Data Shariug Analysis for a Database Programming Language via Abstract Interpretation
Giuseppe Amato Fosca Giannotti Gianni Mainetto *
CNUCE, Institute of CNR, Via S.M;rria 36, 156126 Pisa, Italy
Abstract subclass of DBPLs in which the data model of persis- tent values is completely integrated into a program- This paper presents an experiment in nsing n fnrmnl tech- ming language. In fact, the guiding principle of Per- niqne for static prngrnm nnnlyais, hnsodan abstract intarpre sistent Programming Languages is the orthogonal per- t.ntion, in the context of persistent progrnmming Inngnngw. sistence: it establishes that persistence is a property The nim of thn annlysis is to dntoct npportnnities for snfe of arbitrary values and all values have the same rights parallelism fnr trnnsnetinn nperatinn sehadnling. Tmnsnctinn to persistence [S]. Specifically, if a Persistent Program- apcratinns cnn he snfely intarlanved when there is no nverlnp- ping among their rends& nnd writ-b. A non-atnndnrd ming Language is designed on the basis of formal se- interpreter perfnrmcl the nnnlysis. This interpreter, given mantics, formal methods for designing, transforming the text of n trnns.actinn nnd n reprascntntinn nf the dntn and optimizing database programs can be exploited. stored in the dntnh.m, oufnmnfica//y derivea in n finite time Indeed, it is a challenging research direction to investi- n11 npprnxirnntinn of the randset and writ-t nf the nnnlysed gate whether, which and how such formal methods can lrnnsnclinn. lnfnrmntian ahtnined from the non-atnndnrd in- be successfully put to work in the database context. terpret,ntinn is provided to the schodnler hefnra haginning the cxrcntion of trnnsactinn operations. In this way, we ohtnin A In the programming language area, a consolidated schrdnler thnt renlism n cnnservntive two-phase lacking pro- class of formal techniques for static program aualy- tocol fnr persistent programming Inngnaga trnnsactinncl. We sis is known as abstract interpretation (AI) [l&3]. It npply the nnalysis to n Iangnage thnt is n signiticnnt snhset is aimed at gathering information on the dynamic se- of Gnlilan. The gnnl of the nnnlyh i.s tn &.teet the nccems mantics of a program or specification to be used by xnlely to shnrc\nhlennd mnclitinhle persistent dntn. compilers, partial evaluators and debuggers, or merely as documentation [9]. For example, logic programming has successfully used AI for detecting properties such 1 Introduction as groundness and goal independence to provide effi- cient specialised parallel execution of logic programs ‘I’hc evolution of Data Base Programming Languages [lo]. Functional programming uses AI to detect strict- (DRPLs), which provide a unifying formalism for data ness and reference independence for efficient graph re- tlcfinition and manipulation, opens up opportunities duction and optimised garbage collection [l]. For exchanging ideas, problems and technical solutions We propose using AI for a novel application, i.e. to bctwecn tbr two areas of databases and programming develop a conservative two-phase locking (2PL) pro- languages. Persistent Programming Languages are the tocol in a persistent system. An aggressive scheduler, that real&s for example a strict 2PL protocol, analyses ‘email:(fosca,~msys}Ocnuce.cnr.it phone:+39-50-593339 iax:+39-50-904052 transaction operations one at a time, and immediately Prrmi,km to copt~ wilhonl fed all or pall of this malcrial D granted decides whether to execute, delay or reject the opera- pmnidrd that ihe rnpirs are not made or dirfribwfcd for direct cam- tion [7]. It has no knowledge of the future operations mrrvial adsnntngr. thr VLDll copyright notice and the lit/r: of the of a transaction. For example, it can decide to exe- pnhlirnlion and il.4 dafr appear, and nnlicr ir ghcn that copying is cute a write operation that will subsequently risk the hy /wrmiasion af thr Iferg I,arJt Data narr: /?ndommcni. To copy nlhrrwiar. or lo republish, reqsimr e fw and/or rpwial permisrinn transaction being aborted because of a deadlock. A /mm the Endnwmrnf. conservafive scheduler should know a prioti the shared Proecwclirlg~ cd the 19th VCDB Cadiircnec data which concurrently executing transactions are go- DuMin, Irclnutl, 1993 ing to access, so that it can prevent deadlock and abort-
