Zooid: a DSL for certified multiparty computation: from mechanised metatheory to certified multiparty processes

Castro-Perez, David; Ferreira, Francisco; Gheri, Lorenzo; Yoshida, Nobuko

doi:10.1145/3453483.3454041

Cited by 12 publications

(6 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other mechanizations (in Coq) of session types have been presented by Castro-Perez et al [CFGY21] and by Cruz-Felipe et al [CMP21]. In both cases, types are represented as an inductive datatype and the usual recursion operator, but Castro-Perez et al [CFGY21] also provide a representation based on coinductive trees that they prove to be trace-equivalent to the recursive one and that is similar to our own (Section 7). Cruz-Felipe et al [CMP21] restrict labels to a two-value set.…”

Section: Postulate V : Setmentioning

confidence: 66%

Inference Systems with Corules for Combined Safety and Liveness Properties of Binary Session Types

Ciccone¹,

Padovani²

2022

Logical Methods in Computer Science

View full text Add to dashboard Cite

Many properties of communication protocols combine safety and liveness aspects. Characterizing such combined properties by means of a single inference system is difficult because of the fundamentally different techniques (coinduction and induction, respectively) usually involved in defining and proving them. In this paper we show that Generalized Inference Systems allow us to obtain sound and complete characterizations of (at least some of) these combined inductive/coinductive properties of binary session types. In particular, we illustrate the role of corules in characterizing fair termination (the property of protocols that can always eventually terminate), fair compliance (the property of interactions that can always be extended to reach client satisfaction) and fair subtyping, a liveness-preserving refinement relation for session types. The characterizations we obtain are simpler compared to the previously available ones and corules provide insight on the liveness properties being ensured or preserved. Moreover, we can conveniently appeal to the bounded coinduction principle to prove the completeness of the provided characterizations.

show abstract

Section: Postulate V : Setmentioning

confidence: 66%

Inference Systems with Corules for Combined Safety and Liveness Properties of Binary Session Types

Ciccone¹,

Padovani²

2022

Logical Methods in Computer Science

View full text Add to dashboard Cite

show abstract

“…If two branching terms have overlapping branches, then we try to merge them as exemplified by rule merge_Branching_SSSS. 6 As we remarked, merging (seen as a partial function) can be undefined, for example End and p+l; End cannot be merged. This gives rise to the notion of projectability anticipated in Section 1: a choreography C is projectable on a process p in the context of a set of procedure definitions D if bproj is defined for those parameters.…”

Section: Xx:9mentioning

confidence: 99%

“…This is generalised by projectable_C D C ps, which states that C is projectable for all processes in the list ps. For a choreographic program P to be projectable, written projectable_P P, we 6 Due to space constraints, the names of these rules have been abbreviated in Figure 4. require that Main P be projectable for all processes in CCP_pn P and that all procedures be projectable for the processes that they use.…”

Section: Xx:9mentioning

confidence: 99%

Now It Compiles! Certified Automatic Repair of Uncompilable Protocols

Cruz-Filipe¹,

Montesi²

2023

Preprint

View full text Add to dashboard Cite

Choreographic programming is a paradigm where developers write the global specification (called choreography) of a communicating system, and then a correct-by-construction distributed implementation is compiled automatically. Unfortunately, it is possible to write choreographies that cannot be compiled, because of issues related to an agreement property known as knowledge of choice. This forces programmers to reason manually about implementation details that may be orthogonal to the protocol that they are writing.Amendment is an automatic procedure for repairing uncompilable choreographies. We present a formalisation of amendment from the literature, built upon an existing formalisation of choreographic programming. However, in the process of formalising the expected properties of this procedure, we discovered a subtle counterexample that invalidates the original published and peer-reviewed pen-and-paper theory. We discuss how using a theorem prover led us to both finding the issue, and stating and proving a correct formulation of the properties of amendment. ACM Subject ClassificationTheory of computation → Concurrency; Theory of computation → Automated reasoning; Software and its engineering → Concurrent programming languages Keywords and phrases choreographic programming, theorem proving, compilation, program repair Digital Object Identifier 10.4230/LIPIcs... 1 buyer.offer −→ seller.x; If seller.acceptable(x) Then seller.product −→ buyer.y; End Else End Listing 1 An unprojectable choreography.

show abstract

“…Neither deadlock freedom nor leak freedom is proved. Their framework is used by Castro-Perez et al [2021] to mechanize a DSL for multiparty communication in Coq based on asynchronous multiparty session types. They prove deadlock freedom w.r.t.…”

Section: Related Workmentioning

confidence: 99%

“…Despite the active developments in the mechanization of the meta-theory of binary session types [Thiemann 2019;Rouvoet et al 2020;Hinrichsen et al 2021b;Tassarotti et al 2017;Goto et al 2016;Ciccone and Padovani 2020;Castro-Perez et al 2020;Gay and Vasconcelos 2010], a mechanized proof of deadlock freedom for binary session types with dynamic thread and channel creation and a dynamically changing communication topology (due to higher-order channels) is still outstanding because of the intricacies of reasoning about graphs in a mechanized setting. While the semantics of global and local types of multiparty session types has recently been mechanized [Castro-Perez et al 2021], and thus global properties such as deadlock freedom shown to hold, the result is confined to a single session without dynamic thread and channel creation and without higher-order channels.…”

Section: Introductionmentioning

confidence: 99%

Connectivity graphs: a method for proving deadlock freedom based on separation logic

Jacobs

Balzer

Krebbers

2022

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We introduce the notion of a connectivity graph —an abstract representation of the topology of concurrently interacting entities, which allows us to encapsulate generic principles of reasoning about deadlock freedom . Connectivity graphs are parametric in their vertices (representing entities like threads and channels) and their edges (representing references between entities) with labels (representing interaction protocols). We prove deadlock and memory leak freedom in the style of progress and preservation and use separation logic as a meta theoretic tool to treat connectivity graph edges and labels substructurally. To prove preservation locally, we distill generic separation logic rules for local graph transformations that preserve acyclicity of the connectivity graph. To prove global progress locally, we introduce a waiting induction principle for acyclic connectivity graphs. We mechanize our results in Coq, and instantiate our method with a higher-order binary session-typed language to obtain the first mechanized proof of deadlock and leak freedom.

show abstract

Zooid: a DSL for certified multiparty computation: from mechanised metatheory to certified multiparty processes

Cited by 12 publications

References 51 publications

Inference Systems with Corules for Combined Safety and Liveness Properties of Binary Session Types

Inference Systems with Corules for Combined Safety and Liveness Properties of Binary Session Types

Now It Compiles! Certified Automatic Repair of Uncompilable Protocols

Connectivity graphs: a method for proving deadlock freedom based on separation logic

Contact Info

Product

Resources

About