http://mrg.doc.ic.ac.uk/ www.scribble.org Online tool : - - PowerPoint PPT Presentation

http mrg doc ic ac uk scribble org
SMART_READER_LITE
LIVE PREVIEW

http://mrg.doc.ic.ac.uk/ www.scribble.org Online tool : - - PowerPoint PPT Presentation

Nov 09, 2022 475 likes •984 views

Us M obility R esearch G roup http://mrg.doc.ic.ac.uk/ www.scribble.org Online tool : http://scribble.doc.ic.ac.uk/ End-to-End Switching Programme by DCC End-to-End Switching Programme by DCC Interactions with Industries Interactions with

slide-1
SLIDE 1
slide-2
SLIDE 2

http://mrg.doc.ic.ac.uk/

Us ∈ Mobility Research Group

slide-3
SLIDE 3
slide-4
SLIDE 4
slide-5
SLIDE 5

www.scribble.org

slide-6
SLIDE 6

Online tool : http://scribble.doc.ic.ac.uk/

slide-7
SLIDE 7

End-to-End Switching Programme by DCC

slide-8
SLIDE 8

End-to-End Switching Programme by DCC

slide-9
SLIDE 9

Interactions with Industries

slide-10
SLIDE 10

Interactions with Industries

slide-11
SLIDE 11

Selected Publications 2016/2017

  • [ECOOP’17] Alceste Scala, Raymond Hu, Ornela Darda, NY: A Linear Decomposition of

Multiparty Sessions for Safe Distributed Programming..

  • [COORDINATION’17] Keigo Imai, NY and Shoji Yuen: Session-ocaml: a session-based

library with polarities and lenses.

  • [FoSSaCS’17] Julien Lange , NY: On the Undecidability of Asynchronous Session

Subtyping.

  • [FASE’17] Raymond Hu , NY: Explicit Connection Actions in Multiparty Session Types.
  • [CC’17] Rumyana Neykova , NY: Let It Recover: Multiparty Protocol-Induced Recovery.
  • [POPL’17] Julien Lange , Nicholas Ng , Bernardo Toninho , NY: Fencing off Go: Liveness

and Safety for Channel-based Programming.

  • [FPL’16] Xinyu Niu , Nicholas Ng , Tomofumi Yuki , Shaojun Wang , NY, Wayne Luk :

EURECA Compilation: Automatic Optimisation of Cycle-Reconfigurable Circuits.

  • [ECOOP’16] Alceste Scala, NY: Lightweight Session Programming in Scala
  • [CC’16] Nicholas Ng, NY: Static Deadlock Detection for Concurrent Go by Global

Session Graph Synthesis.

  • [FASE’16] Raymond Hu, NY: Hybrid Session Verification through Endpoint API

Generation.

  • [TACAS’16] Julien Lange, NY: Characteristic Formulae for Session Types.
  • [ESOP’16] Dimitrios Kouzapas, Jorge A. Pérez, NY: On the Relative Expressiveness of

Higher-Order Session Processes.

  • [POPL’16] Dominic Orchard, NY: Effects as sessions, sessions as effects .
slide-12
SLIDE 12

Selected Publications 2016/2017

  • [ECOOP’17] Alceste Scala, Raymond Hu, Ornela Darda, NY :A Linear

Decomposition of Multiparty Sessions for Safe Distributed Programming.

  • [COORDINATION’17] Keigo Imai, NY and Shoji Yuen: Session-ocaml: a session-

based library with polarities and lenses.

  • [FoSSaCS’17] Julien Lange , NY : On the Undecidability of Asynchronous Session

Subtyping.

  • [FASE’17] Raymond Hu , NY : Explicit Connection Actions in Multiparty Session

Types.

  • [CC’17] Rumyana Neykova , NY: Let It Recover: Multiparty Protocol-Induced

Recovery.

  • [POPL’17] Julien Lange , Nicholas Ng , Bernardo Toninho , NY: Fencing off Go:

Liveness and Safety for Channel-based Programming.

  • [FPL’16] Xinyu Niu , Nicholas Ng , Tomofumi Yuki , Shaojun Wang , NY, Wayne Luk:

EURECA Compilation: Automatic Optimisation of Cycle-Reconfigurable Circuits.

