations, and \either{I}{we} will 132 | return to @bf_traverse@ and show how to implement a version of it 133 | using LVars that makes pipelining possible and truly satisfies the 134 | above specification. 135 | -------------------------------------------------------------------------------- /dissertation/chapter3/code/bfs_new.hs: -------------------------------------------------------------------------------- 1 | traverse g startNode = do 2 | seen <- newEmptySet 3 | h <- newHandler seen 4 | (\node -> do 5 | mapM (\v -> insert v seen) (neighbors g node) 6 | return ()) 7 | insert startNode seen -- Kick things off 8 | quiesce h 9 | freeze seen 10 | -------------------------------------------------------------------------------- /dissertation/chapter3/intro.tex: -------------------------------------------------------------------------------- 1 | \ifdefined\DISSERTATION 2 | The LVars programming model presented in Chapter~\ref{ch:lvars} is 3 | based on the idea of \emph{monotonic data structures}, in which 4 | information can only be added, never removed, and the timing with 5 | which information is added (and hence the \emph{order} in which it is 6 | added) is not observable. A paradigmatic example is a set that 7 | supports insertion but not removal, but there are many others. In the 8 | LVars model, all shared data structures (called LVars) are monotonic, 9 | and the states that an LVar can take on form a \emph{lattice}. Writes 10 | to an LVar must correspond to a lub operation in the lattice, which 11 | means that they monotonically increase the information in the LVar, 12 | and that they commute with one another. But commuting writes are not 13 | enough to guarantee determinism: if a read can observe whether or not 14 | a concurrent write has happened, then it can observe differences in 15 | scheduling. So, in the LVars model, the answer to the question ``has 16 | a write occurred?'' (\ie, is the LVar above a certain lattice value?) 17 | is always 18 | \emph{yes}; the reading thread will block until the LVar's contents 19 | reach a desired threshold. In a monotonic data structure, the absence 20 | of information is transient---another thread could add that 21 | information at any time---but the presence of information is forever. 22 | \fi 23 | 24 | We want to use LVars to implement fixpoint computations like the 25 | parallel graph traversal of Section~\ref{s:lvars-motivation}. But we 26 | cannot do so using only least-upper-bound writes and threshold reads, 27 | because in order to determine when the set of traversed nodes in the 28 | graph has reached a fixpoint, we need to be able to see the exact 29 | contents of that set, and it is impossible to learn the exact contents 30 | of the set using only threshold reads. 31 | 32 | \ifdefined\DISSERTATION 33 | \begin{wrapfigure}{l}{2.5in} 34 | \vspace{-1em} 35 | \begin{center} 36 | \includegraphics[scale=0.15]{../illustrations/frozen-data} 37 | \end{center} 38 | \vspace{-1em} 39 | \end{wrapfigure} 40 | \fi 41 | 42 | In this \either{chapter, I}{section, we} describe two extensions to the basic LVars model 43 | of \either{Chapter}{Section}~\ref{ch:lvars} that give us a new way to approach problems like 44 | the parallel graph traversal problem. 45 | First, \either{I}{we} add the ability to attach \emph{event handlers} to an LVar 46 | that allow callback functions to run in response to updates to 47 | the LVar. We say that a group of event handlers is \emph{quiescent} when no callbacks 48 | are currently enabled to run. Second, \either{I}{we} add a new primitive 49 | operation, @freeze@, that returns the exact contents of an LVar 50 | without blocking. Using @freeze@ to read an LVar comes with the 51 | following tradeoff: once an LVar has been read, it is \emph{frozen}, 52 | and any further writes that would change its value instead throw an 53 | exception. 54 | 55 | The threshold reads that we have seen so far encourage a 56 | synchronous, \emph{pull} model of programming in which threads ask 57 | specific questions of an LVar, potentially blocking until the answer 58 | is ``yes''. The addition of handlers, quiescence, and freezing, by contrast, enables 59 | an asynchronous, \emph{push} model of programming. We will refer to 60 | this extended programming model as the \emph{LVish} programming model. Because quiescence 61 | makes it possible to tell when the fixpoint of a computation has been 62 | reached, the LVish model is particularly well suited to problems like 63 | the graph traversal problem that we saw in 64 | Section~\ref{s:lvars-motivation}. 65 | 66 | Unfortunately, freezing does not commute with writes that change an 67 | LVar.\footnote{The same is true for quiescence detection, as we will see in 68 | Section~\ref{subsection:quasi-quiescence}.} If a freeze is 69 | interleaved before such a write, the write will raise an exception; if 70 | it is interleaved afterwards, the program will proceed normally. It 71 | would appear that the price of negative information is the loss of 72 | determinism! 73 | 74 | Fortunately, the loss is not total. Although LVar programs with 75 | freezing are not guaranteed to be deterministic, they do satisfy a 76 | related property that \either{I}{we} call \emph{quasi-determinism}: all executions 77 | that produce a final value produce the \emph{same} final value. To 78 | put it another way, a quasi-deterministic program can be trusted to 79 | never change its answer due to nondeterminism; at worst, it might 80 | raise an exception on some runs. This exception can in principle 81 | pinpoint the exact pair of freeze and write operations that are 82 | racing, greatly easing debugging. 83 | 84 | In general, the ability to make exact observations of the contents of 85 | data structures is in tension with the goal of guaranteed determinism. 86 | Since pushing towards full-featured, general monotonic data structures 87 | leads to flirtation with nondeterminism, perhaps the best way of 88 | ultimately getting deterministic outcomes is to traipse a short 89 | distance into nondeterministic territory, and make our way back. The 90 | identification of quasi-deterministic programs as a useful 91 | intermediate class of programs is a contribution of \either{this dissertation}{our work}. 92 | That said, in many cases the @freeze@ construct is only used as the 93 | very final step of a computation: after a global barrier, freezing is 94 | used to extract an answer. In this common case, determinism is 95 | guaranteed, since no writes can subsequently occur. 96 | 97 | \either{I}{We} will refer to the LVars model, extended with handlers, quiescence, 98 | and freezing, as the \emph{LVish model}. The rest of this \either{chapter}{section} introduces 99 | the LVish programming model, first informally through a series of examples, and then formally, by extending 100 | the $\lambdaLVar$ calculus of \either{Chapter}{Section}~\ref{ch:lvars} to add support 101 | for handlers, quiescence, freezing, and the arbitrary update operations described in 102 | Section~\either{\ref{subsection:lvars-generalizing-from-least-upper-bound-writes}}{\ref{s:lvars-generalizing}}, resulting in a calculus \either{I}{we} call $\lambdaLVish$. 103 | \either{I}{We} will also return to our parallel graph traversal problem and show 104 | an solution implemented using the LVish Haskell library. 105 | 106 | Finally, the main technical result of this \either{chapter}{section} 107 | is a proof of quasi-determinism for $\lambdaLVish$. The key to the 108 | proof is a generalized version of the Independence lemma 109 | of \either{Chapter}{Section}~\ref{ch:lvars} that accounts for both 110 | freezing and the arbitrary update operations that $\lambdaLVish$ 111 | allows. 112 | -------------------------------------------------------------------------------- /dissertation/chapter3/main.tex: -------------------------------------------------------------------------------- 1 | \chapter{Quasi-deterministic and event-driven programming with LVars}\label{ch:quasi} % 3 2 | 3 | \input{chapter3/intro} 4 | 5 | \input{chapter3/lvish-informal} 6 | 7 | \input{chapter3/lvish-formal} 8 | 9 | \input{chapter3/quasi-determinism} 10 | -------------------------------------------------------------------------------- /dissertation/chapter3/quasi-determinism-internal-determinism-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose $\conf \parstepsto \conf'$ and $\conf \parstepsto \conf''$. 3 | 4 | We have to show that there is a permutation $\pi$ such that $\conf' 5 | = \pi(\conf'')$, modulo choice of events. 6 | 7 | The proof is by cases on the rule by which $\conf$ steps to 8 | $\conf'$. 9 | 10 | \begin{itemize} 11 | 12 | \item Case {\sc E-Beta}: 13 | 14 | Given: $\config{S}{\app{(\lam{x}{e})}{v}} \parstepsto 15 | \config{S}{\subst{e}{x}{v}}$, and 16 | $\config{S}{\app{(\lam{x}{e})}{v}} \parstepsto \conf''$. 17 | 18 | To show: There exists a $\pi$ such that 19 | $\config{S}{\subst{e}{x}{v}} = \pi(\conf'')$. 20 | 21 | By inspection of the operational semantics, the only reduction 22 | rule by which $\config{S}{\app{(\lam{x}{e})}{v}}$ can step is 23 | {\sc E-Beta}. 24 | 25 | Hence $\conf'' = \config{S}{\subst{e}{x}{v}}$, and the case is 26 | satisfied by choosing $\pi$ to be the identity function. 27 | 28 | \item Case {\sc E-New}: 29 | 30 | Given: $\config{S}{\NEW} \parstepsto 31 | \config{\extS{S}{l}{\bot}{\frozenfalse}}{l}$, and 32 | $\config{S}{\NEW} \parstepsto \conf''$. 33 | 34 | To show: There exists a $\pi$ such that 35 | $\config{\extS{S}{l}{\bot}{\frozenfalse}}{l} = \pi(\conf'')$. 36 | 37 | By inspection of the operational semantics, the only reduction 38 | rule by which $\config{S}{\NEW}$ can step is {\sc E-New}. 39 | 40 | Hence $\conf'' = \config{\extS{S}{l'}{\bot}{\frozenfalse}}{l'}$. 41 | 42 | Since, by the side condition of {\sc E-New}, neither $l$ nor $l'$ 43 | occur in $\dom{S}$, the case is satisfied by choosing $\pi$ to be 44 | the permutation that maps $l'$ to $l$ and is the identity on every 45 | other element of $\Loc$. 46 | 47 | \item Case {\sc E-Put}: 48 | 49 | Given: $\config{S}{\putiexp{l}} \parstepsto 50 | \config{\extSRaw{S}{l}{u_{p_i}(p_1)}}{\unit}$, and 51 | $\config{S}{\putiexp{l}} \parstepsto \conf''$. 52 | 53 | To show: There exists a $\pi$ such that 54 | $\config{\extSRaw{S}{l}{u_{p_i}(p_1)}}{\unit} = \pi(\conf'')$. 55 | 56 | By inspection of the operational semantics, and since 57 | $u_{p_i}(p_1) \neq \topp$ (from the premise of {\sc E-Put}), the 58 | only reduction rule by which $\config{S}{\putiexp{l}}$ can step is 59 | {\sc E-Put}. 60 | 61 | Hence $\conf'' = \config{\extSRaw{S}{l}{u_{p_i}(p_1)}}{\unit}$, 62 | and the case is satisfied by choosing $\pi$ to be the identity 63 | function. 64 | 65 | \item Case {\sc E-Put-Err}: 66 | 67 | Given: $\config{S}{\putiexp{l}} \parstepsto \error$, and 68 | $\config{S}{\putiexp{l}} \parstepsto \conf''$. 69 | 70 | To show: There exists a $\pi$ such that $\error = \pi(\conf'')$. 71 | 72 | By inspection of the operational semantics, and since 73 | $u_{p_i}(p_1) = \topp$ (from the premise of {\sc E-Put-Err}), the 74 | only reduction rule by which $\config{S}{\putiexp{l}}$ can step is 75 | {\sc E-Put-Err}. 76 | 77 | Hence $\conf'' = \error$, and the case is satisfied by choosing 78 | $\pi$ to be the identity function. 79 | 80 | \item Case {\sc E-Get}: 81 | 82 | Given: $\config{S}{\getexp{l}{P}} \parstepsto \config{S}{p_2}$, 83 | and $\config{S}{\getexp{l}{P}} \parstepsto \conf''$. 84 | 85 | To show: There exists a $\pi$ such that $\config{S}{p_2} = 86 | \pi(\conf'')$. 87 | 88 | By inspection of the operational semantics, the only reduction 89 | rule by which $\config{S}{\getexp{l}{P}}$ can step is {\sc E-Get}. 90 | 91 | Hence $\conf'' = \config{S}{p_2}$, and the case is satisfied by 92 | choosing $\pi$ to be the identity function. 93 | 94 | \item Case {\sc E-Freeze-Init}: 95 | 96 | Given: $\config{S}{\freezeafter{l}{Q}{\lam{x}{e}}} \parstepsto 97 | \config{S}{\freezeafterfull{l}{Q}{\lam{x}{e}}{\setof{}}{\setof{}}}$, 98 | and $\config{S}{\freezeafter{l}{Q}{\lam{x}{e}}} \parstepsto \conf''$. 99 | 100 | To show: There exists a $\pi$ such that 101 | $\config{S}{\freezeafterfull{l}{Q}{\lam{x}{e}}{\setof{}}{\setof{}}} 102 | = \pi(\conf'').$ 103 | 104 | By inspection of the operational semantics, the only reduction 105 | rule by which 106 | 107 | $\config{S}{\freezeafter{l}{Q}{\lam{x}{e}}}$ can step is {\sc 108 | E-Freeze-Init}. 109 | 110 | Hence $\conf'' = 111 | \config{S}{\freezeafterfull{l}{Q}{\lam{x}{e}}{\setof{}}{\setof{}}}$, 112 | and the case is satisfied by choosing $\pi$ to be the identity 113 | function. 114 | 115 | \item Case {\sc E-Spawn-Handler}: 116 | 117 | Given: $\config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{e, 118 | \dots}}{H}} \parstepsto \\ 119 | \config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{\subst{e_0}{x}{d_2}, 120 | e, \dots}} {\{d_2\}\cup H}}$, and 121 | 122 | $\config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{e, 123 | \dots}}{H}} \parstepsto \conf''$. 124 | 125 | To show: There exists a $\pi$ such that 126 | 127 | $\config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{\subst{e_0}{x}{d_2}, 128 | e, \dots}} {\{d_2\}\cup H}} = \pi(\conf'').$ 129 | 130 | By inspection of the operational semantics, the only reduction 131 | rule by which 132 | 133 | $\config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{e, 134 | \dots}}{H}}$ can step is {\sc E-Spawn-Handler}. 135 | 136 | (It cannot step by {\sc E-Freeze-Final}, because we have from the 137 | premises of {\sc E-Spawn-Handler} that $d_2 \userleq d_1$ and $d_2 138 | \in Q$ and $d_2 \notin H$, and for the premises of {\sc 139 | E-Freeze-Final} to hold, we would need that for all $d_2$, if 140 | $d_2 \userleq d_1$ and $d_2 \in Q$, then $d_2 \in H$.) 141 | 142 | Hence $\conf'' = 143 | \config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{\subst{e_0}{x}{d'_2}, 144 | e, \dots}} {\{d'_2\}\cup H}}$, where $d'_2 \userleq d_1$ and 145 | $d'_2 \in Q$ and $d'_2 \notin H$, and the case is satisfied by 146 | choosing $\pi$ to be the identity function. 147 | 148 | (It may be the case that $d'_2 \neq d_2$; if so, then we have 149 | internal nondeterminism modulo \emph{choice of events}, as we were 150 | required to show. If $d'_2 = d_2$ then we have internal 151 | nondeterminism even without that additional qualification, which 152 | also satisfies the case.) 153 | 154 | \item Case {\sc E-Freeze-Final}: 155 | 156 | Given: $\config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{v, 157 | \dots}}{H}} \parstepsto 158 | \config{\extS{S}{l}{d_1}{\frozentrue}}{d_1}$, and 159 | $\config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{v, 160 | \dots}}{H}} \parstepsto \conf''$. 161 | 162 | To show: There exists a $\pi$ such that 163 | $\config{\extS{S}{l}{d_1}{\frozentrue}}{d_1} = \pi(\conf'').$ 164 | 165 | By inspection of the operational semantics, the only reduction 166 | rule by which 167 | 168 | $\config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{v, 169 | \dots}}{H}}$ can step is {\sc E-Freeze-Final}. 170 | 171 | (It cannot step by {\sc E-Spawn-Handler}, because we have from the 172 | premises of {\sc E-Freeze-Final} that, for all $d_2$, if $d_2 173 | \userleq d_1$ and $d_2 \in Q$, then $d_2 \in H$, and for the 174 | premises of {\sc E-Spawn-Handler} to hold, we would need that $d_2 175 | \userleq d_1$ and $d_2 \in Q$ and $d_2 \notin H$.) 176 | 177 | Hence $\conf'' = \config{\extS{S}{l}{d_1}{\frozentrue}}{d_1}$, and 178 | the case is satisfied by choosing $\pi$ to be the identity 179 | function. 180 | 181 | \item Case {\sc E-Freeze-Simple}: 182 | 183 | Given: $\config{S}{\freeze{l}} \parstepsto 184 | \config{\extS{S}{l}{d_1}{\frozentrue}}{d_1}$, and 185 | $\config{S}{\freeze{l}} \parstepsto \conf''$. 186 | 187 | To show: There exists a $\pi$ such that 188 | $\config{\extS{S}{l}{d_1}{\frozentrue}}{d_1} = \pi(\conf'').$ 189 | 190 | By inspection of the operational semantics, the only reduction 191 | rule by which $\config{S}{\freeze{l}}$ can step is {\sc 192 | E-Freeze-Simple}. 193 | 194 | Hence $\conf'' = \config{\extS{S}{l}{d_1}{\frozentrue}}{d_1}$, and 195 | the case is satisfied by choosing $\pi$ to be the identity 196 | function. 197 | 198 | \end{itemize} 199 | \end{proof} 200 | 201 | -------------------------------------------------------------------------------- /dissertation/chapter3/quasi-determinism-locality-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose $\config{S}{\evalctxt{E_1}{e_1}} \ctxstepsto 3 | \config{S_1}{\evalctxt{E_1}{e'_1}}$ and 4 | $\config{S}{\evalctxt{E_2}{e_2}} \ctxstepsto 5 | \config{S_2}{\evalctxt{E_2}{e'_2}}$ and $\evalctxt{E_1}{e_1} = 6 | \evalctxt{E_2}{e_2}$. 7 | 8 | We are required to show that if $E_1 \neq E_2$, then there exist 9 | evaluation contexts $E'_1$ and $E'_2$ such that: 10 | \begin{itemize} 11 | \item $\evalctxt{E'_1}{e_1} = \evalctxt{E_2}{e'_2}$, and 12 | \item $\evalctxt{E'_2}{e_2} = \evalctxt{E_1}{e'_1}$, and 13 | \item $\evalctxt{E'_1}{e'_1} = \evalctxt{E'_2}{e'_2}$. 14 | \end{itemize} 15 | 16 | Let $e = \evalctxt{E_1}{e_1} = \evalctxt{E_2}{e_2}$. 17 | 18 | The proof is by induction on the structure of the expression $e$. 19 | 20 | Proceeding by cases on $e$: 21 | 22 | \begin{itemize} 23 | 24 | \item Cases $e = x$, $e = v$, $e = \app{e_a}{e_b}$, $e = 25 | \getexp{e_a}{e_b}$, and $e = \NEW$ are identical to their 26 | corresponding cases in the proof of 27 | Lemma~\ref{lem:lvars-locality}. 28 | 29 | \item Case $e = \putiexp{e_a}$: 30 | 31 | We know that $\putiexp{e_a} = \evalctxt{E_1}{e_1}$. 32 | 33 | From the grammar of evaluation contexts, then, we know that 34 | either: 35 | \begin{itemize} 36 | \item $\putiexp{e_a} = \evalctxt{E_1}{e_1} = 37 | \evalctxt{E_1}{\putiexp{e_a}}$, where $E_1 = [~]$, or 38 | \item $\putiexp{e_a} = \evalctxt{E_1}{e_1} = 39 | \putiexp{\evalctxt{E_{11}}{e_1}}$, where $\evalctxt{E_{11}}{e_1} 40 | = e_a$. 41 | \end{itemize} 42 | 43 | Similarly, we know that $\putiexp{e_a} = \evalctxt{E_2}{e_2}$. 44 | 45 | From the grammar of evaluation contexts, we know that either: 46 | \begin{itemize} 47 | \item $\putiexp{e_a} = \evalctxt{E_2}{e_2} = 48 | \evalctxt{E_2}{\putiexp{e_a}}$, where $E_2 = [~]$, or 49 | \item $\putiexp{e_a} = \evalctxt{E_2}{e_2} = 50 | \putiexp{\evalctxt{E_{21}}{e_2}}$, where $\evalctxt{E_{21}}{e_2} 51 | = e_a$. 52 | \end{itemize} 53 | 54 | However, if $E_1 = [~]$ or $E_2 = [~]$, then $\putiexp{e_a}$ must 55 | be $\putiexp{v}$ for some $v$, and $v$ cannot step individually, 56 | so the other of $E_1$ or $E_2$ must be $[~]$ as well, and so $E_1 57 | = E_2$. 58 | 59 | Therefore the only case that we have to consider (where $E_1 \neq 60 | E_2$) is the case in which $\evalctxt{E_1}{e_1} = 61 | \putiexp{\evalctxt{E_{11}}{e_1}}$, where $\evalctxt{E_{11}}{e_1} = 62 | e_a$, and $\putiexp{e_a} = \evalctxt{E_2}{e_2} = 63 | \putiexp{\evalctxt{E_{21}}{e_2}}$, where $\evalctxt{E_{21}}{e_2} = 64 | e_a$. 65 | 66 | So, we have $\evalctxt{E_{11}}{e_1} = e_a$ and 67 | $\evalctxt{E_{21}}{e_2} = e_a$. 68 | 69 | In this case, we know that $E_{11} \neq E_{21}$, because if 70 | $E_{11} = E_{21}$, we would have $e_1 = e_2$, which would mean 71 | that $E_1 = E_2$, a contradiction. 