mechanising session types onwards and upwards
play

Mechanising Session Types Onwards and Upwards Francisco Ferreira - PowerPoint PPT Presentation

Nov 07, 2023 •187 likes •650 views

Mechanising Session Types Onwards and Upwards Francisco Ferreira and Lorenzo Gheri (joint work with David Castro, and Nobuko Yoshida) 2019 ABCD Meeting The First Step Do a case study: Language Primitives and Type Discipline for

  1. Mechanising Session Types Onwards and Upwards Francisco Ferreira and Lorenzo Gheri (joint work with David Castro, and Nobuko Yoshida) 2019 ABCD Meeting

  2. The First Step • Do a case study: • Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited, by Yoshida and Vasconcelos.

  3. The send receive system and its cousin the relaxed and the revisited system.

  4. The send receive system and its cousin the relaxed and the revisited system.

  5. The send receive system and its cousin the relaxed and the revisited system. This is the first step. Spoiler: Multiparty session types are next.

  6. What do we have? • A proof of type preservation formalised in Coq using ssreflect . • A library to implement locally nameless with multiple name scopes and handle environments in a versatile way. • We have a TACAS 2020 submission describing our tool. • We built some in-team expertise (i.e. we learned some hard lessons while struggling to finish the proof).

  7. What did we mechanise?

  8. A tale of three systems • We set out to represent the three systems described in the paper: • The Honda, Vasconcelos, Kubo system from ESOP’98

  9. A tale of three systems • We set out to represent the three systems described in the paper: • The Honda, Vasconcelos, Kubo system from ESOP’98 • Its naïve but ultimately unsound extension

  10. A tale of three systems • We set out to represent the three systems described in the paper: • The Honda, Vasconcelos, Kubo system from ESOP’98 • Its naïve but ultimately unsound extension • Its revised system inspired by Gay and Hole in Acta Informatica

  11. The Send Receive System P ::= request a ( k ) in P session request | accept a ( k ) in P session acceptance | k ![˜ e ]; P data sending | k ?(˜ x ) in P data reception | k ✁ l ; P label selection | k ✄ { l 1 : P 1 [ ] · · · [ ] l n : P n } label branching | throw k [ k ′ ]; P channel sending | catch k ( k ′ ) in P channel reception | if e then P else Q conditional branch | P | Q parallel composition | inact inaction | ( ν u ) P name/channel hiding | def D in P recursion e ˜ | X [˜ k ] process variables e ::= c constant | e + e ′ | e − e ′ | e × e | not ( e ) | . . . operators x 1 ˜ x n ˜ D ::= X 1 (˜ k 1 ) = P 1 and · · · and X n (˜ k n ) = P n declaration for recursion

  12. The Send Receive System P ::= request a ( k ) in P session request | accept a ( k ) in P session acceptance | k ![˜ e ]; P data sending | k ?(˜ x ) in P data reception | k ✁ l ; P label selection | k ✄ { l 1 : P 1 [ ] · · · [ ] l n : P n } label branching | throw k [ k ′ ]; P channel sending | catch k ( k ′ ) in P channel reception | if e then P else Q conditional branch | P | Q parallel composition | inact inaction | ( ν u ) P name/channel hiding | def D in P recursion e ˜ | X [˜ k ] process variables e ::= c constant | e + e ′ | e − e ′ | e × e | not ( e ) | . . . operators x 1 ˜ x n ˜ D ::= X 1 (˜ k 1 ) = P 1 and · · · and X n (˜ k n ) = P n declaration for recursion

