Fluid Types Statically Verified Distributed Protocols with - - PowerPoint PPT Presentation

fluid types
SMART_READER_LITE
LIVE PREVIEW

Fluid Types Statically Verified Distributed Protocols with - - PowerPoint PPT Presentation

Mar 19, 2023 210 likes •601 views

Fluid Types Statically Verified Distributed Protocols with Refinements Fangyi Zhou Francisco Ferreira Rumyana Neykova Nobuko Yoshida Quick Primer on Session Types 2 Concurrency Shared Memory Message Passing 3 (1) ->

slide-1
SLIDE 1

Fluid Types

Statically Verified Distributed Protocols with Refinements

Fangyi Zhou Francisco Ferreira Rumyana Neykova Nobuko Yoshida

slide-2
SLIDE 2

Quick Primer on Session Types

2

slide-3
SLIDE 3

Concurrency

3

Shared Memory Message Passing

slide-4
SLIDE 4

4

A B

(1) -> “Hello” (2) <- 42 Send string Receive int Done Receive string Send int Done Duality

slide-5
SLIDE 5

5

A B C

(1) A -> C “Hello” (2) C -> B 42 (3) A -> B “Hello” (4) B -> A 42 Send string Done Receive string Done Send int Done Receive int Done Receive string Send int Done Send string Receive int Done

slide-6
SLIDE 6

6

A B C

(1) A -> C “Hello” (2) C -> B 42 (3) A -> B “Hello” (4) B -> A 42 Receive A string Send B int Done Receive C string Receive B string Send B int Done Send C string Send B string Receive B int Done

slide-7
SLIDE 7

7

A B C

(1) A -> C “Hello” (2) C -> B 42 (3) A -> B “Hello” (4) B -> A 42

string from A to C; int from C to B; string from A to B; int from B to A;

Global Protocol

slide-8
SLIDE 8

Motivation

8

slide-9
SLIDE 9

Example: a simple protocol

  • Two kids are playing a game on the playground
  • A tells B a number
  • B tries to find a larger number

9

protocol Playground (role A, role B) { initialGuess (int) from A to B; finalGuess (int) from B to A; }

No guarantee whether this will be larger

slide-10
SLIDE 10

Example: a simple protocol

  • Two kids are playing a game on the playground
  • A tells B a number
  • B tries to find a larger number

10

protocol Playground (role A, role B) { initialGuess (x:int) from A to B @ x > 7; finalGuess (y:int) from B to A @ y > x; }

Named Parameters Assertions

slide-11
SLIDE 11

Previously…

  • Session Type Provider [Neykova et al. 2018]
  • Compile Time Type Generation in F#
  • Protocol validated during compilation
  • Refinements checked dynamically during execution

11

[Neykova et al. 2018]: Rumyana Neykova, Raymond Hu, Nobuko Yoshida, and Fahd Abdeljallal. 2018. A session type provider: compile-time API generation of distributed protocols with refinements in F#

slide-12
SLIDE 12

12

Protocol with Refinements Compile Time Type Generation Communication via Generated API

Workflow (Previously)

protocol Playground (role A, role B) { initialGuess (x:int) from A to B @ x > 7; finalGuess (y:int) from B to A @ y > x; } type Protocol = SessionTypeProvider <“Playground.scr”, “A”> let p = 
 new Protocol().Init() in
 p.send(B, initialGuess, 42) .receive(B, finalGuess, y) .finish()

slide-13
SLIDE 13

13

Protocol with Refinements Compile Time Refined Type Generation Communication via Generated Refined API

Workflow (Now)

Refinement Type Check

slide-14
SLIDE 14

Overview

  • Add refinements to generated types
  • Check refinements with a type system extension
  • Extract F# code into a refinement calculus
  • Check satisfiability using external solver

14

slide-15
SLIDE 15

What are refinement types?

  • Build upon an existing type system
  • Allow base types to be refined via predicates
  • Specify data dependencies
  • Example: Liquid Haskell [Vazou et al. 2014]

15

[Vazou et al. 2014]: Niki Vazou, Eric L. Seidel, Ranjit Jhala, Dimitrios Vytiniotis, and Simon Peyton-Jones. 2014. Refinement types for Haskell.

slide-16
SLIDE 16

16

  • STLC with refinement types
  • Terms can be encoded in SMT-LIB terms
  • Establishes a subtyping relation via SMT solver

λH

Refinement Calculus:

slide-17
SLIDE 17

Types in

  • A base type
  • A function type (dependent function)

17

λH

integers, booleans, … c.f. Dependent Types Πx:τ1τ2(x)

{ν : b | M}

Base type , value refined by term

ν

M

b

(x : τ1) → τ2

Variable can occur in the type

x τ2

slide-18
SLIDE 18

Example

  • The integer literal 1
  • A possible type:
  • Another possible type:
  • Or more…
  • Solution: Bidirectional Typing