72 | 73 | So, since $E_{11} \neq E_{21}$, by IH we have that there exist 74 | evaluation contexts $E'_{11}$ and $E'_{21}$ such that: 75 | \begin{itemize} 76 | \item $\evalctxt{E'_{11}}{e_1} = \evalctxt{E_{21}}{e'_2}$, and 77 | \item $\evalctxt{E'_{21}}{e_2} = \evalctxt{E_{11}}{e'_1}$, and 78 | \item $\evalctxt{E'_{11}}{e'_1} = \evalctxt{E'_{21}}{e'_2}$. 79 | \end{itemize} 80 | 81 | Hence we can choose $E'_1 = \putiexp{E'_{11}}$ and $E'_2 = 82 | \putiexp{E'_{21}}$, which satisfy the criteria for $E'_1$ and 83 | $E'_2$. 84 | 85 | \item Case $e = \freeze{e_a}$: Similar to the case for 86 | $\putiexp{e_a}$. 87 | 88 | \item Case $e = \freezeafter{e_a}{e_b}{e_c}$: Similar to the case 89 | where $e = \app{e_a}{e_b}$. 90 | 91 | \item Case $e = \freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 92 | \dots}}{H}$: 93 | 94 | We know that $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 95 | \dots}}{H} = \evalctxt{E_1}{e_1}$. 96 | 97 | From the grammar of evaluation contexts, we know that either: 98 | \begin{itemize} 99 | \item $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 100 | \dots}}{H} = \evalctxt{E_1}{e_1} =$ \\ 101 | $\evalctxt{E_1}{\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 102 | \dots}}{H}}$, where $E_1 = [~]$, or 103 | \item $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 104 | \dots}}{H} = \evalctxt{E_1}{e_1} =$ \\ 105 | $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_{b_1}, \dots, 106 | \evalctxt{E_{11}}{e_1}, \dots, e_{b_n}}}{H}$, where 107 | $\evalctxt{E_{11}}{e_1} = e_{b_i}$. 108 | \end{itemize} 109 | 110 | Similarly, we know that 111 | $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, \dots}}{H} = 112 | \evalctxt{E_2}{e_2}$. 113 | 114 | From the grammar of evaluation contexts, we know that either: 115 | \begin{itemize} 116 | \item $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 117 | \dots}}{H} = \evalctxt{E_2}{e_2} =$ \\ 118 | $\evalctxt{E_2}{\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 119 | \dots}}{H}}$, where $E_2 = [~]$, or 120 | \item $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 121 | \dots}}{H} = \evalctxt{E_2}{e_2} =$ \\ 122 | $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_{b_1}, \dots, 123 | \evalctxt{E_{21}}{e_2}, \dots, e_{b_n}}}{H}$, where 124 | $\evalctxt{E_{21}}{e_2} = e_{b_j}$. 125 | \end{itemize} 126 | 127 | However, if $E_1 = [~]$ or $E_2 = [~]$, then 128 | $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, \dots}}{H}$ must 129 | be $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{v, \dots}}{H}$ for 130 | some $\setof{v_1, \dots, v_n}$, and no $v_i$ can step 131 | individually, so the other of $E_1$ or $E_2$ must be $[~]$ as 132 | well, and so $E_1 = E_2$. 133 | 134 | Therefore the only case that we have to consider (where $E_1 \neq 135 | E_2$) is the case in which: 136 | \begin{itemize} 137 | \item $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 138 | \dots}}{H} = \evalctxt{E_1}{e_1} =$ \\ 139 | $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_{b_1}, \dots, 140 | \evalctxt{E_{11}}{e_1}, \dots, e_{b_n}}}{H}$, where 141 | $\evalctxt{E_{11}}{e_1} = e_{b_i}$, and 142 | \item $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_b, 143 | \dots}}{H} = \evalctxt{E_2}{e_2} =$ \\ 144 | $\freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_{b_1}, \dots, 145 | \evalctxt{E_{21}}{e_2}, \dots, e_{b_n}}}{H}$, where 146 | $\evalctxt{E_{21}}{e_2} = e_{b_j}$. 147 | \end{itemize} 148 | 149 | Finally, we have two cases to consider: 150 | \begin{itemize} 151 | \item $e_{b_i} = e_{b_j}$: In this case we have $e_{b_i} = 152 | \evalctxt{E_{11}}{e_1} = \evalctxt{E_{21}}{e_2}$. 153 | 154 | We know that $E_{11} \neq E_{21}$, because if $E_{11} = E_{21}$, 155 | we would have $e_1 = e_2$, which would mean that $E_1 = E_2$, a 156 | contradiction. 157 | 158 | So, since $E_{11} \neq E_{21}$, by IH we have that there exist 159 | evaluation contexts $E'_{11}$ and $E'_{21}$ such that: 160 | \begin{itemize} 161 | \item $\evalctxt{E'_{11}}{e_1} = \evalctxt{E_{21}}{e'_2}$, and 162 | \item $\evalctxt{E'_{21}}{e_2} = \evalctxt{E_{11}}{e'_1}$, and 163 | \item $\evalctxt{E'_{11}}{e'_1} = \evalctxt{E'_{21}}{e'_2}$. 164 | \end{itemize} 165 | Hence we can choose 166 | \[E'_1 = \freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_{b_1}, \dots, 167 | E'_{11}, \dots, e_{b_n}}}{H},\] and 168 | \[E'_2 = \freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_{b_1}, \dots, 169 | E'_{21}, \dots, e_{b_n}}}{H},\] which satisfy the criteria 170 | for $E'_1$ and $E'_2$. 171 | 172 | \item $e_{b_i} \neq e_{b_j}$: 173 | In this case, we can choose 174 | \[E'_1 = \freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_{b_1}, 175 | \dots, E_{11}, \dots, \evalctxt{E_{21}}{e'_2}, \dots, 176 | e_{b_n}}}{H},\] and 177 | \[E'_2 = \freezeafterfull{l}{Q}{\lam{x}{e_a}}{\setof{e_{b_1}, 178 | \dots, \evalctxt{E_{11}}{e'_1}, \dots, E_{21}, \dots, 179 | e_{b_n}}}{H},\] which satisfy the criteria for $E'_1$ and 180 | $E'_2$. 181 | \end{itemize} 182 | \end{itemize} 183 | \end{proof} 184 | -------------------------------------------------------------------------------- /dissertation/chapter3/quasi-determinism-monotonicity-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose $\config{S}{e} \parstepsto \config{S'}{e'}$. 3 | 4 | We are required to show that $\leqstore{S}{S'}$. 5 | 6 | The proof is by cases on the rule by which $\config{S}{e}$ steps to 7 | $\config{S'}{e'}$. 8 | 9 | \begin{itemize} 10 | \item Case {\sc E-Beta}: 11 | 12 | Immediate by the definition of $\leqstore{}{}$, since $S$ does 13 | not change. 14 | 15 | \item Case {\sc E-New}: 16 | 17 | Given: $\config{S}{\NEW} \parstepsto 18 | \config{\extS{S}{l}{\bot}{\frozenfalse}}{l}$. 19 | 20 | To show: $\leqstore{S}{\extS{S}{l}{\bot}{\frozenfalse}}$. 21 | 22 | By Definition~\ref{def:leqstore}, we have to show that $\dom{S} 23 | \subseteq \dom{\extS{S}{l}{\bot}{\frozenfalse}}$ and that for 24 | all $l' \in \dom{S}$, $S(l') \leqp 25 | (\extS{S}{l}{\bot}{\frozenfalse})(l')$. 26 | 27 | By definition, a store update operation on $S$ can only either 28 | update an existing binding in $S$ or extend $S$ with a new 29 | binding. 30 | 31 | Hence $\dom{S} \subseteq \dom{\extS{S}{l}{\bot}{\frozenfalse}}$. 32 | 33 | From the side condition of {\sc E-New}, $l \notin \dom{S}$. 34 | 35 | Hence $\extS{S}{l}{\bot}{\frozenfalse}$ adds a new binding for 36 | $l$ in $S$. 37 | 38 | Hence $\extS{S}{l}{\bot}{\frozenfalse}$ does not update any 39 | existing bindings in $S$. 40 | 41 | Hence, for all $l' \in \dom{S}, S(l') \leqp 42 | (\extS{S}{l}{\bot}{\frozenfalse})(l')$. 43 | 44 | Therefore $\leqstore{S}{\extS{S}{l}{\bot}{\frozenfalse}}$, as 45 | required. 46 | 47 | \item Case {\sc E-Put}: 48 | 49 | Given: $\config{S}{\putiexp{l}} \parstepsto 50 | \config{\extSRaw{S}{l}{u_{p_i}(p_1)}}{\unit}$. 51 | 52 | To show: $\leqstore{S}{\extSRaw{S}{l}{u_{p_i}(p_1)}}$. 53 | 54 | By Definition~\ref{def:leqstore}, we have to show that $\dom{S} 55 | \subseteq \dom{\extSRaw{S}{l}{u_{p_i}(p_1)}}$ and that for all 56 | $l' \in \dom{S}$, $S(l') \leqp 57 | (\extSRaw{S}{l}{u_{p_i}(p_1)})(l')$. 58 | 59 | By definition, a store update operation on $S$ can only either 60 | update an existing binding in $S$ or extend $S$ with a new 61 | binding. 62 | 63 | Hence $\dom{S} \subseteq \dom{\extSRaw{S}{l}{u_{p_i}(p_1)}}$. 64 | 65 | From the premises of {\sc E-Put}, $S(l) = p_1$. 66 | 67 | Therefore $l \in \dom{S}$. 68 | 69 | Hence $\extSRaw{S}{l}{u_{p_i}(p_1)}$ updates the existing 70 | binding for $l$ in $S$ from $p_1$ to $u_{p_i}(p_1)$. 71 | 72 | By definition, $u_{p_i}$ is inflationary. 73 | 74 | Hence $p_1 \leqp u_{p_i}(p_1)$. 75 | 76 | $\extSRaw{S}{l}{u_{p_i}(p_1)}$ does not update any other 77 | bindings in $S$, hence, for all $l' \in \dom{S}, S(l') \leqp 78 | (\extSRaw{S}{l}{u_{p_i}(p_1)})(l')$. 79 | 80 | Hence $\leqstore{S}{\extSRaw{S}{l}{u_{p_i}(p_1)}}$, as required. 81 | 82 | \item Case {\sc E-Put-Err}: 83 | 84 | Given: $\config{S}{\putiexp{l}} \parstepsto \error$. 85 | 86 | By the definition of $\error$, $\error = \config{\topS}{e}$ for 87 | any $e$. 88 | 89 | To show: $\leqstore{S}{\topS}$. 90 | 91 | Immediate by the definition of $\leqstore{}{}$. 92 | 93 | \item Case {\sc E-Get}: 94 | 95 | Immediate by the definition of $\leqstore{}{}$, since $S$ does 96 | not change. 97 | 98 | \item Case {\sc E-Freeze-Init}: 99 | 100 | Immediate by the definition of $\leqstore{}{}$, since $S$ does 101 | not change. 102 | 103 | \item Case {\sc E-Spawn-Handler}: 104 | 105 | Immediate by the definition of $\leqstore{}{}$, since $S$ does 106 | not change. 107 | 108 | \item Case {\sc E-Freeze-Final}: 109 | 110 | Given: 111 | $\config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{v, 112 | \dots}}{H}} \parstepsto 113 | \config{\extS{S}{l}{d_1}{\frozentrue}}{d_1}$. 114 | 115 | To show: $\leqstore{S}{\extS{S}{l}{d_1}{\frozentrue}}$. 116 | 117 | By Definition~\ref{def:leqstore}, we have to show that $\dom{S} 118 | \subseteq \dom{\extS{S}{l}{d_1}{\frozentrue}}$ and that for all 119 | $l' \in \dom{S}$, $S(l') \leqp 120 | (\extS{S}{l}{d_1}{\frozentrue})(l')$. 121 | 122 | \lk{We could spell this out in even more excruciating detail, 123 | but I think it's obvious enough.} 124 | 125 | By definition, a store update operation on $S$ can only either 126 | update an existing binding in $S$ or extend $S$ with a new 127 | binding. 128 | 129 | Hence $\dom{S} \subseteq \dom{\extS{S}{l}{d_1}{\frozentrue}}$. 130 | 131 | From the premises of {\sc E-Freeze-Final}, $S(l) = 132 | \state{d_1}{\status_1}$. Therefore $l \in \dom{S}$. 133 | 134 | Hence $\extS{S}{l}{d_1}{\frozentrue}$ updates the existing 135 | binding for $l$ in $S$ from $\state{d_1}{\status_1}$ to 136 | $\state{d_1}{\frozentrue}$. 137 | 138 | By the definition of $\leqp$, $\state{d_1}{\status_1} \leqp 139 | \state{d_1}{\frozentrue}$. 140 | 141 | $\extS{S}{l}{d_1}{\frozentrue}$ does not update any other 142 | bindings in $S$, hence, for all $l' \in \dom{S}$, $S(l') \leqp 143 | (\extS{S}{l}{d_1}{\frozentrue})(l')$. 144 | 145 | Hence $\leqstore{S}{\extS{S}{l}{d_1}{\frozentrue}}$, as 146 | required. 147 | 148 | \item Case {\sc E-Freeze-Simple}: 149 | 150 | Given: $\config{S}{\freeze{l}} \parstepsto 151 | \config{\extS{S}{l}{d_1}{\frozentrue}}{d_1}$. 152 | 153 | To show: $\leqstore{S}{\extS{S}{l}{d_1}{\frozentrue}}$. 154 | 155 | Similar to the previous case. 156 | 157 | \end{itemize} 158 | 159 | \end{proof} 160 | -------------------------------------------------------------------------------- /dissertation/chapter3/quasi-determinism-strong-one-sided-quasi-confluence-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose $\conf \ctxstepsto \conf'$ and $\conf \ctxstepsto^m 3 | \conf''$, where $1 \leq m$. 4 | 5 | We are required to show that either: 6 | \begin{enumerate} 7 | \item there exist $\conf_c, i, j, \pi$ such that $\conf' 8 | \ctxstepsto^i \conf_c$ and $\pi(\conf'') \ctxstepsto^j \conf_c$ 9 | and $i \leq m$ and $j \leq 1$, or 10 | \item there exists $k \leq m$ such that $\conf' \ctxstepsto^k 11 | \textup{\error}$, or there exists $k \leq 1$ such that $\conf'' 12 | \ctxstepsto^k \textup{\error}$. 13 | \end{enumerate} 14 | 15 | We proceed by induction on $m$. 16 | 17 | In the base case of $m = 1$, the result is immediate from 18 | Lemma~\ref{lem:strong-local-quasi-confluence}, with $k = 1$. 19 | 20 | For the induction step, suppose $\conf \ctxstepsto^m \conf'' 21 | \ctxstepsto \conf'''$ and suppose the lemma holds for $m$. 22 | 23 | We show that it holds for $m + 1$, as follows. 24 | 25 | From the induction hypothesis, we have that either: 26 | \begin{enumerate} 27 | \item there exist $\conf_c', i', j', \pi'$ such that $\conf' 28 | \ctxstepsto^{i'} \conf_c'$ and $\pi'(\conf'') \ctxstepsto^{j'} 29 | \conf_c'$ and $i' \leq m$ and $j' \leq 1$, or 30 | \item there exists $k' \leq m$ such that $\conf' 31 | \ctxstepsto^{k'} \error$, or there exists $k' \leq 1$ such that 32 | $\conf'' \ctxstepsto^{k'} \error$. 33 | \end{enumerate} 34 | 35 | We consider these two cases in turn: 36 | \begin{enumerate} 37 | \item There exist $\conf_c', i', j', \pi'$ such that $\conf' 38 | \ctxstepsto^{i'} \conf_c'$ and $\pi'(\conf'') \ctxstepsto^{j'} 39 | \conf_c'$ and $i' \leq m$ and $j' \leq 1$: 40 | 41 | We proceed by cases on $j'$: 42 | \begin{itemize} 43 | 44 | \item If $j' = 0$, then $\pi'(\conf'') = \conf_c'$. 45 | 46 | Since $\conf'' \ctxstepsto \conf'''$, we have that 47 | $\pi'(\conf'') \ctxstepsto \pi'(\conf''')$ by 48 | Lemma~\ref{lem:permutability} (Permutability). 49 | 50 | We can then choose $\conf_c = \pi'(\conf''')$ and $i = i' + 1$ 51 | and $j = 0$ and $\pi = \pi'$. 52 | 53 | The key is that $\conf' \ctxstepsto^{i'} \conf'_c = 54 | \pi'(\conf'') \ctxstepsto \pi'(\conf''')$ for a total of $i' + 55 | 1$ steps. 56 | 57 | \item If $j' = 1$: 58 | 59 | First, since $\pi'(\conf'') \ctxstepsto^{j'} \conf'_c$, then 60 | by Lemma~\ref{lem:permutability} (Permutability) we have that 61 | $\conf'' \ctxstepsto^{j'} \piprimeinv(\conf'_c)$. 62 | 63 | Then, by $\conf'' \ctxstepsto^{j'} \piprimeinv(\conf'_c)$ and 64 | $\conf'' \ctxstepsto \conf'''$ and 65 | Lemma~\ref{lem:strong-local-quasi-confluence}, one of the 66 | following two cases is true: 67 | \begin{enumerate} 68 | \item There exist $\conf_c''$ and $i''$ and $j''$ and $\pi''$ 69 | such that $\piprimeinv(\conf'_c) \ctxstepsto^{i''} 70 | \conf_c''$ and $\pi''(\conf''') \ctxstepsto^{j''} \conf_c''$ 71 | and $i'' \leq 1$ and $j'' \leq 1$. 72 | 73 | Since $\piprimeinv(\conf'_c) \ctxstepsto^{i''} \conf_c''$, 74 | by Lemma~\ref{lem:permutability} (Permutability) we have 75 | that $\conf'_c \ctxstepsto^{i''} \pi'(\conf_c'')$. 76 | 77 | So we also have $\conf' \ctxstepsto^{i'} \conf_c' 78 | \ctxstepsto^{i''} \pi'(\conf_c'')$. 79 | 80 | Since $\pi''(\conf''') \ctxstepsto^{j''} \conf_c''$, by 81 | Lemma~\ref{lem:permutability} (Permutability) we have that 82 | $\pi'(\pi''(\conf''')) \ctxstepsto^{j''} \pi'(\conf_c'')$. 83 | 84 | In summary, we pick $\conf_c = \pi'(\conf_c'')$ and $i = i' + i''$ 85 | and $j = j''$ and $\pi = \pi'' \circ \pi'$, which is sufficient 86 | because $i = i' + i'' \leq m + 1$ and $j = j'' \leq 1$. 87 | 88 | \item $\piprimeinv(\conf'_c) \ctxstepsto \error$ or $\conf''' 89 | \ctxstepsto \error$. 90 | 91 | If $\conf''' \ctxstepsto \error$, then choosing $k = 1$ 92 | satisfies the proof. 93 | 94 | Otherwise, $\piprimeinv(\conf'_c) \ctxstepsto \error$. 95 | 96 | Then, by Lemma~\ref{lem:permutability} we have that 97 | $\conf'_c \ctxstepsto \pi'(\error)$. 98 | 99 | By Definition~\ref{def:permutation-configuration}, 100 | $\pi'(\error) = \error$, and so $\conf'_c \ctxstepsto 101 | \error$. 102 | 103 | Therefore $\conf' \ctxstepsto^{i'} \conf'_c \ctxstepsto 104 | \error$. 105 | 106 | Hence $\conf' \ctxstepsto^{i'+1} \error$. 107 | 108 | Since $i' \leq m$, we have that $i' + 1 \leq m + 1$, and 109 | so choosing $k = i' + 1$ satisfies the proof. 110 | 111 | \end{enumerate} 112 | 113 | \end{itemize} 114 | 115 | \item There exists $k' \leq m$ such that $\conf' \ctxstepsto^{k'} 116 | \error$, or there exists $k' \leq 1$ such that $\conf'' 117 | \ctxstepsto^{k'} \error$: 118 | 119 | If there exists $k' \leq m$ such that $\conf' \ctxstepsto^{k'} 120 | \error$, then choosing $k = k'$ satisfies the proof. 121 | 122 | Otherwise, there exists $k' \leq 1$ such that $\conf'' 123 | \ctxstepsto^{k'} \error$. 124 | 125 | We proceed by cases on $k'$: 126 | 127 | \begin{itemize} 128 | 129 | \item If $k' = 0$, then $\conf'' = \error$. 130 | 131 | Hence this case is not possible, since $\conf'' \ctxstepsto 132 | \conf'''$ and $\error$ cannot step. 133 | 134 | \item If $k' = 1$: 135 | 136 | From $\conf'' \ctxstepsto \conf'''$ and $\conf'' 137 | \ctxstepsto^{k'} \error$ and 138 | Lemma~\ref{lem:strong-local-quasi-confluence}, one of the 139 | following two cases is true: 140 | 141 | \begin{enumerate} 142 | \item There exist $\conf_c''$ and $i''$ and $j''$ and $\pi''$ 143 | such that $\error \ctxstepsto^{i''} \conf_c''$ and 144 | $\pi''(\conf''') \ctxstepsto^{j''} \conf_c''$ and $i'' \leq 145 | 1$ and $j'' \leq 1$. 146 | 147 | Since $\error$ cannot step, $i'' = 0$ and $\conf''_c = 148 | \error$. 149 | 150 | By Definition~\ref{def:permutation-configuration}, 151 | $\pi''(\conf''') = \conf'''$. 152 | 153 | Hence $\conf''' \ctxstepsto^{j''} \error$. 154 | 155 | \lk{This is the one place where we need to allow $k$ to be 156 | $\leq$ 1 instead of exactly 1.} 157 | 158 | Since $j'' \leq 1$, choosing $k = j''$ satisfies the proof. 159 | 160 | \item $\error \ctxstepsto \error$ or $\conf''' \ctxstepsto 161 | \error$. 162 | 163 | Since $\error$ cannot step, $\conf''' \ctxstepsto \error$. 164 | 165 | Hence choosing $k = 1$ satisfies the proof. 166 | 167 | \end{enumerate} 168 | 169 | \end{itemize} 170 | 171 | \end{enumerate} 172 | 173 | \end{proof} 174 | -------------------------------------------------------------------------------- /dissertation/chapter3/quasi-determinism-strong-quasi-confluence-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Suppose that $\conf \ctxstepsto^n \conf'$ and $\conf \ctxstepsto^m 3 | \conf''$, where $1 \leq n$ and $1 \leq m$. 4 | 5 | We are required to show that either: 6 | \begin{enumerate} 7 | \item there exist $\conf_c, i, j, \pi$ such that $\conf' 8 | \ctxstepsto^i \conf_c$ and $\pi(\conf'') \ctxstepsto^j \conf_c$ 9 | and $i \leq m$ and $j \leq n$, or 10 | \item there exists $k \leq m$ such that $\conf' \ctxstepsto^k 11 | \textup{\error}$, or there exists $k \leq n$ such that $\conf'' 12 | \ctxstepsto^k \textup{\error}$. 13 | \end{enumerate} 14 | 15 | We proceed by induction on $n$. 16 | 17 | In the base case of $n = 1$, the result is immediate from 18 | Lemma~\ref{lem:strong-one-sided-quasi-confluence}. 19 | 20 | For the induction step, suppose $\conf \ctxstepsto^n \conf' 21 | \ctxstepsto \conf'''$ and suppose the lemma holds for $n$. 22 | 23 | We show that it holds for $n + 1$, as follows. 24 | 25 | From the induction hypothesis, we have that either: 26 | \begin{enumerate} 27 | \item there exist $\conf'_c, i', j', \pi'$ such that $\conf' 28 | \ctxstepsto^{i'} \conf'_c$ and $\pi'(\conf'') \ctxstepsto^{j'} 29 | \conf'_c$ and $i' \leq m$ and $j' \leq n$, or 30 | \item there exists $k' \leq m$ such that $\conf' \ctxstepsto^{k'} 31 | \error$, or there exists $k' \leq n$ such that $\conf'' 32 | \ctxstepsto^{k'} \error$. 33 | \end{enumerate} 34 | 35 | We consider these two cases in turn: 36 | 37 | \begin{enumerate} 38 | \item There exist $\conf'_c, i', j', \pi'$ such that $\conf' 39 | \ctxstepsto^{i'} \conf'_c$ and $\pi'(\conf'') \ctxstepsto^{j'} 40 | \conf'_c$ and $i' \leq m$ and $j' \leq n$: 41 | 42 | We proceed by cases on $i'$: 43 | \begin{itemize} 44 | 45 | \item If $i' = 0$, then $\conf' = \conf_c'$. 46 | 47 | We can then choose $\conf_c = \conf'''$ and $i = 0$ and $j = j' 48 | + 1$ and $\pi = \pi'$. 49 | 50 | Since $\pi'(\conf'') \ctxstepsto^{j'} \conf'_c \ctxstepsto 51 | \conf'''$, and $j' + 1 \leq n + 1$ since $j' \leq n$, the case 52 | is satisfied. 53 | 54 | \item If $i' \geq 1$: 55 | 56 | From $\conf' \ctxstepsto \conf'''$ and $\conf' \ctxstepsto^{i'} 57 | \conf_c'$ and Lemma~\ref{lem:strong-one-sided-quasi-confluence}, 58 | one of the following two cases is true: 59 | \begin{enumerate} 60 | \item There exist $\conf_c''$ and $i''$ and $j''$ and $\pi''$ 61 | such that $\conf''' \ctxstepsto^{i''} \conf_c''$ and 62 | $\pi''(\conf_c') \ctxstepsto^{j''} \conf_c''$ and $i'' \leq 63 | i'$ and $j'' \leq 1$. 