405 ing due to transaction conflicts. Almost all database tures whose cardinatity cannot be determined at com- systems traditionally have an aggressive and a conser- pile time: sequences and classes. vative version of schedulers, because there is a perfor- The rest of the paper is organized as follows: Section mance tradeoff between the two types of schedulers and 2 presents the language, the architecture of the sys- each version performs especially welt for certain types tem and the concurrency control protocol; Sections 3 of applications. and 4 introduce thr format framework of non-standard The scheduler can know in advance the set of dat,a access counting srmauticn and its abstract vl*rsion; in that a traIlsaction is going to acccs.9,called rrnff.url crud Srrtion 5 two cxafnptrs art* illustrat~*d; finally !+ctiou (i mrileuel, if thcr trirIlsfwt.iOll programmer prottccIarc:s it. contains ILII HHnc~ssint~ntof the phlpot8cd tc.c.hniqut* ruitl In Persistent Programming Languages, inferring rrad- directions for future ctrvelopr~~e~~k~ set and writeset of a transaction is difficult because persistent data have a complex structure and both persistent and temporary functions may be involved 2 The PPL system in a transaction execution. Thus we propose a tool, based on Abstract Interpretation, that automatically In this section we wilt sketch the language, the architec- performs a static analysis of the program that defines ture and the concurrency control protocol we are using a transaction, inferring an approximation of its readset for our experiment. Restrictions and simplifications to and writeset. the Galileo system have been assumed in order to point We anatyse transactions written in PPL, a language out the crucial issues of the proposed analysis. which is a significant subset of Galileo [3]. PPL is a The language, which we will refer to as PPL (Per- higher order functional language, strongly and stati- sistent Programming Language), is a subset of Galileo cally typed, with single inheritance, which allows an tailored for keeping the most important database con- object-oriented programming style. PPL transactions structs provided by the original languagc~. Marc spccif- can access the most important datastructures provided icatty, PPL deals with classes and objects. It is a higher by Galileo: basic type values, references, records, se- order functional language strongly and statically typed quences, functions, objects, and classes. which allows side effects to values of a limited IIIIIII- The goat of the analysis is to detect the accesses to ber of types: rcfcrences, ctasscn and objrcts. A CIHSS sh.arable and modifiable data structures such as refcr- is a modifiable sequence of objects and an obj& is an ences, classes and objects. In fact, the concurrent exe- instance of a record type with a unique ubject idcnii- cution of transactions can only create inconsistency in fier. Classes can be organised in a taxonomic hierarchy the case of updates. Our idea has been inspired by Hu- through single inheritance. Objects ran have it9 rorw dak’s proposal [15] that uses reference counting analysis ponents both functions which mime methods of ctassi- to reduce the run-time memory management overhead cal object oriented formalisms, and other objects (in- in a first order functional language. Similar problems of stances of other classes). run-time memory management for a higher-order func- Since the analysis for access counting takes place af- tional programming language have also been investi- ter the type checking of the transaction program, the gated in [l 11. language deals with welt-typed expressions. Like in The first step of our experiment consists in defining Galileo, a transaction in 1’1’1, is represrutrd by a lay- a non-standard semantics which extends the standard level expression and starts with the beginning of ttrr one by determining the number of accesses to modi- expression evaluation. An expression can be a COII- fiable data. Informally, every time the real execution stant, an identifier, a user defined function application accesses a reference or a class or an object, a corre- or the application of a language primitive. The syntax sponding access counter is incremented in either read of an expression of PPL is defined as follows’ : or write mode according to the executed operation. The second step consists in defining an abstraction of the non-standard semantics that guarantees the ter- mination of the analysis. The termination relies on the fact that the abstract execution operates on finite ab- stract domains of values. The main choice is to use a finite set of “typed” locations as an abstract domain c,p E con (conatsnts and primitives) where abstract values of the corresponding type are I, lb E Ide, Lab (identifiers and field names) cl, f, e, r, o, 1 E Ezp (expressions) stored. A special treatment has been proposed for ab- stract dynamic data structures, i.e. the data struc-
