Formalising Actors in Linear Logic - Semantic Scholar

Formalising Actors in Linear Logic John Darlington Yi-ke Guo Department of Computing Imperial College 180 Queen's Gate, London SW7 2BZ, U.K. E-mail: jd, [email protected] Abstract

We present a logical formalism of the actor-based concurrent object oriented computation in terms of the deduction in linear logic. By encoding messages and objects in the actor model as formulae of linear logic, the distributed state of the actor computation, regarded as a con guration, can be represented as a multiset of object formulae and message formulae. Methods are encoded as a special form of logical implication describing the eect of the communication between objects and messages. With this logical encoding, actor based concurrent computation can be fully modelled as a deduction procedure in linear logic. In the paper, we provide a detailed mapping of the actor model into the logical system. It is shown that, with such a mapping, the logical semantics of actors can be developed.

1 Introduction

Concurrent interaction between objects is an intrinsic feature of object oriented systems. However, this feature has not been formally studied since there seems to exist no agreement on a semantic foundation for concurrent objects. The actor model proposed in [AH88] is perhaps the most well known approach so far to provide such a foundation based on a very exible communication mechanism. In the model, concurrent computation is characterised as a communicating interaction between messages and objects. Concurrent agents, or processes, are represented as actors carrying the actions in response to processing communications. Methods are used to describe the eect of these communication events with respect to an object class. Although the actor model has been intensively studied and used as a general framework for modelling concurrent objects, its underlying logical structure has not been fully explored. This is partly because that logic systems developed so far mainly describe unchanging mathematical structures such as sets, functions. These logics are weak to deal with interaction and change which are central to the concurrent objects (actors). It becomes clear that a logic system modelling concurrent objects should support the reasoning about actions and change. In [Mes89], Meseguer proposed a logic system, called rewriting logic, as a uniform concurrent computation model. In [MW91], Meseguer applied in the logic to 1

establish a framework for modelling concurrent object oriented systems by formalising the actor model as a concurrent rewriting system. In the logic, an object is represented as a term hO : C j a1 : v1; : : : ; an : vni where O is the object's name, C is its class, the ai are the names of the object's attributes and vi are their values. Each con guration is represented as a multiset of objects and messages specifying certain actions on their destination object. Such a multiset is formed in terms of an ACI constructor regarded as parallel composition. The multiset structure of the con guration allows the concurrent application of rewriting rules. Intuitively, applying a rule is caused by a communication event when messages meet the objects to which they are sent. The system evolves by concurrent rewriting (modulo ACI) of the con guration by means of rewrite rules speci c to each particular system. By taking rewriting as the basic entities, rewriting logic provides a means to specify action and change. Rewriting of objects gives a precise logical understanding of the notion of \become" in the actor model which is about the change object states. However, rewriting logic lacks rich structures such as quanti cation mechanism which are crucial for modelling some basic features of the actor model such as asynchronous communication, local states and acquaintances. In this paper, we present a new semantic model for actors in terms of linear logic. We show that the messages and the objects in an actor system can be uniformly represented as formulae of linear logic. The con gurations of the computation can be represented as a multiset of interacting object formulae and message formulae. Methods are modeled as a special form of logical implication describing the eect of communication events between objects and messages. Concurrent computation is modelled as a concurrent transition system by applying methods. Such a transition system precisely corresponds to a deduction procedure in linear logic where linear modus ponens forms a uniform rule for modelling communication. It is shown that the new framework provides a general and powerful foundation for investigating actor-based concurrent computation. The paper is organised as follows. The actor model is discussed in section 2 by presenting an actor-based concurrent object oriented language. In section 3, we present a lineal logic model of concurrent computation. Linear logic is introduced by emphasising its deduction structure and its use of modelling concurrent computation. A linear logic process calculus is presented as a meta language for describing the computational behaviour of the actor model. The logical meaning of the concurrent actor computation can be formalised by encoding systematically the actor language in the linear logic process calculus. As presented in section 4, the linear logic encoding provides a precise mathematical understanding of the concurrent behaviours in the actor model. The related work and future research will be discussed in the conclusion.

