A Formal Framework for Component Deployment Y. David Liu Scott F. - - PowerPoint PPT Presentation

A Formal Framework for Component Deployment

• Y. David Liu

Scott F. Smith Johns Hopkins University

OOPSLA'06, Portland, Oregon

A Menagerie of Deployment Systems

OSGi InstallShield EJB Manifests Bazaar RubyGems CPAN CTAN CORBA D&C Portage Dpkg RPM JSR 277 CLI Assemblies

Foundations?

OSGi InstallShield EJB Manifests Bazaar RubyGems CPAN CTAN CORBA D&C Portage Dpkg RPM JSR 277 CLI Assemblies

?

An Analogy: Programming Languages

Java Pascal C++ C# C ML Haskel Scheme Scala Perl Lisp Smalltalk Fortran

An Analogy: Foundations of Languages

Java Pascal C++ C# C ML Haskel Scheme Scala Perl Lisp Smalltalk Fortran

λ Calculus Object Calculi etc.

This Work

OSGi InstallShield EJB Manifests Bazaar RubyGems CPAN CTAN CORBA D&C Portage Dpkg RPM JSR 277 CLI Assemblies

Application Buildbox

This Work An abstract, platform-independent, vendor- independent study of component deployment

• Designing components as deployment units
• Formalizing the entire deployment lifecycle
• Proving deployment invariants

Design objectives: simple (capturing recurring themes) and expressive

This Work An abstract, platform-independent, vendor- independent study of component deployment

• Designing components as deployment units
• Formalizing the entire deployment lifecycle
• Proving deployment invariants

Design objectives: simple (capturing recurring themes) and expressive

This Work An abstract, platform-independent, vendor- independent study of component deployment

• Designing components as deployment units
• Formalizing the entire deployment lifecycle
• Proving deployment invariants

Design objectives: simple (capturing recurring themes) and expressive

NetLib 1690 NetLib 5429 Browser 5233 Browser NetLib 1690 5233 NetLib 5429 Browser NetLib 1690 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265

Flash

4423

install update remove execute hot deploy hot update

NetLib 1690 Browser Browser 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233

build ship execute (testing)

This Work An abstract, platform-independent, vendor- independent study of component deployment

• Designing components as deployment units
• Formalizing the entire deployment lifecycle
• Proving deployment invariants
• Deployment ''never goes wrong''
• Version compatibility

Design objectives: simple (capturing recurring themes) and expressive

This Work An abstract, platform-independent, vendor- independent study of component deployment

• Designing components as deployment units
• Formalizing the entire deployment lifecycle
• Proving deployment invariants

Design objectives: simple (capturing recurring themes) and expressive

Why Foundations?

• Fosters next-generation deployment systems

– Elucidates subtle issues – More features proposed from academic

research community

– Deployment systems with provably

correct properties

• Complements modularity research

– when and where of linking

Why Foundations?

• Fosters next-generation deployment systems

– Elucidates subtle issues – More features proposed from academic

research community

– Deployment systems with provably

correct properties

• Complements modularity research

– when and where of linking

Basics

Application Buildbox

Browser NetLib

1690 5233

NetLib

5429

An imaginary box where an application ''hatches'' throughout the deployment lifecycle

Deployment Unit: Assemblage

Browser

Net Plugins

send timeout readfile start

• Real-world analogues: JAR, C .so library, DLL, CLI

Assembly

• Assemblages were first developed in [Liu and Smith,

ECOOP'04], but without deployment

5233

Version Identifiers

Browser

Net Plugins

send timeout readfile start

• Globally Unique
• Real-world analogues: COM+ GUID, CLI Assembly

strong names

5233

Side-by-Side Deployment

Browser NetLib

1690 5233

NetLib

5429

Two versions of the NetLib are deployed in the same buildbox

Basic Construct: Assemblage Interfaces

Browser

Net Plugins

send timeout readfile start

Real-world analogues: Manifest files, Deployment Descriptors

5233

Two Kinds of Assemblage Interfaces

Browser

Net Plugins

send timeout readfile start

Mixers: regular dependency Pluggers: hot deployment dependency

5233

Interfaces are Bi-directional: Imports, Exports

Browser

Net Plugins

send timeout readfile start

5233

Multiple Interfaces

readfile start

Net Plugins

send timeout

5233

Browser

GUI

initGraphics draw

• Name management is crucial for deployment.
• Avoid global name clashes

Interface: Unit of Versioning Dependencies

Net Plugins

5233

Browser

GUI

initGraphics draw

GUILib

0872 initGraphics draw

What is NOT Possible...