406 l’riluitivrs arc defined for each b&c and constructed the shared persistent environment. Inside a transac- type, and allow specific operations on values of that tion, local values can be declared for the sake of compu- type, for instance fwsignment on references, field se- tation (construct use-in). Figure 1 shows the architcc- leclion on records and so on. The other primitives are ture underlying PPL. It adopts the client-server model the language constructs for flow control and declara- that is typical of Object Oriented Databases and Per- tions such as if - then - else, sequencing, use, etc.. sistent Programming Languages architectures [12,13]. The following are some primitives which play a sig- The server handles the shared persistent store, i.e. the nificant role in the counting of access to modifiable and database, and the shared persistent environment that sharablc data structures. contains mappings from global identifiers to locations of the store. The scheduler is the module of the server 0 References: devoted to concurrency control. When a client begins a var(e) : creates and returns a reference value session, it loads a copy of the shared persistent environ- to the value e. ment from the server to solve locally identifier bindings and to use the communication network only to access at(l) : returns the value referred by 1. the stored values. A session consists of sequential exe- +-(1,e) : assigns the value e to 1. cution of many transactions. The concurrency control protocol used by the trans- l Classes and Objects: action scheduler running on the server, is the conser- class0 : creates an empty class. vative two-phase locking. Briefly, this protocol [7] en- tails knowing the read and write set of each transaction insert(+, r) : creates an object, inserts it in before its execution, if all data are available they arc the class identified by z and returns the ob- locked till the end of the transaction. This protocol ject identity. The object is created from the avoids deadlocks but needs the programmer to declare evaluation of record P. the read and write set for each transaction. Our idea is specialise(0, T, 2) : specialises the object o that the static analysis could supply this information. by adding the fields of record r and inserts it The following example shows the population of into the subclass identified by 2. class base with the object (a : var(l), b : var(1)) and the population of the subclass sub with the object Type checker \ PPL static analyser copy of Shared Persistent Environment . . Lz I Transfer unit: oblect \ Shared Persistent Environment Conservative scheduler Shared Persistent Store Figure 1: Architecture of the PPL system execution. To this aim we redefine the evaluation of through the locations which refer them. Each loca- all the language primitives so that whenever a modi- tion is also associated with a read counter and a write fiable element is accessed,its number of read or write counter. Object identity is established by the location accessesis incremented accordingly. In this approach, where the object is stored. Objects also carry the in- the readset and the writeset of a transaction are rep- formation on the classes they belong to. resented by the set of elements with a positive number The ezact semanlics is defined by the function: of accesses. ‘R:Ezp+BvewSt-+Ane where Am = Val x Bve x St. Function ‘R and its ab- Exact semantic domains stract version AR, presented in the next section, are The following are the semantic domains on which the defined by structural induction on the terms of the ab mapping between syntactic and semantic denotations stract syntax of the language. The rest of this section rely: presents the equations of R which are relevant to the Eve = Ide d Vol Environment access counting. Particular emphasis is on the equa- Vd = Bsric + Rae + Set + Pun + L jval V8h# tions dealing with classes and objects. An exhaustive Beaie = (none) Buic v&a Ruords presentation of ‘R and can be found in (51. stqutnca Fun = Vol. 4 St - (Vol x St) Functions LJvol = Lot Ft4ftmllca Exact semantic function Ljobjcet = toe Identity of objectr Lfcl$ws = Lee Claw