2 The Actor Model

The main feature of object based concurrent computation can be characterised by identifying processes with objects, inter-process communication with interactions between objects. The naturalness of concurrent objects comes from our intuitive understanding of ordinary objects and their interactions in the real world. In this 2

sense, presenting or formalising concurrent objects and their interactions, i.e. concurrent object-oriented programming, should be conceived as modelling the properties of concurrency in the world. This idea can be traced back to the design of the Simula language in the later 60's, and has been comprehensively elaborated by the recent development of the actor-based concurrent computation models. In the actor model, actors are concurrent communicating agents which carry out their actions in response to processing communications. All actors have names as their own unique mail addresses (or called mailboxes), and have their local states. The mail address may be communicated to other actors just as any other ordinary messages. Thus, mail addresses of actors provide a simple mechanism for dynamically recon guratting an actor system. The only way to aect the behaviour of an actor is to send it a message. An actor can only refer to its acquaintances, i.e., the information it was created knowning about, those it learned about from messages it received, and those it created. An actor can only send messages to acquaintance actors and only creat actors whose acquaintances are a subset of its own acquaintances. Upon receiving a message, an actor carries out the actions speci ed by the message. The actions an actor may perform include:  send communications to itself or to other actors  creat new actors  change its own states or behaviours Changing the behaviours of an actor can be realised by designating a replacement actor to serve the subsequent messages received at the mail address. Replacement implements the change of states and behaviours of an actor while preserving the \referencial transparency" of the identi er which always denotes that object. In the actor model, computation state, which is called the con guration, is presented by a set of messages and a set of actors. Interactions between messages and actors, and actions actors taken in response to the receiving of messages take place concurrently. The behaviours of sending messages to other actors or creating more new actors will spawn more concurrency. Moreover, the interaction between messages and actors are nondeterministic: an actor may interact with dierent messages depending on the arrival order of messages towards the actor. Such a nondeterminism is referred as arrival nondeterminism. We present as following a simple actor-based concurrent object oriented language based on the Act3 system presented in [AH88]. < class definition > ::= class < class name > with < variables >:< methods > < method > ::= f< messages pattern >=>< actions >g < message pattern > ::= message name(variables) < action > ::= send(< mail address >; < messages >) j become(< class name >; < arguments >) j let < bindings > do < actions > j if < constraint > then < actions > else < actions > < message > ::= message name(arguments) < binging > ::= < variable >:=< class name > (< arguments >) < constraint > ::= boolean expression 3

An actor class is de ned by its name, parameter variables representing the local states (acquaintances) of an actor and the de nition of methods specifying the actions that an actor may take upon the receiving of various messages. Actions are presented as the four commands. The send command takes two arguments, its mailing address which is the name of the target actor, and the sending message. The result of the command it to send the message to the target actor named by the mailing address. The become command speci es the change of the behaviour of the computing actor. It can be regarded as rewriting, i.e. replacing the actor with either an actor (with the same name) of other class or its own new version with the local states changed. The conditional statement is used to state the alternative actions with respect to a conditional. A let command binds the names of newly created actors in the body of the command. The following example is a well known example of modelling bank accounts (quoted from [MW91]). A bank account has a balance attribute and may receive messages for crediting or debiting an account or transferring funds between two accounts. class Account with x fcrediting (val ) ) become Account (x + val ), debiting (val ) ) if val  x then become(Account, x -val ) else become(Account, x ) trans (val, B ) ) if val  x then become(Account,x -val ),send(B,crediting (val )) else become(Account, x )

g

An instance actor of the class Account can be created by the let statement: let A = new Account (v ) do : : :. where v states the initial balance of the created account A. An instance actor (object) of the class Account has a state variable x presenting its balance. The actor handles three messages crediting; debiting and trans. A message crediting(val) takes an argument val representing the amount of money paid to the account. When the account receives the message, its recent state is changed in terms of the become command, by adding the credited money to the account. On the contrast, when the account received the message debiting(val), its recent state is changed by reducing the debited money val from the account. The message trans takes two arguments val, representing the money to be transformed and the mail address B indicating the other account where the money is going to be transferred. When the account receives the account trans(val; B ), its recent account is modi ed by reducing the transferring money and the money is credited to the account B by sending it a message crediting(val). Although the language is declarative, a concise representation of its computational model is not trivial. In fact, actor based computation is always speci ed in terms of transition systems modelling the evolution of the con gurations in the style of Plotkin's structured operational semantics. However, such a formalism leaves many important mechanisms of the model unspeci ed. For example, the asynchronous communication protocol and the arrival nondeterminism of the 4