  13. The Send Receive System P ::= request a ( k ) in P session request | accept a ( k ) in P session acceptance We consider terms up-to | k ![˜ e ]; P data sending α -conversion | k ?(˜ x ) in P data reception | k ✁ l ; P label selection | k ✄ { l 1 : P 1 [ ] · · · [ ] l n : P n } label branching | throw k [ k ′ ]; P channel sending | catch k ( k ′ ) in P channel reception | if e then P else Q conditional branch | P | Q parallel composition | inact inaction | ( ν u ) P name/channel hiding | def D in P recursion e ˜ | X [˜ k ] process variables e ::= c constant | e + e ′ | e − e ′ | e × e | not ( e ) | . . . operators x 1 ˜ x n ˜ D ::= X 1 (˜ k 1 ) = P 1 and · · · and X n (˜ k n ) = P n declaration for recursion

  14. The Send Receive System P ::= request a ( k ) in P session request | accept a ( k ) in P session acceptance We consider terms up-to | k ![˜ e ]; P data sending α -conversion | k ?(˜ x ) in P data reception | k ✁ l ; P label selection | k ✄ { l 1 : P 1 [ ] · · · [ ] l n : P n } label branching | throw k [ k ′ ]; P channel sending | catch k ( k ′ ) in P channel reception | if e then P else Q conditional branch | P | Q parallel composition Then we cannot distinguish: | inact inaction k?(x) in inact | ( ν u ) P name/channel hiding and | def D in P recursion k?(y) in inact e ˜ | X [˜ k ] process variables e ::= c constant | e + e ′ | e − e ′ | e × e | not ( e ) | . . . operators x 1 ˜ x n ˜ D ::= X 1 (˜ k 1 ) = P 1 and · · · and X n (˜ k n ) = P n declaration for recursion

  15. α -conversion curse or Blessing? ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′ ) in P 2 ) → P 1 | P 2 • The original system depends crucially on names

  16. α -conversion curse or Blessing? ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′ ) in P 2 ) → P 1 | P 2 • The original system depends crucially on names

  17. α -conversion curse or Blessing? ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′ ) in P 2 ) → P 1 | P 2 • The original system depends crucially on names This is a bound variable.

  18. α -conversion curse or Blessing? ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′ ) in P 2 ) → P 1 | P 2 • The original system depends crucially on names This is a bound variable. • If α -conversion is built in, this rule collapses to: ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′′ ) in P 2 ) → P 1 | P 2 [ k ′ /k ′′ ]

  19. The Naïve Representation

  20. The Naïve Representation • It “ looks like ” the original Send Receive system.

  21. The Naïve Representation • It “ looks like ” the original Send Receive system. • You start suspecting is wrong when defining the reduction relation.

  22. The Naïve Representation • It “ looks like ” the original Send Receive system. • You start suspecting is wrong when defining the reduction relation. • You know there is a problem when the proof fails.

  23. We have to discuss Adequacy • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  24. We have to discuss Adequacy • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  25. We have to discuss Adequacy 18 pages dedicated to the proof for the STLC! • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  26. We have to discuss Adequacy • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  27. We have to discuss Adequacy • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  28. The Revisited system • Now we distinguish between the endpoints of channels. • It can be represented with LN-variables and names.

  29. Four kinds of atoms

  30. Four kinds of atoms

  31. Four kinds of atoms

  32. Four kinds of atoms

  33. Four kinds of atoms

  34. Typing environments • Store their assumptions in a unique order (easy to compare) • Only store unique assumptions (easy to split) • They come with many lemmas (less induction proofs)

  35. Typing environments • Store their assumptions in a unique order (easy to compare) • Only store unique assumptions (easy to split) • They come with many lemmas These are generic enough and easy to (less induction proofs) use. #artefact

  36. Subject Reduction Theorem 3.3 (Subject Reduction) If Θ ; Γ ⊢ P ⊲ ∆ with ∆ balanced and P → ∗ Q , then Θ ; Γ ⊢ Q ⊲ ∆ ′ and ∆ ′ balanced. Is straightforward to represent:

  37. We have a tech report and a repository for the proof. • The code for the proof can be found at: • https://github.com/emtst/ • We have a technical report: • Engineering the Meta-Theory of Session Types • at: https://www.doc.ic.ac.uk/research/technicalreports/2019/ DTRS19-4.pdf

  38. Onwards and Upwards

  39. We are moving to Multiparty Session Types • Lessons learned: • Doing a complete calculus just to have a similar calculus to the literature takes a lot of effort. • Locally nameless worked well. Particularly/Even with the multiple name scopes. • Mechanising proof is great, but if one squints mechanisation is akin to very careful implementation.

