58 research outputs found
On Thin Air Reads: Towards an Event Structures Model of Relaxed Memory
To model relaxed memory, we propose confusion-free event structures over an
alphabet with a justification relation. Executions are modeled by justified
configurations, where every read event has a justifying write event.
Justification alone is too weak a criterion, since it allows cycles of the kind
that result in so-called thin-air reads. Acyclic justification forbids such
cycles, but also invalidates event reorderings that result from compiler
optimizations and dynamic instruction scheduling. We propose the notion of
well-justification, based on a game-like model, which strikes a middle ground.
We show that well-justified configurations satisfy the DRF theorem: in any
data-race free program, all well-justified configurations are sequentially
consistent. We also show that rely-guarantee reasoning is sound for
well-justified configurations, but not for justified configurations. For
example, well-justified configurations are type-safe.
Well-justification allows many, but not all reorderings performed by relaxed
memory. In particular, it fails to validate the commutation of independent
reads. We discuss variations that may address these shortcomings
Choreographies and Cost Semantics for Reliable Communicating Systems
Communicating systems have become ubiquitous in today\u27s society.Unfortunately, the complexity of their interactions makes themparticularly prone to failures such as deadlocked states causedby misbehaving components, or memory exhaustion due to a surge inmessage traffic (malicious or not). These vulnerabilitiesconstitute a real risk to users, with consequences ranging fromminor inconveniences to the possibility of loss of life andcapital. This thesis presents two results that aim to increasethe reliability of communicating systems. First, we implement achoreography language which by construction can only describesystems that are deadlock-free. Second, we develop a costsemantics to prove programs free of out-of-memory errors. Both ofthese results are formalized in the HOL4 theorem prover andintegrated with the CakeML verified stack
Policy Iteration-based Conditional Termination and Ranking Functions
The final publication is available at link.springer.com.International audienceTermination analyzers generally synthesize ranking functions or relations, which represent checkable proofs of their results. In [], we proposed an approach for conditional termination analysis based on abstract fixpoint computation by policy iteration. This method is not based on ranking functions and does not directly provide a ranking relation, which makes the comparison with existing approaches difficult. In this paper we study the relationships between our approach and ranking functions and relations, focusing on extensions of linear ranking functions. We show that it can work on programs admitting a specific kind of segmented ranking functions, and that the results can be checked by the construction of a disjunctive ranking relation. Experimental results show the interest of this approach
Weak memory models using event structures
National audienceIn this article, we investigate a denotational semantics based on event structures for a very simple imperative and concurrent programming language. The model incorporates behaviours of weak memory models such as reordering of instructions and non-locality. Our model can then be used to define a function from programs to their possible outcomes that can be used to give a formal semantics to a processor or a programming language. Most of the semantic ideas come from game semantics and its recent development based on event structures, but taking advantage of the first-order setting, we present in this paper a self-contained simplification of these ideas
Subtyping Context-Free Session Types
Context-free session types describe structured patterns of communication on
heterogeneously-typed channels, allowing the specification of protocols
unconstrained by tail recursion. The enhanced expressive power provided by
non-regular recursion comes, however, at the cost of the decidability of
subtyping, even if equivalence is still decidable. We present an approach to
subtyping context-free session types based on a novel kind of observational
preorder we call -simulation, which generalizes
-simulation (also known as covariant-contravariant simulation)
and therefore also bisimulation and plain simulation. We further propose a
subtyping algorithm that we prove to be sound, and present an empirical
evaluation in the context of a compiler for a programming language. Due to the
general nature of the simulation relation upon which it is built, this
algorithm may also find applications in other domains.Comment: 34 pages, 6 figures, technical report of a paper published in the
conference proceedings of CONCUR 202
Non-polynomial Worst-Case Analysis of Recursive Programs
We study the problem of developing efficient approaches for proving
worst-case bounds of non-deterministic recursive programs. Ranking functions