64 | 65 | Since $\pi'(\conf'') \ctxstepsto^{j'} \conf'_c$, by 66 | Lemma~\ref{lem:permutability} (Permutability) we have that 67 | $\pi''(\pi'(\conf'')) \ctxstepsto^{j'} \pi''(\conf'_c)$. 68 | 69 | So we also have $\pi''(\pi'(\conf'')) \ctxstepsto^{j'} 70 | \pi''(\conf'_c) \ctxstepsto^{j''} \conf_c''$. 71 | 72 | In summary, we pick $\conf_c = \conf_c''$ and $i = i''$ and $j = 73 | j' + j''$ and $\pi = \pi' \circ \pi''$, which is sufficient 74 | because $i = i'' \leq i' \leq m$ and $j = j' + j'' \leq n + 1$. 75 | 76 | \item There exists $k'' \leq i'$ such that $\conf''' 77 | \ctxstepsto^{k''} \error$, or there exists $k'' \leq 1$ such 78 | that $\conf'_c \ctxstepsto^{k''} \error$. 79 | 80 | If there exists $k'' \leq i'$ such that $\conf''' 81 | \ctxstepsto^{k''} \error$, then choosing $k = k''$ satisfies 82 | the proof, since $k'' \leq i' \leq m$. 83 | 84 | Otherwise, there exists $k'' \leq 1$ such 85 | that $\conf'_c \ctxstepsto^{k''} \error$. 86 | 87 | Hence by Lemma~\ref{lem:permutability} (Permutability), we 88 | have that $\piprimeinv(\conf'_c) \ctxstepsto^{k''} 89 | \piprimeinv(\error)$. 90 | 91 | By Definition~\ref{def:permutation-configuration}, 92 | $\piprimeinv(\error) = \error$. 93 | 94 | Hence $\piprimeinv(\conf'_c) \ctxstepsto^{k''} \error$. 95 | 96 | Since $\pi'(\conf'') \ctxstepsto^{j'} \conf_c'$, by 97 | Lemma~\ref{lem:permutability} (Permutability), we have that 98 | $\conf'' \ctxstepsto^{j'} \piprimeinv(\conf_c')$. 99 | 100 | Therefore, $\conf'' \ctxstepsto^{j'} \piprimeinv(\conf_c') 101 | \ctxstepsto^{k''} \error$. 102 | 103 | Hence $\conf'' \ctxstepsto^{j' + k''} \error$. 104 | 105 | Since $j' \leq n$ and $k'' \leq 1$, $j' + k'' \leq n + 1$. 106 | 107 | Hence choosing $k = j' + k''$ satisfies the proof. 108 | 109 | \end{enumerate} 110 | \end{itemize} 111 | 112 | \item There exists $k' \leq m$ such that $\conf' \ctxstepsto^{k'} 113 | \error$, or there exists $k' \leq n$ such that $\conf'' 114 | \ctxstepsto^{k'} \error$: 115 | 116 | If there exists $k' \leq n$ such that $\conf'' \ctxstepsto^{k'} 117 | \error$, then choosing $k = k'$ satisfies the proof. 118 | 119 | Otherwise, there exists $k' \leq m$ such that $\conf' 120 | \ctxstepsto^{k'} \error$. 121 | 122 | We proceed by cases on $k'$: 123 | 124 | \begin{itemize} 125 | 126 | \item If $k' = 0$, then $\conf' = \error$. 127 | 128 | Hence this case is not possible, since $\conf' \ctxstepsto 129 | \conf'''$ and $\error$ cannot step. 130 | 131 | \item If $k' \geq 1$: 132 | 133 | From $\conf' \ctxstepsto \conf'''$ and $\conf' \ctxstepsto^{k'} 134 | \error$ and Lemma~\ref{lem:strong-one-sided-quasi-confluence}, 135 | one of the following two cases is true: 136 | 137 | \begin{enumerate} 138 | \item There exist $\conf''_c$ and $i''$ and $j''$ and $\pi''$ 139 | such that $\conf''' \ctxstepsto^{i''} \conf''_c$ and 140 | $\pi''(\error) \ctxstepsto^{j''} \conf''_c$ and $i'' \leq 141 | k'$ and $j'' \leq 1$. 142 | 143 | By Definition~\ref{def:permutation-configuration}, 144 | $\pi''(\error) = \error$. 145 | 146 | Hence $\error \ctxstepsto^{j''} \conf''_c$. 147 | 148 | Since $\error$ cannot step, $j'' = 0$ and $\conf''_c = 149 | \error$. 150 | 151 | Hence $\conf''' \ctxstepsto^{i''} \error$. 152 | 153 | Since $i'' \leq k' \leq m$, choosing $k = i''$ satisfies the 154 | proof. 155 | 156 | \item There exists $k'' \leq k'$ such that $\conf''' 157 | \ctxstepsto^{k''} \error$, or there exists $k'' \leq 1$ such 158 | that $\error \ctxstepsto^{k''} \error$. 159 | 160 | Since $\error$ cannot step, there exists $k'' \leq k'$ such 161 | that $\conf''' \ctxstepsto^{k''} \error$. 162 | 163 | Since $k'' \leq k' \leq m$, choosing $k = k''$ satisfies the 164 | proof. 165 | \end{enumerate} 166 | \end{itemize} 167 | \end{enumerate} 168 | 169 | \end{proof} 170 | -------------------------------------------------------------------------------- /dissertation/chapter4/big-picture.tex: -------------------------------------------------------------------------------- 1 | \section{The big picture}\label{s:lvish-big-picture} 2 | 3 | Our library adopts and builds on the basic approach of the @Par@ monad 4 | and the monad-par library~\cite{monad-par}, enabling us to employ our 5 | own notion of lightweight, library-level threads with a custom 6 | scheduler. It supports the programming model laid out in 7 | Section~\ref{s:quasi-informal} in full, including explicit handler 8 | pools. It differs from the formalism of Section~\ref{s:quasi-formal} 9 | in following Haskell's by-need evaluation strategy, which also means 10 | that concurrency in the library is \emph{explicitly marked}, either 11 | through uses of a @fork@ function or through asynchronous callbacks, 12 | which run in their own lightweight threads. 13 | 14 | \ifdefined\DISSERTATION 15 | \begin{wrapfigure}{l}{1.2in} 16 | \vspace{-2em} 17 | \begin{center} 18 | \includegraphics[scale=0.2]{../illustrations/elf} 19 | \end{center} 20 | \vspace{-1.5em} 21 | \end{wrapfigure} 22 | \fi 23 | 24 | We envision two parties interacting with the LVish library. First, 25 | there are \emph{data structure authors}, who use the library directly 26 | to implement a specific monotonic data structure (\eg, a monotonically 27 | growing finite map). Second, there are \emph{application writers}, 28 | who are clients of these data structures. Only the application 29 | writers receive a \mbox{(quasi-)determinism} guarantee; an author of a 30 | data structure is responsible for ensuring that the states their data 31 | structure can take on correspond to the elements of a lattice, and 32 | that the exposed interface to it corresponds to some use of update 33 | operations, @get@, @freeze@, and event handlers. 34 | 35 | The LVish library also includes \emph{lattice-generic} infrastructure: 36 | the @Par@ monad itself, a thread scheduler, support for blocking and 37 | signaling threads, handler pools, and event handlers. Since this 38 | infrastructure is unsafe---that is, it does not guarantee determinism 39 | or quasi-determinism---only data structure authors should import it, 40 | subsequently exporting a \emph{limited} interface specific to their 41 | data structure. For finite maps, for instance, this interface might 42 | include key/value insertion, lookup, event handlers and pools, and 43 | freezing---along with higher-level abstractions built on top of these. 44 | Control operators like @fork@ are the only non-data-structure-specific 45 | operations exposed to application writers. 46 | 47 | For this approach to scale well with available parallel resources, it 48 | is essential that the data structures themselves support efficient 49 | parallel access; a finite map that was simply protected by a global 50 | lock would force all parallel threads to sequentialize their access. 51 | Thus, we expect data structure authors to draw from the extensive 52 | literature on scalable parallel data structures, employing techniques 53 | like fine-grained locking and lock-free data structures~\cite{art}. 54 | Data structures that fit into the LVish model have a special 55 | advantage: because all updates must commute, it may be possible to 56 | avoid the expensive synchronization which \emph{must} be used for 57 | non-commutative operations~\cite{lawsOfOrder}. And in any case, 58 | monotonic data structures can be simpler to represent and 59 | implement than general ones. 60 | -------------------------------------------------------------------------------- /dissertation/chapter4/code/disjoint-parallel-update.hs: -------------------------------------------------------------------------------- 1 | {-# LANGUAGE TypeFamilies #-} 2 | 3 | import Prelude hiding (read) 4 | import Control.LVish 5 | import Control.Par.ST (liftST) 6 | import Control.Par.ST.Vec (ParVecT, set, reify, forkSTSplit, write, read, runParVecT) 7 | import Data.Vector (freeze, toList) 8 | 9 | p :: (HasGet e, HasPut e) => ParVecT s1 String Par e s [String] 10 | p = do 11 | -- Fill all six slots in the vector with "foo". 12 | set "foo" 13 | -- Get a pointer to the state. 14 | ptr <- reify 15 | 16 | -- Fork two computations, each of which has access to half the 17 | -- vector. Within the two forked child computations, `ptr` is 18 | -- inaccessible. 19 | forkSTSplit 3 -- Split at index 3 in the vector. 20 | (write 0 "bar") 21 | (write 0 "baz") 22 | 23 | frozen <- liftST (freeze ptr) 24 | return (toList frozen) 25 | 26 | main = print (runPar (runParVecT 6 p)) 27 | -------------------------------------------------------------------------------- /dissertation/chapter4/code/graph-traversal-explicit-freeze.hs: -------------------------------------------------------------------------------- 1 | import Control.LVish 2 | import Control.LVish.DeepFrz -- provides Frzn 3 | import Data.LVar.Generic (addHandler, freeze) 4 | import Data.LVar.PureSet 5 | import qualified Data.Graph as G 6 | 7 | traverse :: (HasPut e, HasFreeze e) => 8 | G.Graph -> Int -> Par e s (ISet Frzn Int) 9 | traverse g startNode = do 10 | seen <- newEmptySet 11 | h <- newHandler seen 12 | (\node -> do 13 | mapM (\v -> insert v seen) 14 | (neighbors g node) 15 | return ()) 16 | insert startNode seen -- Kick things off 17 | quiesce h 18 | freeze seen 19 | 20 | main = do 21 | v <- runParQuasiDet (traverse myGraph (0 :: G.Vertex)) 22 | print (fromISet v) 23 | -------------------------------------------------------------------------------- /dissertation/chapter4/code/graph-traversal-implicit-freeze.hs: -------------------------------------------------------------------------------- 1 | import Control.LVish 2 | import Control.LVish.DeepFrz -- provides runParThenFreeze 3 | import Data.LVar.Generic (addHandler, freeze) 4 | import Data.LVar.PureSet 5 | import qualified Data.Graph as G 6 | 7 | traverse :: HasPut e => G.Graph -> Int -> Par e s (ISet s Int) 8 | traverse g startNode = do 9 | seen <- newEmptySet 10 | h <- newHandler seen 11 | (\node -> do 12 | mapM (\v -> insert v seen) 13 | (neighbors g node) 14 | return ()) 15 | insert startNode seen -- Kick things off 16 | return seen 17 | 18 | main = print (runParThenFreeze (traverse myGraph (0 :: G.Vertex))) 19 | 20 | -------------------------------------------------------------------------------- /dissertation/chapter4/code/ivar-example.hs: -------------------------------------------------------------------------------- 1 | import Control.Monad.Par 2 | 3 | p :: Par Int 4 | p = do num <- new 5 | fork (put num 3) 6 | fork (put num 4) 7 | get num 8 | 9 | main = print (runPar p) 10 | -------------------------------------------------------------------------------- /dissertation/chapter4/code/map-lvar-freezeafter.hs: -------------------------------------------------------------------------------- 1 | import Control.LVish 2 | import Control.LVish.DeepFrz -- provides runParThenFreeze 3 | import Data.LVar.PureMap 4 | 5 | p :: (HasPut e) => Par e s (IMap Item s Int) 6 | p = do 7 | cart <- newEmptyMap 8 | fork (insert Book 2 cart) 9 | fork (insert Shoes 1 cart) 10 | return cart 11 | 12 | main = print (runParThenFreeze p) 13 | -------------------------------------------------------------------------------- /dissertation/chapter4/code/map-lvar-getkey-lib.hs: -------------------------------------------------------------------------------- 1 | import Control.LVish 2 | import Data.LVar.PureMap 3 | 4 | p :: (HasPut e, HasGet e) => Par e s Int 5 | p = do cart <- newEmptyMap 6 | fork (insert Book 2 cart) 7 | fork (insert Shoes 1 cart) 8 | getKey Book cart 9 | 10 | main = print (runPar p) 11 | -------------------------------------------------------------------------------- /dissertation/chapter4/code/map-lvar-quasi.hs: -------------------------------------------------------------------------------- 1 | import Control.LVish 2 | import Data.LVar.PureMap 3 | import qualified Data.Map as M 4 | 5 | p :: (HasPut e, HasFreeze e) => Par e s (M.Map Item Int) 6 | p = do cart <- newEmptyMap 7 | fork (insert Book 2 cart) 8 | fork (insert Shoes 1 cart) 9 | freezeMap cart 10 | 11 | main = do v <- runParQuasiDet p 12 | print (M.toList v) 13 | -------------------------------------------------------------------------------- /dissertation/chapter4/code/repeated-4-ivar.hs: -------------------------------------------------------------------------------- 1 | import Control.Monad.Par 2 | 3 | p :: Par Int 4 | p = do num <- new 5 | fork (put num 4) 6 | fork (put num 4) 7 | get num 8 | 9 | main = print (runPar p) 10 | -------------------------------------------------------------------------------- /dissertation/chapter4/code/repeated-4-lvar.hs: -------------------------------------------------------------------------------- 1 | {-# LANGUAGE TypeFamilies #-} 2 | 3 | import Control.LVish -- Generic scheduler; works with all LVars. 4 | import Data.LVar.IVar -- The particular LVar we need for this program. 5 | 6 | p :: (HasPut e, HasGet e) => Par e s Int 7 | p = do num <- new 8 | fork (put num 4) 9 | fork (put num 4) 10 | get num 11 | 12 | main = print (runPar p) 13 | -------------------------------------------------------------------------------- /dissertation/chapter4/figures/CFA_speedups.numbers: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/chapter4/figures/CFA_speedups.numbers -------------------------------------------------------------------------------- /dissertation/chapter4/figures/CFA_speedups.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/chapter4/figures/CFA_speedups.pdf -------------------------------------------------------------------------------- /dissertation/chapter4/intro.tex: -------------------------------------------------------------------------------- 1 | We want the programming model of \either{Chapters}{Sections}~\ref{ch:lvars} 2 | and~\ref{ch:quasi} to be realizable in practice. If the determinism 3 | guarantee offered by LVars is to do us any good, however, we need to 4 | add LVars to a programming model that is already deterministic. 5 | The \emph{monad-par} Haskell library~\cite{monad-par}, which provides 6 | the @Par@ monad, is one such deterministic parallel programming model. 7 | Haskell is in general an appealing substrate for 8 | guaranteed-deterministic parallel programming models because it is 9 | pure by default, and its type system enforces separation of pure and 10 | effectful code via monads. In order for the determinism guarantee of 11 | any parallel programming model to hold, the only side effects allowed 12 | must be those sanctioned by the programming model.\footnote{Haskell is 13 | often advertised as a purely functional programming language, that is, 14 | one without side effects, but it is perhaps more useful to think of it 15 | as a language that keeps other effects out of the way so that one can 16 | use only the effects that one wants to use!} In the case of the basic 17 | LVars model of \either{Chapter}{Section}~\ref{ch:lvars}, those allowed 18 | effects are @put@ and @get@ operations on 19 | LVars; \either{Chapter}{Section}~\ref{ch:quasi} adds the @freeze@ 20 | operation and arbitrary update operations to the set of allowed 21 | effects. Implementing these operations as monadic effects in Haskell 22 | makes it possible to provide compile-time guarantees about determinism 23 | and quasi-determinism, because we can use Haskell's type system to 24 | ensure that the only side effects programs can perform are those that 25 | we have chosen to allow. 26 | 27 | Another reason why the existing @Par@ monad is an appealing conceptual 28 | starting point for a practical implementation of LVars is that it 29 | already allows inter-task communication through IVars, which, as we 30 | have seen, are a special case of LVars. Finally, the @Par@ monad 31 | approach is appealing because it is implemented entirely as a library, 32 | with a library-level scheduler. This approach makes it possible to 33 | make changes to the @Par@ scheduling strategy in a modular way, 34 | without having to make any modifications to GHC or its runtime system. 35 | 36 | In this \either{chapter}{section}, \either{I}{we} describe 37 | the \emph{LVish} library, a Haskell library for practical 38 | deterministic and quasi-deterministic parallel programming with LVars. 39 | We have already seen an example of an LVish Haskell program in 40 | Section~\ref{s:quasi-informal}; in the following two sections, we will 41 | take a more extensive tour of what LVish offers. Then, in 42 | Section~\ref{s:lvish-disjoint}, we will consider adding support for 43 | DPJ-style imperative disjoint parallelism to LVish. Finally, in 44 | Sections~\ref{s:lvish-k-cfa} and~\ref{s:lvish-phybin}, we will look at 45 | two case studies that illustrate how LVish and LVars can be used in 46 | practice. 47 | -------------------------------------------------------------------------------- /dissertation/chapter4/main.tex: -------------------------------------------------------------------------------- 1 | \chapter{The LVish library}\label{ch:lvish} % 4 2 | 3 | \input{chapter4/intro} 4 | 5 | \input{chapter4/big-picture} 6 | 7 | \input{chapter4/api} 8 | 9 | \input{chapter4/disjoint} 10 | 11 | \input{chapter4/k-cfa} 12 | 13 | \input{chapter4/phybin} 14 | -------------------------------------------------------------------------------- /dissertation/chapter5/cvrdts.tex: -------------------------------------------------------------------------------- 1 | \section{Background: CvRDTs and eventual consistency}\label{s:distributed-cvrdts} 2 | 3 | Shapiro \etal~\cite{crdts, crdts-tr} define an \emph{eventually 4 | consistent} object as one that meets three conditions. One of these 5 | conditions is the property of \emph{convergence}: all correct replicas 6 | of an object at which the same updates have been delivered eventually 7 | have equivalent state. The other two conditions are \emph{eventual 8 | delivery}, meaning that all replicas receive all update messages, 9 | and \emph{termination}, meaning that all method executions terminate 10 | (we discuss methods in more detail below). 11 | 12 | Shapiro \etal~further define a \emph{strongly eventually consistent} 13 | (SEC) object as one that is eventually consistent and, in addition to 14 | being merely convergent, is \emph{strongly convergent}, meaning that 15 | correct replicas at which the same updates have been delivered have 16 | equivalent state.\footnote{ Strong eventual consistency is not to be 17 | confused with strong consistency: it is the combination of eventual 18 | consistency and strong convergence. Contrast with ordinary 19 | convergence, in which replicas only \emph{eventually} have 20 | equivalent state. In a strongly convergent object, knowing that the 21 | same updates have been delivered to all correct replicas is 22 | sufficient to ensure that those replicas have equivalent state, 23 | whereas in an object that is merely convergent, there might be some 24 | further delay before all replicas agree.} A \emph{conflict-free 25 | replicated data type} (CRDT), then, is a data type (\ie, a 26 | specification for an object) satisfying certain conditions that are 27 | sufficient to guarantee that the object is SEC. (The term ``CRDT'' is 28 | used interchangeably to mean a specification for an object, or an 29 | object meeting that specification.) 