point- l$e evaluation of at (the reference access primitive) Loe = Nal Location8 store = Re x WC x Rpol Access countem ‘R [d(t)]bW Jl = Rc = Not Read accaa count-m let < lee, but., ,rll >= R[flbvc rt Write acceu counters WC = Nat ual = rh(loe) 1R **I Rgvol = Vol + Clara + Object Stomblt mlua rta = rtr[< ( at1r be) ld + l,rtl(loe) lwo,vat > /W Object = Rce x LJelorr’ Object8 in < uol, hue,rts > Clorr = Ljobjeet* CIUMW ‘To rtltct l component from an element of a Cart&en product, the operator 1 in adopted, followed by the name of Values of basic types are irrelevant and are eval- the component domain; e.g. if ens E Anr then on8 Jv,lE uated to the special value none. Modifiable val- Vol. Wbca more than one component have the same domain ues, References, Classes and Objects, are accessed name an index ir wed to rolve the ambiguity. 408 Ilcre the argument of al is a reference. Since the prim- R[remoue(a)]bua Jt = itive al reads the reference content, we increment the let < foe, buel, Jt, >= R[e]bue Jt < Cll,. . I elm >= Jtl(loc) h~oi.,, read counter of the reference. Jt? = Jtl[ The object el is specialised with the fields of e2. The Aloe,,,. = (1, ...I oldloc,vra,old_locl,,. t 1,. . . , old-loct,,. + mat-foc~,,.) temporary variable updatedabj is a pair. The first element contains the extension of the record referred by Here oldloc is the initial number of non-free locations el with ea3. The second element contains the sequence in the global store; maz-lot is the number of new lo- of clssses to which the object belongs, including the cations that are expected to be used during the trans- new class specified by t. The object is stored in its action execution. mazluc is defined as the number old location lot, and its identity is also inserted in the of occurrences of constructors that initialise new lo- extension of subclass r. Finally, read/write counters of cations. Consequently, there is a one to one corre- both class and object are incremented. spondence between constructor occurrences and new ‘Record redefinition is obtained using the metsfunction locations: whenever the same cogstructor occurrence 0: f[f’](z) = f’(s) i/ I E dona( f(s) elsewhere is evaiuated the abstract evaluation returns the same 409 location, whereas the exact semantics would initialise s The abstract store for sequencesis: a new location every time. Ad, = Aloe, + (P(Aleq) + {Jrcc)) There are other ways to choose the value of mazloc. For instance it could be defined as the product of the where an abstract sequence is: number of occurences of the constructor by the number of occurences of calls of the function which uses this Ascq = Len x Par x (Por - P(Avol)) constructor. The way we choose mazloc establishes the accuracy of the analysis, it is a sort of tuner of To represent sequences we use an array of sets of ab- how many concrete values will coincide with the same stract values. The sequence elements are inserted cir- abstract value. cularly in the array. So if, for instance, the length of The store that in the exact semantics was a func- the array is n, then the i- th element of the sequenceis tion from locations to storable values, is now a product stored in the position ((i- 1) mod n) of the array, The of functions from typed locations to a set of abstract least accurate approximation is the one with an array storable values of length 1, where all the elements of the sequence are Ad = Astr x Ad, x Ad, x Ad, collected into a single set. Increasing the length of the array will augment the accuracy of the representation. In the following we discuss every single abstract store. The first two fields of the abstract sequences denote the length and the first free position of the array re- l z’s abstract store for references is defined as fol- spectively, while the array is a function from position Aat, = Aloq - (Aoc + {/we}) to abstract values. where: The following are the domains which represent the Aa.2 = Arc x Awe x Argvol sequence length and the next free position respectively. Argval = P(Aval) + Aclarr + P(Aobjcct) Arc, Awe = to,~l Len matJeg, 00) An abstract location is associated with its abstract PO8 1 I:l-m,...,maz-pw- 1) read and write counters and with either a set of ab- On the Len domain the following operations are de- stract values, or a set of abstract objects or one abstract fined: class. In fact, in our language classes can be declared only at top level, so we can have only one application 2 +’ n = ij(2 + n) 5 mazseq then(2 + n) of a class constructor. Arc and Awe are two-value do- elee 00 mains: (0, oo) with the intended meaning not accessed c- In = ijz = 00 then 00 and accessedone or more times. The meaning of the else 2 - n abstract value 00 is that the corresponding exact loca- tions cannot be released before the end of the trans- On Pos domain is defined: action. There might be other interesting abstractions, for instance the set { 1, . . . , mazac, oo} represents ex- z +p n = (2 + n) mod mazpos plicitly how many times a data structure is accessed. In our case the policy used by the scheduler only needs l The abstract store for functions is: to know which data have been modified, but other op- timizations could rely on how many times a structure Ad/ = Alec, + (A fun + {free}) has been touched. In [5] the safety of abstract interpre- tation has been proved with respect to the latter choice where which is more restrictive than using {O,oo}. Ajun = (P(Avol))* - AJt - P(P(Auol) x Aat) l The abstract store for records is: Ad, = Aloe, * ((Lab +Jie P(Avol)) + {/~cc}) The primitive junction has a special treatment. In the exact semantics when the same primitive is executed a We choose not to repeat the labels of the fields of the second time, a new closure is generated. In the case abstract records associated with an abstract location of abstract semantics the second closure abstracts the because they never change. In fact a single abstract previous, so we can store only the last one. As a con- record (and not a set of abstract records) is associated sequence, only an abstract function will be associated with an abstract record location. Therefore each field with a function location and not a set of abstract func- of this record can carry a set of values. tions. 410 l The abstract domains for objects and classes are d’R[at(e)] returns a set of triples whose first compo- defined as follows: nent VAL is the sum of the values stored in the set of location LOCI returned from the abstract evaluation Aobject = Arecord x Aclasees of the argument e. Moreover for each location the read Aclass = Len x Pos x (Pos + P(Aloq)) counter is set to 00. The abstract evaluation of the assignment is: where the domains: AR [- f, e)]ObUe 4Jt = {< \ none) ,obve,aJt,7 > I Arecord = P(Aloc,) < VAL, abuq, aJtl >E AR[e]obue art Aclaseea = P(Alocr) < LOCI, obue2, OJta >E AR[l)abue, OJtl art, = ‘JJ:a 1A.q OJt; =OJt,[< aJt&OC) lArc,m, (artt(foe) lAred) U VAL > /lee] denote the abstraction of the record representing the Vloc E LOCI object and the set of classesto which the object belongs respectively. The abstract domain for classesis similar 1 is evaluated with respect to all the store-sreturned to the domain for sequenceswith the difference that a by the abstract evaluation of e; then all the stores are class can only contain objects. updated with the evaluation of 1 and the write counters Notice that we do not need ad hoc abstract stores are set to 00. for classes and objects. In fact the reference store can be used because classesand objects are modifiable ele- AR[~la~J.~]abve art = ments. {< {et} , abve, art’ > 1 l The abstract environment is defined as follows: Abue = Zde -+ P(Aua1) Each occurrence of the primitive class has a loca- tion cl associated with it. The abstract interpretation associates an empty class with this location and prop- where an identifier is associated with a set of abstract agates the previous read/write counters through the values. store ast’. AR[inrertr..(t, e)]abuc art = Abstract semantic function {< {loC),abue,OJt’ > 1 cl E abvs(o) < LOC,, abve,, aJtl >E A8(e]abve art The abstract evaluation of an expression returns a set obj = < LOG, {cl) > of abstract values, in fact it has to mime all possible ortl = ,JJtl 1 Adi objr = OJtl(C/) 1 Ad, paths of the exact execution. The most intuitive exam- art; = If art,(loc) = /ree ple is the execution of the primitive if - then - else, then ortl[< O,O,{obj} > /lo-z] elm aJt~[coJt~(loc) h, aJtl(loc) lwc, where the results of both alternatives have to be con- a*hW) IA~~+-I u{obi) > /W sidered. art; = art;[< a~,m,in(objJ, {lee}) > /cl] The abstract non-standard semantics is defined by art =< OJty, aJt 1Ad.