  40. MPST • There’s four of us now: David, Francisco, Lorenzo, and Nobuko. • We are mechanising the meta-theory of multiparty session types. • We will build upon our locally nameless and environment implementation. • We plan to extract certified implementations from the proofs.

  41. Certified MPST Multiparty Compatibility in Communicating Automata: Characterisation and Synthesis of Global Session Types Deniélou, Yoshida, 2013

  42. Certified MPST We want Scribble-style protocol specifications Featherweight Scribble, Neykova, Yoshida, 2019

  43. Certified MPST We also want to reason We want Scribble-style about concurrent protocol specifications programs.

Recommend

Adventures in Mechanising and Verifying WebAssembly Conrad Watt University of Cambridge, UK

Adventures in Mechanising and Verifying WebAssembly Conrad Watt University of Cambridge, UK

Adventures in Mechanising and Verifying WebAssembly Conrad Watt University of Cambridge, UK Formal Methods Meets JavaScript, VeTSS Conrad Watt (Cambridge, UK) Mechanising WebAssembly VeTSS 1 / 21 The webs evolution We want richer web

521 views • 21 slides
Model-View-Update-Communicate Session Types meet the Elm Architecture Simon Fowler University of

Model-View-Update-Communicate Session Types meet the Elm Architecture Simon Fowler University of

Model-View-Update-Communicate Session Types meet the Elm Architecture Simon Fowler University of Edinburgh ABCD Final Meeting 19th December 2019 Functional Session Types EqualityClient : ! Int . ! Int . ? Bool . End Session types: Types

1.03k views • 43 slides
Mechanising Hankin and Barendregt using the Gordon-Melham axioms Michael Norrish

Mechanising Hankin and Barendregt using the Gordon-Melham axioms Michael Norrish

Mechanising Hankin and Barendregt using the Gordon-Melham axioms Michael Norrish Michael.Norrish@nicta.com.au Merlin03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms p.1 Motivation & Outline To investigate the

327 views • 31 slides
Session Types in a Nutshell Session Types structure a series of interactions in a simple and

Session Types in a Nutshell Session Types structure a series of interactions in a simple and

Session Types in a Nutshell Session Types structure a series of interactions in a simple and concise syntax and ensure type safe communication . A Protocol Protocol: Buyer-Seller Alice Seller title Description: Alice buying a

644 views • 60 slides
Communication assurance with Session Types Rumyana Neykova Communication Safety with Session

Communication assurance with Session Types Rumyana Neykova Communication Safety with Session

Communication assurance with Session Types Rumyana Neykova Communication Safety with Session Types Promises: Organising structured communications from a global point of view Efficient type-checking strategy of processes through

459 views • 31 slides
AGENDA 20-21st May 2018 8.30pm onwards Special Dinner Venue: Courtyard By Mariott 9:30 10:00

AGENDA 20-21st May 2018 8.30pm onwards Special Dinner Venue: Courtyard By Mariott 9:30 10:00

AGENDA 20-21st May 2018 8.30pm onwards Special Dinner Venue: Courtyard By Mariott 9:30 10:00 hrs Registration 10:00 11:30 hrs Inaugural Session: Affordable and Clean Energy Theme: The ever- Welcome Address: Mr. Akhilesh Rathi , Joint

163 views • 3 slides
Multiparty Asynchronous Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College

Multiparty Asynchronous Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College

Multiparty Asynchronous Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College London 1 Structure of Lectures Theory Multiparty Session Types Summary: Practice and Programming using Scribble 2 Session Type Reading