are sound and complete for proving termination and worst-case bounds of
nonrecursive programs. First, we apply ranking functions to recursion,
resulting in measure functions. We show that measure functions provide a sound
and complete approach to prove worst-case bounds of non-deterministic recursive
programs. Our second contribution is the synthesis of measure functions in
nonpolynomial forms. We show that non-polynomial measure functions with
logarithm and exponentiation can be synthesized through abstraction of
logarithmic or exponentiation terms, Farkas' Lemma, and Handelman's Theorem
using linear programming. While previous methods obtain worst-case polynomial
bounds, our approach can synthesize bounds of the form
as well as where is not an integer. We present
experimental results to demonstrate that our approach can obtain efficiently
worst-case bounds of classical recursive algorithms such as (i) Merge-Sort, the
divide-and-conquer algorithm for the Closest-Pair problem, where we obtain
worst-case bound, and (ii) Karatsuba's algorithm for
polynomial multiplication and Strassen's algorithm for matrix multiplication,
where we obtain bound such that is not an integer and
close to the best-known bounds for the respective algorithms.Comment: 54 Pages, Full Version to CAV 201
Gradual session types
Session types are a rich type discipline, based on linear types, that lifts
the sort of safety claims that come with type systems to communications.
However, web-based applications and microservices are often written in a mix of
languages, with type disciplines in a spectrum between static and dynamic
typing. Gradual session types address this mixed setting by providing a
framework which grants seamless transition between statically typed handling of
sessions and any required degree of dynamic typing.
We propose Gradual GV as a gradually typed extension of the functional
session type system GV. Following a standard framework of gradual typing,
Gradual GV consists of an external language, which relaxes the type system of
GV using dynamic types, and an internal language with casts, for which
operational semantics is given, and a cast-insertion translation from the
former to the latter. We demonstrate type and communication safety as well as
blame safety, thus extending previous results to functional languages with
session-based communication. The interplay of linearity and dynamic types
requires a novel approach to specifying the dynamics of the language.Comment: Preprint of an article to appear in Journal of Functional Programmin
Types for Progress in Actor Programs
Properties in the actor model can be described in terms of the message-passing behavior of actors. In this paper, we address the problem of using a type system to capture liveness properties of actor programs. Specifically, we define a simple actor language in which demands for certain types of messages may be generated during execution, in a manner specified by the programmer. For example, we may want to require that each request to an actor eventually results in a reply. The difficulty lies in that such requests can be generated dynamically, alongside the associated requirements for replies. Such replies might be sent in response to intermediate messages that never arrive, but the property may also not hold for more trivial reasons; for instance, when the code of potential senders of the reply omit the required sending command in some branches of a conditional statement. We show that, for a restricted class of actor programs, a system that tracks typestates can statically guarantee that such dynamically generated requirements will eventually be satisfied.Ope
Session Coalgebras: A Coalgebraic View on Session Types and Communication Protocols
Compositional methods are central to the development and verification of
software systems. They allow to break down large systems into smaller
components, while enabling reasoning about the behaviour of the composed
system. For concurrent and communicating systems, compositional techniques
based on behavioural type systems have received much attention. By abstracting
communication protocols as types, these type systems can statically check that
programs interact with channels according to a certain protocol, whether the
intended messages are exchanged in a certain order. In this paper, we put on
our coalgebraic spectacles to investigate session types, a widely studied class
of behavioural type systems. We provide a syntax-free description of
session-based concurrency as states of coalgebras. As a result, we rediscover
type equivalence, duality, and subtyping relations in terms of canonical
coinductive presentations. In turn, this coinductive presentation makes it
possible to elegantly derive a decidable type system with subtyping for
-calculus processes, in which the states of a coalgebra will serve as
channel protocols. Going full circle, we exhibit a coalgebra structure on an
existing session type system, and show that the relations and type system
resulting from our coalgebraic perspective agree with the existing ones.Comment: 36 pages, submitte
- âŠ