30 | 31 | \ifdefined\DISSERTATION 32 | \begin{wrapfigure}{l}{1.4in} 33 | \vspace{-2em} 34 | \begin{center} 35 | \includegraphics[scale=0.2]{../illustrations/shopping-cart} 36 | \end{center} 37 | \vspace{-1.5em} 38 | \end{wrapfigure} 39 | \fi 40 | 41 | There are two ``styles'' of specifying a CRDT: \emph{state-based}, 42 | also known as \emph{convergent}\footnote{There is a potentially 43 | misleading terminology overlap here: the definitions of convergence 44 | and strong convergence above pertain not only to CvRDTs (where the C 45 | stands for ``Convergent''), but to \emph{all} CRDTs.}; or 46 | \emph{operation-based} (or ``op-based''), also known as 47 | \emph{commutative}. CRDTs specified in the state-based style are 48 | called \emph{convergent replicated data types}, abbreviated 49 | \emph{CvRDTs}, while those specified in the op-based style are called 50 | \emph{commutative replicated data types}, abbreviated \emph{CmRDTs}. 51 | Of the two styles, we focus on the CvRDT style in this paper because 52 | CvRDTs are lattice-based data structures and therefore amenable to 53 | threshold queries---although, as Shapiro \etal~show, CmRDTs can 54 | emulate CvRDTs and vice versa. 55 | 56 | \subsection{State-based objects} 57 | 58 | In the Shapiro \etal~model, a \emph{state-based object} is a tuple 59 | $(S, s^0, q, u, m)$, where $S$ is a set of states, $s^0$ is the 60 | initial state, $q$ is the \emph{query method}, $u$ is the \emph{update 61 | method}, and $m$ is the \emph{merge method}. Objects are replicated 62 | across some finite number of processes, with one replica at each 63 | process, and each replica begins in the initial state $s^0$. The 64 | state of a local replica may be queried via the method $q$ and updated 65 | via the method $u$. Methods execute locally, at a single replica, but 66 | the merge method $m$ can merge the state from a remote replica with 67 | the local replica. The model assumes that each replica sends its 68 | state to the other replicas infinitely often, and that eventually 69 | every update reaches every replica, whether directly or indirectly. 70 | 71 | The assumption that replicas send their state to one another 72 | ``infinitely often'' refers not to the \emph{frequency} of these state 73 | transmissions; rather; it says that, regardless of what event (such as 74 | an update, via the $u$ method) occurs at a replica, a state 75 | transmission is guaranteed to occur after that event. We can 76 | therefore conclude that all updates eventually reach all replicas in a 77 | state-based object, meeting the ``eventual delivery'' condition 78 | discussed above. However, we still have no guarantee of strong 79 | convergence or even convergence. This is where Shapiro \etal's notion 80 | of a CvRDT comes in: a state-based object that meets the criteria for 81 | a CvRDT is guaranteed to have the strong-convergence property. 82 | 83 | A \emph{state-based} or \emph{convergent} replicated data type (CvRDT) 84 | is a state-based object equipped with a partial order $\leq$, written 85 | as a tuple 86 | $(S, \leq, s^0, q, u, m)$, that has the following properties: 87 | \begin{itemize} 88 | \item $S$ forms a join-semilattice ordered by $\leq$. 89 | \item The merge method $m$ computes the join of two 90 | states with respect to $\leq$. 91 | \item State is \emph{inflationary} across updates: if $u$ updates a 92 | state $s$ to $s'$, then $s \leq s'$. 93 | \end{itemize} 94 | Shapiro \etal~show that a state-based object that meets the criteria 95 | for a CvRDT is strongly convergent. Therefore, given the eventual 96 | delivery guarantee that all state-based objects have, and given an 97 | additional assumption that all method executions terminate, a 98 | state-based object that meets the criteria for a CvRDT is 99 | SEC~\cite{crdts}. 100 | 101 | \subsection{Discussion: the need for inflationary updates} 102 | 103 | Although CvRDT updates are required to be inflationary, it is not the 104 | case that every update must be inflationary for convergence, given our 105 | assumption of eventual delivery. Consider, for example, a scenario in 106 | which replicas 1 and 2 both have the state $\{a, b\}$. Replica 1 107 | updates its state to $\{a\}$, a non-inflationary update, and then 108 | sends its updated state to replica 2. Replica 2 merges the received 109 | state $\{a\}$ with $\{a, b\}$, and its state remains $\{a, b\}$. Then 110 | replica 2 sends its state back to replica 1; replica 1 merges $\{a, 111 | b\}$ with $\{a\}$, and its state becomes $\{a, b\}$. The 112 | non-inflationary update has been lost, and was, perhaps, 113 | nonsensical---but the replicas are nevertheless convergent. 114 | 115 | However, once we introduce threshold queries of CvRDTs, as we will do 116 | in the following section, inflationary updates become \emph{necessary} 117 | for the determinism of threshold queries. This is because a 118 | non-inflationary update could cause a threshold query that had been 119 | unblocked to block again, and so arbitrary interleaving of 120 | non-inflationary writes and threshold queries would lead to 121 | nondeterministic behavior. Therefore the requirement that updates be 122 | inflationary will not only be sensible, but actually crucial. 123 | 124 | -------------------------------------------------------------------------------- /dissertation/chapter5/intro.tex: -------------------------------------------------------------------------------- 1 | So far, we have considered the problem of how to 2 | program \emph{shared-memory parallel systems} in a way that guarantees 3 | determinism. In this chapter, we turn our attention to a different 4 | but related problem: that of effectively and correctly 5 | programming \emph{distributed systems}, in which programs run on a 6 | network of interconnected nodes, each with its own memory, and where 7 | the network is subject to network partitions and other kinds of 8 | failures. 9 | 10 | Because network partitions can occur and because nodes in a network 11 | can fail, distributed systems typically involve \emph{replication} of 12 | data objects across a number of physical locations. Replication is of 13 | fundamental importance in such systems: it makes them more robust to 14 | data loss and allows for good data locality. But the well-known 15 | \emph{CAP theorem}~\cite{gilbert-lynch-cap, BrewerCAPBlog} of 16 | distributed computing imposes a trade-off between \emph{consistency}, 17 | in which every replica sees the same data, and \emph{availability}, in 18 | which all 19 | \ifdefined\DISSERTATION 20 | \begin{wrapfigure}{r}{1.5in} 21 | \vspace{-1em} 22 | \begin{center} 23 | \includegraphics[scale=0.15]{../illustrations/keys} 24 | \end{center} 25 | \vspace{-1em} 26 | \end{wrapfigure} 27 | \fi 28 | data is available for both reading and writing by all 29 | replicas. 30 | 31 | \emph{Highly available} distributed systems, such as 32 | Amazon's Dynamo key-value store~\cite{dynamo}, relax strong 33 | consistency in favor of \emph{eventual consistency}~\cite{vogels-ec}, 34 | in which replicas need not agree at all times. Instead, updates 35 | execute at a particular replica and are sent to other replicas 36 | later. All updates eventually reach all replicas, albeit possibly in 37 | different orders. Informally speaking, eventual consistency says that 38 | if updates stop arriving, all replicas will \emph{eventually} come to 39 | agree. 40 | 41 | Although giving up on strong consistency makes it possible for a 42 | distributed system to offer high availability, even an eventually 43 | consistent system must have some way of resolving conflicts between 44 | replicas that differ. One approach is to try to determine which 45 | replica was written most recently, then declare that replica the 46 | winner. But, even in the presence of a way to reliably synchronize 47 | clocks between replicas and hence reliably determine which replica was 48 | written most recently, having the last write win might not make sense 49 | from a \emph{semantic} point of view. For instance, if a replicated 50 | object represents a set, then, depending on the application, the 51 | appropriate way to resolve a conflict between two replicas could be to 52 | take the set union of the replicas' contents. Such a conflict 53 | resolution policy might be more appropriate than a ``last write wins'' 54 | policy for, say, a object representing the contents of customer 55 | shopping carts for an online store~\cite{dynamo}. 56 | 57 | Implementing application-specific conflict resolution policies in an 58 | ad-hoc way for every application is tedious and 59 | error-prone.\footnote{Indeed, as the developers of Dynamo have 60 | noted~\cite{dynamo}, Amazon's shopping cart presents an anomaly 61 | whereby removed items may re-appear in the cart!} Fortunately, we 62 | need not implement them in an ad-hoc way. Shapiro~\etal's 63 | \emph{convergent replicated data types} (CvRDTs)~\cite{crdts,crdts-tr} 64 | provide a simple mathematical framework for reasoning about and 65 | enforcing the eventual consistency of replicated objects, based on 66 | viewing replica states as elements of a lattice and replica conflict 67 | resolution as the lattice's join operation. 68 | 69 | Like LVars, CvRDTs are data structures whose states are elements of an 70 | application-specific lattice, and whose contents can only grow with 71 | respect to the given lattice. Although LVars and CvRDTs were 72 | developed independently, both models leverage the mathematical 73 | properties of join-semilattices to ensure that a property of the model 74 | holds---determinism in the case of LVars; eventual consistency in the 75 | case of CvRDTs. 76 | 77 | CvRDTs offer a simple and theoretically-sound approach to eventual 78 | consistency. However, with CvRDTs (and unlike with LVars), it is 79 | still possible to observe inconsistent \emph{intermediate} states of 80 | replicated shared objects, and high availability requires that reads 81 | return a value immediately, even if that value is stale. In practice, 82 | applications call for both strong consistency and high availability at 83 | different times~\cite{pileus}, and increasingly, they support 84 | consistency choices at the granularity of individual queries, not that 85 | of the entire system. For example, the Amazon SimpleDB database 86 | service gives customers the choice between eventually consistent and 87 | strongly consistent read operations on a per-read 88 | basis~\cite{simpledb-vogels-article}. 89 | 90 | Ordinarily, strong consistency is a global property: all replicas 91 | agree on the data. When a system allows consistency choices to be 92 | made at a \emph{per-query} granularity, though, a global strong 93 | consistency property need not hold. We can define a \emph{strongly 94 | consistent query} to be one that, if it returns a result $x$ when 95 | executed at a replica $i$, 96 | \begin{itemize} 97 | \item will always return $x$ on subsequent executions at $i$, and 98 | \item will \emph{eventually} return $x$ when executed at \emph{any} 99 | replica, and will \emph{block} until it does so. 100 | \end{itemize} 101 | That is, a strongly consistent query of a distributed data structure, 102 | if it returns, will return a result that is a \emph{deterministic} 103 | function of all updates to the data structure in the entire 104 | distributed execution, regardless of when the query executes or which 105 | replica it occurs on. 106 | 107 | Traditional CvRDTs only support eventually consistent queries. We 108 | could get strong consistency from CvRDTs by waiting until all replicas 109 | agree before allowing a query to return---but in practice, such 110 | agreement may never happen. In this chapter, I present an alternative 111 | approach that takes advantage of the existing lattice structure of 112 | CvRDTs and does \emph{not} require waiting for all replicas to agree. 113 | To do so, I take inspiration from LVar-style threshold reads. I show 114 | how to extend the CvRDT model to support deterministic, strongly 115 | consistent queries, which I call \emph{threshold queries}. After 116 | reviewing the fundamentals of CvRDTs in 117 | Section~\ref{s:distributed-cvrdts}, I introduce CvRDTs extended with 118 | threshold queries (Section~\ref{s:distributed-model}), and I prove 119 | that threshold queries in our extended model are strongly consistent 120 | queries (Section~\ref{s:distributed-results}). That is, I show that a 121 | threshold query that returns an answer when executed at a replica will 122 | return the same answer every subsequent time that it is executed at 123 | that replica, and that executing that threshold query on a different 124 | replica will eventually return the same answer, and will block until 125 | it does so. It is therefore impossible to observe different results 126 | from the same threshold query, whether at different times on the same 127 | replica or whether on different replicas. 128 | -------------------------------------------------------------------------------- /dissertation/chapter5/main.tex: -------------------------------------------------------------------------------- 1 | \chapter{Deterministic threshold queries of distributed data structures}\label{ch:distributed} % 5 2 | 3 | \input{chapter5/intro} 4 | 5 | \input{chapter5/cvrdts} 6 | 7 | \input{chapter5/model} 8 | 9 | \input{chapter5/results} 10 | 11 | \input{chapter5/relationship} 12 | -------------------------------------------------------------------------------- /dissertation/chapter5/relationship.tex: -------------------------------------------------------------------------------- 1 | \section{Discussion: reasoning about per-query consistency choices}\label{s:distributed-per-query-consistency} 2 | 3 | In this chapter, we have seen a way to extend CvRDTs to support 4 | LVar-style threshold queries. Seen from another angle, this chapter 5 | shows how to ``port'' the notion of threshold reads from a 6 | shared-memory setting (that of LVars) to a distributed-memory one 7 | (that of CvRDTs). However, I do not want to suggest that 8 | deterministic threshold queries should replace traditional CvRDT 9 | queries. Instead, traditional queries and threshold queries can 10 | coexist. Moreover, extending CvRDTs with threshold queries allows 11 | them to more accurately model systems in which consistency properties 12 | are defined and enforced at the granularity of individual queries. 13 | 14 | As mentioned at the beginning of this chapter, database services such 15 | as Amazon's SimpleDB~\cite{simpledb-vogels-article} allow for both 16 | eventually consistent and strongly consistent reads, chosen at a 17 | per-query granularity.\footnote{Terry~\etal's Pileus key-value 18 | store~\cite{pileus} takes the idea of combining different levels of 19 | consistency in a single application even further: instead of 20 | requiring the application developer to choose the consistency level 21 | of a particular query at development time, the system allows the 22 | developer to specify a service-level agreement that may be satisfied 23 | in different ways at runtime. This allows the application to, for 24 | instance, dynamically adapt to changing network conditions.} 25 | Choosing consistency at the query level, and giving different 26 | consistency properties to different queries within a single 27 | application, is not a new idea. Rather, the new contribution we make 28 | by adding threshold queries to CvRDTs is to establish lattice-based 29 | data structures as a unifying formal foundation for both eventually 30 | consistent and strongly consistent queries. Adding support for 31 | threshold reads to CvRDTs allows us to take advantage of the machinery 32 | that CvRDTs already give us for reasoning about eventually consistent 33 | objects, and use it to reason about systems that allow consistency 34 | choices to be made at per-query granularity, as real systems do. 35 | 36 | -------------------------------------------------------------------------------- /dissertation/chapter5/results-determinism-of-threshold-queries-proof.tex: -------------------------------------------------------------------------------- 1 | \begin{proof} 2 | Consider replica $i$ of a threshold CvRDT $(S, \leq, s^0, q, t, u, 3 | m)$. 4 | 5 | Let $\mathcal{S}$ be a threshold set with respect to 6 | $(S, \leq)$. 7 | 8 | Consider a method execution $t^{k+1}_i(\mathcal{S})$ (\ie, a 9 | threshold query that is the $k+1$th method execution on replica $i$, 10 | with threshold set $\mathcal{S}$ as its argument) that returns some 11 | set of activation states $S_a \in \mathcal{S}$. 12 | 13 | For part~\ref{thm:this-replica} of the theorem, we have to show that 14 | threshold queries with $\mathcal{S}$ as their argument will always 15 | return $S_a$ on subsequent executions at $i$. 16 | 17 | That is, we have to show that, for all $k' > (k+1)$, the threshold 18 | query $t^{k'}_i(\mathcal{S})$ on $i$ returns $S_a$. 19 | 20 | Since $t^{k+1}_i(\mathcal{S})$ returns $S_a$, from 21 | Definition~\ref{def:cvrdt-with-threshold-queries} we have that for 22 | some activation state $s_a \in S_a$, the condition $s_a \leq s^k_i$ 23 | holds. 24 | 25 | Consider arbitrary $k' > (k+1)$. 26 | 27 | Since state is inflationary across updates, we know that the state 28 | $s^{k'}_i$ after method execution $k'$ is at least $s^k_i$. 29 | 30 | That is, $s^k_i \leq s^{k'}_i$. 31 | 32 | By transitivity of $\leq$, then, $s_a \leq s^{k'}_i$. 33 | 34 | Hence, by Definition~\ref{def:cvrdt-with-threshold-queries}, 35 | $t^{k'}_i(\mathcal{S})$ returns $S_a$. 36 | 37 | For part~\ref{thm:any-replica} of the theorem, consider some replica 38 | $j$ of $(S, \leq, s^0, q, t, u, m)$, located at process $p_j$. 39 | 40 | We are required to show that, for all $x \geq 0$, the threshold 41 | query $t^{x+1}_j(\mathcal{S})$ returns $S_a$ eventually, and blocks 42 | until it does.\footnote{The occurrences of $k+1$ and $x+1$ in this 43 | proof are an artifact of how we index method executions starting 44 | from $1$, but states starting from $0$. The initial state (of 45 | every replica) is $s^0$, and so $s^k_i$ is the state of replica 46 | $i$ after method execution $k$ has completed at $i$.} 47 | 48 | That is, we must show that, for all $x \geq 0$, there exists some 49 | finite $n \geq 0$ such that 50 | \begin{itemize} 51 | \item 52 | for all $i$ in the range $0 \leq i \leq n-1$, the threshold query 53 | $t^{x+1+i}_j(\mathcal{S})$ returns $\block$, and 54 | \item 55 | for all $i \geq n$, the threshold query $t^{x+1+i}_j(\mathcal{S})$ 56 | returns $S_a$. 57 | \end{itemize} 58 | Consider arbitrary $x \geq 0$. 59 | 60 | Recall that $s^x_j$ is the state of replica $j$ after the $x$th 61 | method execution, and therefore $s^x_j$ is also the state of $j$ 62 | when $t^{x+1}_j(\mathcal{S})$ runs. 63 | % 64 | We have three cases to consider: 65 | \begin{itemize} 66 | \item $s^k_i \leq s^x_j$. 67 | 68 | (That is, replica $i$'s state after the $k$th method execution on $i$ 69 | is \emph{at or below} replica $j$'s state after the $x$th method 70 | execution on $j$.) 71 | 72 | Choose $n = 0$. 73 | 74 | We have to show that, for all $i \geq n$, the threshold query 75 | $t^{x+1+i}_j(\mathcal{S})$ returns $S_a$. 76 | 77 | Since $t^{k+1}_i(\mathcal{S})$ returns $S_a$, we know that there 78 | exists an $s_a \in S_a$ such that $s_a \leq s^k_i$. 