message?actor interaction can not be directly modelled by using the transition system. It becomes even more hard to conceive some advanced features of the model from the transitional representation. For example, the mobility of communication for the dynamic recon guration of the communication structure realised by communicating mail addresses can not be explicitly re ected by transition systems. The notions of local state and acquaintance are also presented informally in the transition systems. All these indicate the necessity of a mathematical meta language to describe the sophisticated concurrent behaviours of the actor based computation. Process calculus, such as -calculus, may be employed. However, these calculus are generally based on some kinds of synchronous communication mechanism. This fact results in the diculty for a straightforward encoding of the actor model based on asynchronous communication. In the next section, we present a fragment of linear logic as a logical meta language for modelling a wide range of concurrent computation models. In particular, we will show that the logic system provide a formalism of the actor model where the operational semantics are precisely captured by the deduction system of the logic.

3 A Linear Logic Model of Concurrency

Linear logic was proposed by Girard as a logic for modelling computational systems [Gir87]. In linear logic, the structural rules for weakening and contraction are dropped. Therefore, it is not possible to copy or discard arbitrary formulae during a deduction. Logical formulae become resources which may be consumed by deduction. This property makes the logic ideal for specifying computational systems, and particularly concurrent computation. In the appendix, we present linear logic by its sequent system where ? is adopted as a basic logical operation rather than a derived operation. A comprehensive description of linear logic can be found in [Gir87]. Using linear logic as the logic foundation of concurrent programming stems from the concurrent computational interpretation of linear deduction. Consider the sequent ? `
as consuming the resource of ? to meet the requirement of
. A linear proof becomes a resource construction/consumption procedure where the root of the proof tree describes the initial state of a computation which proceeds by expanding the frontier of the partially constructed tree. The collection of leaves presents the current state of the computation. Due to the duality of the logic, we need only consider the assumption part ? of a sequent ? `
which is viewed as a multiset of resources. These resources may be transformed into new resources by applying the inference rules (left-rules). The formulae in ? can be regarded as concurrent processes. Logic operators (connectives and quanti ers) become combinators of the processes. Regarding each sequent as a state of the computation, the operational semantics of these combinators are provided by identifying state transitions of the computation with the inferences of the logic. The proof tree as a whole records the history of computation. Thus, we can select an appropriate fragment of the logic as a process calculus. From a logical point of view, any statement of the calculus is a logical formula, whereas, from a computational point of view, a formula is a process. The concurrent computation of the language is modelled by deduction in the logic. The following 5

analogies arise:

Logic Computation Formula () Process Sequent () Con guration Deduction () Concurrent Computation Following this principle of \formulae as processes, proofs as computations", basic constructions for concurrent computation can be straightforwardly related to an operational interpretation of linear deduction. A detailed description can be found in [Guo93]. We will now present a logical process calculus as a meta language for the operational behaviour of the actor model. The calculus is based on the intuitionistic linear logic [Abr90] and is a subsystem of the CDC calculus proposed as a uniform model for declarative concurrent programming [Guo93]. We rst present the syntax of the language. Let A; x; t; c be the syntactical variables ranging over agents, channel symbols, terms and conditional expressions respectively. The language has the following syntax:

A =4 1 j x(t) j !c ? A j 8x: m ? A j A A j A&A j 9x:A j !A

unit atomic communication condition communicating method parallel composition choice hiding storing

where the syntactical variable m ranges over a set of receivers de ned as

m =4 x(t) single receiver j m m multiple receiver A condition c in an implication !c ? A is generally a preinterpreted formula. We assume that a built-in theory to de ne the meaning of the symbols justifying its truth. Communicating methods are generally of the form (8x:p1(x1) : : : pn (xn) ? A): They are also called multiheaded clauses and the atomic propositions pi (xi) are called the heads of the clause. When a clause has only one head, we call it single-headed. Computation is to take these methods as rewriting rules to reduce a multiset of formulae into a store of atomic communications. Each application of a method forms a multiset rewriting step. 6

