mechanising session types onwards and upwards
play

Mechanising Session Types Onwards and Upwards Francisco Ferreira - PowerPoint PPT Presentation

Nov 07, 2023 •187 likes •650 views

Mechanising Session Types Onwards and Upwards Francisco Ferreira and Lorenzo Gheri (joint work with David Castro, and Nobuko Yoshida) 2019 ABCD Meeting The First Step Do a case study: Language Primitives and Type Discipline for

  1. Mechanising Session Types Onwards and Upwards Francisco Ferreira and Lorenzo Gheri (joint work with David Castro, and Nobuko Yoshida) 2019 ABCD Meeting

  2. The First Step • Do a case study: • Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited, by Yoshida and Vasconcelos.

  3. The send receive system and its cousin the relaxed and the revisited system.

  4. The send receive system and its cousin the relaxed and the revisited system.

  5. The send receive system and its cousin the relaxed and the revisited system. This is the first step. Spoiler: Multiparty session types are next.

  6. What do we have? • A proof of type preservation formalised in Coq using ssreflect . • A library to implement locally nameless with multiple name scopes and handle environments in a versatile way. • We have a TACAS 2020 submission describing our tool. • We built some in-team expertise (i.e. we learned some hard lessons while struggling to finish the proof).

  7. What did we mechanise?

  8. A tale of three systems • We set out to represent the three systems described in the paper: • The Honda, Vasconcelos, Kubo system from ESOP’98

  9. A tale of three systems • We set out to represent the three systems described in the paper: • The Honda, Vasconcelos, Kubo system from ESOP’98 • Its naïve but ultimately unsound extension

  10. A tale of three systems • We set out to represent the three systems described in the paper: • The Honda, Vasconcelos, Kubo system from ESOP’98 • Its naïve but ultimately unsound extension • Its revised system inspired by Gay and Hole in Acta Informatica

  11. The Send Receive System P ::= request a ( k ) in P session request | accept a ( k ) in P session acceptance | k ![˜ e ]; P data sending | k ?(˜ x ) in P data reception | k ✁ l ; P label selection | k ✄ { l 1 : P 1 [ ] · · · [ ] l n : P n } label branching | throw k [ k ′ ]; P channel sending | catch k ( k ′ ) in P channel reception | if e then P else Q conditional branch | P | Q parallel composition | inact inaction | ( ν u ) P name/channel hiding | def D in P recursion e ˜ | X [˜ k ] process variables e ::= c constant | e + e ′ | e − e ′ | e × e | not ( e ) | . . . operators x 1 ˜ x n ˜ D ::= X 1 (˜ k 1 ) = P 1 and · · · and X n (˜ k n ) = P n declaration for recursion

  12. The Send Receive System P ::= request a ( k ) in P session request | accept a ( k ) in P session acceptance | k ![˜ e ]; P data sending | k ?(˜ x ) in P data reception | k ✁ l ; P label selection | k ✄ { l 1 : P 1 [ ] · · · [ ] l n : P n } label branching | throw k [ k ′ ]; P channel sending | catch k ( k ′ ) in P channel reception | if e then P else Q conditional branch | P | Q parallel composition | inact inaction | ( ν u ) P name/channel hiding | def D in P recursion e ˜ | X [˜ k ] process variables e ::= c constant | e + e ′ | e − e ′ | e × e | not ( e ) | . . . operators x 1 ˜ x n ˜ D ::= X 1 (˜ k 1 ) = P 1 and · · · and X n (˜ k n ) = P n declaration for recursion