79 | 80 | Since $s^k_i \leq s^x_j$, we have by transitivity of $\leq$ that 81 | $s_a \leq s^x_j$. 82 | 83 | Therefore, by Definition~\ref{def:cvrdt-with-threshold-queries}, 84 | $t^{x+1}_j(\mathcal{S})$ returns $S_a$. 85 | 86 | Then, by part~\ref{thm:this-replica} of the theorem, we have that 87 | subsequent executions $t^{x+1+i}_j(\mathcal{S})$ at replica $j$ 88 | will also return $S_a$, and so the case holds. 89 | 90 | (Note that this case includes the possibility $s^k_i \equiv s^0$, 91 | in which no updates have executed at replica $i$.) 92 | 93 | \item $s^k_i > s^x_j$. 94 | 95 | (That is, replica $i$'s state after the $k$th method execution on $i$ 96 | is \emph{above} replica $j$'s state after the $x$th method execution 97 | on $j$.) 98 | 99 | We have two subcases: 100 | 101 | \begin{itemize} 102 | \item 103 | There exists some activation state $s'_a \in S_a$ for which $s'_a \leq 104 | s^x_j$. 105 | 106 | In this case, we choose $n = 0$. 107 | 108 | We have to show that, for all $i \geq n$, the threshold query 109 | $t^{x+1+i}_j(\mathcal{S})$ returns $S_a$. 110 | 111 | Since $s'_a \leq s^x_j$, by 112 | Definition~\ref{def:cvrdt-with-threshold-queries}, 113 | $t^{x+1}_j(\mathcal{S})$ returns $S_a$. 114 | 115 | Then, by part~\ref{thm:this-replica} of the theorem, we have 116 | that subsequent executions $t^{x+1+i}_j(\mathcal{S})$ at replica 117 | $j$ will also return $S_a$, and so the case holds. 118 | 119 | \item 120 | There is no activation state $s'_a \in S_a$ for which $s'_a \leq 121 | s^x_j$. 122 | 123 | Since $t^{k+1}_i(\mathcal{S})$ returns $S_a$, we know that there 124 | is some update $u^{k'}_i(a)$ in $i$'s causal history, for some 125 | $k' < (k+1)$, that updates $i$ from a state at or below $s^x_j$ 126 | to $s^k_i$.\footnote{We know that $i$'s state was once at or 127 | below $s^x_j$, because $i$ and $j$ started at the same state 128 | $s^0$ and can both only grow. Hence the least that $s^x_j$ 129 | can be is $s^0$, and we know that $i$ was originally $s^0$ as 130 | well.} 131 | 132 | By eventual delivery, $u^{k'}_i(a)$ is eventually delivered at 133 | $j$. 134 | 135 | Hence some update or updates that will increase $j$'s state from 136 | $s^x_j$ to a state at or above some $s'_a$ must reach replica 137 | $j$.\footnote{We say ``some update or updates'' because the 138 | exact update $u^{k'}_i(a)$ may not be the update that causes 139 | the threshold query at $j$ to unblock; a different update or 140 | updates could do it. Nevertheless, the existence of 141 | $u^{k'}_i(a)$ means that there is at least one update that 142 | will suffice to unblock the threshold query.} 143 | 144 | Let the $x+1+r$th method execution on $j$ be the first update on $j$ 145 | that updates its state to some $s^{x+1+r}_j \geq s'_a$, for some 146 | activation state $s'_a \in S_a$. 147 | 148 | Choose $n = r+1$. 149 | 150 | We have to show that, for all $i$ in the range $0 \leq i \leq 151 | r$, the threshold query $t^{x+1+i}_j(\mathcal{S})$ returns 152 | $\block$, and that for all $i \geq r+1$, the threshold query 153 | $t^{x+1+i}_j(\mathcal{S})$ returns $S_a$. 154 | 155 | For the former, since the $x+1+r$th method execution on $j$ is the 156 | first one that updates its state to $s^{x+1+r}_j \geq s'_a$, we have 157 | by Definition~\ref{def:cvrdt-with-threshold-queries} that for all $i$ 158 | in the range $0 \leq i \leq r$, the threshold query 159 | $t^{x+1+i}_j(\mathcal{S})$ returns $\block$. 160 | 161 | For the latter, since $s^{x+1+r}_j \geq s'_a$, by 162 | Definition~\ref{def:cvrdt-with-threshold-queries} we have that 163 | $t^{x+1+r+1}_j(\mathcal{S})$ returns $S_a$, and by 164 | part~\ref{thm:this-replica} of the theorem, we have that for $i \geq 165 | r+1$, subsequent executions $t^{x+1+i}_j(\mathcal{S})$ at replica $j$ 166 | will also return $S_a$, and so the case holds. 167 | \end{itemize} 168 | 169 | \item $s^k_i \nleq s^x_j$ and $s^x_j \nleq s^k_i$. 170 | 171 | (That is, replica $i$'s state after the $k$th method execution on $i$ 172 | is \emph{not comparable} to replica $j$'s state after the $x$th method 173 | execution on $j$.) 174 | 175 | Similar to the previous case. 176 | \end{itemize} 177 | \end{proof} 178 | -------------------------------------------------------------------------------- /dissertation/chapter5/results.tex: -------------------------------------------------------------------------------- 1 | \section{Determinism of threshold queries}\label{s:distributed-results} 2 | 3 | Neither eventual consistency nor strong eventual consistency imply 4 | that \emph{intermediate} results of the same query $q$ on different 5 | replicas of a threshold CvRDT will be deterministic. For 6 | deterministic intermediate results, we must use the threshold query 7 | method $t$. We can show that $t$ is deterministic \emph{without} 8 | requiring that the same updates have been delivered at the replicas in 9 | question at the time that $t$ runs. 10 | 11 | Theorem~\ref{thm:determinism-of-threshold-queries} establishes a 12 | determinism property for threshold queries of CvRDTs, porting the 13 | determinism result previously established for threshold reads for 14 | LVars to a distributed setting. 15 | 16 | \begin{thm}[Determinism of Threshold Queries] 17 | \label{thm:determinism-of-threshold-queries} 18 | Suppose a given threshold query $t$ on a given threshold CvRDT 19 | returns a set of activation states $S_a$ when executed at a replica 20 | $i$. Then, assuming eventual delivery and that no replica's state 21 | is ever $\top$ at any point in the execution: 22 | \begin{enumerate} 23 | \item \label{thm:this-replica} $t$ will always return $S_a$ on 24 | subsequent executions at $i$, and 25 | \item \label{thm:any-replica} $t$ will \emph{eventually} return 26 | $S_a$ when executed at \emph{any} replica, and will \emph{block} 27 | until it does so. 28 | \end{enumerate} 29 | \end{thm} 30 | \begin{proof} 31 | The proof relies on transitivity of $\leq$ and eventual delivery of 32 | updates; see 33 | Section~\ref{section:determinism-of-threshold-queries-proof} for the 34 | complete proof. 35 | \end{proof} 36 | 37 | Although Theorem~\ref{thm:determinism-of-threshold-queries} must 38 | assume eventual delivery, it does \emph{not} need to assume strong 39 | convergence or even ordinary convergence. It so happens that we have 40 | strong convergence as part of strong eventual consistency of threshold 41 | CvRDTs (by 42 | Theorem~\ref{thm:strong-eventual-consistency-of-threshold-cvrdts}), 43 | but we do not need it to prove 44 | Theorem~\ref{thm:determinism-of-threshold-queries}. In particular, 45 | there is no need for replicas to have the same state in order to 46 | return the same result from a particular threshold query. The 47 | replicas merely both need to be above an activation state from a 48 | unique set of activation states in the query's threshold set. Indeed, 49 | the replicas' states may in fact trigger \emph{different} activation 50 | states from the same set of activation states. 51 | 52 | Theorem~\ref{thm:determinism-of-threshold-queries}'s requirement that 53 | no replica's state is ever $\top$ rules out situations in which 54 | replicas disagree in a way that cannot be resolved normally. Recall 55 | from Section~\ref{subsection:lvars-errors-and-observable-determinism} 56 | that in the LVars model, when a program contains conflicting writes 57 | that would cause an LVar to reach its $\top$ state, a threshold read 58 | in that program \emph{can} behave nondeterministically. However, 59 | since in our definition of observable determinism, only the final 60 | outcome of a program counts, this nondeterministic behavior of @get@ 61 | in the presence of conflicting writes is not observable: such a 62 | program would always have $\error$ as its final outcome. In our 63 | setting of CvRDTs, though, we do not have a notion of ``program'', nor 64 | of the final outcome thereof. Rather than having to define those 65 | things and then define a notion of observable determinism based on 66 | them, I rule out this situation by assuming that no replica's state 67 | goes to $\top$. 68 | 69 | 70 | 71 | -------------------------------------------------------------------------------- /dissertation/chapter7/main.tex: -------------------------------------------------------------------------------- 1 | \chapter{Summary and future work}\label{ch:conclusion} % 7 2 | 3 | As single-assignment languages and Kahn process networks demonstrate, 4 | monotonicity can serve as the foundation of diverse 5 | deterministic-by-construction parallel programming models. The LVars 6 | programming model takes monotonicity as a starting point and 7 | generalizes single assignment to monotonic multiple assignment, 8 | parameterized by a lattice. The LVars model, and the accompanying 9 | LVish library, \either{support my claim}{demonstrate} that lattice-based data structures are 10 | a general and practical unifying abstraction for deterministic and 11 | quasi-deterministic parallel \either{and distributed}{} programming. 12 | 13 | \ifdefined\DISSERTATION 14 | \section{Another look at the deterministic parallel landscape} 15 | \fi 16 | 17 | Let us reconsider how LVars fit into the deterministic parallel 18 | programming landscape that we mapped out in \either{Chapter}{Section}~\ref{ch:intro}: 19 | \begin{itemize} 20 | \item \emph{No-shared-state parallelism:} The purely functional core 21 | of the $\lambdaLVar$ and $\lambdaLVish$ calculi (and of the LVish 22 | Haskell library) allow no-shared-state, pure task parallelism. Of 23 | course, shared-state programming is the point of the LVars model. 24 | However, it is significant that we take pure programming as a 25 | starting point, because it distinguishes the LVars model from 26 | approaches such as DPJ that begin with a 27 | parallel (but nondeterministic) language and then restrict the 28 | sharing of state to regain determinism. The LVars model works in 29 | the other direction: it begins with a deterministic parallel 30 | language without shared state, and then adds limited effects that 31 | retain determinism. 32 | \item \emph{Data-flow parallelism:} As we have seen, because LVars 33 | are lattice-generic, the LVars model can subsume Kahn process 34 | networks and other parallel programming models based on data flow, 35 | since we can use LVars to represent a lattice of channel 36 | histories, ordered by a prefix ordering. 37 | \item \emph{Single-assignment parallelism:} Single-assignment 38 | variables, or IVars, are also subsumed by LVars: an IVar is an 39 | LVar whose lattice has one ``empty'' state and multiple ``full'' 40 | states (where $\forall{i}.\; \mathit{empty} < \mathit{full_i}$). 41 | In fact, given how useful IVars are, the subsumption of IVars by 42 | LVars demonstrates that immutability is an important special case 43 | of monotonicity.\footnote{As Neil Conway puts it, ``Immutability 44 | is a special case of monotone growth, albeit a particularly 45 | useful one'' 46 | (\url{https://twitter.com/neil_conway/status/392337034896871424}).} 47 | \item \emph{Imperative disjoint parallelism:} Although the LVars 48 | model generally does \emph{not} require that the state accessed by 49 | concurrent threads is disjoint, this style of ensuring determinism 50 | is still compatible with the LVars model, and it is practically 51 | achievable using the @ParST@ monad transformer in LVish, as we saw 52 | in Section~\ref{s:lvish-disjoint}. 53 | \end{itemize} 54 | 55 | In addition to subsuming or accommodating all these existing points on 56 | the landscape, we have identified a new class of 57 | \emph{quasi-deterministic} programs and developed a programming model 58 | that supports quasi-determinism by construction. A 59 | quasi-deterministic model allows programs that perform \emph{freezing} 60 | and are deterministic modulo write-after-freeze exceptions. The 61 | ability to freeze and read the exact contents of an LVar greatly 62 | increases the expressiveness of the LVars model, especially when used 63 | in conjunction with event handlers. Furthermore, we can regain full 64 | determinism by ensuring that freezing happens last, and, as we saw in 65 | Section~\ref{subsection:lvish-regaining-full-determinism-with-runparthenfreeze}, 66 | it is possible to enforce this ``freeze after writing'' requirement at 67 | the implementation level. 68 | 69 | Of course, there is still more work to do. For example, although 70 | imperative disjoint parallelism and the LVars model seem to be 71 | compatible, as evidenced by the use of @ParST@ in LVish, we have not 72 | yet formalized their relationship. In fact, this is an example of a 73 | general pattern in which the LVish library is usually one step ahead 74 | of the LVars formalism: to take another example, the LVish library 75 | supported the update operations of 76 | Section~\either{\ref{subsection:lvars-generalizing-from-least-upper-bound-writes}}{\ref{s:lvars-generalizing}} 77 | (which are commutative and inflationary but not necessarily 78 | idempotent) well before the notion had been formalized in 79 | $\lambdaLVish$. Moreover, even for the parts of the LVish library 80 | that \emph{are} fully accounted for in the model, we do not have proof 81 | that the library is a faithful implementation of the formal LVars 82 | model. 83 | 84 | Although it is unlikely that this game of catch-up can ever be won, an 85 | interesting direction to pursue for future work would be a 86 | \emph{verified} implementation of LVish, for instance, in a 87 | dependently typed programming language. Even though a fully verified 88 | implementation of LVish (including the scheduler implementation) is an 89 | ambitious goal, a more manageable first step might be to implement 90 | individual LVar data structures in a dependently typed language such 91 | as Coq or Agda. The type system of such a language is rich enough to 92 | express properties that must be true of an LVar data structure, such 93 | as that the states that it can take on form a lattice and that writes 94 | are commutative and inflationary. 95 | 96 | \ifdefined\DISSERTATION 97 | \begin{figure}[h] 98 | \vspace{-1em} 99 | \begin{center} 100 | \includegraphics[scale=0.15]{../illustrations/flying-saucer} 101 | \end{center} 102 | \vspace{-1em} 103 | \end{figure} 104 | \fi 105 | 106 | \ifdefined\DISSERTATION 107 | \section{Distributed programming and the future of LVars and LVish} 108 | 109 | Most of this dissertation concerns the problem of how to program 110 | \emph{parallel} systems, in which programs run on multiple processors 111 | that share memory. However, I am also concerned with the problem of 112 | how to program \emph{distributed} systems, in which programs run on 113 | networked computers with distributed memory. Enormous bodies of work 114 | have been developed to deal with programming parallel and distributed 115 | systems, and one of the roles that programming languages research can 116 | play is to seek unifying abstractions between the two. It is in that 117 | spirit that I have explored the relationship of LVars to existing work 118 | on distributed systems. 119 | 120 | LVars are a close cousin to convergent replicated data types 121 | (CvRDTs)~\cite{crdts,crdts-tr}, which leverage lattice properties to 122 | guarantee that all replicas of an object (for instance, in a 123 | distributed database) are eventually consistent. 124 | Chapter~\ref{ch:distributed} begins to explore the relationship 125 | between LVars and CvRDTs by porting LVar-style threshold reads to the 126 | CvRDT setting, but there is much more work to do here. Most 127 | immediately, although the idea of a single lattice-based framework for 128 | reasoning about both strongly consistent and eventually consistent 129 | queries of distributed data is appealing and elegant, it is not yet 130 | clear what the compelling applications for threshold-readable CvRDTs 131 | are. 132 | 133 | As a further step, it should also be possible to ``back-port'' ideas 134 | from the realm of CvRDTs to LVars. In fact, support for 135 | not-necessarily-idempotent updates to LVars was inspired in part by 136 | CvRDTs, which have always permitted arbitrary inflationary and 137 | commutative writes to individual replicas (the lub operation is only 138 | used when replicas' states are \emph{merged} with one another). The 139 | LVars model might further benefit from techniques pioneered in the 140 | work on CvRDTs to support data structures that allow seemingly 141 | non-monotonic updates, such as counters that support decrements as 142 | well as increments and sets that support removals as well as 143 | additions~\cite{crdts}. 144 | 145 | Finally, existing work on CvRDTs, as well as the work on distributed 146 | lattice-based programming languages like Bloom~\cite{bloom-cidr, 147 | blooml}, may serve as a source of inspiration for a future version 148 | of LVish that supports distributed execution. 149 | \fi 150 | -------------------------------------------------------------------------------- /dissertation/dissertation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/dissertation.pdf -------------------------------------------------------------------------------- /dissertation/dissertation.tex: -------------------------------------------------------------------------------- 1 | \documentclass[12pt,final]{iuthesis-alt} 2 | 3 | % This is the dissertation, not the article 4 | \newcommand{\DISSERTATION}{} 5 | \newcommand{\either}[2]{#1} 6 | \let\shortcite\cite 7 | 8 | \usepackage{amsmath,amssymb,amsthm} 9 | \usepackage{color} 10 | \usepackage[backref=page]{hyperref} 11 | \usepackage{graphicx} 12 | \usepackage{stmaryrd} 13 | \usepackage{listings} 14 | \usepackage{lscape} 15 | \usepackage{setspace} 16 | \usepackage{multirow} 17 | \usepackage{tabularx} 18 | \usepackage{wrapfig} 19 | \usepackage{pdfpages} 20 | \usepackage{algorithm} 21 | \usepackage{algpseudocode} 22 | \renewcommand{\algorithmicforall}{\textbf{for each}} 23 | 24 | \usepackage{xltxtra,fontspec,xunicode} 25 | \defaultfontfeatures{Scale=MatchLowercase} 26 | \setromanfont[Mapping=tex-text]{PT Serif} 27 | \setsansfont[Mapping=tex-text]{PT Serif} 28 | 29 | % Stuff for ensuring that figure captions are single-spaced and 30 | % consistently spaced from the figure. Not sure why this works, but 31 | % it seems to. 32 | \usepackage{subfig} 33 | \captionsetup[table]{aboveskip=5pt} 34 | \captionsetup[table]{belowskip=5pt} 35 | 36 | % Stuff needed for typesetting lambdaLVish and its metatheory 37 | \input{../latex_common/lang} 38 | \input{../latex_common/metatheory} 39 | 40 | % For typesetting inference rules 41 | \usepackage{../latex_common/mathpartir} 42 | 43 | % Syntax and semantics of lambdaLVar and lambdaLVish 44 | \input{../latex_common/lambdaLVar-definition} 45 | \input{../latex_common/lambdaLVish-definition} 46 | 47 | % Definitions, lemmas, theorems 48 | \input{../latex_common/lambdaLVar-defs} 49 | \input{../latex_common/lambdaLVar-thms} 50 | 51 | \input{../latex_common/lambdaLVish-defs} 52 | \input{../latex_common/lambdaLVish-thms} 53 | 54 | % Editing marks 55 | \input{../latex_common/editingmarks} 56 | 57 | %%% Formatting of definitions, theorems, etc. 58 | \newtheorem{lem}{Lemma}[chapter] 59 | \newtheorem{cor}{Corollary}[chapter] 60 | \newtheorem{thm}{Theorem}[chapter] 61 | 62 | \renewcommand{\theequation}{Example \thechapter.