The concurrency of the computation is re ected by using the multiplicative conjunction as an operator for parallel composition. Its deduction rule ?; A; B `
?; A B `
can be understood as decomposing the resource A B into the resources A and B in the context ?. Consider the deduction rule (& `): (& ` 1) ?;A?;A&B`
`
(& ` 2) ?;A?;B&B`
`
The deduction can be regarded as choosing one of the component of A&B to verify the sequent within the context ?. Since computation is to search for a successful proof, the choice may be in uenced by other formulae in ? (i.e. the environment). This corresponds to the \external choice" in concurrent programming [BG90]. Thus, don't care non-determinism (committed-choice), for which the arrival nondeterminism is a special case, can be uniformly modelled in terms of additive conjunction. Communication between processes is realised by passing messages, as outlined in the following deduction: ?; B; A[t1=y] `
(? `) ?; B; x(t1); x(t1) ? A[t1=y] `
(8 `) ?; B; x(t1); 8y: x(y) ? A `
( `) ?; B x(t1); 8y: x(y) ? A `
The formula x(t1) can be understood as the sending of a message t1 via a channel x. Thus, the formula B x(t1) sends the message x(t1) and then behaves like B . The formula 8y: x(y) ? A receives the message x(t1) and behaves like A[t1=x]. In general, synchronisation between processes in the calculus is modelled by linear modus ponens. Consider the following deduction rule for linear implication: ?1 ` A;
1 ?2; B `
2 ?1; ?2; A ? B `
1;
2 A special case of the inference rule is that the succedent of the lower sequent (the global requirement of computation) isn't split during deduction. That is: ?1 ` A ? 2 ; B `
?1; ?2; A ? B `
The deduction step can be interpreted as transforming the current state, represented as ?1; ?2; A ? B `
, to the state ?2; B `
whenever the local requirement condition A is met by a part of the environment ?1 (i.e. ?1 ` A) 1. Then the deduction, called linear modus ponens, can be presented as: ?2; B `
?1; ?2; A ? B `
if ?1 ` A 1

The interpretation imposes a sequentiality of verifying the left branch rst.

7

With this interpretation, linear modus ponens forms a uniform synchronisation mechanism where the implication A ? B can be regarded as a process which will become B whenever the environment contains enough resources to meet the synchronisation condition (local requirement) represented by the premise A. Synchronisation is logically modelled as verifying the entailment between the resource ?1 and the local requirement A. In the case of communication, the local requirement A can be regarded as a message pattern waiting for matching the corresponding messages (?1). Thus, linear modus ponens provides a concise means to model asynchronous communication. The condition c in a formula !c ? A states the synchronization condition between the environment and A. A can proceed only when c is justi ed with respect to recently received messages. The eect can be written as `S c where S denotes the built-in theory asserting the truth of the formula c (Thus, the theory should be represented in classical logic). The modality ! allows the formula c to be accepted by the built-in theory in classical logic. Variables local to a process can be introduced via existential quanti cation, because an existentially quanti ed variable can not be free outside the scope of 9. ?; A x is not free in ? ?; 9x:A The following derived rule, called CD because it combines contraction and dereliction, indicates that !A can be understood as storing the process A: !A; A;
` ? CD ? Rule !A;
` ? The inference is read as \making a copy of A and putting it into the environment". In the calculus, we use ! to store resources. The operational model of the calculus is given as a special form of deduction in linear logic. It can be presented as a transition system where a con guration ? is a multiset ofc agents. We use Con to denote the set of all con gurations. A derivation relation !  Con  Con represents the transition between con gurations, where #(?) denotes the free variables in the agents ?. The rules of the transition system are de ned as follows: ?; 1 !c ?; ?; A B !c ?; A; B ?; A&B !c ?; A ?; A&B !c ?; B ?; !c ? A !c ?; A

if `S c

?; x1(t1); x2(t2); : : :; xn(tn); (8y: ni=1 xi(yi) ? A) !c ?:A[ti=yi] 8

?:9x:A !c ?:A

x 62 #(?)

?; !A !c ?; A; !A For any initial formula A, the initial con guration is ?0 : fAg. The computation transforms the initial con guration into a simpler system ?n such that no more communication is possible. The transition rules are deduction steps in linear logic. As proved in [DG92], the transition system realizes a special form of proofs in linear logic. The computation is complete in the sense that it constructs a proof that is canonical for all possible deduction of A. The soundness and completeness results can be summarised in the following theorem where we use `L to denote the provability in linear logic2. The theorem is a special case of the soundness and completeness of the CDC calculus [Guo93]. Theorem 3.1 For anyc agent A, a term t and x 2 #(A), A `L x(t) i there exists a derivation ?0 : fAg ! ?n such that ?n `L x(t)