  13. The Send Receive System P ::= request a ( k ) in P session request | accept a ( k ) in P session acceptance We consider terms up-to | k ![˜ e ]; P data sending α -conversion | k ?(˜ x ) in P data reception | k ✁ l ; P label selection | k ✄ { l 1 : P 1 [ ] · · · [ ] l n : P n } label branching | throw k [ k ′ ]; P channel sending | catch k ( k ′ ) in P channel reception | if e then P else Q conditional branch | P | Q parallel composition | inact inaction | ( ν u ) P name/channel hiding | def D in P recursion e ˜ | X [˜ k ] process variables e ::= c constant | e + e ′ | e − e ′ | e × e | not ( e ) | . . . operators x 1 ˜ x n ˜ D ::= X 1 (˜ k 1 ) = P 1 and · · · and X n (˜ k n ) = P n declaration for recursion

  14. The Send Receive System P ::= request a ( k ) in P session request | accept a ( k ) in P session acceptance We consider terms up-to | k ![˜ e ]; P data sending α -conversion | k ?(˜ x ) in P data reception | k ✁ l ; P label selection | k ✄ { l 1 : P 1 [ ] · · · [ ] l n : P n } label branching | throw k [ k ′ ]; P channel sending | catch k ( k ′ ) in P channel reception | if e then P else Q conditional branch | P | Q parallel composition Then we cannot distinguish: | inact inaction k?(x) in inact | ( ν u ) P name/channel hiding and | def D in P recursion k?(y) in inact e ˜ | X [˜ k ] process variables e ::= c constant | e + e ′ | e − e ′ | e × e | not ( e ) | . . . operators x 1 ˜ x n ˜ D ::= X 1 (˜ k 1 ) = P 1 and · · · and X n (˜ k n ) = P n declaration for recursion

  15. α -conversion curse or Blessing? ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′ ) in P 2 ) → P 1 | P 2 • The original system depends crucially on names

  16. α -conversion curse or Blessing? ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′ ) in P 2 ) → P 1 | P 2 • The original system depends crucially on names

  17. α -conversion curse or Blessing? ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′ ) in P 2 ) → P 1 | P 2 • The original system depends crucially on names This is a bound variable.

  18. α -conversion curse or Blessing? ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′ ) in P 2 ) → P 1 | P 2 • The original system depends crucially on names This is a bound variable. • If α -conversion is built in, this rule collapses to: ( throw k [ k ′ ]; P 1 ) | ( catch k ( k ′′ ) in P 2 ) → P 1 | P 2 [ k ′ /k ′′ ]

  19. The Naïve Representation

  20. The Naïve Representation • It “ looks like ” the original Send Receive system.

  21. The Naïve Representation • It “ looks like ” the original Send Receive system. • You start suspecting is wrong when defining the reduction relation.

  22. The Naïve Representation • It “ looks like ” the original Send Receive system. • You start suspecting is wrong when defining the reduction relation. • You know there is a problem when the proof fails.

  23. We have to discuss Adequacy • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  24. We have to discuss Adequacy • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  25. We have to discuss Adequacy 18 pages dedicated to the proof for the STLC! • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  26. We have to discuss Adequacy • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  27. We have to discuss Adequacy • I see this problem in one of two ways: • Either, we require proofs of adequacy. • Or we consider the meaning of the mechanisation “first- class”.

  28. The Revisited system • Now we distinguish between the endpoints of channels. • It can be represented with LN-variables and names.

  29. Four kinds of atoms

  30. Four kinds of atoms

  31. Four kinds of atoms

  32. Four kinds of atoms

  33. Four kinds of atoms

  34. Typing environments • Store their assumptions in a unique order (easy to compare) • Only store unique assumptions (easy to split) • They come with many lemmas (less induction proofs)

  35. Typing environments • Store their assumptions in a unique order (easy to compare) • Only store unique assumptions (easy to split) • They come with many lemmas These are generic enough and easy to (less induction proofs) use. #artefact

  36. Subject Reduction Theorem 3.3 (Subject Reduction) If Θ ; Γ ⊢ P ⊲ ∆ with ∆ balanced and P → ∗ Q , then Θ ; Γ ⊢ Q ⊲ ∆ ′ and ∆ ′ balanced. Is straightforward to represent:

