Abstract
We describe the design and implementation of P, a domain-specific language to write asynchronous event driven code. P allows the programmer to specify the system as a collection of interacting state machines, which communicate with each other using events. P unifies modeling and programming into one activity for the programmer. Not only can a P program be compiled into executable code, but it can also be tested using model checking techniques. P allows the programmer to specify the environment, used to "close" the system during testing, as nondeterministic ghost machines. Ghost machines are erased during compilation to executable code; a type system ensures that the erasure is semantics preserving.
The P language is designed so that a P program can be checked for responsiveness---the ability to handle every event in a timely manner. By default, a machine needs to handle every event that arrives in every state. But handling every event in every state is impractical. The language provides a notion of deferred events where the programmer can annotate when she wants to delay processing an event. The default safety checker looks for presence of unhandled events. The language also provides default liveness checks that an event cannot be potentially deferred forever.
P was used to implement and verify the core of the USB device driver stack that ships with Microsoft Windows 8. The resulting driver is more reliable and performs better than its prior incarnation (which did not use P); we have more confidence in the robustness of its design due to the language abstractions and verification provided by P.
- A. Adya, J. Howell, M. Theimer, W. J. Bolosky, and J. R. Douceur. Cooperative task management without manual stack management. In USENIX Annual Technical Conference, General Track, pages 289--302, 2002. Google Scholar
Digital Library
- T. Andrews, S. Qadeer, S. K. Rajamani, J. Rehof, and Y. Xie. Zing: A model checker for concurrent software. In CAV: International Conference on Computer Aided Verification, pages 484--487, 2004.Google Scholar
Cross Ref
- A. Benveniste, P. L. Guernic, and C. Jacquemot. Synchronous programming with events and relations: the Signal language and its semantics. Sci. Comput. Program., 16(2):103--149, 1991. Google Scholar
Digital Library
- G. Berry and G. Gonthier. The Esterel synchronous programming language: design, semantics, implementation. Sci. Comput. Program., 19(2):87--152, Nov. 1992. Google Scholar
Digital Library
- S. Chandra, B. Richards, and J. R. Larus. Teapot: A domain-specific language for writing cache coherence protocols. IEEE Trans. Software Eng., 25(3):317--333, 1999. Google Scholar
Digital Library
- M. Emmi, S. Qadeer, and Z. Rakamaric. Delay-bounded scheduling. In POPL: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 411--422, 2011. Google Scholar
Digital Library
- C. Flanagan and S. Qadeer. A type and effect system for atomicity. In PLDI: ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 338--349, 2003. Google Scholar
Digital Library
- C. Fournet and G. Gonthier. The reflexive CHAM and the joincalculus. In H.-J. Boehm and G. L. S. Jr., editors, POPL, pages 372--385. ACM Press, 1996. Google Scholar
Digital Library
- P. Godefroid. Model checking for programming languages using Verisoft. In POPL: 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 174--186, 1997. Google Scholar
Digital Library
- N. Halbwachs, P. Caspi, P. Raymond, and D. Pilaud. The synchronous dataflow programming language Lustre. Proceedings of the IEEE, 79(9):1305--1320, September 1991.Google Scholar
Cross Ref
- D. Harel. Statecharts: A visual formalism for complex systems. Sci. Comput. Program., 8(3):231--274, 1987. Google Scholar
Digital Library
- D. Harel and H. Kugler. The Rhapsody semantics of Statecharts (or, on the executable core of the UML) - preliminary version. In H. Ehrig,W. Damm, J. Desel, M. Große-Rhode,W. Reif, E. Schnieder, and E. Westkämper, editors, SoftSpez Final Report, volume 3147 of Lecture Notes in Computer Science, pages 325--354. Springer, 2004.Google Scholar
- C. Hewitt, P. Bishop, and R. Steiger. A universal modular actor formalism for artificial intelligence. In Proceedings of the 3rd international joint conference on Artificial intelligence, IJCAI'73, pages 235--245, San Francisco, CA, USA, 1973. Morgan Kaufmann Publishers Inc. Google Scholar
Digital Library
- C. A. R. Hoare. Communicating sequential processes. Commun. ACM, 21(8):666--677, 1978. Google Scholar
Digital Library
- R. J. Lipton. Reduction: a new method of proving properties of systems of processes. In POPL: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 78--86, 1975. Google Scholar
Digital Library
- R. Milner. A Calculus of Communicating Systems, volume 92 of Lecture Notes in Computer Science. Springer, 1980. Google Scholar
Digital Library
- M. Musuvathi, S. Qadeer, T. Ball, G. Basler, P. A. Nainar, and I. Neamtiu. Finding and reproducing Heisenbugs in concurrent programs. In OSDI : USENIX Symposium on Operating Systems Design and Implementation, pages 267--280, 2008. Google Scholar
Digital Library
- A. Pnueli. The temporal logic of programs. In FOCS: IEEE Symposium on Foundations of Computer Science, pages 46--67, 1977. Google Scholar
Digital Library
- S. Russell and P. Norvig. Artificial Intelligence: A Modern Approach (3rd edition). Prentice Hall, 2009. Google Scholar
Digital Library
Index Terms
P: safe asynchronous event-driven programming
Recommendations
P: safe asynchronous event-driven programming
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationWe describe the design and implementation of P, a domain-specific language to write asynchronous event driven code. P allows the programmer to specify the system as a collection of interacting state machines, which communicate with each other using ...
Static consistency checking of web applications with WebDSL
Modern web application development frameworks provide web application developers with high-level abstractions to improve their productivity. However, their support for static verification of applications is limited. Inconsistencies in an application are ...
Compiling Embedded Programs to Byte Code
PADL '02: Proceedings of the 4th International Symposium on Practical Aspects of Declarative LanguagesFunctional languages have proven substantially useful for hosting embedded domain-specific languages. They provide an infrastructure rich enough to define both a convenient syntax for the embedded language, a type system for embedded programs, and an ...







Comments