4 Modelling the Actor Model in Linear Logic

In this section, we present a logical formalism of the actor model by encoding the computational behaviour of its entities into linear logic formulae. The following analogies show the intuition underlying our encoding scheme. Actor () Formula Message () Formula Configuration () Multiset of formulae Mail Addresses () (Global) Channels Local Attributes () (Local) Channels The linear logic formula for a class A is of the following general form: ! 8 name. v A (name, v ) ? (9x. x (v )

!( & 8 adri.name (message namei, adri) ? 9 namei, vi.(adri(mi) Bi(namei, vi) Ai (name, newbehaviour ) )) The formula states that the class name A is encoded as a channel variable. An actor of the class is generated by sending an identi er, say a, together with its initial local state v to the global class channel A. After its creation, an actor a is represented as a formula: 9 x. x (v ) !( & 8 adri.a (message namei, adri) ? 9namei .(adri(mi) Bi(namei, vi) Di (a, newbehaviour ))) Where the existential quanti ed variable x models the local state of the actor and the formula !(8 adri. a (message name, adri) ? 9namei . (adri (mi) Bi(namei, vi) Di(a, newstate ))) i

i

2

More precisely, we assume linear logic integrated with a built-in theory for justifying conditions.

9

encodes a set of methods waiting on its name channel a for the messages having the pattern (message namei; adri) where messagei speci es a particular task and adri are the identi ers of actors(mail addresses) to which the actor a may send messages. When the actor receives a message, a method will be activated to send a new message mi to an actor adri, to create a new actor of the class Bi with the identi er namei and the initial state vi by sending them to the corresponding class channel Bi and to change its own behaviour by sending its own name a together with the new state to the channel of the replacement class 3. In the following, we present a systematic encoding of the model by de ning a complete compilation scheme translating a program in the actor language de ned in section 2 into linear logic formulae.

Class as Reusable Implication: First of all, a class de nition is translated into

a reusable linear implication. The class name becomes a channel waiting for the message carrying the name of an instance actor of the class and its initial state. Thus, creating an actor is modelled, by the translation function Co [ ] ,as sending a message, consisting of the mail address of the creating actor and its initial local states to the class channel. Co[ Class1; Class2] = Co[ Class1] Co [ Class2] Co[ class A with X fmethodsg] = !8a; v1; : : :; vn:A(a; v1; : : : ; vn) ? 9X: i xi(vi) !(Cm[ methods]]a;X )) where X = fx1; : : : ; xng and ixi(vi) = x1(v1) : : : xn(vn). In the translation, the local attributes of an actor are encoded as existential quanti ed variables. As we presented before, existential quanti cation provides a logical account to the notion of locality. Thus, local attributes of an actor are its local channels. The formula xi(vi) instantiates the initial value vi of the local states to the corresponding local channel xi.

Methods as the Sum of Linear Implications: In the actor language, a method

presents the action that an actor may take upon the receiving of messages. At one instance, an actor receives the message which reach it rst. Such an arrival nondeterminism can be modelled as a form of committed choice in terms of the additive conjunction operator. The following translation of methods of the actor a with local channels X , presented as the function Cm [ ] a;X , maps the set of methods of a into an additive conjunction of linear implications.

Cm [ method1; a;X : : :; methodn] a;X = Cm [ method1] &; : : :; & Cm [ methodn ] a;X Cm [ hmessage patterni =>a hactionsi] a;X a;X = 8Y:Cme[ message pattern] ? Ca[ actions] where Y are variables in the head of a method.

3 As the special case, the replacement class can be the original class of a, i.e. D = A. Thus, the eect of the replacement is to changes the local state of a. i

10

The function Cme [ ] a maps a message pattern with respect to the actor a into an atomic formula: Cme [ message name(y1; : : : ; ym)]]a = a(messagename; y1; : : :; ym) Thus, with the translation, a method of the actor a with the local channels X : message name(y1; :::; yn) ) actions is translated into an universally quanti ed implication: 8y1; : : :; yn :a(message name; y1; : : : ; yn) ? Ca[ actions] a;X which models the behaviour of waiting the message (message name; y1; : : : ; yn) on the mail address a and carrying on the action when the message arrived with all variables yi instantiated according to the content of the message. The function Ca[ ] a;X maps a set of actions the actor a may take to a multiplicative conjunction of action formulae. The multiplicative conjunction models the parallel composition of all component actions in the method. Ca[ action; : : :; action] a;X = Ca[ action] a;X ; : : : ; Ca[ action] a;X Each individual action of an actor a with local channels X is translated by the function Ca[ ] a;X . First of all, the command of sending a message message name(args) to the actor with the mail address adr is translated as a message (name; agrs) put on the channel adr. That is,