Net Plugins

5233

Browser

GUI

initGraphics draw

GUILib

5422 initGraphics draw

GUILib

0872 initGraphics draw

Assemblages in Shipped Form

Browser

Net Plugins

send timeout readfile start

Net -> NetLib.1690.Socket

version constraint

5233

Component Wiring: Mixing

Browser NetLib

1690 5233 Net -> NetLib.1690.Socket Net Plugins Socket

send timeout

• Between a pair of mixers
• Matching of functionalities
• Matching of version constraints

Component Wiring: Plugging

Flash Browser

5233 3265 Main -> Browser.5233.Plugins Main Plugins

readFile start

• Wiring at hot deployment time
• Between a plugger and a mixer
• Matching of functionalities
• Matching of version constraints

Compatibility Set

Browser NetLib

1690 5233 Net -> NetLib.1690.Socket Net Plugins Socket

• Subversioning: a partial order
• We do not hardcode the strategy on how two versions

are semantically compatible

3370 < : 1690

Act 2: Component Deployment Lifecycle

NetLib 1690 NetLib 5429 Browser 5233 Browser NetLib 1690 5233 NetLib 5429 Browser NetLib 1690 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265

Flash

4423

install update remove execute hot deploy hot update

Deployment Site Transitions

NetLib 1690 NetLib 5429 Browser 5233 Browser NetLib 1690 5233 NetLib 5429 Browser NetLib 1690 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265

Flash

4423

install update remove execute hot deploy hot update

NetLib 1690 NetLib 5429 Browser 5233 Browser NetLib 1690 5233 NetLib 5429 Browser NetLib 1690 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265

Flash

4423

install update remove execute hot deploy hot update

NetLib 1690 NetLib 5429 Browser 5233 Browser NetLib 1690 5233 NetLib 5429 Browser NetLib 1690 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265

Flash

4423

install update remove execute hot deploy hot update

NetLib 1690 NetLib 5429 Browser 5233 Browser NetLib 1690 5233 NetLib 5429 Browser NetLib 1690 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265

Flash

4423

install update remove execute hot deploy hot update

NetLib 1690 NetLib 5429 Browser 5233 Browser NetLib 1690 5233 NetLib 5429 Browser NetLib 1690 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265

Flash

4423

install update remove execute hot deploy hot update

NetLib 1690 NetLib 5429 Browser 5233 Browser NetLib 1690 5233 NetLib 5429 Browser NetLib 1690 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265

Flash

4423

install update remove execute hot deploy hot update

NetLib 1690 Browser Browser 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233

build ship execute (testing)

Development Site Transitions

NetLib 1690 Browser Browser 5233 NetLib 5429 Browser 5233

build ship execute (testing)

Browser 5233 NetLib 5429

NetLib 1690 Browser Browser 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233

build ship execute (testing)

NetLib 1690 Browser Browser 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233

build ship execute (testing)

Formalism Choice

• Labelled Transition System (LTS) for deployment
• perations

– Each transition step is an application buildbox

evolution step

– Labels are ''commands'' which deployment

system users can trigger

• Run-time behaviors captured via a minimalistic

programming language

Browser NetLib

Socket Net Plugins

Shipping a Component ship (Browser, 5233, {Net})

1690 5233

Browser NetLib

Socket Net Plugins

Shipping a Component ship (Browser, 5233, {Net})

1690 5233

Browser

Net Plugins 5233 Shipped Assemblage Net -> NetLib.1690.Socket

Why Not Always Ship the Entire Closure?

Browser NetLib

Socket Net Plugins 1690 5233

Browser NetLib

Socket Net Plugins 1690 5233

• Components are independently deployable units!
• Off-the-shelf commercial components, libraries
• Updates, patches
• Sometimes not realistic, such as native code

Why Not Always Ship the Entire Closure?

NetLib

Socket

Installing a Component install (shippedbrowser)

3370

Browser

Net Plugins 5233 shippedbrowser Net -> NetLib.1690.Socket 3370 < : 1690

Browser NetLib

Socket Net Plugins

Installing a Component

3370 5233 Net -> NetLib.1690.Socket 3370 < : 1690

install (shippedbrowser)

Cyclic Dependencies Example: System.dll and System.xml.dll in .NET

B

Q 0088 shippedB Q -> A.7421.P

A

P 7421 shippedA P -> B.0088.Q

Cyclic Dependencies

B

Q 0088 shippedB Q -> A.7421.P

A

P 7421 shippedA P -> B.0088.Q

install (shippedA)

Cyclic Dependencies

B

Q 0088 shippedB Q -> A.7421.P 7421 P -> B.0088.Q

install (shippedA)

A

P

Cyclic Dependencies

B

Q 0088 shippedB Q -> A.7421.P 7421 P -> B.0088.Q

install (shippedB)

A

P

Cyclic Dependencies

B

Q 0088 Q -> A.7421.P 7421 P -> B.0088.Q

install (shippedB)