\arabic{equation}} 63 | 64 | % Defining some extra theoremstyle stuff for documents that need it 65 | % (i.e., non-LNCS-style documents) 66 | \theoremstyle{definition} 67 | \newtheorem{definition}{Definition}[chapter] 68 | \newtheorem{example}{Example}[chapter] 69 | \newtheorem{remark}{Remark}[chapter] 70 | 71 | % Other presentational stuff 72 | \input{../latex_common/style} 73 | 74 | % Specific to amsthm 75 | \newenvironment{proofsketch}[1][\proofname]{\proof[#1]\mbox{}}{\endproof} 76 | 77 | % Use the @ symbol for simple inline code within prose: 78 | \lstMakeShortInline[]@ 79 | 80 | % The annoying section-only section numbering is inherited from 81 | % amsbook, on which iuthesis-alt is based. This is to bring back 82 | % chapter numbers in the section headings. 83 | \renewcommand{\thesection}{\thechapter.\arabic{section}} 84 | 85 | % Also, put chapter numbers in figure and table numbering. 86 | \renewcommand{\thefigure}{\thechapter.\arabic{figure}} 87 | \renewcommand{\thetable}{\thechapter.\arabic{table}} 88 | 89 | % Seutup for hyperref. 90 | \hypersetup{ 91 | pdftitle={Lattice-based Data Structures for Deterministic Parallel and Distributed Programming}, 92 | pdfauthor={Lindsey Kuper}, 93 | colorlinks=true, 94 | linkcolor=black, 95 | citecolor=black, 96 | urlcolor=black, 97 | } 98 | 99 | \title{Lattice-based Data Structures for Deterministic Parallel and 100 | Distributed Programming} 101 | 102 | \author{Lindsey Kuper} 103 | 104 | \advisor{Ryan R. Newton} 105 | \secondreader{Lawrence S. Moss} 106 | \thirdreader{Amr Sabry} 107 | \fourthreader{Chung-chieh Shan} 108 | \departmentname{School} 109 | \department{Informatics and Computing} 110 | \copyrightyear{2015} 111 | \submitdate{September 2015} 112 | \acceptdate{09/08/2014} 113 | 114 | % For use with iuthesis-alt.cls. 115 | \parskip=6pt 116 | \parindent=0pt 117 | \normalparindent=0pt 118 | 119 | \begin{document} 120 | \raggedbottom %% Try to avoid huge gaps between paragraphs. 121 | 122 | \frontmatter 123 | 124 | \begin{acknowledgements} 125 | \input{acks} 126 | \end{acknowledgements} 127 | 128 | \begin{dedication} 129 | For Alex, who said, \\``You're gonna destroy grad school.'' 130 | \end{dedication} 131 | 132 | \begin{abstract} 133 | \input{abstract} 134 | \end{abstract} 135 | 136 | \maketitle 137 | \signaturepage 138 | \copyrightpage 139 | \makeack 140 | \makededication 141 | \makeabstract 142 | \tableofcontents 143 | 144 | \mainmatter 145 | 146 | \input{chapter1/main} 147 | \input{chapter2/main} 148 | \input{chapter3/main} 149 | \input{chapter4/main} 150 | \input{chapter5/main} 151 | \input{chapter6/main} 152 | \input{chapter7/main} 153 | 154 | \bibliographystyle{is-abbrv} 155 | \newcommand{\myname}[0]{Lindsey Kuper} 156 | \bibliography{../latex_common/refs,../latex_common/lkuper} 157 | 158 | \appendix 159 | 160 | \input{appendix-proofs/main} 161 | 162 | \input{appendix-redex/main} 163 | 164 | % Force CV to appear in TOC, but with no page number 165 | \addtocontents{toc}{\bigskip Curriculum Vitae\par} 166 | 167 | \includepdf[pages=-]{lindsey_kuper_cv.pdf} 168 | 169 | \end{document} 170 | -------------------------------------------------------------------------------- /dissertation/draft-06-28-2014.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/draft-06-28-2014.pdf -------------------------------------------------------------------------------- /dissertation/draft-07-04-2014.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/draft-07-04-2014.pdf -------------------------------------------------------------------------------- /dissertation/draft-07-12-2014.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/draft-07-12-2014.pdf -------------------------------------------------------------------------------- /dissertation/draft-07-25-2014.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/draft-07-25-2014.pdf -------------------------------------------------------------------------------- /dissertation/draft-08-11-2014.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/dissertation/draft-08-11-2014.pdf -------------------------------------------------------------------------------- /dissertation/jfp.tex: -------------------------------------------------------------------------------- 1 | \NeedsTeXFormat{LaTeX2e} 2 | 3 | \RequirePackage{amsmath} 4 | \documentclass{../latex_common/jfp1} 5 | \bibliographystyle{../latex_common/jfp} 6 | 7 | % This is the journal article, not the dissertation 8 | \newcommand{\JOURNAL}{} 9 | \newcommand{\either}[2]{#2} 10 | 11 | \usepackage{color} 12 | \usepackage{hyperref} 13 | \usepackage{graphicx} 14 | \usepackage{stmaryrd} 15 | \usepackage{listings} 16 | \usepackage{lscape} 17 | \usepackage{setspace} 18 | \usepackage{multirow} 19 | \usepackage{tabularx} 20 | \usepackage{algorithm} 21 | \usepackage{algpseudocode} 22 | \renewcommand{\algorithmicforall}{\textbf{for each}} 23 | 24 | \let\oldsection\section 25 | \let\oldsubsection\subsection 26 | \let\oldsubsubsection\subsubsection 27 | \renewcommand{\chapter}[1]{\oldsection{#1}} 28 | \renewcommand{\section}[1]{\oldsubsection{#1}} 29 | \renewcommand{\subsection}[1]{\oldsubsubsection{#1}} 30 | 31 | % Stuff needed for typesetting lambdaLVish and its metatheory 32 | \input{../latex_common/lang} 33 | \input{../latex_common/metatheory} 34 | 35 | % For typesetting inference rules 36 | \usepackage{../latex_common/mathpartir} 37 | 38 | % Syntax and semantics of lambdaLVar and lambdaLVish 39 | \input{../latex_common/lambdaLVar-definition} 40 | \input{../latex_common/lambdaLVish-definition} 41 | 42 | % Definitions, lemmas, theorems 43 | \input{../latex_common/lambdaLVar-defs} 44 | \input{../latex_common/lambdaLVar-thms} 45 | 46 | \input{../latex_common/lambdaLVish-defs} 47 | \input{../latex_common/lambdaLVish-thms} 48 | 49 | % Editing marks 50 | \input{../latex_common/editingmarks} 51 | 52 | %%% Formatting of definitions, theorems, etc. 53 | \newtheorem{lem}{Lemma}[section] 54 | \newtheorem{cor}{Corollary}[section] 55 | \newtheorem{thm}{Theorem}[section] 56 | 57 | \renewcommand{\theequation}{Example \thesection.\arabic{equation}} 58 | 59 | % Defining some extra theoremstyle stuff for documents that need it 60 | % (i.e., non-LNCS-style documents) 61 | %\theoremstyle{definition} 62 | \newtheorem{definition}{Definition}[section] 63 | \newtheorem{example}{Example}[section] 64 | \newtheorem{remark}{Remark}[section] 65 | 66 | % Other presentational stuff 67 | \input{../latex_common/style} 68 | 69 | % Specific to amsthm 70 | \newenvironment{proofsketch}[1][\proofname]{\proof[#1]\mbox{}}{\endproof} 71 | 72 | % Ignore badness 73 | \renewcommand{\doublespacing}{} 74 | 75 | % Use the @ symbol for simple inline code within prose: 76 | \lstMakeShortInline[]@ 77 | 78 | % Seutup for hyperref. 79 | \hypersetup{ 80 | pdftitle={LVars: Lattice-based Data Structures for Deterministic Parallel Programming}, 81 | pdfauthor={Lindsey Kuper \etal}, 82 | colorlinks=true, 83 | linkcolor=blue, 84 | citecolor=blue, 85 | urlcolor=blue, 86 | } 87 | 88 | \title{LVars: Lattice-based Data Structures for Deterministic Parallel Programming} 89 | 90 | \author[L. Kuper, A. Turon, N. R. Krishnaswami, and R. R. Newton] 91 | {LINDSEY KUPER\\ 92 | Intel Labs\\ 93 | \and\ AARON TURON\\ 94 | Mozilla Research\\ 95 | \and\ NEELAKANTAN R. KRISHNASWAMI\\ 96 | University of Birmingham\\ 97 | \and\ RYAN R. NEWTON\\ 98 | Indiana University} 99 | 100 | \begin{document} 101 | 102 | \label{firstpage} 103 | 104 | \maketitle 105 | 106 | \begin{abstract} 107 | \input{abstract} 108 | \end{abstract} 109 | 110 | \input{chapter1/main} 111 | \input{chapter2/main} 112 | \input{chapter3/main} 113 | \input{chapter4/main} 114 | \input{chapter6/main} 115 | \input{chapter7/main} 116 | 117 | % Put this bak the way it was before typesetting refs. 118 | \renewcommand{\section}{\oldsection} 119 | 120 | \bibliography{../latex_common/refs,../latex_common/lkuper} 121 | 122 | \end{document} 123 | -------------------------------------------------------------------------------- /dissertation/jfp_cover_letter.txt: -------------------------------------------------------------------------------- 1 | Dear editors, 2 | 3 | Please find attached our manuscript, "LVars: lattice-based data 4 | structures for deterministic parallel programming", which we are 5 | submitting for consideration for the upcoming JFP Special Issue on 6 | Parallel and Concurrent Programming. 7 | 8 | This manuscript can be thought of as a significantly revised and 9 | extended version of our POPL 2014 paper "Freeze after writing: 10 | quasi-deterministic parallel programming with LVars". It incorporates 11 | previously unpublished material, as well as some material from our 12 | other publications on LVars. 13 | 14 | Thanks for your consideration of our manuscript, and special thanks to 15 | Matthias Felleisen for encouraging us to submit our work to JFP. 16 | 17 | Best, 18 | Lindsey Kuper, Aaron Turon, Neel Krishnaswami, and Ryan Newton 19 | -------------------------------------------------------------------------------- /dissertation/outline.md: -------------------------------------------------------------------------------- 1 | ## Outline 2 | 3 | 1. Introduction 4 | 1. The deterministic-by-construction parallel programming landscape 5 | 2. Lattice-based, monotonic data structures as a basis for deterministic parallelism 6 | 3. Quasi-deterministic and event-driven programming with LVars 7 | 4. The LVish library 8 | 5. Deterministic threshold queries of distributed data structures 9 | 6. Thesis statement, and organization of the rest of this dissertation 10 | 7. Previously published work 11 | 12 | 2. LVars: lattice-based data structures for deterministic parallelism 13 | 1. Motivating example: a parallel, pipelined graph computation 14 | 2. LVars by example 15 | 3. Lattices, stores, and determinism 16 | 4. lambdaLVar: syntax and semantics 17 | 5. Proof of determinism for lambdaLVar 18 | 6. Generalizing the `put` and `get` operations 19 | 20 | 3. Quasi-deterministic and event-driven programming with LVars 21 | 1. lambdaLVish, informally 22 | 2. lambdaLVish, formally 23 | 3. Proof of quasi-determinism for lambdaLVish 24 | 25 | 4. The LVish library: interface, implementation, and evaluation 26 | 1. The big picture 27 | 2. The LVish library interface for application writers 28 | 3. Par-monad transformers and disjoint parallel update 29 | 4. The LVish library implementation 30 | 5. Case study: parallelizing k-CFA with LVish 31 | 6. Case study: parallelizing PhyBin with LVish 32 | 33 | 5. Deterministic threshold reads of distributed data structures 34 | 1. Background: CvRDTs and eventual consistency 35 | 2. Adding threshold queries to CvRDTs 36 | 3. Determinism of threshold queries 37 | 38 | 6. Related work 39 | 1. Deterministic Parallel Java 40 | 2. FlowPools 41 | 3. Concurrent Revisions 42 | 4. Conflict-free replicated data types 43 | 5. Bloom and Bloom^L 44 | 6. (Related work in separation logic, maybe?) 45 | 46 | 7. Summary and future work 47 | 1. Remapping the deterministic parallel landscape 48 | 2. Distributed programming and the future 49 | 50 | ### Appendices 51 | 52 | A. Proofs 53 | 54 | B. PLT Redex models of lambdaLVar and lambdaLVish 55 | -------------------------------------------------------------------------------- /illustrations/book.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/book.png -------------------------------------------------------------------------------- /illustrations/communicating-threads.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/communicating-threads.png -------------------------------------------------------------------------------- /illustrations/elf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/elf.png -------------------------------------------------------------------------------- /illustrations/flow2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/flow2.png -------------------------------------------------------------------------------- /illustrations/flow3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/flow3.png -------------------------------------------------------------------------------- /illustrations/flying-saucer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/flying-saucer.png -------------------------------------------------------------------------------- /illustrations/frozen-data.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/frozen-data.png -------------------------------------------------------------------------------- /illustrations/frozen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/frozen.png -------------------------------------------------------------------------------- /illustrations/graph-traversal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/graph-traversal.png -------------------------------------------------------------------------------- /illustrations/keys.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/keys.png -------------------------------------------------------------------------------- /illustrations/map.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/map.png -------------------------------------------------------------------------------- /illustrations/matrix.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/matrix.png -------------------------------------------------------------------------------- /illustrations/pool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/pool.png -------------------------------------------------------------------------------- /illustrations/sharing-state.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/sharing-state.png -------------------------------------------------------------------------------- /illustrations/shoe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/shoe.png -------------------------------------------------------------------------------- /illustrations/shopping-cart.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/shopping-cart.png -------------------------------------------------------------------------------- /illustrations/store.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/store.png -------------------------------------------------------------------------------- /illustrations/thread.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/illustrations/thread.png -------------------------------------------------------------------------------- /latex_common/editingmarks.tex: -------------------------------------------------------------------------------- 1 | %%% Macros for editing marks. 2 | 3 | \newcommand{\TODO}[1]{\pgwrapper{TODO}{#1}} 4 | \newcommand{\lk}[1]{\pgwrapper{LK}{#1}} 5 | \newcommand{\rn}[1]{\pgwrapper{RN}{#1}} 6 | 7 | \InputIfFileExists{editingmarks}{}{ 8 | \def\noeditingmarks{} 9 | } 10 | 11 | \definecolor{comment-red}{rgb}{0.8,0,0} 12 | \ifx\noeditingmarks\undefined 13 | \newcommand{\textred}[1]{\textcolor{comment-red}{#1}} 14 | \newcommand{\pgwrapper}[2]{\textred{#1: #2}} 15 | \else 16 | \newcommand{\textred}[1]{\textcolor{comment-red}{#1}} 17 | \newcommand{\pgwrapper}[2]{} 18 | \fi 19 | -------------------------------------------------------------------------------- /latex_common/lambdaLVar-definition.tex: -------------------------------------------------------------------------------- 1 | %%% The syntax and semantics of lambdaLVar. 2 | 3 | \newcommand{\FigLambdaLVarGrammar}[1][t]{ 4 | \begin{figure}[#1] 5 | Given a lattice $(D, \userleq, \bot, \top)$ with elements $d \in D$: 6 | {\doublespacing 7 | \[ 8 | \begin{array}{rlcl} 9 | \mbox{configurations} & \conf & \bnfdef & \config{S}{e} \sep \error \\ 10 | \mbox{expressions} & e & \bnfdef & 11 | x \sep 12 | v \sep 13 | \app{e}{e} \sep 14 | \getexp{e}{e} \sep 15 | \putexp{e}{e} \sep 16 | \NEW \\ 17 | % N.B. unit and d are part of the set of values because (unlike 18 | % in the FHPC paper) get and put don't take and return sets. 19 | % Before, put returned an empty set (we overloaded the idea of 20 | % an empty threshold set) and get returned a singleton set. 21 | % This was to keep the grammar clean, but it's silly; it makes 22 | % more sense to just have two more value forms. 23 | \mbox{values} & v & \bnfdef & \unit \sep d \sep l \sep T \sep \lam{x}{e} \\ 24 | \mbox{threshold sets} & T & \bnfdef & \stateset{d_1,\,d_2,\,\dots} \\ 25 | % N.B. In Redex we actually rule out store values being Top in 26 | % the grammar, and have a special StoreVal type for elements 27 | % other than Top. Here we don't bother, and we just say that 28 | % stores contain bindings from locations l to pairs p. 29 | \mbox{stores} & S & \bnfdef & 30 | \store{\storebindingRaw{l_1}{d_1},\,\dots, \storebindingRaw{l_n}{d_n}} \sep \topS \\ 31 | \mbox{evaluation contexts} & E & \bnfdef & 32 | [~] \sep 33 | \app{E}{e} \sep 34 | \app{e}{E} \sep 35 | \getexp{E}{e} \sep 36 | \getexp{e}{E} \sep 37 | \putexp{E}{e} \sep 38 | \putexp{e}{E} 39 | \end{array} 40 | \] 41 | } 42 | \caption{Syntax for $\lambdaLVar$.} 43 | \label{f:lvars-lambdaLVar-syntax} 44 | \end{figure} 45 | } 46 | 47 | \newcommand{\FigLambdaLVarReductionSemantics}[1][t]{ 48 | \begin{figure}[#1] 49 | Given a lattice $(D, \userleq, \bot, \top)$ with elements $d \in D$: 50 | \bigskip 51 | $\incomp{T} \defeq \qforall{d_1,d_2 \in T}{(d_1 \neq d_2 \implies \userlub{d_1}{d_2} 52 | = \top)}$\hfill \fbox{$\conf \parstepsto \conf'$} 53 | \bigskip 54 | {\doublespacing 55 | \begin{mathpar} 56 | \inferrule*[lab=E-Beta] 57 | {~} 58 | {\config{S}{\app{(\lam{x}{e})}{v}} \parstepsto \config{S}{\subst{e}{x}{v}}} 59 | 60 | \inferrule*[lab=E-New, right=\textnormal{($l \notin \dom{S}$)}] 61 | {~} 62 | {\config{S}{\NEW} \parstepsto \config{\extSRaw{S}{l}{\bot}}{l}} 63 | 64 | \inferrule*[lab=E-Put] 65 | {S(l) = d_1 \\ \userlub{d_1}{d_2} \neq \top} 66 | {\config{S}{\putexp{l}{d_2}} \parstepsto 67 | \config{\extSRaw{S}{l}{\userlub{d_1}{d_2}}}{\unit}} 68 | 69 | \inferrule*[lab=E-Put-Err] 70 | {S(l) = d_1 \\ \userlub{d_1}{d_2} = \top} 71 | {\config{S}{\putexp{l}{d_2}} \parstepsto 72 | \error} 73 | 74 | \inferrule*[lab=E-Get] 75 | {S(l) = d_1 \\ \incomp{T} \\ d_2 \in T \\ d_2 \userleq d_1} 76 | {\config{S}{\getexp{l}{T}} \parstepsto \config{S}{d_2}} 77 | \end{mathpar} 78 | } 79 | \caption{Reduction semantics for $\lambdaLVar$.} 80 | \label{f:lvars-lambdaLVar-reduction-semantics} 81 | \end{figure} 82 | } 83 | 84 | \newcommand{\FigLambdaLVarContextSemantics}[1][t]{ 85 | \begin{figure}[#1] 86 | \hfill \fbox{$\conf \ctxstepsto \conf'$} 87 | \begin{mathpar} 88 | \inferrule*[lab=E-Eval-Ctxt] 89 | {\config{S}{e} \parstepsto \config{S'}{e'}} 90 | {\config{S}{\E{e}} \ctxstepsto \config{S'}{\E{e'}}} 91 | \end{mathpar} 92 | \caption{Context semantics for $\lambdaLVar$.} 93 | \label{f:lvars-lambdaLVar-context-semantics} 94 | \end{figure} 95 | } 96 | -------------------------------------------------------------------------------- /latex_common/lambdaLVar-defs.tex: -------------------------------------------------------------------------------- 1 | \newcommand{\LVarsDefStore}{ 2 | \begin{definition}[store, $\lambdaLVar$]\label{def:lvars-store} 3 | A \emph{store} is either a finite partial mapping $S : \Loc \fmap (D 4 | - \setof{\top})$, or the distinguished element $\topS$. 