Ca[ send(adr; message name(args))]]a;X

= adr(message name; args)

The become command become(D; args) specifying the replacement of the behaviour of the actor a by creating a new actor of a foreign class D (i.e. D 6= A) with the state args and the mail address a. Since a class name is modelled as a global channel, as we presented before, the command is encoded as sending a message (a; args) to the class channel D. That is, Ca[ become(D; args)]]a;X = D(a; args) When the class of the replacement actor is the original class of the actor a (i.e. D = A), the become command changes only the local states of the actor. The translation can be simpli ed as: Ca[ become(A; args)]]a;X = 8u1 : : :un:x1(u1) : : : xn(un) ? x1(arg1[ui=xi ]) : : : xn(argn [ui=xi]) where fx1; : : : ; xng = X . 11

The encoding of the let : : : do command is straightforward. Ca[ let x := D(args) do hactions i] a;X a;X = D(x; args) Ca[ hactionsi] That is, the behaviour of binding a newly created actor of the class D with the mail address x, which will be referred in the actions within its scope, is modelled as sending the mail address x and the initial states args to the class channel D in concurrent with taking the actions. The conditional statement is translated into an additive conjunction of two implications modelling the alternative choice determined by the truth of the condition. Ca[ if hconditionali then hactions1i else hactions2i] a;X = (Cc [ conditional] ) Ca[ hactions1i] a;X ) &(:Cc [ conditional] ) Ca [ hactions2i] a;X ) Note that the intuitionistic implication, rather than the linear implication is used. This is because the condition is not proved by the linear sequent calculus rather by the built-in system justifying the truth of the condition following the prede ned interpretation of the symbols in the condition. We use the function Cc [ ] to denote the xed interpretation. As we presented before, such a preinterpreted condition can be viewed as a reusable formula. By the logical equivalence: !c ? A  c ) A, we use intuitionistic implication to model the conditional statement. In order to access the local state of an actor a with the local channels x1; : : :; xn, we always add the following formula as a built-in component into the additive conjunction of implications translating the methods. 8 u1,: : :, un. a (read, u1,: : :, un ) ? 8s1,: : :,sn .( x1(s1) : : : xn (sn) ? x1(s1) : : : xn (sn ) u1(s1) : : : un(sn ) ) With this added formula, the local state of an actor can be read and copied to the channel u1; : : : ; un. Thus, the formula can be regarded as the translation of a system methods implementing the local state function returning the local state of an actor in a con guration [AH88]. By the translation, the Account class, presented in section 2, can be encoded systematically into the following formula: ! (8 A. Account (A,v ) ? 9bal. ( bal (v )

! (8 val. A (crediting, val ) ? 8 n.(bal (n ) ? bal (n +val ) ) & 8 val. A (debiting, val ) ? 8 n.(bal (n ) ? (val  n ) bal (n -val ) ) & 8 val. A (trans, val, B ) ? 8 n.(bal (n ) ? (val  n ) (bal (n -val ) B (credit, val ))) & 8 x. A (read, x ) ? 8 n.(bal (n ) ? (bal (n ) x (n ))))) 12

This formula de nes the account class as a reusable linear implication. To open an account, an actor can be created by sending the name of the actor, together with the initial value of the account, to the global channel Account. The name itself is also a channel. When an account is opened, its balance attribute is initialised to the initial value and then the account is ready to receive messages on its name channel. The modality ! pre x to the inner \committed-choice" implications models the idea of \ always" i.e. the eect of recursion. Messages are parametrised by the message names crediting; debiting; trans; balance. On receiving the crediting message, the actor adds the value val to its balance n. This is done by reading its current balance via the local private channel bal. By the feature of linear modus ponens, reading the private channel will consume the current value so that the addition can be done by just sending a message val + n to the channel bal. This is a way to logically model an updating action, as the special case of the become command. The debiting case is similar. In the case of trans, the message contains the name of the account where the money is to be transferred. After retrieving the current balance from the private store and checking that there is enough money for the transfer, the transferred money is subtracted from the current balance of A and is credited to account B by concurrently sending a message B (credit; val) to the environment. Note that the notion of attribute is realised as a local private channel introduced by existential quanti cation. Thus, each invocation for opening an account will give a new private channel bal as its own attribute which is logically updatable. This encoded formula illustrates a purely logical de nition of a class of actors. It provides not only of a succinct declarative reading of the class but also, and even more importantly, a deductive interpretation of its concurrent computation. With the encoding, a con guration of the actor model can be encoded as a multiplicative conjunction of logical formulae logical formulae. The concurrent computation in the actor model is fully mapped to the transition system of the logic process calculus presented in section 3. Since the transition system realises a special class of linear proofs, actor-based concurrent computation is modelled as the deduction in linear logic. Following the theorem 3.1, the logical meaning of the actor model can be established by the following corollary which is proved in the forthcoming report [DG94]: Corollary 4.0.1 Suppose P is a program in the actor language consisting of a set of class de nitions and A is a de ned class. Let a be the identi er of an actor of the class A, V : v1; : : :vn is a sequence of values stating the initial state of a, X : x1; : : :xn is a sequence of variables and m is the initial message sent to a, Then, for a set of values t1; : : : ; tn Co[ P ] Ca[ let a = A(V ) do send(a; m)]] a(read; X ) `L ixi(ti) > i there is a transition derivation :