1.22k views • 65 slides
Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018

Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018

Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018 1 Context Hundreds of deployed public blockchains $600 625 675 735 755 780 820 billion total market cap (7 day progression since Jan 1 st )

1.32k views • 38 slides
JUNE 2020 TEACHER REFERENCE PRESENTATION CLASS 7 onwards TABLE OF CONTENTS JUNE 2020 CLASS 7

JUNE 2020 TEACHER REFERENCE PRESENTATION CLASS 7 onwards TABLE OF CONTENTS JUNE 2020 CLASS 7

JUNE 2020 TEACHER REFERENCE PRESENTATION CLASS 7 onwards TABLE OF CONTENTS JUNE 2020 CLASS 7 onwards Pick of the Month Gap Profiles Global Updates Point Nemo Rajkumari Amrit Tokyos Face Kaur Showing Festival Vishys

468 views • 33 slides
Multiparty Session Types and their Applications http://mrg.doc.ic.ac.uk/ Nobuko Yoshida, Rumyana

Multiparty Session Types and their Applications http://mrg.doc.ic.ac.uk/ Nobuko Yoshida, Rumyana

Multiparty Session Types and their Applications http://mrg.doc.ic.ac.uk/ Nobuko Yoshida, Rumyana Neykova Imperial College London 1 Outline Idioms for Interaction Multiparty Session Types Scribble and Applications to a Large-scale

1.38k views • 80 slides
Whole Herd Performance Recording Whats new for 2019 onwards Pat Donnellan Overview

Whole Herd Performance Recording Whats new for 2019 onwards Pat Donnellan Overview

Whole Herd Performance Recording Whats new for 2019 onwards Pat Donnellan Overview WHPR Why & How Progress to-date Plans for 2019 onwards AgTech its in our DNA 2 WHPR Why & How Small Herd New

419 views • 20 slides
Multiparty Session Types and their Applications to Large Distributed Systems Nobuko Yoshida and

Multiparty Session Types and their Applications to Large Distributed Systems Nobuko Yoshida and

Multiparty Session Types and their Applications to Large Distributed Systems Nobuko Yoshida and Raymond Hu Imperial College London 1 Session Type Projects COST Action Behavioural Types for Reliable Large-Scale Software Systems , over 60

696 views • 44 slides
Against Upwards Agree: A view from Dagestan Pavel Rudnev prudnev@hse.ru 22-03-2019 Background

Against Upwards Agree: A view from Dagestan Pavel Rudnev prudnev@hse.ru 22-03-2019 Background

Against Upwards Agree: A view from Dagestan Pavel Rudnev prudnev@hse.ru 22-03-2019 Background Agreement in minimalism Mainstream minimalism central spot afforded to unvalued features in much of current theorising Alternatives

551 views • 51 slides
From Processor Verification Upwards Three Research Vignettes in Memory of Mike Gordon Oxford,

From Processor Verification Upwards Three Research Vignettes in Memory of Mike Gordon Oxford,

From Processor Verification Upwards Three Research Vignettes in Memory of Mike Gordon Oxford, July 2018 Speaker: Magnus Myreen Covering years: 2005-2014 Meeting Mike for the first time 2005 Also met: Hasan Amjad, Anthony Fox, Juliano

415 views • 24 slides
Multiparty Session Types: Concepts Separate the communication into conversations (sessions)

Multiparty Session Types: Concepts Separate the communication into conversations (sessions)

Multiparty Session Types: Concepts Separate the communication into conversations (sessions) Each process plays a role in a conversation => its type is defined by the conversation and its role Evolution Of MPST Binary Session Types

1.07k views • 33 slides
Data structures Exercise session Week 1 I. Introduction Two kinds of types in Java

Data structures Exercise session Week 1 I. Introduction Two kinds of types in Java