5 | \end{definition} 6 | } 7 | 8 | \newcommand{\LVarsDefLeqStore}{ 9 | \begin{definition}[store ordering, $\lambdaLVar$]\label{def:lvars-leqstore} 10 | A store $S$ is \emph{less than or equal to} a store $S'$ (written 11 | $\leqstore{S}{S'}$) iff: 12 | \begin{itemize} 13 | \item $S' = \topS$, or 14 | \item $\dom{S} \subseteq \dom{S'}$ and for all $l 15 | \in \dom{S}$, $S(l) \userleq S'(l)$. 16 | \end{itemize} 17 | \end{definition} 18 | } 19 | 20 | \newcommand{\LVarsDefLeqStoreCnC}{ 21 | \begin{definition}[store ordering, Featherweight CnC]\label{def:lvars-leqstore-cnc} 22 | A store $S$ is \emph{less than or equal to} a store $S'$ (written 23 | $\leqstore{S}{S'}$) iff $\dom{S} \subseteq \dom{S'}$ and for all $l 24 | \in \dom{S}$, $S(l) = S'(l)$. 25 | \end{definition} 26 | } 27 | 28 | \newcommand{\LVarsDefLubStore}{ 29 | \begin{definition}[lub of stores, $\lambdaLVar$]\label{def:lvars-lubstore} 30 | 31 | The lub of stores $S_1$ and $S_2$ (written $\lubstore{S_1}{S_2}$) is 32 | defined as follows: 33 | 34 | \begin{itemize} 35 | \item $\lubstore{S_1}{S_2} = \topS$ iff there exists some $l \in 36 | \dom{S_1} \cap \dom{S_2}$ such that $\userlub{S_1(l)}{S_2(l)} = \top$. 37 | \item Otherwise, $\lubstore{S_1}{S_2}$ is the store $S$ such that: 38 | 39 | \begin{itemize} 40 | \item $\dom{S} = \dom{S_1} \cup \dom{S_2}$, and 41 | \item For all $l \in \dom{S}$: 42 | \end{itemize} 43 | \begin{displaymath} 44 | S(l) = \left\{ \begin{array}{ll} 45 | \userlub{S_1(l)}{S_2(l)} & \textrm{if $l \in \dom{S_1} \cap \dom{S_2}$} \\ 46 | S_1(l) & \textrm{if $l \notin \dom{S_2}$} \\ 47 | S_2(l) & \textrm{if $l \notin \dom{S_1}$}. 48 | \end{array} \right. 49 | \end{displaymath} 50 | \end{itemize} 51 | \end{definition} 52 | } 53 | 54 | \newcommand{\LVarsDefPermutation}{ 55 | \begin{definition}[permutation, $\lambdaLVar$]\label{def:lvars-permutation} 56 | A \emph{permutation} is a function $\pi : \Loc \rightarrow \Loc$ 57 | such that: 58 | \begin{enumerate} 59 | \item $\pi$ is invertible, that is, there is an inverse function 60 | $\piinv : \Loc \rightarrow \Loc$ with the property that $\pi(l) = 61 | l'$ iff $\piinv(l') = l$; and 62 | \item $\pi$ is the identity on all but finitely many elements of 63 | $Loc$. 64 | \end{enumerate} 65 | \end{definition} 66 | } 67 | 68 | \newcommand{\LVarsDefPermutationExpression}{ 69 | \begin{definition}[permutation of an expression, $\lambdaLVar$]\label{def:lvars-permutation-expression} 70 | A \emph{permutation} of an expression $e$ is a function $\pi$ 71 | defined as follows: 72 | \begin{displaymath} 73 | \begin{array}{ll} 74 | \pi(x) & \defeq x \\ 75 | \pi(\unit) & \defeq \unit \\ 76 | \pi(d) & \defeq d \\ 77 | \pi(l) & \defeq \pi(l) \\ 78 | \pi(T) & \defeq T \\ 79 | \pi(\lam{x}{e}) & \defeq \lam{x}{\pi(e)} \\ 80 | \pi(\app{e_1}{e_2}) & \defeq \app{\pi(e_1)}{\pi(e_2)} \\ 81 | \pi(\getexp{e_1}{e_2}) & \defeq \getexp{\pi(e_1)}{\pi(e_2)} \\ 82 | \pi(\putexp{e_1}{e_2}) & \defeq \putexp{\pi(e_1)}{\pi(e_2)} \\ 83 | \pi(\NEW) & \defeq \NEW \\ 84 | \end{array} 85 | \end{displaymath} 86 | \lk{It's fine to just say that $\pi(\NEW)$ is $\NEW$; we only care 87 | about renaming it if it has already been allocated! If it's just 88 | an unevaluated $\NEW$ expression, then there's nothing to do.} 89 | \end{definition} 90 | } 91 | 92 | \newcommand{\LVarsDefPermutationStore}{ 93 | \begin{definition}[permutation of a store, $\lambdaLVar$]\label{def:lvars-permutation-store} 94 | A \emph{permutation} of a store $S$ is a function $\pi$ defined as 95 | follows: 96 | \begin{displaymath} 97 | \begin{array}{ll} 98 | \pi(\topS) & \defeq \topS \\ 99 | \pi(\store{\storebindingRaw{l_1}{d_1}, \dots, 100 | \storebindingRaw{l_n}{d_n}}) & \defeq 101 | \store{\storebindingRaw{\pi(l_1)}{d_1}, \dots, 102 | \storebindingRaw{\pi(l_n)}{d_n}} \\ 103 | \end{array} 104 | \end{displaymath} 105 | \end{definition} 106 | } 107 | 108 | \newcommand{\LVarsDefPermutationConfiguration}{ 109 | \begin{definition}[permutation of a configuration, $\lambdaLVar$]\label{def:lvars-permutation-configuration} 110 | A \emph{permutation} of a configuration $\config{S}{e}$ is a function $\pi$ 111 | defined as follows: if $\config{S}{e} = \error$, then 112 | $\pi(\config{S}{e}) = \error$; otherwise, $\pi(\config{S}{e}) = 113 | \config{\pi(S)}{\pi(e)}$. 114 | \end{definition} 115 | } 116 | 117 | \newcommand{\LVarsDefNonConflicting}{ 118 | \begin{definition}[non-conflicting store]\label{def:lvars-non-conflicting} 119 | A store $S''$ is \emph{non-conflicting} with the transition 120 | $\config{S}{e} \parstepsto \config{S'}{e'}$ iff $(\dom{S'} - 121 | \dom{S}) \cap \dom{S''} = \emptyset$. 122 | \end{definition} 123 | } 124 | -------------------------------------------------------------------------------- /latex_common/lambdaLVar-thms.tex: -------------------------------------------------------------------------------- 1 | \newcommand{\LVarsLemPermutability}{ 2 | \begin{lem}[Permutability, $\lambdaLVar$]\label{lem:lvars-permutability} 3 | For any finite permutation $\pi$, 4 | \begin{enumerate} 5 | \item \label{thm:permutable-reduction-transitions} $\conf 6 | \parstepsto \conf'$ if and only if $\pi(\conf) \parstepsto 7 | \pi(\conf')$. 8 | \item \label{thm:permutable-context-transitions} $\conf \ctxstepsto 9 | \conf'$ if and only if $\pi(\conf) \ctxstepsto \pi(\conf')$. 10 | \end{enumerate} 11 | \end{lem} 12 | } 13 | 14 | \newcommand{\LVarsLemInternalDeterminism}{ 15 | \begin{lem}[Internal Determinism, $\lambdaLVar$]\label{lem:lvars-internal-determinism} 16 | If $\conf \parstepsto \conf'$ and $\conf \parstepsto \conf''$, then 17 | there is a permutation $\pi$ such that $\conf' = \pi(\conf'')$. 18 | \end{lem} 19 | } 20 | 21 | \newcommand{\LVarsLemLocality}{ 22 | \begin{lem}[Locality, $\lambdaLVar$]\label{lem:lvars-locality} 23 | If $\config{S}{\evalctxt{E_1}{e_1}} \ctxstepsto 24 | \config{S_1}{\evalctxt{E_1}{e'_1}}$ and 25 | $\config{S}{\evalctxt{E_2}{e_2}} \ctxstepsto 26 | \config{S_2}{\evalctxt{E_2}{e'_2}}$ and $\evalctxt{E_1}{e_1} = 27 | \evalctxt{E_2}{e_2}$, then: 28 | 29 | If $E_1 \neq E_2$, then there exist evaluation contexts $E'_1$ and 30 | $E'_2$ such that: 31 | \begin{itemize} 32 | \item $\evalctxt{E'_1}{e_1} = \evalctxt{E_2}{e'_2}$, and 33 | \item $\evalctxt{E'_2}{e_2} = \evalctxt{E_1}{e'_1}$, and 34 | \item $\evalctxt{E'_1}{e'_1} = \evalctxt{E'_2}{e'_2}$. 35 | \end{itemize} 36 | \end{lem} 37 | } 38 | 39 | \newcommand{\LVarsLemMonotonicity}{ 40 | \begin{lem}[Monotonicity, $\lambdaLVar$]\label{lem:lvars-monotonicity} 41 | If $\config{S}{e} \parstepsto \config{S'}{e'}$, then 42 | $\leqstore{S}{S'}$. 43 | \end{lem} 44 | } 45 | 46 | \newcommand{\LVarsLemIndependence}{ 47 | \begin{lem}[Independence]\label{lem:lvars-independence} 48 | If $\config{S}{e} \parstepsto \config{S'}{e'}$ (where 49 | $\config{S'}{e'} \neq \textup{\error}$), then for all $S''$ such 50 | that $S''$ is non-conflicting with $\config{S}{e} \parstepsto 51 | \config{S'}{e'}$ and $\lubstore{S'}{S''} \neq \topS$: 52 | 53 | $\config{\lubstore{S}{S''}}{e} \parstepsto \config{\lubstore{S'}{S''}}{e'}$. 54 | \end{lem} 55 | } 56 | 57 | \newcommand{\LVarsLemClash}{ 58 | \begin{lem}[Clash]\label{lem:lvars-clash} 59 | If $\config{S}{e} \parstepsto \config{S'}{e'}$ (where 60 | $\config{S'}{e'} \neq \textup{\error}$), then for all $S''$ such 61 | that $S''$ is non-conflicting with $\config{S}{e} \parstepsto 62 | \config{S'}{e'}$ and $\lubstore{S'}{S''} = \topS$: 63 | 64 | $\config{\lubstore{S}{S''}}{e} \parstepsto^i \textup{\error}$, where 65 | $i \leq 1$. 66 | \end{lem} 67 | } 68 | 69 | \newcommand{\LVarsLemErrorPreservation}{ 70 | \begin{lem}[Error Preservation, $\lambdaLVar$]\label{lem:lvars-error-preservation} 71 | If $\config{S}{e} \parstepsto \textup{\error}$ and $\leqstore{S}{S'}$, then 72 | $\config{S'}{e} \parstepsto \textup{\error}$. 73 | \end{lem} 74 | } 75 | 76 | \newcommand{\LVarsLemStrongLocalConfluence}{ 77 | \begin{lem}[Strong Local Confluence]\label{lem:lvars-strong-local-confluence} 78 | If $\conf \ctxstepsto \conf_a$ and $\conf \ctxstepsto \conf_b$, then 79 | there exist $\conf_c, i, j, \pi$ such that $\conf_a \ctxstepsto^i 80 | \conf_c$ and $\pi(\conf_b) \ctxstepsto^j \conf_c$ and $i \leq 81 | 1$ and $j \leq 1$. 82 | \end{lem} 83 | } 84 | 85 | \newcommand{\LVarsLemStrongOneSidedConfluence}{ 86 | \begin{lem}[Strong One-Sided Confluence]\label{lem:lvars-strong-one-sided-confluence} 87 | If $\conf \ctxstepsto \conf'$ and $\conf \ctxstepsto^m \conf''$, 88 | where $1 \leq m$, then there exist $\conf_c, i, j, \pi$ such that 89 | $\conf' \ctxstepsto^i \conf_c$ and $\pi(\conf'') \ctxstepsto^j 90 | \conf_c$ and $i \leq m$ and $j \leq 1$. 91 | \end{lem} 92 | } 93 | 94 | \newcommand{\LVarsLemStrongConfluence}{ 95 | \begin{lem}[Strong Confluence]\label{lem:lvars-strong-confluence} 96 | If $\conf \ctxstepsto^n \conf'$ and $\conf \ctxstepsto^m \conf''$, 97 | where $1 \leq n$ and $1 \leq m$, then there exist $\conf_c, i, j, 98 | \pi$ such that $\conf' \ctxstepsto^i \conf_c$ and $\pi(\conf'') 99 | \ctxstepsto^j \conf_c$ and $i \leq m$ and $j \leq n$. 100 | \end{lem} 101 | } 102 | 103 | \newcommand{\LVarsLemConfluence}{ 104 | \begin{lem}[Confluence]\label{lem:lvars-confluence} 105 | If $\conf \ctxstepsto^* \conf'$ and $\conf \ctxstepsto^* \conf''$, 106 | then there exist $\conf_c$ and $\pi$ such that $\conf' \ctxstepsto^* 107 | \conf_c$ and $\pi(\conf'') \ctxstepsto^* \conf_c$. 108 | \end{lem} 109 | } 110 | 111 | \newcommand{\LVarsThmDeterminism}{ 112 | \begin{thm}[Determinism]\label{thm:lvars-determinism} 113 | If $\conf \ctxstepsto^* \conf'$ and $\conf \ctxstepsto^* \conf''$, 114 | and neither $\conf'$ nor $\conf''$ can take a step, then there 115 | exists $\pi$ such that $\conf' = \pi(\conf'')$. 116 | \end{thm} 117 | } 118 | -------------------------------------------------------------------------------- /latex_common/lambdaLVish-definition.tex: -------------------------------------------------------------------------------- 1 | %%% The syntax and semantics of lambdaLVish. 2 | 3 | \newcommand{\FigLambdaLVishGrammar}[1][t]{ 4 | \begin{figure}[#1] 5 | Given a lattice $(D, \userleq, \bot, \top)$ with elements $d \in D$: 6 | {\doublespacing 7 | \[ 8 | \begin{array}{rlcl} 9 | \mbox{configurations} & \conf & \bnfdef & \config{S}{e} \sep \error \\ 10 | \mbox{expressions} & e & \bnfdef & 11 | x \sep 12 | v \sep 13 | \app{e}{e} \sep 14 | \getexp{e}{e} \sep 15 | \putiexp{e} \sep 16 | \NEW \sep 17 | \freeze{e} \\ 18 | & & \sep & 19 | \freezeafter{e}{e}{e} \\ 20 | & & \sep & 21 | \freezeafterfull{l}{Q}{\lam{x}{e}}{\setof{e, \dots}}{H} \\ 22 | \mbox{values} & v & \bnfdef & \unit \sep d \sep p \sep l \sep P \sep Q \sep \lam{x}{e} \\ 23 | \mbox{threshold sets} & P & \bnfdef & \stateset{p_1,\,p_2,\,\dots} \\ 24 | \mbox{event sets} & Q & \bnfdef & \stateset{d_1,\,d_2,\,\dots} \\ 25 | \mbox{``handled'' sets} & H & \bnfdef & \setof{d_1,\,\dots, d_n} \\ 26 | %% N.B. In Redex we actually rule out store values being Top in 27 | %% the grammar, and have a special StoreVal type for elements 28 | %% other than Top. Here we don't bother, and we just say that 29 | %% stores contain bindings from locations l to pairs p. 30 | \mbox{stores} & S & \bnfdef & 31 | \store{\storebindingRaw{l_1}{p_1},\,\dots, \storebindingRaw{l_n}{p_n}} \sep \topS \\ 32 | \mbox{states} & p & \bnfdef & \state{d}{\status} \\ 33 | \mbox{status bits} & \status & \bnfdef & \frozentrue \sep \frozenfalse \\ 34 | \mbox{evaluation contexts} & E & \bnfdef & 35 | [~] \sep 36 | \app{E}{e} \sep 37 | \app{e}{E} \sep 38 | \getexp{E}{e} \sep 39 | \getexp{e}{E} \sep 40 | \putiexp{E} \\ 41 | & & \sep & 42 | \freeze {E} \sep 43 | \freezeafter{E}{e}{e} \\ 44 | & & \sep & 45 | \freezeafter{e}{E}{e} \sep 46 | \freezeafter{e}{e}{E} \\ 47 | & & \sep & 48 | \freezeafterfull{v}{v}{v}{\setof{e, \dotsc, E, e, \dotsc}}{H} 49 | \end{array} 50 | \] 51 | } 52 | \caption{Syntax for $\lambdaLVish$.} 53 | \label{f:lambdaLVish-syntax} 54 | \end{figure} 55 | } 56 | 57 | \newcommand{\FigLambdaLVishReductionSemantics}[1][t]{ 58 | \begin{landscape} 59 | \begin{figure}[#1] 60 | Given a lattice $(D, \userleq, \bot, \top)$ with elements $d \in D$, 61 | and a set of $U$ of update operations $u_i: D \rightarrow D$: \\ 62 | \smallskip 63 | $\incomp{P} \defeq \qforall{p_1,p_2 \in P}{(p_1 \neq p_2 \implies 64 | \lubp{p_1}{p_2} = \topp)}$\hfill \fbox{$\conf \parstepsto \conf'$} 65 | \smallskip 66 | {\doublespacing 67 | \begin{mathpar} 68 | \inferrule*[lab=E-Beta] 69 | {~} 70 | {\config{S}{\app{(\lam{x}{e})}{v}} \parstepsto \config{S}{\subst{e}{x}{v}}} 71 | 72 | \inferrule*[lab=E-New, right=\textnormal{($l \notin \dom{S}$)}] 73 | {~} 74 | {\config{S}{\NEW} \parstepsto \config{\extS{S}{l}{\bot}{\frozenfalse}}{l}} 75 | 76 | \inferrule*[lab=E-Put] 77 | {S(l) = p_1 \\ u_{p_i}(p_1) \neq \topp} 78 | {\config{S}{\putiexp{l}} \parstepsto 79 | \config{\extSRaw{S}{l}{u_{p_i}(p_1)}}{\unit}} 80 | 81 | \inferrule*[lab=E-Put-Err] 82 | {S(l) = p_1 \\ u_{p_i}(p_1) = \topp} 83 | {\config{S}{\putiexp{l}} \parstepsto \error} 84 | 85 | \inferrule*[lab=E-Get] 86 | {S(l) = p_1 \\ \incomp{P} \\ p_2 \in P \\ p_2 \leqp p_1} 87 | {\config{S}{\getexp{l}{P}} \parstepsto \config{S}{p_2}} 88 | 89 | \inferrule*[lab=E-Freeze-Init] 90 | {~} 91 | {\config{S}{\freezeafter{l}{Q}{\lam{x}{e}}} \parstepsto 92 | \config{S}{\freezeafterfull{l}{Q}{\lam{x}{e}}{\setof{}}{\setof{}}}} 93 | 94 | \inferrule*[lab=E-Spawn-Handler] 95 | { S(l) = \state{d_1}{\status_1} \\ 96 | d_2 \userleq d_1 \\ 97 | d_2 \notin H \\ 98 | d_2 \in Q 99 | } 100 | { 101 | \config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{e, \dots}}{H}} 102 | \parstepsto 103 | \config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{\subst{e_0}{x}{d_2}, e, \dots}} 104 | {\{d_2\}\cup H}} 105 | } 106 | 107 | \inferrule*[lab=E-Freeze-Final] 108 | { S(l) = \state{d_1}{\status_1} \\ 109 | \forall{d_2} ~.~ ( {d_2 \userleq d_1 \land d_2 \in Q} \Rightarrow 110 | d_2 \in H) } 111 | { 112 | \config{S}{\freezeafterfull{l}{Q}{\lam{x}{e_0}}{\setof{v, \dots}}{H}} 113 | \parstepsto 114 | \config{\extS{S}{l}{d_1}{\frozentrue}}{d_1} 115 | } 116 | 117 | \inferrule*[lab=E-Freeze-Simple] 118 | { S(l) = \state{d_1}{\status_1} } 119 | { 120 | \config{S}{\freeze{l}} 121 | \parstepsto 122 | \config{\extS{S}{l}{d_1}{\frozentrue}}{d_1} 123 | } 124 | \end{mathpar} 125 | } 126 | \caption{Reduction semantics for $\lambdaLVish$.} 127 | \label{f:lambdaLVish-reduction-semantics} 128 | \end{figure} 129 | \end{landscape} 130 | } 131 | 132 | \newcommand{\FigLambdaLVishContextSemantics}[1][t]{ 133 | \begin{figure}[#1] 134 | \hfill \fbox{$\conf \ctxstepsto \conf'$} 135 | \begin{mathpar} 136 | \inferrule*[lab=E-Eval-Ctxt] 137 | {\config{S}{e} \parstepsto \config{S'}{e'}} 138 | {\config{S}{\E{e}} \ctxstepsto \config{S'}{\E{e'}}} 139 | \end{mathpar} 140 | \caption{Context semantics for $\lambdaLVish$.} 141 | \label{f:lambdaLVish-context-semantics} 142 | \end{figure} 143 | } 144 | -------------------------------------------------------------------------------- /latex_common/lambdaLVish-thms.tex: -------------------------------------------------------------------------------- 1 | \newcommand{\LemPartitionOfDp}{ 2 | \begin{lem}[Partition of $D_p$]\label{lem:partition-of-Dp} 3 | If $(D, \userleq, \bot, \top)$ is a lattice and $(D_p, \leqp, \botp, 4 | \topp) = \Freeze{D, \userleq, \bot, \top}$, and $X = D - 5 | \setof{\top}$, then every member of $D_p$ is either 6 | \begin{itemize} 7 | \item $(d, \textup{\frozenfalse})$, with $d \in D$, or 8 | \item $(x, \textup{\frozentrue})$, with $x \in X$. 9 | \end{itemize} 10 | \end{lem} 11 | } 12 | 13 | \newcommand{\LemLatticeStructure}{ 14 | \begin{lem}[Lattice structure]\label{lem:lattice-structure} 15 | If $(D, \userleq, \bot, \top)$ is a lattice and $(D_p, \leqp, \botp, 16 | \topp) = \Freeze{D, \userleq, \bot, \top}$, then: 17 | 18 | \begin{enumerate} 19 | \item $\leqp$ is a partial order over $D_p$. 20 | 21 | \item Every nonempty finite subset of $D_p$ has a lub. 22 | 23 | \item $\botp$ is the least element of $D_p$. 24 | 25 | \item $\topp$ is the greatest element of $D_p$. 26 | \end{enumerate} 27 | 28 | Therefore $(D_p, \leqp, \botp, \topp)$ is a lattice. 29 | \end{lem} 30 | } 31 | 32 | \newcommand{\LemPermutability}{ 33 | \begin{lem}[Permutability, $\lambdaLVish$]\label{lem:permutability} 34 | For any finite permutation $\pi$, 35 | \begin{enumerate} 36 | \item \label{thm:quasi-permutable-reduction-transitions} $\conf 37 | \parstepsto \conf'$ if and only if $\pi(\conf) \parstepsto 38 | \pi(\conf')$. 39 | \item \label{thm:quasi-permutable-context-transitions} $\conf 40 | \ctxstepsto \conf'$ if and only if $\pi(\conf) \ctxstepsto 41 | \pi(\conf')$. 42 | \end{enumerate} 43 | \end{lem} 44 | } 45 | 46 | \newcommand{\LemInternalDeterminism}{ 47 | \begin{lem}[Internal Determinism, $\lambdaLVish$]\label{lem:internal-determinism} 48 | If $\conf \parstepsto \conf'$ and $\conf \parstepsto \conf''$, then 49 | there is a permutation $\pi$ such that $\conf' = \pi(\conf'')$, 50 | modulo choice of events. 51 | \end{lem} 52 | } 53 | 54 | \newcommand{\LemLocality}{ 55 | \begin{lem}[Locality, $\lambdaLVish$]\label{lem:locality} 56 | If $\config{S}{\evalctxt{E_1}{e_1}} \ctxstepsto 57 | \config{S_1}{\evalctxt{E_1}{e'_1}}$ and 58 | $\config{S}{\evalctxt{E_2}{e_2}} \ctxstepsto 59 | \config{S_2}{\evalctxt{E_2}{e'_2}}$ and $\evalctxt{E_1}{e_1} = 60 | \evalctxt{E_2}{e_2}$, then: 61 | 62 | If $E_1 \neq E_2$, then there exist evaluation contexts $E'_1$ and 63 | $E'_2$ such that: 64 | \begin{itemize} 65 | \item $\evalctxt{E'_1}{e_1} = \evalctxt{E_2}{e'_2}$, and 66 | \item $\evalctxt{E'_2}{e_2} = \evalctxt{E_1}{e'_1}$, and 67 | \item $\evalctxt{E'_1}{e'_1} = \evalctxt{E'_2}{e'_2}$. 68 | \end{itemize} 69 | \end{lem} 70 | } 71 | 72 | \newcommand{\LemMonotonicity}{ 73 | \begin{lem}[Monotonicity, $\lambdaLVish$]\label{lem:monotonicity} 74 | If $\config{S}{e} \parstepsto \config{S'}{e'}$, 75 | then $\leqstore{S}{S'}$. 76 | \end{lem} 77 | } 78 | 79 | \newcommand{\LemGeneralizedIndependence}{ 80 | \begin{lem}[Generalized Independence]\label{lem:generalized-independence} 81 | If $\config{S}{e} \parstepsto \config{S'}{e'}$ (where 82 | $\config{S'}{e'} \neq \textup{\error}$), then we have that: 83 | \[ \config{\Ustore(S)}{e} \parstepsto \config{\Ustore(S')}{e'}, \] 84 | where $\Ustore$ is a store update operation meeting the following conditions: 85 | \begin{itemize} 86 | \item $\Ustore$ is non-conflicting with $\config{S}{e} \parstepsto \config{S'}{e'}$, 87 | \item $\Ustore(S') \neq \topS$, and 88 | \item $\Ustore$ is freeze-safe with $\config{S}{e} \parstepsto \config{S'}{e'}$. 89 | \end{itemize} 90 | \end{lem} 91 | } 92 | 93 | \newcommand{\LemGeneralizedClash}{ 94 | \begin{lem}[Generalized Clash]\label{lem:generalized-clash} 95 | If $\config{S}{e} \parstepsto \config{S'}{e'}$ (where 96 | $\config{S'}{e'} \neq \textup{\error}$), then we have that: 97 | \[ \config{\Ustore(S)}{e} \parstepsto^i \textup{\error}, \] 98 | where $i \leq 1$ and where $\Ustore$ is a store update operation meeting 99 | the following conditions: 100 | \begin{itemize} 101 | \item $\Ustore$ is non-conflicting with $\config{S}{e} \parstepsto \config{S'}{e'}$, 102 | \item $\Ustore(S') = \topS$, and 103 | \item $\Ustore$ is freeze-safe with $\config{S}{e} \parstepsto \config{S'}{e'}$. 104 | \end{itemize} 105 | \end{lem} 106 | } 107 | 108 | \newcommand{\LemErrorPreservation}{ 109 | \begin{lem}[Error Preservation, $\lambdaLVish$]\label{lem:error-preservation} 110 | If $\config{S}{e} \parstepsto \textup{\error}$ and 111 | $\leqstore{S}{S'}$, then $\config{S'}{e} \parstepsto 112 | \textup{\error}$. 