  • [ECOOP’16] Alceste Scala, NY: Lightweight Session Programming in Scala
  • [CC’16] Nicholas Ng, NY: Static Deadlock Detection for Concurrent Go by Global

Session Graph Synthesis.

  • [FASE’16] Raymond Hu, NY: Hybrid Session Verification through Endpoint API

Generation.

  • [TACAS’16] Julien Lange, NY: Characteristic Formulae for Session Types.
  • [ESOP’16] Dimitrios Kouzapas, Jorge A. Pérez, NY: On the Relative Expressiveness
  • f Higher-Order Session Processes.
  • [POPL’16] Dominic Orchard, NY: Effects as Sessions, Sessions as Effects.
slide-13
SLIDE 13
slide-14
SLIDE 14
slide-15
SLIDE 15
slide-16
SLIDE 16
slide-17
SLIDE 17
slide-18
SLIDE 18
slide-19
SLIDE 19
slide-20
SLIDE 20
slide-21
SLIDE 21
slide-22
SLIDE 22
slide-23
SLIDE 23
slide-24
SLIDE 24

Verification framework for Go

Overview Behavioural types SSA IR Go source code

(1) Type inference

(2) Model checking (3) Termina- tion checking

Transform and verify Create input model and formula Pass to termination prover

Check safety and liveness Address type and process gap

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-25
SLIDE 25

Concurrency in Go

func main() { ch, done := make(chan int), make(chan int) go send(ch) // Spawn as goroutine. go func() { for i := 0; i < 2; i++ { print("Working...") } }() go recv(ch, done) go recv(ch, done) // Who is ch receiving from? print("Done:", <-done, <-done) // 2 receivers, 2 replies } func send(ch chan int) { ch <- 1 } // Send to channel. func recv(in, out chan int) { out <- <-in } // Fwd in to out.

Send/receive blocks goroutines if channel full/empty resp. Close a channel close(ch) Guarded choice select { case <-ch:; case <-ch2: }

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-26
SLIDE 26

Concurrency in Go

Deadlock detection

func main() { ch, done := make(chan int), make(chan int) go send(ch) // Spawn as goroutine. go func() { for i := 0; i < 2; i++ { print("Working...") } }() go recv(ch, done) go recv(ch, done) // Who is ch receiving from? print("Done:", <-done, <-done) // 2 receivers, 2 replies } func send(ch chan int) { ch <- 1 } // Send to channel. func recv(in, out chan int) { out <- <-in } // Fwd in to out.

Run program:

$ go run main.go fatal error: all goroutines are asleep - deadlock!

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-27
SLIDE 27

Concurrency in Go

Deadlock detection

func main() { ch, done := make(chan int), make(chan int) go send(ch) // Spawn as goroutine. go func() { for i := 0; ; i++ { // infinite loop print("Working...") } }() go recv(ch, done) go recv(ch, done) // Who is ch receiving from? print("Done:", <-done, <-done) // 2 receivers, 2 replies } func send(ch chan int) { ch <- 1 } // Send to channel. func recv(in, out chan int) { out <- <-in } // Fwd in to out.

Change to infinite

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-28
SLIDE 28

Concurrency in Go

Deadlock detection

func main() { ch, done := make(chan int), make(chan int) go send(ch) // Spawn as goroutine. go func() { for i := 0; ; i++ { // infinite loop print("Working...") } }() go recv(ch, done) go recv(ch, done) // Who is ch receiving from? print("Done:", <-done, <-done) // 2 receivers, 2 replies } func send(ch chan int) { ch <- 1 } // Send to channel. func recv(in, out chan int) { out <- <-in } // Fwd in to out.