# aJt iAd, ,aJt lAutl > ) the following function: A new object which contains the set of records LOG’, returned by the evaluation of e is created and inserted AR : Exp -+ Abue ---) Ast + P(Aans) into the class cl. The function in inserts a set of ab- stract objects in the first free position of the array rep- where the abstract answers are: resenting the class. The abstract read/write counters of the class are both set to 00, while read/write coun- Aans = P(Aual) x Abue x Ast ters of the other objects of the class remain the same. This implies that inserting an object into a clsss can The next equation defines the abstract evaluation of be executed in parallel with any other operation on ob- the primitive at: jects of that class if they are reached from somewhere A72 [at(e)]abue aJt = else. {C VAL,abur,aJta > 1 C LOCI, abuej, aril >E AR[e]abuc aJt A~[rpeeializc(e~, e,,r)]abue aJt = crtl = aJ:t hi, t< Lot,, abut. art’ > 1 VAL = U{aJtI(tOC) ~A,J..I 1 be E LOC,} cl E- bbuc(&) OJt; = OJtI [< W,aJtl(fOC) hc,OJ:i(tOC) ~,w,,v.I> /lOC] < LOC~,obuel, art1 >E AR[el]obue ort Vloc 6 LOCI < LOC,, abuq, arta >E A?Z[e&bvc aJtl art, = aJt2 lA& 411 he, E tot, and abstract values of the various types of the language. fUP = arf .(loc,) Firstly, correctness for basic domains is defined, then it oat1 = a+2 lA*t, oaf: =asf,[([(fup(lab)u arf,(foc:)(lab))/lab] is defined for structured domains until correctness re- Vlab E Lab)/loc:], lation between the functions of semantic interpretation has been defined. Finally, it is proved that AR and 72 applied to PPL sentences are correct. asfj’ = o8f;[< ~,m,in((a#f;(d) lArw.a,,,,OC,) > /cl] aat =< a#(‘, ‘=*f:,asf JAM,, ad iAd,>) Def. 1 Consider the functions A3 and 3 A3 : Exp + Abue -* Ast + Aans and This operation is very expensive. LOG’, is the set 3 : Exp + Bve + St -c Ans. of records with which to specialize all the objects in A3 spun 3 mboxi f f LOCI: each object will have k new fields with a set of (Vabve E Abue, ast E Ast, bve E Bve, st E St, e E Exp: abstract values for each of them. < abve,ast >cE,“< bve,st > + A7Z[remoue(c)]abve art = (d3[e]abve ast CA 3[e]bve st)) {< { none),ahe,orf > 1 < LOCI, abvc,, aa11 >E A’R[e]obvc 081 The above definition says that two functions are re- a--f1 = a.'tl lA,l, zoc, E LOCl spectively correct if applied to the same expression in obj E ash(h) Lrgvm~ environments and stores which are respectively correct produce results which are respectively correct. Cor- rectness between results is established by the existence of at least one abstract result in the set returned by The abstract removal of an object consists in chang- the abstract evaluation which is correct with respect ing the positions of the elements in the class. The ab- to the exact one. This statement is established by the stract elements in position if), are duplicated in posi- following: tion ifh - 1 because we do not know which element has really been removed (this task is performed by the Def. 2 Lel S E P(Aans), t E Ans, function arem). Correctness is thus preserved, but if a (S CA 1) ifl((3s E S such fhat s ~~~~ t) V(t = LA,,,)) single transaction requires matpos removals, then all Finally the following proposition establishes correct- positions contain all abstract elements. In this case the ness between the abstract and exact semantics: accuracy of the analysis is poor, but it will not affect abstract execution of other transactions. Proposition 1 AR is correcl respect with 72, ifl AR CFun ‘R 4.1 Correctness and termination The termination of the analysis is guaranteed by the In [5] the correctness is formally proved of an analysis finiteness of the abstract domains and by the monc+ with the domain of the read/write counters equal to tonicity of the function that performs the analysis on (0, *. 1, mat-q oo} instead of (0, 00). The parameter such domains. In fact, the only condition in which our mazac is an estimation of the maximum number of analysis might not terminate, is when a fix point op- accesses a transaction can do on a data structure. This erator is involved in the evaluation of a sentence; but analysis is more general than the one presented in this the fix point operator is always used with monotonic paper, in fact it determines how many times a data functions defined on finite domains, hence the fix point structure has been touched. From a correctness point is finitely computable. of view the results obtained in the general case hold in our restriction. Informally, the abstract evaluation AR is correct 5 Examples of abstract evalua- with respect to the exact evaluation 12, if the num- tion ber of accesses to each location obtained with R is less than or equal to the number of accesses to the corre- In this section two different examples are shown. The sponding locations obtained with AR. This means that first uses the construct if-then-else whcee evaluation a scheduler based on this information will lock more or returns a set of sets of tuples. The second is concerned equal data than those requested by the real execution, with our real objective: to gather information for the but is granted to be deadlock free. scheduler of transactions in a database. This example The proof of correctness is formally developed by only illustrates a few steps of the abstract execution defining a family of typed relations Etypc between exact and highlights the final results. 