A

P

Browser NetLib

Socket Net Plugins

Updating a Component

7622 5233 Net -> NetLib.1690.Socket

NetLib

Socket 9985 9985 <: 1690, 7622 <: 1690

update (NetLib, 7622, 9985)

Browser NetLib

Socket Net Plugins

Updating a Component

7622 5233 Net -> NetLib.1690.Socket

NetLib

Socket 9985 9985 <: 1690, 7622 <: 1690

update (NetLib, 7622, 9985)

Browser NetLib

Socket Net Plugins

Updating a Component

7622 5233 Net -> NetLib.1690.Socket

NetLib

Socket 9985 9985 <: 1690, 7622 <: 1690

an update is not necessarily an upgrade

Browser NetLib

Socket Net Plugins

Hot Deployment

send timeout readfile start

7622 5233

Flash

Main 3265 flash Main -> Browser.5233.Plugins

h = plugin flash with Plugins >> Main;

Running application

Browser NetLib

Socket Net Plugins

Hot Deployment

send timeout readfile start

7622 5233

Flash

Main 3265

h = plugin flash with Plugins >> Main;

Running application

Browser NetLib

Socket Net Plugins

Hot Deployment

send timeout readfile start

7622 5233

Flash

Main 3265

h = plugin flash with Plugins >> Main; h..start();

Running application

Browser NetLib

Socket Net Plugins

send timeout readfile start

7622 5233

Flash

Main 3265

h1 = plugin flash1 with Plugins >> Main; ... h2 = plugin flash2 with Plugins >> Main;

Flash

Main 3211

Multiple Plugins: Hot Update

Act 3: Invariants, Invariants!

Theorems: Buildbox Well-formedness

• Theorem: no deployment operations can turn

a well-formed buildbox into a non-well- formed one.

• Theorem: no reductions at run time can turn

a well-formed buildbox into a non-well- formed one.

NetLib 1690 NetLib 5429 Browser 5233 Browser NetLib 1690 5233 NetLib 5429 Browser NetLib 1690 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265 Browser 5233 NetLib 5429

Flash

3265

Flash

4423

install update remove execute hot deploy hot update

NetLib 1690 Browser Browser 5233 NetLib 5429 Browser 5233 NetLib 5429 Browser 5233

build ship execute (testing)

Specifying Version Compatibility How do a deployment-site run and a pre- shipping test-run correspond?

Suppose we have a component X...

P m

locating method m imported/exported from P

... int z = P::m(3); ...

2700 n method n X

On The Development Site

X

2700 P m

On The Development Site

execute (testing)

X

2700 P m

X

2700 P m

On The Development Site

execute (testing)

X

2700 P m

X

2700 P m

at run time P::m is bound to assemblage Y version v

On The Development Site

at run time P::m is bound to assemblage Y version v

ship (X, 2700, {P})

X

execute (testing)

X

2700 P m

X

2700 P m 2700 P m

On Any Deployment Site

X

2700 P m

install

On Any Deployment Site

X

2700 P m

install

2700 m P

X

On Any Deployment Site

X

2700 P m

install

2700 m P

X

. .

2700 m P

X

anyLTS steps

On Any Deployment Site

X

2700 P m

install

2700 m P

X

. .

2700 m P

X

any LTS steps execute

2700 m P

X

On Any Deployment Site

X

2700 P m

install

2700 m P

X

. .

2700 m P

X

any LTS steps execute

2700 m P

X

at run time P::m is bound to assemblage Y' version v'

• Y = Y'
• v = v' or v' is a subversion of v

Theorem on Version Compatibility

Future Work

• Keep the platform-independent spirit, with

more expressiveness gains

– security in deployment – distributed deployment (e.g. sensor network

applications)

• A closer look at Java deployment

– an effort to map back to the real world

Related Work

• Many real-world systems
• Formal treatment is rare

– [Buckley, CD'05]: formalized name-binding

• f CLI Assemblies
• platform-specific
• no modeling of deployment lifecycle
• no invariant properties proved

Related Work: Real-world Systems

OSGi InstallShield EJB Manifests Bazaar RubyGems CPAN CTAN CORBA D&C Portage Dpkg RPM JSR 277 CLI Assemblies

Application Buildbox

Related Work

• Many real-world systems
• Formal treatment is rare

– [Buckley, CD'05]: formalized name-binding

• f CLI Assemblies
• platform-specific
• no modeling of deployment lifecycle
• no invariant properties proved

A Retrospective

• For deployment systems designers:

– platform-independent communication – foster next-generation deployment systems

• For deployment system users:

– tools with well-defined user interfaces – tools with provably correct properties

• For module system researchers:

– a foundational study of when and where of

linking