G0 : fa(V ); mg ! Gn such that local state(Gn; a) = t1; : : : ; tn, where i xi(ti) = x1(t1 ) : : : xn(tn) and the function local state(G; a) returns the local state of a in the con guration G. 13

5 Conclusion

In this paper, we present a linear logic formalisation of the actor model. Based on the logic formalism, the concurrent computational behaviours of the model are precisely modelled as deductions in the logic. The formalism therefore establishs a logical semantics to the actor model. This work is related to some recent research work on the theoretical foundation of object-based concurrency. An interesting approach is to use algebraic process calculi for modelling concurrent objects. Since these calculi are normally of some synchronous mechanism as its underlying communication protocol, encoding the actor model in these calculi become complicated. In [HT91], Honda et.al proposed an asynchronous process calculus to model concurrent objects. As we shown in [Guo93], the calculus can be fully captured by our logical system. Thus, the linear logic model seems to be more general. Indeed, due to its richer structure and its naturalness to reason about change and interaction, linear logic constitutes an ideal meta logic for studying the properties of concurrent objects. In [KY94], Kobayashi and Yonezawa proposed a type system for actor-based concurrent object oriented programming through an encoding of an actor language into a typed logic programming based on an amalgamation of linear logic and typed -calculus. Due to the complicated structure of the underlying logic, it is not easy to explore the semantic properties by the encoding. We have shown that the pure linear logic provides an elegant mathematical foundation for the actor model. The relationship with Meseguer's work on the rewriting logic based concurrent object oriented programming is obvious. The key idea underlying our approach is to use linear modus ponens to model concurrent rewriting where the concurrency is inherited in the proof structure of the logic. The main advantage of the linear logic approach is that the quanti cation mechanism provides a simple solution of modelling communication and local state, which are the key issues of the actor model.

6 Acknowledgements

We would like to thank all the people in the Advanced Languages and Architectures Section in the Department of Computing at Imperial College who provide a stimulating working environment. This work was supported by a U.K. SERC research grant \De nitional Constraint Programming: A Foundation for Logically Correct Concurrent Systems".

References

[Abr90] Samson Abramsky. Computational Interpretation of Linear Logic. Technical report, Dept. of Computing, Imperial College, Oct. 1990. [AH88] Gul Agha and Carl Hewitt. Concurrent Programming Using Actors. In A.Yonezawa and M. Tokoro, editors, Object-Orientde Concurrent Programming, pages 37{54. The MIT Press, 1988. 14

[BG90] Gerard Boudol and G.Berry. The chemical abstract machine. In Proc. of the 17th Annual ACM symposium on Principle of Programming Languages. ACM, 1990. [DG92] J. Darlington and Y. Guo. De nitional constraint programming for parallel computing: An introduction. In Proc. of the ICOT workshop on Future Direction of Parallel Programming and Architecture, June 1992. ICOT TM-1185. [DG94] John Darlington and Yike Guo. Towards a logical theory of object-based concurrency. Technical report, Imperial College, May 1994. [Gir87] Jean-Yves Girard. Linear logic. Theoretical Computer Science, 50(1), 1987. [Guo93] Yike Guo. De nitional Constraint Programming. PhD thesis, Dept. of Computing, Imperial College, December 1993. [HT91] K. Honda and M. Tokoro. On Asynchronous Communication Semantics. In Proc. of ECOOP'91 Workshop, LNCS 612, pages 21{ 51, 1991. [KY94] Naoki Kobayashi and Akinori Yonezawa. Type-theoretic foundations for concurrent object. Technical report, Dept of Information Science, 1994. [Mes89] Jose Meseguer. General logics. Technical Report SRI-CSL-89-5, SRI International, March 1989. [MW91] Jose Meseguer and Timothy Winkler. Parallel programming in maude. Technical Report SRI-CSL-91-08, SRI International, November 1991.

