127 research outputs found

    Special Delivery: Programming with Mailbox Types (Extended Version)

    Full text link
    The asynchronous and unidirectional communication model supported by mailboxes is a key reason for the success of actor languages like Erlang and Elixir for implementing reliable and scalable distributed systems. While many actors may send messages to some actor, only the actor may (selectively) receive from its mailbox. Although actors eliminate many of the issues stemming from shared memory concurrency, they remain vulnerable to communication errors such as protocol violations and deadlocks. Mailbox types are a novel behavioural type system for mailboxes first introduced for a process calculus by de'Liguoro and Padovani in 2018, which capture the contents of a mailbox as a commutative regular expression. Due to aliasing and nested evaluation contexts, moving from a process calculus to a programming language is challenging. This paper presents Pat, the first programming language design incorporating mailbox types, and describes an algorithmic type system. We make essential use of quasi-linear typing to tame some of the complexity introduced by aliasing. Our algorithmic type system is necessarily co-contextual, achieved through a novel use of backwards bidirectional typing, and we prove it sound and complete with respect to our declarative type system. We implement a prototype type checker, and use it to demonstrate the expressiveness of Pat on a factory automation case study and a series of examples from the Savina actor benchmark suite.Comment: Extended version of paper accepted to ICFP'2

    Exploring annotations for deductive verification

    Get PDF

    Multiparty session typing in Java, deductively

    Get PDF
    Multiparty session typing (MPST) is a method to automatically prove safety and liveness of protocol implementations relative to specifications. We present BGJ: a new tool to apply the MPST method in combination with Java. The checks performed using our tool are purely static (all errors are reported early at compile-time) and resource-efficient (near-zero cost abstractions at run-time), thereby addressing two issues of existing tools. BGJ is built using VerCors, but our approach is general

    Polymorphic Typestate for Session Types

    Full text link
    Session types provide a principled approach to typed communication protocols that guarantee type safety and protocol fidelity. Formalizations of session-typed communication are typically based on process calculi, concurrent lambda calculi, or linear logic. An alternative model based on context-sensitive typing and typestate has not received much attention due to its apparent restrictions. However, this model is attractive because it does not force programmers into particular patterns like continuation-passing style or channel-passing style, but rather enables them to treat communication channels like mutable variables. Polymorphic typestate is the key that enables a full treatment of session-typed communication. Previous work in this direction was hampered by its setting in a simply-typed lambda calculus. We show that higher-order polymorphism and existential types enable us to lift the restrictions imposed by the previous work, thus bringing the expressivity of the typestate-based approach on par with the competition. On this basis, we define PolyVGR, the system of polymorphic typestate for session types, establish its basic metatheory, type preservation and progress, and present a prototype implementation.Comment: 29 pages. Short version appears in PPDP 202

    Pre-deployment Analysis of Smart Contracts -- A Survey

    Full text link
    Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment. Several patterns about the strengths of different methods emerge through this classification process

    Programming languages and tools with multiparty session

    Get PDF
    Distributed software systems are used in a wide variety of applications, including health care, telecommunications, finance, and entertainment. These systems typically consist of multiple software components, each with its own local memory, that are deployed across networks of hosts and communicate by passing messages in order to achieve a common goal. Distributed systems offer several benefits, including scalability — since computation happens independently on each component, it is easy and generally inexpensive to add additional components and functionality as necessary; reliability—since systems can be made up of hundreds of components working together, there is little disruption if a single component fails; performance—since work loads can be broken up and sent to multiple components, distributed systems tend to be very efficient. However, they can also be difficult to implement and analyze due to the need for heterogeneous software components to communicate and synchronize correctly and the potential for hardware or software failures. Distributed and concurrent programming is challenging due to the complexity of coordinating the communication and interactions between the various components of a system that may be running on different machines or different threads. Behavioural types can help to address some of these difficulties by providing a way to formally specify the communication between components of a distributed system. This specification can then be used to verify the correctness of the communication between these components using static typechecking, dynamic monitoring, or a combination of the two. Perhaps the most well-known form of behavioural types are session types. They define the sequences of messages that are exchanged between two or more parties in a communication protocol, as well as the order in which these messages are exchanged. More generally, behavioural types include typestate systems, which specify the state-dependent availability of operations, choreographies, which specify collective communication behaviour, and behavioural contracts that specify the expected behaviour of a system. By using behavioural types, it is possible to ensure that the communication between components of a distributed system is well-defined and follows a set of predefined rules, which can help to prevent errors and ensure that the system behaves correctly. The focus of this thesis is on using session type systems to provide static guarantees about the runtime behaviour of concurrent programs. We investigate two strands of work in this context. The first strand focuses on the relationship between session types and linearity. Linearity is a property of certain resources, in this case communication channels, that can only be used once. For instance a linear variable can only be assigned once, after which it cannot be changed. This property is useful for session types because it helps to prevent race conditions and guarantees that no messages are lost or duplicated. We look at relaxing the standard access control in multiparty session types systems. This is typically based on linear or affine types, that offer strong guarantees of communication safety and session. However, these exclude many naturally occurring scenarios that make use of shared channels or need to store channels in shared data structures. We introduce a new and more flexible session type system, which allows channel references to be shared and stored in persistent data structures. We prove that the resulting language satisfies type safety, and we illustrate our type system through examples. The second strand of research in this thesis looks at the expressive power of session types, and their connection to typestate for safe distributed programming in the Java language. Typestates are a way of annotating objects with a set of operations that are valid to perform on them at a given state. We expand the expressive power of two existing tools, use them to represent real-world case studies, and end by considering language usability and human factors