412 Example1 (use (emp, get (employees,cond”)); Let the following he the abstract evaluation for the (us+w3r, -troc4(team,. . .,seq(),. . .)); construct if - then - else. speciaIiae(emp,mng,managers))) AR(iJ(p,t,c)] nbve art = u{( AR[r]obue’ ast’ U AR[e]obve’ oat’) 1 The index at the occurrence of each constructor like < {none), obve’, osi’ >E ARlp]abve art)) insert,bj4 represents the location on which it oper- ates. The concurrent execution of the above transac- Then abstract evaluation of the expression: tions might lead to deadlock because the former reads w> (@4z), loo), + (2, lo), - (Y, 10)) the class managers and updates the class employees, while the latter reads the class employees and updates w.r.t. the environment: the class managers. ahe = {to, th, Wd), (Y, t~wl))) Tables 1 and 2 show the initial abstract environment and the initial abstract store for this example. and the store: The abstract interpretation of transaction Tl re- o*tr = t( loci 8 < ‘1, Wl, {none) >), (locz, < Q, ws, {none) >), turns the store in Table 3. In the table, the identi- (IoQ7, < rs, q3, {none) >)I fiers in bold denote items involved by the first trans- returns the set of triples: action which reads the locations ~12, objl, and up- { < (none), dates the location cl,. Table 4 shows the abstract ~(~~~~o~l,h4)),(Y, thd)l, store returned by the abstract interpretation of the (( loci. < (0, 00,{none) >), lo-q, < co, co, {none} >), (hi, < r3,w {none) >)I >, second transaction. The abstraction of primitive get < {none), returns all objects of class employees, so the transac- tt=n tlocl, rq)),(Y, tloci))), (( loci, < m,wl, {none) >), (kd, < m,w2, {none) >), tion reads the locations cl1 , objl, objz, objs and updates (loc3, < ~R,w, {none) >)I >I c/a, objl, objz, objs. Comparing the results the sched- uler detects the risk of deadlock. In this case the conservative scheduler will consider to sum of the returned triples and will lock locations 10~1, locz and 10~3 which contain z and y values. 6 Discussion and further work Example2 The results presented in this paper are the first part of our experiment. They confirm that we can obtain a Consider the following expressions defining a database correct approximation of the read/write set of a trans- schema: action by static analysis with respect to a snapshot of the environment and the store. An implementation of use ret employees class such an approach must consider that the global store employee H is affected by the execution of other transactions, i.e. (I name: string it has to deal with concurrent accesses to the store. and code: string Two important questions are involved when assess- and boss: var(manager) ing the applicability of this approach in the Data Base and . . . I) context: managers subset of employees class manager H l what is the cost of the analysis in terms of space (I is employee and time, and how much does it affects the effi- and team: var ( seq (employee)) ciency of a transaction execution? and . . . I) ; l is the information gathered by the analysis signif- Every employee has one manager, while every man- icant, i.e., is it really useful for realistic optimiza- ager hti a team composed of a modifiable sequence of tions? employees. The following transactions Tl and T2 pop- ulate the previous schema with an employee object and Both the answers to these questions are concerned a manager: with the granularily of the analysis. In fact, the ac- curacy of the analysis depends on whether the abstract (use (mgr, get(managers,cond’)); representation of database is finer or coarser. The (usc(etnp, rectloe4 (name,code,boss,. . ., finest abstraction is the one corresponding to the ac- ‘Smith’,l234,var(seq(mgr)),. . .)); tual database: each object which is in the Data Base at inSC!rtobj4 (ernp,employees))) the moment of the transaction execution is represented. 