15

A Linear Logic

Linear logic is presented in Figure 3 in the form of a Gentzen-style sequent calculus. Since the structural rules for weakening and contraction are abolished in linear logic, a collection of formulae in a deduction should be regarded as a multiset rather than a set. The feature of resource-consciousness results from the linearity of the proofs which requires that each assumption must be used exactly once. For a sequent ?1::?n `
1::
m the assumptions ?i can be viewed as resources and the conclusions
j as requirements that have to be met by spending the given resources. The linearity necessitates two dierent versions of conjunction: the multiplicative conjunction (tensor, ) and the additive conjunction (with, &). If the multiplicative conjunction is used in an assumption ?i of a sequent, then this re ects the fact that both components of the conjunction must make contributions to the proof derivation within the same environment. On the other hand, the use of the additive conjunction & re ects the fact that once the formula is used in the proof, either the rst or the second component must be chosen for the further derivation. Dually, two versions of disjunction are required. The multiplicative disjunction (par, @) causes the splitting of its environment, whereas additive disjunction (plus, ) causes the environment to be copied for the derivation of both components. Another important connective is linear implication (?), which can be used to localize inference. It can be derived by the logical equivalence A ? B = A?@B where A? is the linear negation of A. Each sequent ?1::?n `
1::
m has the intended meaning that ni=1?i ? @mj=1
j is valid. The \of course" modality (!) is introduced to allow a controlled form of weakening and contraction in the language. Its dual (?) is called \why not". Due to the symmetry of linear logic, the same multiset of formulae can be treated either as assumptions, using conjunction, or as consequences, using disjunction. Here, we concentrate on the interpretation of formulae as resources and there only deal with the rules for the left-hand side of sequents. For a comprehensive description of linear logic see [Gir87].

16

Axiom: Cut :

(Id)

?1 `G;
1 ?2 ;G`
2 ?1 ;?2 `
1 ;
2

Structure Rule:

(Exchange Left)

Logic Rules : (1 `) (0 `)

A`A

?1 ;A;B;?2`
?1 ;B;A;?2`


(Exchange Right)

?`
1 ;A;B;
2 ?`
1 ;B;A;
2

?`
?;1`


(` 1)

`1

?;0`


(` >)

?`>;


(? `)

?`

(` ?)

?`
?`?;


(? `)

?`A;
?;A? `


(`? )

?;A`
?`A? ;


( `)

?;A;B `
?;A B `


(` )

?1 `A;
1 ?2 `B;
2 ?1 ;?2 `A B;
1 ;
2

(& `)

?;B `
?;A`
?;A&B `
?;A&B `


(` &)

?`A;
?`B;
?`A&B;


(@ `)

?1 ;A`
1 ; ?2 ;B `
2 ?1 ;?2 ;A@B `
1 ;
2

(` @)

?`A;B;
?`A@B;


( `)

?;A`
?;B `
?;AB `


(` )

?`A;
?`B;
?`AB;
?`AB;


(? `)

?1 `A;
1 ?2 ;B `
2 ?1 ;?2 ;A?B `
1 ;
2

(` ?)

?;A`B;
?`A?B;


(Contraction ! )

?;!A;!A`
?;!A`


(Contraction ?)

?`?A;?A;
?`?A;


(Weakening !)

?`
?;!A`


(Weakening ?)

?`
?`?A;


(Promotion ?)

!?;A`?
!?;?A`?


(Promotion !)

!?`A;?
!?`!A;?


(Dereliction !)

?;A`
?;!A`


(Dereliction ?)

?`A;
?`?A;


(9 ` )

?;A`
?;9x:A`


(` 9)

?`A[t=x];
?`9x:A;


(8 `)

?;A[t=x]`
?;8x:A`


(` 8)

?`A;
?`8x:A`


;

* x is not free in lower sequent. Figure 1: Linear Logic

17