Typechecking protocols with Mungo and StMungo: a session type toolchain for Java

Static typechecking is an important feature of many standard programming languages. However, static typing focuses on data rather than communication, and therefore does not help programmers correctly implement communication protocols in distributed systems. The theory of session types provides a basis for tackling this problem; we use it to develop two tools that support static typechecking of communication protocols in Java. The first tool, Mungo, extends Java with typestate definitions, which allow classes to be associated with state machines defining permitted sequences of method calls: for example, communication methods. The second tool, StMungo, takes a session type describing a communication protocol, and generates a typestate specification of the permitted sequences of messages in the protocol. Protocol implementations can be validated by Mungo against their typestate definitions and then compiled with a standard Java compiler. The result is a toolchain for static typechecking of communication protocols in Java. We formalise and prove soundness of the typestate inference system used by Mungo, and show that our toolchain can be used to typecheck a client for the standard Simple Mail Transfer Protocol (SMTP)

Benefits of Session Types for software Development

Session types are a formalism used to specify and check the correctness of communication based systems. Within their scope, they can guarantee the absence of communication errors such as deadlock, sending an unexpected message or failing to handle an incoming message. Introduced over two decades ago, they have developed into a significant theme in programming languages. In this paper we examine the beliefs that drive research into this area and make it popular. We look at the claims and motivation behind session types throughout the literature. We identify the hypotheses upon which session types have been designed and implemented, and attempt to clarify and formulate them in a more suitable manner for testing

The generation of concurrent code for declarative languages

PhD ThesisThis thesis presents an approach to the implementation of declarative languages on a simple, general purpose concurrent architecture. The safe exploitation of the available concurrency is managed by relatively sophisticated code generation techniques to transform programs into an intermediate concurrent machine code. Compilation techniques are discussed for 1'-HYBRID, a strongly typed applicative language, and for 'c-HYBRID, a concurrent, nondeterministic logic language. An approach is presented for 1'- HYBRID whereby the style of programming influences the concurrency utilised when a program executes. Code transformation techniques are presented which generalise tail-recursion optimisation, allowing many recursive functions to be modelled by perpetual processes. A scheme is also presented to allow parallelism to be increased by the use of local declarations, and constrained by the use of special forms of identity function. In order to preserve determinism in the language, a novel fault handling mechanism is used, whereby exceptions generated at run-time are treated as a special class of values within the language. A description is given of ,C-HYBRID, a dialect of the nondeterministic logic language Concurrent Prolog. The language is embedded within the applicative language 1'-HYBRID, yielding a combined applicative and logic programming language. Various cross-calling techniques are described, including the use of applicative scoping rules to allow local logical assertions. A description is given of a polymorphic typechecking algorithm for logic programs, which allows different instances of clauses to unify objects of different types. The concept of a method is derived to allow unification Information to be passed as an implicit argument to clauses which require it. In addition, the typechecking algorithm permits higher-order objects such as functions to be passed within arguments to clauses. Using Concurrent Prolog's model of concurrency, techniques are described which permit compilation of 'c-HYBRID programs to abstract machine code derived from that used for the applicative language. The use of methods allows polymorphic logic programs to execute without the need for run-time type information in data structures.The Science and Engineering Research Council

Refinement Types for Logical Frameworks and Their Interpretation as Proof Irrelevance

Refinement types sharpen systems of simple and dependent types by offering expressive means to more precisely classify well-typed terms. We present a system of refinement types for LF in the style of recent formulations where only canonical forms are well-typed. Both the usual LF rules and the rules for type refinements are bidirectional, leading to a straightforward proof of decidability of typechecking even in the presence of intersection types. Because we insist on canonical forms, structural rules for subtyping can now be derived rather than being assumed as primitive. We illustrate the expressive power of our system with examples and validate its design by demonstrating a precise correspondence with traditional presentations of subtyping. Proof irrelevance provides a mechanism for selectively hiding the identities of terms in type theories. We show that LF refinement types can be interpreted as predicates using proof irrelevance, establishing a uniform relationship between two previously studied concepts in type theory. The interpretation and its correctness proof are surprisingly complex, lending support to the claim that refinement types are a fundamental construct rather than just a convenient surface syntax for certain uses of proof irrelevance

Practical implementation of a dependently typed functional programming language

Types express a program's meaning, and checking types ensures that a program has the intended meaning. In a dependently typed programming language types are predicated on values, leading to the possibility of expressing invariants of a program's behaviour in its type. Dependent types allow us to give more detailed meanings to programs, and hence be more confident of their correctness. This thesis considers the practical implementation of a dependently typed programming language, using the Epigram notation defined by McBride and McKinna. Epigram is a high level notation for dependently typed functional programming elaborating to a core type theory based on Lu๙s UTT, using Dybjer's inductive families and elimination rules to implement pattern matching. This gives us a rich framework for reasoning about programs. However, a naive implementation introduces several run-time overheads since the type system blurs the distinction between types and values; these overheads include the duplication of values, and the storage of redundant information and explicit proofs. A practical implementation of any programming language should be as efficient as possible; in this thesis we see how the apparent efficiency problems of dependently typed programming can be overcome and that in many cases the richer type information allows us to apply optimisations which are not directly available in traditional languages. I introduce three storage optimisations on inductive families; forcing, detagging and collapsing. I further introduce a compilation scheme from the core type theory to G-machine code, including a pattern matching compiler for elimination rules and a compilation scheme for efficient run-time implementation of Peano's natural numbers. We also see some low level optimisations for removal of identity functions, unused arguments and impossible case branches. As a result, we see that a dependent type theory is an effective base on which to build a feasible programming language

Why Just Boogie? Translating Between Intermediate Verification Languages

The verification systems Boogie and Why3 use their respective intermediate languages to generate verification conditions from high-level programs. Since the two systems support different back-end provers (such as Z3 and Alt-Ergo) and are used to encode different high-level languages (such as C# and Java), being able to translate between their intermediate languages would provide a way to reuse one system's features to verify programs meant for the other. This paper describes a translation of Boogie into WhyML (Why3's intermediate language) that preserves semantics, verifiability, and program structure to a large degree. We implemented the translation as a tool and applied it to 194 Boogie-verified programs of various sources and sizes; Why3 verified 83% of the translated programs with the same outcome as Boogie. These results indicate that the translation is often effective and practically applicable