  37. We have a tech report and a repository for the proof. • The code for the proof can be found at: • https://github.com/emtst/ • We have a technical report: • Engineering the Meta-Theory of Session Types • at: https://www.doc.ic.ac.uk/research/technicalreports/2019/ DTRS19-4.pdf

  38. Onwards and Upwards

  39. We are moving to Multiparty Session Types • Lessons learned: • Doing a complete calculus just to have a similar calculus to the literature takes a lot of effort. • Locally nameless worked well. Particularly/Even with the multiple name scopes. • Mechanising proof is great, but if one squints mechanisation is akin to very careful implementation.

  40. MPST • There’s four of us now: David, Francisco, Lorenzo, and Nobuko. • We are mechanising the meta-theory of multiparty session types. • We will build upon our locally nameless and environment implementation. • We plan to extract certified implementations from the proofs.

  41. Certified MPST Multiparty Compatibility in Communicating Automata: Characterisation and Synthesis of Global Session Types Deniélou, Yoshida, 2013

  42. Certified MPST We want Scribble-style protocol specifications Featherweight Scribble, Neykova, Yoshida, 2019

  43. Certified MPST We also want to reason We want Scribble-style about concurrent protocol specifications programs.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adventures in Mechanising and Verifying WebAssembly Conrad Watt University of Cambridge, UK

Adventures in Mechanising and Verifying WebAssembly Conrad Watt University of Cambridge, UK

Adventures in Mechanising and Verifying WebAssembly Conrad Watt University of Cambridge, UK Formal Methods Meets JavaScript, VeTSS Conrad Watt (Cambridge, UK) Mechanising WebAssembly VeTSS 1 / 21 The webs evolution We want richer web

521 views • 21 slides
Model-View-Update-Communicate Session Types meet the Elm Architecture Simon Fowler University of

Model-View-Update-Communicate Session Types meet the Elm Architecture Simon Fowler University of

Model-View-Update-Communicate Session Types meet the Elm Architecture Simon Fowler University of Edinburgh ABCD Final Meeting 19th December 2019 Functional Session Types EqualityClient : ! Int . ! Int . ? Bool . End Session types: Types

1.03k views • 43 slides
Mechanising Hankin and Barendregt using the Gordon-Melham axioms Michael Norrish

Mechanising Hankin and Barendregt using the Gordon-Melham axioms Michael Norrish

Mechanising Hankin and Barendregt using the Gordon-Melham axioms Michael Norrish Michael.Norrish@nicta.com.au Merlin03: Mechanising Hankin and Barendregt using the Gordon-Melham axioms p.1 Motivation & Outline To investigate the

327 views • 31 slides
Session Types in a Nutshell Session Types structure a series of interactions in a simple and

Session Types in a Nutshell Session Types structure a series of interactions in a simple and

Session Types in a Nutshell Session Types structure a series of interactions in a simple and concise syntax and ensure type safe communication . A Protocol Protocol: Buyer-Seller Alice Seller title Description: Alice buying a

644 views • 60 slides
Communication assurance with Session Types Rumyana Neykova Communication Safety with Session

Communication assurance with Session Types Rumyana Neykova Communication Safety with Session

Communication assurance with Session Types Rumyana Neykova Communication Safety with Session Types Promises: Organising structured communications from a global point of view Efficient type-checking strategy of processes through

459 views • 31 slides
AGENDA 20-21st May 2018 8.30pm onwards Special Dinner Venue: Courtyard By Mariott 9:30 10:00

AGENDA 20-21st May 2018 8.30pm onwards Special Dinner Venue: Courtyard By Mariott 9:30 10:00

AGENDA 20-21st May 2018 8.30pm onwards Special Dinner Venue: Courtyard By Mariott 9:30 10:00 hrs Registration 10:00 11:30 hrs Inaugural Session: Affordable and Clean Energy Theme: The ever- Welcome Address: Mr. Akhilesh Rathi , Joint