113 | \end{lem} 114 | } 115 | 116 | \newcommand{\LemStrongLocalQuasiConfluence}{ 117 | \begin{lem}[Strong Local Quasi-Confluence]\label{lem:strong-local-quasi-confluence} 118 | If $\conf \ctxstepsto \conf_a$ and $\conf \ctxstepsto \conf_b$, then 119 | either: 120 | \begin{enumerate} 121 | \item there exist $\conf_c, i, j, \pi$ such that $\conf_a 122 | \ctxstepsto^i \conf_c$ and $\pi(\conf_b) \ctxstepsto^j \conf_c$ 123 | and $i \leq 1$ and $j \leq 1$, or 124 | \item $\conf_a \ctxstepsto \textup{\error}$ or $\conf_b \ctxstepsto 125 | \textup{\error}$. 126 | \end{enumerate} 127 | \end{lem} 128 | } 129 | 130 | \newcommand{\LemStrongOneSidedQuasiConfluence}{ 131 | \begin{lem}[Strong One-Sided Quasi-Confluence]\label{lem:strong-one-sided-quasi-confluence} 132 | If $\conf \ctxstepsto \conf'$ and $\conf \ctxstepsto^m \conf''$, 133 | where $1 \leq m$, then either: 134 | \begin{enumerate} 135 | \item there exist $\conf_c, i, j, \pi$ such that $\conf' 136 | \ctxstepsto^i \conf_c$ and $\pi(\conf'') \ctxstepsto^j \conf_c$ 137 | and $i \leq m$ and $j \leq 1$, or 138 | \item there exists $k \leq m$ such that $\conf' \ctxstepsto^k 139 | \textup{\error}$, or there exists $k \leq 1$ such that $\conf'' 140 | \ctxstepsto^k \textup{\error}$. 141 | \end{enumerate} 142 | \end{lem} 143 | } 144 | 145 | \newcommand{\LemStrongQuasiConfluence}{ 146 | \begin{lem}[Strong Quasi-Confluence]\label{lem:strong-quasi-confluence} 147 | If $\conf \ctxstepsto^n \conf'$ and $\conf \ctxstepsto^m \conf''$, 148 | where $1 \leq n$ and $1 \leq m$, then either: 149 | \begin{enumerate} 150 | \item there exist $\conf_c, i, j, \pi$ such that $\conf' 151 | \ctxstepsto^i \conf_c$ and $\pi(\conf'') \ctxstepsto^j \conf_c$ 152 | and $i \leq m$ and $j \leq n$, or 153 | \item there exists $k \leq m$ such that $\conf' \ctxstepsto^k 154 | \textup{\error}$, or there exists $k \leq n$ such that $\conf'' 155 | \ctxstepsto^k \textup{\error}$. 156 | \end{enumerate} 157 | \end{lem} 158 | } 159 | 160 | \newcommand{\LemQuasiConfluence}{ 161 | \begin{lem}[Quasi-Confluence]\label{lem:quasi-confluence} 162 | If $\conf \ctxstepsto^* \conf'$ and $\conf \ctxstepsto^* \conf''$, 163 | then either: 164 | \begin{enumerate} 165 | \item there exist $\conf_c$ and $\pi$ such that $\conf' 166 | \ctxstepsto^* \conf_c$ and $\pi(\conf'') \ctxstepsto^* \conf_c$, 167 | or 168 | \item $\conf' = \textup{\error}$ or $\conf'' = \textup{\error}$. 169 | \end{enumerate} 170 | \end{lem} 171 | } 172 | 173 | \newcommand{\ThmQuasiDeterminism}{ 174 | \begin{thm}[Quasi-Determinism]\label{thm:quasi-determinism} 175 | If $\conf \ctxstepsto^* \conf'$ and $\conf \ctxstepsto^* \conf''$, 176 | and neither $\conf'$ nor $\conf''$ can take a step, then either: 177 | \begin{enumerate} 178 | \item there exists $\pi$ such that $\conf' = \pi(\conf'')$, or 179 | \item $\conf' = \textup{\error}$ or $\conf'' = \textup{\error}$. 180 | \end{enumerate} 181 | \end{thm} 182 | } 183 | -------------------------------------------------------------------------------- /latex_common/lang.tex: -------------------------------------------------------------------------------- 1 | %%% Macros for typesetting terms of the lambdaLVar and lambdaLVish 2 | %%% languages themselves. 3 | 4 | % Sans-serif font for terms of the language 5 | \newcommand\termfont[1]{\mbox{\small{\texttt{#1}}}} 6 | 7 | % Amount to indent the next line of a 'let' expression. 8 | \newcommand{\letspace}{\hphantom{\termfont{le}}} % ``in'' should be under the ``t'' in ``let'' 9 | \newcommand{\letparspace}{\hphantom{\termfont{\LETPAR}}} 10 | 11 | %%% Language forms. 12 | 13 | \newcommand{\lam}[2]{\ensuremath{\lambda#1.\,#2}} 14 | \newcommand{\app}[2]{\ensuremath{#1~#2}} 15 | 16 | \newcommand{\unit}{\termfont{()}} 17 | 18 | \newcommand{\NEW}{\termfont{new}} 19 | 20 | \newcommand{\PUT}{\termfont{put}} 21 | \newcommand{\PUTi}{\ensuremath{\termfont{put}_i}} 22 | \newcommand{\putexp}[2]{\ensuremath{\PUT~#1~#2}} 23 | \newcommand{\putiexp}[1]{\ensuremath{\PUT_i~#1}} 24 | 25 | \newcommand{\GET}{\termfont{get}} 26 | \newcommand{\getexp}[2]{\ensuremath{\GET~#1~#2}} 27 | 28 | \newcommand{\UPDATE}{\termfont{update}} 29 | \newcommand{\updateexp}[1]{\ensuremath{\update~#1}} 30 | 31 | \newcommand{\GETFSTORSND}{\termfont{getFstOrSnd}} 32 | \newcommand{\GETFST}{\termfont{getFst}} 33 | \newcommand{\getfstexp}[1]{\ensuremath{\GETFST~#1}} 34 | \newcommand{\GETSND}{\termfont{getSnd}} 35 | \newcommand{\getsndexp}[1]{\ensuremath{\GETSND~#1}} 36 | 37 | \newcommand{\FREEZE}{\termfont{freeze}} 38 | \newcommand{\AFTER}{~{\termfont{after}}} 39 | \newcommand{\WITH}{~{\termfont{with}}} 40 | 41 | \newcommand{\ADDHANDLER}{{\termfont{addHandler}}} 42 | \newcommand{\NEWPOOL}{{\termfont{newPool}}} 43 | \newcommand{\ADDHANDLERINPOOL}{{\termfont{addHandlerInPool}}} 44 | \newcommand{\QUIESCE}{{\termfont{quiesce}}} 45 | 46 | \newcommand{\FAW}{{\termfont{freeze}-\termfont{after}-\termfont{with}}} 47 | \newcommand{\freeze}[1]{\ensuremath{\FREEZE~#1}} 48 | \newcommand{\freezeafter}[3]{\ensuremath{\FREEZE~#1~\AFTER~#2~\WITH~#3}} 49 | \newcommand{\freezeafterfull}[5]{\ensuremath{\FREEZE~#1~\AFTER~#2~\WITH~#3, #4, #5}} 50 | 51 | \newcommand{\LET}{\termfont{let}} 52 | \newcommand{\PAR}{\termfont{par}} 53 | \newcommand{\LETPAR}{\termfont{\LET~\PAR}} 54 | \newcommand{\IN}{\termfont{in}} 55 | \newcommand{\letexp}[3]{\ensuremath{\LET~#1=#2~\IN~#3}} 56 | \newcommand{\letparexp}[5]{\ensuremath{\LETPAR~#1=#2;~#3=#4~\IN~#5}} 57 | 58 | \newcommand{\stateset}[1]{\ensuremath{\lbrace #1 \rbrace}} 59 | 60 | -------------------------------------------------------------------------------- /latex_common/lkuper.bib: -------------------------------------------------------------------------------- 1 | @phdthesis{lvars-dissertation, 2 | author = {Kuper, Lindsey}, 3 | title = {Lattice-based data structures for deterministic parallel and distributed programming}, 4 | year = {2015}, 5 | } 6 | 7 | @inproceedings{effectzoo, 8 | author = {Kuper, Lindsey and Todd, Aaron and Tobin-Hochstadt, Sam and Newton, Ryan R.}, 9 | title = {Taming the Parallel Effect Zoo: Extensible Deterministic Parallelism with {LVish}}, 10 | booktitle = {{PLDI}}, 11 | year = {2014}, 12 | } 13 | 14 | @inproceedings{LVars-paper, 15 | author = {Kuper, Lindsey and Newton, Ryan R.}, 16 | title = {{LVars}: lattice-based data structures for deterministic parallelism}, 17 | booktitle = {{FHPC}}, 18 | year = {2013}, 19 | } 20 | 21 | @techreport{LVars-TR, 22 | author = {Kuper, Lindsey and Newton, Ryan R.}, 23 | title = {A Lattice-Theoretical Approach to Deterministic Parallelism with Shared State}, 24 | institution = {Indiana University}, 25 | year = {2012}, 26 | month = oct, 27 | number = {TR702}, 28 | url = {\url{http://www.cs.indiana.edu/cgi-bin/techreports/TRNNN.cgi?trnum=TR702}}, 29 | } 30 | 31 | @inproceedings{joining-wodet, 32 | author = {Kuper, Lindsey and Newton, Ryan R.}, 33 | title = {Joining forces: toward a unified account of {LVars} and convergent replicated data types.}, 34 | year = {2014}, 35 | booktitle = {{\normalfont the} 5th Workshop on Determinism and Correctness in Parallel Programming (WoDet)}, 36 | } 37 | 38 | @inproceedings{Freeze-paper, 39 | author = {Kuper, Lindsey and Turon, Aaron and Krishnaswami, Neelakantan R. and Newton, Ryan R.}, 40 | title = {Freeze After Writing: Quasi-Deterministic Parallel Programming with {LVars}}, 41 | booktitle = {{POPL}}, 42 | year = {2014}, 43 | } 44 | 45 | @techreport{Freeze-TR, 46 | author = {Kuper, Lindsey and Turon, Aaron and Krishnaswami, Neelakantan R. and Newton, Ryan R.}, 47 | title = {Freeze After Writing: Quasi-Deterministic Parallel Programming with {LVars}}, 48 | institution = {Indiana University}, 49 | year = {2013}, 50 | month = nov, 51 | number = {TR710}, 52 | url = {\url{http://www.cs.indiana.edu/cgi-bin/techreports/TRNNN.cgi?trnum=TR710}}, 53 | } 54 | 55 | @url{LVish, 56 | author = {Turon, Aaron and Kuper, Lindsey and Newton, Ryan R.}, 57 | title = {{LVish: Parallel scheduler, LVar data structures, and infrastructure to build more.}}, 58 | howpublished = {\url{http://hackage.haskell.org/package/lvish}}, 59 | year = {2013}, 60 | month = oct, 61 | } 62 | 63 | @inproceedings{lambdae, 64 | title = {{A pattern matcher for miniKanren, or, how to get into trouble with CPS macros}}, 65 | author = {Keep, Andrew W. and Adams, Michael D. and Kuper, Lindsey and Byrd, William E. and Friedman, Daniel P.}, 66 | booktitle = {Scheme}, 67 | year = {2009}, 68 | } 69 | 70 | @techreport{tsl-tr, 71 | title = {Safety in Numbers}, 72 | author = {Cok, David and Phillips, John and Wisniewski, Scott and Yong, Suan Hsi and Lloyd, Nathan and Kuper, Lindsey and Gopan, Denis and Loginov, Alexey}, 73 | month = nov, 74 | year = {2010}, 75 | institution = {GrammaTech, Inc.}, 76 | url = {\url{http://www.dtic.mil/dtic/tr/fulltext/u2/a532995.pdf}}, 77 | } 78 | 79 | @misc{multilang-talk, 80 | title= {Parametric polymorphism through run-time sealing, or, theorems for low, low prices!}, 81 | author = {Ahmed, Amal and Kuper, Lindsey and Matthews, Jacob}, 82 | year = {2011}, 83 | month = feb, 84 | note= {Northeastern University Programming Languages Seminar talk}, 85 | } 86 | -------------------------------------------------------------------------------- /latex_common/mathpartir.sty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/latex_common/mathpartir.sty -------------------------------------------------------------------------------- /latex_common/metatheory.tex: -------------------------------------------------------------------------------- 1 | %%% Macros for typesetting lambdaLVar and lambdaLVish semantics and metatheory. 2 | 3 | %%% Names of the languages. 4 | \newcommand{\lambdaLVar}{\ensuremath{\lambda_{\textrm{LVar}}}} 5 | \newcommand{\lambdaLVish}{\ensuremath{\lambda_{\textrm{LVish}}}} 6 | 7 | %%% BNF grammar stuff 8 | \newcommand{\bnfdef}{\ensuremath{::=}} 9 | \newcommand{\bnfsep}{\ensuremath{\ \ | \ \ }} 10 | \newcommand{\setsep}{\ensuremath{\ | \ }} 11 | \newcommand{\sep}{\bnfsep} 12 | 13 | %%% Metafunctions 14 | \newcommand{\subst}[3]{\ensuremath{#1[#2 := #3]}} 15 | \newcommand{\dom}[1]{\ensuremath{\mathit{dom}(#1)}} 16 | \newcommand{\incomp}[1]{\ensuremath{\mathit{incomp}(#1)}} 17 | \newcommand{\pred}[1]{\ensuremath{\mathit{pred}(#1)}} 18 | \newcommand{\userlub}[2]{\ensuremath{#1 \sqcup #2}} 19 | \newcommand{\lubp}[2]{\ensuremath{#1 \sqcup_p #2}} 20 | \newcommand{\qexist}[2]{\ensuremath{\exists\,#1.~#2}} 21 | \newcommand{\qforall}[2]{\ensuremath{\forall\,#1.~#2}} 22 | \newcommand{\userelements}{\ensuremath{\mathit{Elements}}} 23 | \newcommand{\userleq}{\ensuremath{\sqsubseteq}} 24 | \newcommand{\nuserleq}{\ensuremath{\not \sqsubseteq}} 25 | \newcommand{\usergeq}{\ensuremath{\sqsupseteq}} 26 | \newcommand{\userlt}{\ensuremath{\sqsubset}} 27 | \newcommand{\leqp}{\ensuremath{\sqsubseteq_p}} 28 | \newcommand{\ltp}{\ensuremath{\sqsubset_p}} 29 | \newcommand{\botp}{\ensuremath{\bot_{p}}} 30 | \newcommand{\topp}{\ensuremath{\top\hspace{-0.85mm}_{p}}} 31 | 32 | %%% Evaluation / operational semantics 33 | \newcommand*{\longhookrightarrow}{\ensuremath{\lhook\joinrel\relbar\joinrel\rightarrow}} 34 | 35 | %%% Reduction semantics evaluation relation 36 | \newcommand{\parstepsto}{\ensuremath{\longhookrightarrow}} 37 | \newcommand{\parstepstoeq}{\ensuremath{\longhookrightarrow^{?}}} 38 | 39 | %%% Context semantics evaluation relation 40 | \newcommand{\ctxstepsto}{\ensuremath{\longmapsto}} 41 | 42 | \newcommand{\evalctxt}[2]{\ensuremath{#1\hspace{-0.5mm}\left[#2\right]}} 43 | \newcommand{\E}[1]{\ensuremath{\evalctxt{E}{#1}}} 44 | 45 | %%% Stores and store operations 46 | \newcommand{\storeS}{\ensuremath{\mathrm{S}}} 47 | \newcommand{\Ustore}{\ensuremath{U_{\storeS}}} 48 | \newcommand{\StoreVal}{\ensuremath{\mathit{StoreVal}}} 49 | \newcommand{\fmap}{\ensuremath{\stackrel{\textrm{fin}}{\rightarrow}}} 50 | \newcommand{\eqstore}[2]{\ensuremath{#1 =_{\storeS} #2}} 51 | \newcommand{\leqstore}[2]{\ensuremath{#1 \userleq_{\storeS} #2}} 52 | \newcommand{\neqstore}[2]{\ensuremath{#1 \not =_{\storeS} #2}} 53 | \newcommand{\nleqstore}[2]{\ensuremath{#1 \not \userleq_{\storeS} #2}} 54 | \newcommand{\ltstore}[2]{\ensuremath{#1 \userlt_{\storeS} #2}} 55 | \newcommand{\lubstore}[2]{\ensuremath{#1 \sqcup_{\storeS} #2}} 56 | \newcommand{\glbstore}[2]{\ensuremath{#1 \sqcap_{\storeS} #2}} 57 | \newcommand{\storebindingRaw}[2]{\ensuremath{#1 \mapsto #2}} 58 | \newcommand{\storebinding}[3]{\storebindingRaw{#1}{\state{#2}{#3}}} 59 | \newcommand{\state}[2]{\ensuremath{(#1, #2)}} 60 | \newcommand{\store}[1]{\left[ #1 \right]} 61 | \newcommand{\extS}[4]{#1[\storebinding{#2}{#3}{#4}]} 62 | \newcommand{\extSRaw}[3]{#1[\storebindingRaw{#2}{#3}]} 63 | \newcommand{\storeset}{\mathcal{S}} 64 | \newcommand{\status}{\ensuremath{\mathit{frz}}} 65 | \newcommand{\frozentrue}{\ensuremath{\textsf{true}}} 66 | \newcommand{\frozenfalse}{\ensuremath{\textsf{false}}} 67 | \newcommand{\Loc}{\mathit{Loc}} 68 | \newcommand{\topS}{\ensuremath{\top\hspace{-0.85mm}_{\storeS}}} 69 | \newcommand{\LVar}{\mathit{LVar}} 70 | 71 | %% It would be really nice to be able to typeset stores like 72 | 73 | %% \store{l_1, l_2, l_3}{3, 4, 5} 74 | 75 | %% producing 76 | 77 | %% {l_1 -> 3, l_2 -> 4, l_3 -> 5} 78 | 79 | %% but to do that, I think we need something like what's done in 80 | %% http://stackoverflow.com/questions/2402354/split-comma-separated-parameters-in-latex, 81 | %% and I haven't figured out how to do it just yet :( 82 | 83 | %%% States and configurations 84 | \newcommand{\conf}{\ensuremath{\sigma}} 85 | \newcommand{\config}[2]{\ensuremath{\langle #1;\, #2 \rangle}} 86 | \newcommand{\error}{\ensuremath{\textbf{\textsf{error}}}} 87 | 88 | \newcommand{\handledBy}{\hookrightarrow} 89 | 90 | %%% Assorted math stuff 91 | \newcommand{\defeq}{\stackrel{\triangle}{=}} % "defined-as" 92 | \newcommand{\pfn}{\rightharpoonup} 93 | \newcommand{\bag}[1]{\Lbag #1 \Rbag} 94 | \newcommand{\setof}[1]{\left\{#1\right\}} 95 | \newcommand{\comprehend}[2]{\setof{{#1}\;\middle|\;{#2}}} 96 | \newcommand{\power}[1]{\mathcal{P}(#1)} 97 | \newcommand{\inlop}{\mathsf{inl}} 98 | \newcommand{\inl}[1]{\inlop\,{#1}} 99 | \newcommand{\inrop}{\mathsf{inr}} 100 | \newcommand{\inr}[1]{\inrop\,{#1}} 101 | \newcommand{\letv}[2]{\mathsf{let}\;{#1} = {#2}} 102 | \newcommand{\Freeze}[1]{\mathrm{Freeze}(#1)} 103 | \newcommand{\piinv}{\pi^{-1}} 104 | \newcommand{\piprimeinv}{\pi'^{-1}} 105 | \newcommand{\andlv}[2]{\ensuremath{(\texttt{#1},\texttt{#2})}} 106 | \newcommand{\id}{\mathrm{id}} 107 | \newcommand{\eventually}{\lozenge} 108 | \newcommand{\block}{\textsf{block}} 109 | -------------------------------------------------------------------------------- /latex_common/style.tex: -------------------------------------------------------------------------------- 1 | %% Assorted style and presentation stuff. 2 | 3 | \newcommand{\figsepr}{\vspace{0.5em}\hrulefill\vspace{0.5em}} 4 | \newcommand{\etal}{\textit{et al}.} 5 | \newcommand{\ie}{\textit{i}.\textit{e}.} 6 | \newcommand{\eg}{\textit{e}.\textit{g}.} 7 | \newcommand{\il}[1]{\lstinline{#1}} 8 | 9 | \newenvironment{blockquote}{% 10 | \par% 11 | \medskip 12 | \leftskip=4em\rightskip=2em% 13 | \noindent\ignorespaces}{% 14 | \par\medskip} 15 | 16 | %% LK: See the definition of `\theequation`. 17 | \newcommand{\eref}[1]{\ref{#1}} 18 | 19 | %====Set up Listings=============================================================== 20 | 21 | \definecolor{darkgreen}{rgb}{0,0.5,0} 22 | \definecolor{darkred}{rgb}{0.5,0,0} 23 | \lstloadlanguages{Haskell} 24 | \lstnewenvironment{code} 25 | { % \centering 26 | \lstset{}% 27 | \csname lst@SetFirstLabel\endcsname} 28 | { %\centering 29 | \csname lst@SaveFirstLabel\endcsname} 30 | \lstset{ 31 | captionpos=b, 32 | frame=single, 33 | language=Haskell, 34 | basicstyle=\small\ttfamily, 35 | flexiblecolumns=false, 36 | basewidth={0.5em,0.45em}, 37 | aboveskip={3pt}, 38 | belowskip={3pt}, 39 | keywordstyle=\color{black}, 40 | commentstyle=\color{darkgreen}, 41 | } 42 | 43 | %================================================================================ 44 | 45 | % Penalty for line-breaking inline math 46 | \relpenalty=9999 47 | \binoppenalty=9999 48 | -------------------------------------------------------------------------------- /proposal/Makefile: -------------------------------------------------------------------------------- 1 | PAPER=thesis-proposal 2 | LATEX=pdflatex 3 | UNAME := $(shell uname) 4 | 5 | default: quick 6 | 7 | all: paper 8 | 9 | #--------------------------------------------------------------------- 10 | # These targets just build the paper without changing the build state: 11 | 12 | quick: 13 | ${LATEX} ${PAPER}.tex 14 | ${MAKE} open 15 | 16 | paper: 17 | ${LATEX} ${PAPER}.tex 18 | bibtex ${PAPER} 19 | ${LATEX} ${PAPER}.tex 20 | bibtex ${PAPER} 21 | ${LATEX} ${PAPER}.tex 22 | ${MAKE} open 23 | 24 | #----------------------------------------------- 25 | # These targets actually change the build state: 26 | 27 | ed: editingmarks 28 | 29 | editingmarks: 30 | touch editingmarks.tex 31 | ${MAKE} paper 32 | 33 | plain: 34 | rm -f editingmarks.tex 35 | ${MAKE} paper 36 | cp ${PAPER}.pdf plain.pdf 37 | 38 | #----------------------------------------------- 39 | # Others: 40 | 41 | # Check style (due to 42 | # http://matt.might.net/articles/shell-scripts-for-passive-voice-weasel-words-duplicates/): 43 | style: 44 | echo "weasel words: " 45 | sh ../bin/weasel *.tex 46 | echo 47 | echo "passive voice: " 48 | sh ../bin/passive *.tex 49 | echo 50 | echo "duplicates: " 51 | perl ../bin/dups *.tex 52 | 53 | open: ${PAPER}.pdf 54 | ifeq (${UNAME}, Darwin) 55 | open ${PAPER}.pdf 56 | endif 57 | ifeq (${UNAME}, Linux) 58 | evince ${PAPER}.pdf & 59 | endif 60 | 61 | clean: 62 | rm -f *.out *.aux *.bbl *.log *.blg 63 | 64 | 65 | -------------------------------------------------------------------------------- /proposal/figures/example-lvar-lattices.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/proposal/figures/example-lvar-lattices.pdf -------------------------------------------------------------------------------- /talks/defense.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/talks/defense.key -------------------------------------------------------------------------------- /talks/defense.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/talks/defense.pdf -------------------------------------------------------------------------------- /talks/jcreed-drawings/jcreed-drawings-raw-1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/talks/jcreed-drawings/jcreed-drawings-raw-1.jpg -------------------------------------------------------------------------------- /talks/jcreed-drawings/jcreed-drawings-raw-2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/talks/jcreed-drawings/jcreed-drawings-raw-2.jpg -------------------------------------------------------------------------------- /talks/proposal.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/talks/proposal.key -------------------------------------------------------------------------------- /talks/proposal.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lkuper/dissertation/3be95ec2562e2f7f12cf5b0b0e93bd8809eecd83/talks/proposal.pdf --------------------------------------------------------------------------------