Data structures Exercise session Week 1 I. Introduction Two kinds of types in Java Primitive types int, char, boolean, fmoat, double, etc. Object types Integer, Character, String, etc. Java generics Before generics you had to

739 views • 20 slides
Prudhoe Mill Prudhoe Mill Unifibres - extensive use of recycled fibres in our process, upwards

Prudhoe Mill Prudhoe Mill Unifibres - extensive use of recycled fibres in our process, upwards

Prudhoe Mill Prudhoe Mill Unifibres - extensive use of recycled fibres in our process, upwards of 84 tta DACW - Fully automatic warehousing capability of 50 k pallets Mother Reel Storage - Storage capacity of 1900 tonnes Converting - 6

487 views • 14 slides
Explicit Connection Actions in Multiparty Session Types Raymond Hu and Nobuko Yoshida Imperial

Explicit Connection Actions in Multiparty Session Types Raymond Hu and Nobuko Yoshida Imperial

Explicit Connection Actions in Multiparty Session Types Raymond Hu and Nobuko Yoshida Imperial College London 1 / 20 Outline Background: multiparty session types (MPST) Scribble: ongoing work on implementing and applying MPST to

1.1k views • 74 slides
File Types Session 5 INST 346 Agenda Some examples of file types Text Images

File Types Session 5 INST 346 Agenda Some examples of file types Text Images

File Types Session 5 INST 346 Agenda Some examples of file types Text Images Video Audio | 0 NUL | 32 SPACE | 64 @ | 96 ` | | 1 SOH | 33 ! | 65 A | 97 a | | 2 STX | 34 " | 66 B | 98 b | ASCII

754 views • 30 slides
Communication Patterns Through the Looking Glass of Session Types Andi Bejleri Imperial College

Communication Patterns Through the Looking Glass of Session Types Andi Bejleri Imperial College

Communication Patterns Through the Looking Glass of Session Types Andi Bejleri Imperial College London Behavioural Types- April 21, 2011 Intuitive, light-weight type annotation Syntax of simply names and arrows, no question marks or

475 views • 19 slides
Session 2 Part 1 Overview of the 6 types of Toll Gate Joint Ventures There are 6 types of

Session 2 Part 1 Overview of the 6 types of Toll Gate Joint Ventures There are 6 types of

Million Dollar Joint Ventures Session 2 Part 1 Overview of the 6 types of Toll Gate Joint Ventures There are 6 types of Toll Gate Joint Ventures (TGJVs) I use in my business In this session, Im going to give you a quick overview

610 views • 32 slides
a classroom experiment for Year 7 upwards Dr Kathryn Scott Research Administrator, Zitzmann

a classroom experiment for Year 7 upwards Dr Kathryn Scott Research Administrator, Zitzmann

Extracting DNA from cheek cells: a classroom experiment for Year 7 upwards Dr Kathryn Scott Research Administrator, Zitzmann Group, Department of Biochemistry Lecturer in Biochemistry, Christ Church Extracting Human DNA in the Classroom

1.28k views • 39 slides
Query Types IR, session 3 CS6200: Information Retrieval Slides by: Jesse Anderton Query Types

Query Types IR, session 3 CS6200: Information Retrieval Slides by: Jesse Anderton Query Types

Query Types IR, session 3 CS6200: Information Retrieval Slides by: Jesse Anderton Query Types Info. Trans. Nav. Web queries can be roughly divided into three broad categories: 100 Navigational Queries look for a particular 10.2

353 views • 12 slides
Runtime Session Types in C# Per Andersson Christian Genne http://www.pean.se/sessiontypes/

Runtime Session Types in C# Per Andersson Christian Genne http://www.pean.se/sessiontypes/

Runtime Session Types in C# Per Andersson Christian Genne http://www.pean.se/sessiontypes/ Runtime Checking Idea: Generate and check types when parties connect +Problems can be detected in a determinstic way with a single test run + Small

299 views • 11 slides

More recommend