163 views • 3 slides
Multiparty Asynchronous Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College

Multiparty Asynchronous Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College

Multiparty Asynchronous Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College London 1 Structure of Lectures Theory Multiparty Session Types Summary: Practice and Programming using Scribble 2 Session Type Reading

1.22k views • 65 slides
Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018

Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018

Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018 1 Context Hundreds of deployed public blockchains $600 625 675 735 755 780 820 billion total market cap (7 day progression since Jan 1 st )

1.32k views • 38 slides
JUNE 2020 TEACHER REFERENCE PRESENTATION CLASS 7 onwards TABLE OF CONTENTS JUNE 2020 CLASS 7

JUNE 2020 TEACHER REFERENCE PRESENTATION CLASS 7 onwards TABLE OF CONTENTS JUNE 2020 CLASS 7

JUNE 2020 TEACHER REFERENCE PRESENTATION CLASS 7 onwards TABLE OF CONTENTS JUNE 2020 CLASS 7 onwards Pick of the Month Gap Profiles Global Updates Point Nemo Rajkumari Amrit Tokyos Face Kaur Showing Festival Vishys

468 views • 33 slides
Multiparty Session Types and their Applications http://mrg.doc.ic.ac.uk/ Nobuko Yoshida, Rumyana

Multiparty Session Types and their Applications http://mrg.doc.ic.ac.uk/ Nobuko Yoshida, Rumyana

Multiparty Session Types and their Applications http://mrg.doc.ic.ac.uk/ Nobuko Yoshida, Rumyana Neykova Imperial College London 1 Outline Idioms for Interaction Multiparty Session Types Scribble and Applications to a Large-scale

1.38k views • 80 slides
Whole Herd Performance Recording Whats new for 2019 onwards Pat Donnellan Overview

Whole Herd Performance Recording Whats new for 2019 onwards Pat Donnellan Overview

Whole Herd Performance Recording Whats new for 2019 onwards Pat Donnellan Overview WHPR Why & How Progress to-date Plans for 2019 onwards AgTech its in our DNA 2 WHPR Why & How Small Herd New

419 views • 20 slides
Multiparty Session Types and their Applications to Large Distributed Systems Nobuko Yoshida and

Multiparty Session Types and their Applications to Large Distributed Systems Nobuko Yoshida and

Multiparty Session Types and their Applications to Large Distributed Systems Nobuko Yoshida and Raymond Hu Imperial College London 1 Session Type Projects COST Action Behavioural Types for Reliable Large-Scale Software Systems , over 60

696 views • 44 slides
Against Upwards Agree: A view from Dagestan Pavel Rudnev prudnev@hse.ru 22-03-2019 Background

Against Upwards Agree: A view from Dagestan Pavel Rudnev prudnev@hse.ru 22-03-2019 Background

Against Upwards Agree: A view from Dagestan Pavel Rudnev prudnev@hse.ru 22-03-2019 Background Agreement in minimalism Mainstream minimalism central spot afforded to unvalued features in much of current theorising Alternatives

551 views • 51 slides
From Processor Verification Upwards Three Research Vignettes in Memory of Mike Gordon Oxford,

From Processor Verification Upwards Three Research Vignettes in Memory of Mike Gordon Oxford,

From Processor Verification Upwards Three Research Vignettes in Memory of Mike Gordon Oxford, July 2018 Speaker: Magnus Myreen Covering years: 2005-2014 Meeting Mike for the first time 2005 Also met: Hasan Amjad, Anthony Fox, Juliano

415 views • 24 slides
Multiparty Session Types: Concepts Separate the communication into conversations (sessions)

Multiparty Session Types: Concepts Separate the communication into conversations (sessions)

Multiparty Session Types: Concepts Separate the communication into conversations (sessions) Each process plays a role in a conversation => its type is defined by the conversation and its role Evolution Of MPST Binary Session Types

