An efficient abstract machine for Safe Ambients

Safe Ambients (SA) are a variant of the Ambient Calculus (AC) in which types can be used to avoid certain forms of interferences among processes called grave interferences. An abstract machine, called GcPan, for a distributed implementation of typed SA is presented and studied. Our machine improves over previous proposals for executing AC, or variants of it, mainly through a better management of special agents (the forwarders), created upon code migration to transmit messages to the target location of the migration. Well-known methods (such as reference counting and union-find) are applied in order to garbage collect forwarders, thus avoiding long – possibly distributed – chains of forwarders, as well as avoiding useless persistent forwarders. The proof of correctness of GcPan, and a description of a distributed implementation of the abstract machine in OCaml are given. Correctness is established by proving a weak bisimilarity result between GcPan and a previous abstract machine for SA, and then appealing to the correctness of the latter machine. This is simpler than comparing GcPan directly with SA, but it involves reasoning modulo ‘administrative reduction steps’ in both machines and therefore standard techniques for simplifying proofs of weak bisimilarity results are not applicable. More broadly, this study is a contribution towards understanding issues of correctness and optimisations in implementations of distributed languages encompassing mobility.