Change to infinite Deadlock NOT detected (some goroutines are running)

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-29
SLIDE 29

Concurrency in Go

Deadlock detection Go has a runtime deadlock detector, panics (crash) if deadlock Deadlock if all goroutines are blocked Some packages (e.g. net for networking) disables it

import _ "net" // Load "net" package func main() { ch := make(chan int) send(ch) print(<-ch) } func send(ch chan int) { ch <- 1 }

Add benign import

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-30
SLIDE 30

Concurrency in Go

Deadlock detection Go has a runtime deadlock detector, panics (crash) if deadlock Deadlock if all goroutines are blocked Some packages (e.g. net for networking) disables it

import _ "net" // Load "net" package func main() { ch := make(chan int) send(ch) print(<-ch) } func send(ch chan int) { ch <- 1 }

Add benign import Deadlock NOT detected

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-31
SLIDE 31

Go Programs as Processes

Go Program

P, Q := π; P π := u!hei | u?(y) | τ

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-32
SLIDE 32

Go Programs as Processes

Go Program

P, Q := π; P π := u!hei | u?(y) | τ | close u; P

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-33
SLIDE 33

Go Programs as Processes

Go Program

P, Q := π; P π := u!hei | u?(y) | τ | close u; P | select{πi; Pi}i∈I

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-34
SLIDE 34

Go Programs as Processes

Go Program

P, Q := π; P π := u!hei | u?(y) | τ | close u; P | select{πi; Pi}i∈I | if e then P else Q

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-35
SLIDE 35

Go Programs as Processes

Go Program

P, Q := π; P π := u!hei | u?(y) | τ | close u; P | select{πi; Pi}i∈I | if e then P else Q | newchan(y:σ); P

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-36
SLIDE 36

Go Programs as Processes

Go Program

P, Q := π; P π := u!hei | u?(y) | τ | close u; P | select{πi; Pi}i∈I | if e then P else Q | newchan(y:σ); P | P | Q | 0 | (νc)P

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-37
SLIDE 37

Go Programs as Processes

Go Program

P, Q := π; P π := u!hei | u?(y) | τ | close u; P | select{πi; Pi}i∈I | if e then P else Q | newchan(y:σ); P | P | Q | 0 | (νc)P | Xh˜ e, ˜ ui D := X(˜ x) = P P := {Di}i∈I in P

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-38
SLIDE 38

Go Programs as Processes

Go Program

P, Q := π; P π := u!hei | u?(y) | τ | close u; P | select{πi; Pi}i∈I | if e then P else Q | newchan(y:σ); P | P | Q | 0 | (νc)P | Xh˜ e, ˜ ui D := X(˜ x) = P P := {Di}i∈I in P

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-39
SLIDE 39

Abstracting Go with Behavioural Types

Types

α := u | u | τ T, S := α; T | T S | N{αi; Ti}i∈I | (T | S) | 0 | (new a)T | close u; T | th˜ ui T := {t(˜ yi) = Ti}i∈I in S Types of a CCS-like process calculus Abstracts Go concurrency primitives

Send/Recv, new (channel), parallel composition (spawn) Go-specific: Close channel, Select (guarded choice)

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-40
SLIDE 40
slide-41
SLIDE 41
slide-42
SLIDE 42
slide-43
SLIDE 43
slide-44
SLIDE 44
slide-45
SLIDE 45

Verification framework for Go

Model checking with mCRL2 Generate LTS model and formulae from types Finite control (no parallel composition in recursion) Properties (formulae for model checker):

X Global deadlock X Channel safety (no send/close on closed channel) X – Liveness (partial deadlock) X – Eventual reception

Require additional guarantees

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-46
SLIDE 46
slide-47
SLIDE 47

Verification framework for Go

Termination checking with KITTeL Extracted types do not consider data in process Type liveness != program liveness

Especially when involving iteration Check for loop termination

Properties:

X Global deadlock X Channel safety (no send/close on closed channel) X Liveness (partial deadlock) X Eventual reception

func main() { ch := make(chan int) go func() { for i := 0; i < 10; i−− { // Does not terminate } ch <− 1 }() <−ch }

Type: Live Program: NOT live

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-48
SLIDE 48

Tool demo

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-49
SLIDE 49

Conclusion

Verification framework based on Behavioural Types Behavioural types for Go concurrency Infer types from Go source code Model check types for safety/liveness + termination for iterative Go code Behavioural types SSA IR Go source code

Type inference

Model checking Termination checking

Transform and verify

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk

slide-50
SLIDE 50

Future work

Extend framework to support more properties Unlimited possibilities!

Different verification techniques

e.g. [POPL’17], Choreography synthesis [CC’15]

Different concurrency issues

Other synchronisation mechanisms Race conditions

Nobuko Yoshida Open Problems of Session Types mrg.doc.ic.ac.uk