Transactions and Persistence

Thursday, 30 October – 13:30-15:00

Saving the World from Bad Beans: Deployment-Time Confinement Checking

Dave Clarke, Utrecht University, dave@cs.uu.nl
Michael Richmond, IBM Almaden Research Center, mrichmon@acm.org
James Noble, Victoria University of Wellington, kjx@mcs.vuw.ac.nz

The Enterprise JavaBeans (EJB) framework requires developers to preserve architectural integrity constraints when writing EJB components. Breaking these constraints allows components to violate the transaction protocol, bypass security mechanisms, disable object persistence, and be susceptible to malicious attacks from other EJBs. We present an object confinement discipline that allows static verification of component integrity as they are deployed into an EJB server. The confinement rules are simple for developers to understand, require no annotation to the code of EJB components, and enforcement of these rules can be incorporated efficiently into existing EJB servers.

Language Support for Lightweight Transactions

Timothy Harris, University of Cambridge Computer Laboratory, tim.harris@cl.cam.ac.uk
Keir Fraser, University of Cambridge Computer Laboratory, keir.fraser@cl.cam.ac.uk

Concurrent programming is notoriously difficult. Current abstractions are intricate to use and make it hard to design computer systems that are reliable and scalable. We argue in favour of a practical declarative style of concurrency control in which programmers directly indicate the safety properties that they require. In essence, the programmer demarks sections of code which execute within lightweight software-based transactions which commit atomically and exactly once.

These transactions can update shared data, instantiate objects, invoke library features and so on. They can also block, waiting for arbitrary boolean conditions to become true. These features support general-purpose shared data structures such as hashtables, queues and buffers. In general, no performance penalty is incurred for memory accesses outside transactions. Furthermore, transactions which do not access the same shared memory locations can commit concurrently.

We present a detailed design of this proposal along with an implementation and evaluation. We argue that the resulting system (i) is easier for mainstream programmers to use, (ii) prevents lock-based priority-inversion and deadlock problems and (iii) offers compelling performance.

Lazy Modular Upgrades in Persistent Object Stores

Chandrasekhar Boyapati, MIT Laboratory for Computer Science, chandra@lcs.mit.edu
Barbara Liskov, MIT Laboratory for Computer Science, liskov@lcs.mit.edu
Liuba Shrira, MIT Laboratory for Computer Science, liuba@lcs.mit.edu
Chuang-Hue Moh, MIT Laboratory for Computer Science, chmoh@lcs.mit.edu
Steve Richman, MIT Laboratory for Computer Science, richman@lcs.mit.edu

Persistent object stores require a way to automatically upgrade persistent objects. Automatic upgrades are a challenge for such systems. Upgrades must be performed in a way that is efficient both in space and time, and that does not stop application access to the store. In addition, however, the approach must be modular: it must allow programmers to reason locally about the correctness of their upgrades similar to the way they would reason about regular code. This paper provides solutions to both problems.

The paper first defines upgrade modularity conditions that any upgrade system should satisfy to support local reasoning about upgrades. The paper then describes a new approach for executing upgrades efficiently while satisfying the upgrade modularity conditions. The approach exploits object encapsulation properties in a novel way. The paper also describes a prototype implementation and shows that our upgrade system imposes only a small overhead on application performance.