Choreographies and Cost Semantics for Reliable Communicating Systems

Communicating systems have become ubiquitous in today\u27s society.Unfortunately, the complexity of their interactions makesthem particularly prone to failures such as deadlocked statescaused by misbehaving components, or memory exhaustion due to a surgein message traffic (malicious or not).These vulnerabilities constitute a real risk to users, withconsequences ranging from minor inconveniences to the possibility ofloss of life and capital.This thesis presents results that aim to increase the reliability of communicating systems.First, we implement a choreography language that can, by construction, only describe deadlock-free systems.Second, we develop a cost semantics to prove programs free of out-of-memory errors.Lastly, we improve both results by using novel semantic approaches that strengthen key theorems and facilitate further proof development.All of these results are formalized in the HOL4 theorem prover and integrated with the CakeML verified stack

Choreographies and Cost Semantics for Reliable Communicating Systems

Communicating systems have become ubiquitous in today\u27s society.Unfortunately, the complexity of their interactions makes themparticularly prone to failures such as deadlocked states causedby misbehaving components, or memory exhaustion due to a surge inmessage traffic (malicious or not). These vulnerabilitiesconstitute a real risk to users, with consequences ranging fromminor inconveniences to the possibility of loss of life andcapital. This thesis presents two results that aim to increasethe reliability of communicating systems. First, we implement achoreography language which by construction can only describesystems that are deadlock-free. Second, we develop a costsemantics to prove programs free of out-of-memory errors. Both ofthese results are formalized in the HOL4 theorem prover andintegrated with the CakeML verified stack

Do you have space for dessert? a verified space cost semantics for CakeML programs

Garbage collectors relieve the programmer from manual memory management, but lead to compiler-generated machine code that can behave differently (e.g. out-of-memory errors) from the source code. To ensure that the generated code behaves exactly like the source code, programmers need a way to answer questions of the form: what is a sufficient amount of memory for my program to never reach an out-of-memory error? This paper develops a cost semantics that can answer such questions for CakeML programs. The work described in this paper is the first to be able to answer such questions with proofs in the context of a language that depends on garbage collection. We demonstrate that positive answers can be used to transfer liveness results proved for the source code to liveness guarantees about the generated machine code. Without guarantees about space usage, only safety results can be transferred from source to machine code. Our cost semantics is phrased in terms of an abstract intermediate language of the CakeML compiler, but results proved at that level map directly to the space cost of the compiler-generated machine code. All of the work described in this paper has been developed in the HOL4 theorem prover

A flat reachability-based measure for CakeML\u27s cost semantics

The CakeML project has recently developed a verified cost semantics that allows reasoning about the space safety of CakeML programs. With this space cost semantics, compiled machine code can be proven to have tight memory bounds ensuring no out-of-memory errors occur during execution. This paper proposes a new cost semantics which is designed to make proofs about space safety significantly simpler than they were with the original version. The work described here has been developed in the HOL4 theorem prover

Kalas: A Verified, End-To-End Compiler for a Choreographic Language

Choreographies are an abstraction for globally describing deadlock-free communicating systems. A choreography can be compiled into multiple endpoints preserving the global behavior, providing a path for concrete system implementations. Of course, the soundness of this approach hinges on the correctness of the compilation function. In this paper, we present a verified compiler for Kalas, a choreographic language. Its machine-checked end-to-end proof of correctness ensures all generated endpoints adhere to the system description, preserving the top-level communication guarantees. This work uses the verified CakeML compiler and Hol4 proof assistant, allowing for concrete executable implementations and statements of correctness at the machine code level for multiple architectures