413 Table 1: Initial Abstract Envinronment. Table 2: Initial Abstract Store. Table 3: Final Abstract Store for Tl. Table 4: Final Abstract Store for T2. 414 The coarsest abstraction is oue where only the types 141G. Amato, F. Giannotti and G. Mainetto, Anal- atlcl th(* classes declared in the global environment are ysis of Concurrent Transaction in a Functional rc~prrscnlSc*cl. Brtwcrn these two cxtmmes there is a Database Programming Language, Proc. Work- wholr range of intermediate possibilities, which corre- shop on Slalic Analysis, Bordeaux,174-184,1992. spond to trade-offs between accuracy and cost of the analysis. 151 G. Amato, Definizione di un Znierprete Astrutio per I’oitimizzazione dell’esecurione di imnsationi, Our analyser provides some tuning mechanisms to control the granularity of the analysis i.e. the parame- Tesi di Laurea, Dip. di Informatica di Pisa, 1992. ters which specify the size of the abstract domains. An PI M.P. Atkinson and O.P. Buneman, Types and example of such a parameter is the cardinality of the Persistence in Database Programming Languages, abstract classes (the length of the array which simu- ACM Comp. Surv., Vol 19, No. 2, 105-190, 1987. lates the extension of the class) which establishes the ratio between abstract objects and concrete ones. For PI P. Bernstein, V. Hadzilacos and N. Goodman, instance, an interesting analysis can be obtained by Concurrency Control and Recovery in Database representing classes (and sequences) with an array with System, Addison-Wesley, Cambridge, MA, 1987. contains a single representative object. This choice is P. Cousot and R. Cousot, Abstract interpreta- based on the fact that abstraction of search operations PI tion: An unified lattice model for static analysis always returns the indistinct set of all objects in the class. The resulting analysis is very efficient. in fact, of programs by construction of approximation of the abstract locations are statically determined (corre- fixpoints, Pmt. 4th POPL, 238-252, 1977. sponding to different occurrences of the constructors), PI P. Cousot and R. Cousot, Static determination of so, the only things that can change in a recursive call dynamic properties of programs, Proc. of the 2nd are the counters of the objects. In this case there is Znt. Symp. on Programming Languages, Dunod, only one object thus yielding to a fast convergence of Paris, 1976. the fix-point computation. Further study is needed to learn how to use these PO1P. Cousot and R. Cousot, Abstract Interpretation tuning mechanisms. We believe that this knowl- Frameworks, Jour. of Logic and Comp., 1992. edge cau be gained from experiments and. that the A. Deutsch, On determining lifetime and aliasing mechanisms can be correlated with other application- WI of dynamically allocated data in higher-order func- dependent parameters such as the concurrency rate. tional specifications, ACM Symposium on Prin- This part of the experiment is currently under study. ciples of Programming Languages, San Francisco The first next step is the development of a prototype CA, 157-168, 1990. of the analyser and its integration with the existing PPL system, so that the analysis, the scheduling and PI D.J. De Witt, P. Futtersack, D. Maier and F. the execution of transactions coexist and interact. The Velez, A study of three alternative workstation- second step is to test some significant case studies in server architectures for Object Oriented Databases order to evaluate the performance figures obtained. System, Proc. of VLDB ‘90,107-121, Brisbane, Australia,1990. 1131 M. Di Giacomo, G. Mainetto and L. Vinciotti, References Gestione della persistenza e delle transazioni nel Sistema Galileo Distribuito, Sislemi Euoluti per S. Abramsky and C. Hankin (eds), Abstract infer- PI Basi di Dali, Gizzeria Lido (CZ), I, 1993. prcfolion of declamliue languages, Ellis Horwood, Chichester, UK, 1987. PI J.V. Joseph, S. M. Thatte, C. W. Thompson and D. L. Wells, Object-Oriented Databases: Design PI S. Abramsky, Abstract Interpretation, Logical Re- and Implementation, PTWC.of IEEE, Vol. 79, No. lations, and Kan Extensions, Journal of Logic and 1, 42-63, 1991. Compulalion, Vol 1, No.1, 1990. 1151 P. Hudak, A semantic model of reference counting PI A. Albano A., L. Cardelli and R. Orsini, Galileo: and its abstraction, Proc. of ACM Symposium on A Strongly Typed, Interactive Conceptual Lan- Lisp and Functional Pmgmmming, 351-363, 1986. guage, ACM ‘ZIunaaction on Daiabase Systems, Vol. 10, No. 2, 230-260, 1985. 415