    Choreographies and Cost Semantics for Reliable Communicating Systems

    Get PDF
    Communicating systems have become ubiquitous in today\u27s society.Unfortunately, the complexity of their interactions makesthem particularly prone to failures such as deadlocked statescaused by misbehaving components, or memory exhaustion due to a surgein message traffic (malicious or not).These vulnerabilities constitute a real risk to users, withconsequences ranging from minor inconveniences to the possibility ofloss of life and capital.This thesis presents results that aim to increase the reliability of communicating systems.First, we implement a choreography language that can, by construction, only describe deadlock-free systems.Second, we develop a cost semantics to prove programs free of out-of-memory errors.Lastly, we improve both results by using novel semantic approaches that strengthen key theorems and facilitate further proof development.All of these results are formalized in the HOL4 theorem prover and integrated with the CakeML verified stack

    Type discipline for message-passing components in distributed systems

    Get PDF
    Component based software engineering (CBSE) is a method- ology that aims to design and build software systems by assembling together reusable and loosely coupled compo- nents. Applying CBSE in a distributed setting is appealing but challenging: distributed applications require different remote components to interact following a well-defined protocol. This thesis addresses a model for message passing component-based systems where components are assembled together with the protocol itself. Components can there- fore be independent from the protocol, and can react to messages in a flexible way. This thesis studies how types can capture component behaviour and can enable checking the compatibility with a protocol. In particular, this thesis proposes two type languages for reactive components: the first language excludes choice terms, whereas the second one includes them. We show the correspondence of component and type behaviours, which entails a progress property for components

    Proceedings of The Rust-Edu Workshop

    Get PDF
    The 2022 Rust-Edu Workshop was an experiment. We wanted to gather together as many thought leaders we could attract in the area of Rust education, with an emphasis on academic-facing ideas. We hoped that productive discussions and future collaborations would result. Given the quick preparation and the difficulties of an international remote event, I am very happy to report a grand success. We had more than 27 participants from timezones around the globe. We had eight talks, four refereed papers and statements from 15 participants. Everyone seemed to have a good time, and I can say that I learned a ton. These proceedings are loosely organized: they represent a mere compilation of the excellent submitted work. I hope you’ll find this material as pleasant and useful as I have. Bart Massey 30 August 202

    API Generation for Multiparty Session Types, Revisited and Revised Using Scala 3 (Full Version)

    Get PDF
    Construction and analysis of distributed systems is difficult. Multiparty session types (MPST) constitute a method to make it easier. The idea is to use type checking to statically prove deadlock freedom and protocol compliance of communicating processes. In practice, the premier approach to apply the MPST method in combination with mainstream programming languages has been based on API generation. In this paper (pearl), we revisit and revise this approach. Regarding our “revisitation”, using Scala 3, we present the existing API generation approach, which is based on deterministic finite automata (DFA), in terms of both the existing states-as-classes encoding of DFAs as APIs, and a new states-as-type-parameters encoding; the latter leverages match types in Scala 3. Regarding our “revision”, also using Scala 3, we present a new API generation approach that is based on sets of pomsets instead of DFAs; it crucially leverages match types, too. Our fresh perspective allows us to avoid two forms of combinatorial explosion resulting from implementing concurrent subprotocols in the DFA-based approach. We implement our approach in a new API generation tool
    • …
    corecore