1.07k views • 33 slides
Data structures Exercise session Week 1 I. Introduction Two kinds of types in Java

Data structures Exercise session Week 1 I. Introduction Two kinds of types in Java

Data structures Exercise session Week 1 I. Introduction Two kinds of types in Java Primitive types int, char, boolean, fmoat, double, etc. Object types Integer, Character, String, etc. Java generics Before generics you had to

739 views • 20 slides
Throw Down an AI Challenge Todd W. Neller, Gettysburg College Ingrid Russell, University of

Throw Down an AI Challenge Todd W. Neller, Gettysburg College Ingrid Russell, University of

Throw Down an AI Challenge Todd W. Neller, Gettysburg College Ingrid Russell, University of Hartford Zdravko Markov, Central Connecticut State University Beginnings Recall your introduction to CS. Which experiences attracted your

3.44k views • 23 slides
Turings Legacy What is computation ? What is an algorithm ? How can we mathematically define

Turings Legacy What is computation ? What is an algorithm ? How can we mathematically define

15-251: Great Theoretical Ideas in Computer Science Lecture 5 Turings Legacy What is computation ? What is an algorithm ? How can we mathematically define them? Quick Recap Mathematical definition of a (computational) problem: Input / output

935 views • 77 slides
Which practice problem should we go over? (a) (b) (c) Music to cheer us up: The Laughing Gnome

Which practice problem should we go over? (a) (b) (c) Music to cheer us up: The Laughing Gnome

Which practice problem should we go over? (a) (b) (c) Music to cheer us up: The Laughing Gnome (by David Bowie, before getting famous) About the exam Consider the following integral: b d g ( x , y ) dy dx . a c The

357 views • 12 slides
systematics uncertainties in the determination of the local dark matter density in collaboration

systematics uncertainties in the determination of the local dark matter density in collaboration

systematics uncertainties in the determination of the local dark matter density in collaboration with: G. Bertone, O. Agertz, B. Moore, R. Teyssier Miguel Pato Universita degli Studi di Padova / Institut dAstrophysique de Paris Institute

474 views • 28 slides
The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische Universit at Darmstadt Department of Computer Science, Software Engineering Group Dagstuhl Seminar 16131: Language Based Verification Tools for

1.01k views • 68 slides
Juggling Slide Rules By Colin Tombeur December 2011 INTRODUCTION I had always felt that

Juggling Slide Rules By Colin Tombeur December 2011 INTRODUCTION I had always felt that

Juggling Slide Rules By Colin Tombeur December 2011 INTRODUCTION I had always felt that juggling was something that I should and could be able to do, but it wasnt until a few years ago that I finally got round to learning to do it. Since

586 views • 15 slides
Continuation-Passing Style Transforms Type Theory and Coq Vincent Koppen 15-05-2018 Paper

Continuation-Passing Style Transforms Type Theory and Coq Vincent Koppen 15-05-2018 Paper

Continuation-Passing Style Transforms Type Theory and Coq Vincent Koppen 15-05-2018 Paper Title: Polymorphic Type Assignment and CPS Conversion Authors: Robert Harpery and Mark Lillibridge Year: 1993 Journal: lisp and symbolic computation : An

911 views • 52 slides
Status of ProtoDUNE-SP Performance Paper Flavio, Tingjun, Tom ProtoDUNE DRA Meeting Dec 4, 2019

Status of ProtoDUNE-SP Performance Paper Flavio, Tingjun, Tom ProtoDUNE DRA Meeting Dec 4, 2019

Status of ProtoDUNE-SP Performance Paper Flavio, Tingjun, Tom ProtoDUNE DRA Meeting Dec 4, 2019 First draft of ProtoDUNE-SP performance paper is almost ready. 74 pages and 59 figures. 2 12/4/19 T. Yang | ProtoDUNE-SP Plan to

526 views • 7 slides

More recommend