18

{ν : int | ν = 1} {ν : int | ν ≥ 1} {ν : int | true}

slide-19
SLIDE 19

Bidirectional Typing

  • Provides a more algorithmic approach
  • Mutually inductive judgments
  • Type Synthesis
  • Type Check

19

Γ; Δ ⊢ M ⇒ τ

Given Γ, Δ, M, find the type τ

Γ; Δ ⊢ M ⇐ τ

Given Γ, Δ, M, τ, determine if type is correct *Not all terms are synthesisable *

slide-20
SLIDE 20

“Change of Direction” Rule

20

Subtyping Judgment Well-formedness Judgment

slide-21
SLIDE 21

Subtyping with SMT

  • Encode refinements term into SMT-LIB
  • Use SMT solver to decide validity

21

slide-22
SLIDE 22

Encoding in SMT-LIB

22

x (A term Variable) x (An SMT Variable)

slide-23
SLIDE 23

Encoding in SMT-LIB

23

( + ) 1 2

(+ 1 2)

slide-24
SLIDE 24

Encoding in SMT-LIB

24

x : {ν : int | ν + 2 = 5}

x + 2 = 5

slide-25
SLIDE 25

Encoding in SMT-LIB

25

Valid([ [Γ] ] ∧ [ [Δ] ] ∧ [ [M1] ] ⟹ [ [M2] ]) Unsat([ [Γ] ] ∧ [ [Δ] ] ∧ [ [M1] ] ∧ ¬[ [M2] ])

slide-26
SLIDE 26

Subtyping with SMT

  • Consider integer literal 1
  • Synthesised type:
  • Check subtype:
  • Encode into logic:
  • Use SMT solver:

26

{ν : int | ν = 1}

{ν : int | ν = 1} <: {ν : int | ν ≥ 1}?

SAT((v = 1) ∧ ¬(v ≥ 1))?

UNSAT

slide-27
SLIDE 27

Subtyping with SMT

  • Consider term x + 1 with context
  • Synthesised type:
  • Check subtype:
  • Encode into logic:
  • Use SMT solver:

27

{ν : int | ν = x + 1}

{ν : int | ν = x + 1} <: {ν : int | ν ≥ 2}?

SAT((x ≥ 1) ∧ (v = x + 1) ∧ ¬(v ≥ 2))?

UNSAT

x : {ν : int | ν ≥ 1}

slide-28
SLIDE 28

Generating Types

  • Scribble validates protocol and generates CFSM
  • Type Provider converts CFSM into F# code
  • New: Adding refinements in types

28

slide-29
SLIDE 29

From Protocol to CFSM

(Scribble)

29

protocol Playground (role A, role B) { initialGuess (x:int) from A to B @ x > 7; finalGuess (y:int) from B to A @ y > x; }

Projection to role A

protocol Playground (role A, role B) { initialGuess (x:int) from A to B @ x > 7; finalGuess (y:int) from B to A @ y > x; }

slide-30
SLIDE 30

30

protocol Playground (role A, role B) { initialGuess (x:int) from A to B @ x > 7; finalGuess (y:int) from B to A @ y > x; }

Projection to role A

From Protocol to CFSM

(Scribble)

slide-31
SLIDE 31

From CFSM to

31

λH

Ø

x : {ν : int | ν > 7} x : {ν : int | ν > 7} y : {ν : int | ν > x}

type State0 = {} type State1 = { x: {v:int|v>7}; } type State2 = { x: {v:int|v>7}; y: {v:int|v>x}; }

(Type Provider)

slide-32
SLIDE 32

From CFSM to

32

λH

type State0 = {} type State1 = { x: {v:int|v>7}; } type State2 = { x: {v:int|v>7}; y: {v:int|v>x}; } initialGuess : (st: State0) -> (x: {v:int|v>7}) -> State1

(Type Provider)

slide-33
SLIDE 33

From CFSM to

33

λH

type State0 = {} type State1 = { x: {v:int|v>7}; } type State2 = { x: {v:int|v>7}; y: {v:int|v>x}; } finalGuess : (st: State1) -> (State2 * {v:int|v>st.x})

(Type Provider)

slide-34
SLIDE 34

From CFSM to

34

λH

type State0 = {} type State1 = { x: {v:int|v>7}; } type State2 = { x: {v:int|v>7}; y: {v:int|v>x}; } finalGuess : (st: State1) -> (State2 * {v:int|v>st.x}) initialGuess : (st: State0) -> (x: {v:int|v>7}) -> State1

(Type Provider)

slide-35
SLIDE 35

One Last Step…

  • Typecheck the program with refined types
  • Extract F# expressions to terms in
  • Use F# Compiler Services to obtain AST
  • Check whether API usage is correct w.r.t. refinements

35

λH

slide-36
SLIDE 36

Future Work

  • Support recursion in protocols
  • Complete meta-theory for refinements in MPST
  • End to end meta-theory
  • Support more features in refinement calculus

36

slide-37
SLIDE 37

Thank you!