Verifying Asynchronous Interactions via Communicating Session Automata

This paper proposes a sound procedure to verify properties of communicating session automata (CSA), i.e., communicating automata that include multiparty session types. We introduce a new asynchronous compatibility property for CSA, called k-multiparty compatibility (k-MC), which is a strict superset of the synchronous multiparty compatibility used in theories and tools based on session types. It is decomposed into two bounded properties: (i) a condition called k-safety which guarantees that, within the bound, all sent messages can be received and each automaton can make a move; and (ii) a condition called k-exhaustivity which guarantees that all k-reachable send actions can be fired within the bound. We show that k-exhaustivity implies existential boundedness, and soundly and completely characterises systems where each automaton behaves equivalently under bounds greater than or equal to k. We show that checking k-MC is PSPACE-complete, and demonstrate its performance empirically over large systems using partial order reduction.

[1]  Alain Finkel,et al.  Verification of programs with half-duplex communication , 2005, Inf. Comput..

[2]  Nobuko Yoshida,et al.  Multiparty Session C: Safe Parallel Programming with Message Optimisation , 2012, TOOLS.

[3]  Dimitrios Kouzapas,et al.  Typechecking protocols with Mungo and StMungo , 2016, PPDP.

[4]  S. Purushothaman Iyer,et al.  Analysis of a class of communicating finite state machines , 1992, Acta Informatica.

[5]  Benedikt Bollig,et al.  Logic for communicating automata with parameterized topology , 2014, CSL-LICS.

[6]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[7]  Vasco Thudichum Vasconcelos,et al.  Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited: Two Systems for Higher-Order Session Communication , 1998, SecReT@ICALP.

[8]  Damien Zufferey,et al.  P: safe asynchronous event-driven programming , 2013, PLDI.

[9]  Anca Muscholl,et al.  Bounded MSC communication , 2002, Inf. Comput..

[10]  Gwen Salaün,et al.  Describing and reasoning on Web services using process algebra , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[11]  Nobuko Yoshida,et al.  Multiparty Compatibility in Communicating Automata: Characterisation and Synthesis of Global Session Types , 2013, ICALP.

[12]  Ranjit Jhala,et al.  Verifying distributed programs via canonical sequentialization , 2017, Proc. ACM Program. Lang..

[13]  Nobuko Yoshida,et al.  Distributed programming using role-parametric session types in go: statically-typed endpoint APIs for dynamically-instantiated communication structures , 2019, Proc. ACM Program. Lang..

[14]  Laura Bocchi,et al.  Timed Multiparty Session Types , 2014, CONCUR.

[15]  Emilio Tuosto,et al.  From Communicating Machines to Graphical Choreographies , 2015, POPL.

[16]  Laura Bocchi,et al.  Meeting Deadlines Together , 2015, CONCUR.

[17]  Nobuko Yoshida,et al.  A Linear Decomposition of Multiparty Sessions for Safe Distributed Programming , 2017, ECOOP.

[18]  Ahmed Bouajjani,et al.  On Sequentializing Concurrent Programs , 2011, SAS.

[19]  Emilio Tuosto,et al.  A Tool for Choreography-Based Analysis of Message-Passing Software , 2017 .

[20]  Nobuko Yoshida,et al.  Let it recover: multiparty protocol-induced recovery , 2017, CC.

[21]  Nobuko Yoshida,et al.  A session type provider: compile-time API generation of distributed protocols with refinements in F# , 2018, CC.

[22]  Nobuko Yoshida,et al.  Multiparty asynchronous session types , 2008, POPL '08.

[23]  Bernardo Toninho,et al.  A Static Verification Framework for Message Passing in Go Using Behavioural Types , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[24]  Grégoire Sutre,et al.  McScM: A General Framework for the Verification of Communicating Machines , 2012, TACAS.

[25]  Doron A. Peled,et al.  Ten Years of Partial Order Reduction , 1998, CAV.

[26]  Daniel M. Yellin,et al.  Protocol specifications and component adaptors , 1997, TOPL.

[27]  Alain Finkel,et al.  Unreliable Channels are Easier to Verify Than Perfect Channels , 1996, Inf. Comput..

[28]  Anca Muscholl,et al.  Analysis of Communicating Automata , 2010, LATA.

[29]  Patrick Th. Eugster,et al.  Efficient sessions , 2013, Sci. Comput. Program..

[30]  Raymond Hu Programming Using Java APIs Generated from Session Types , 2017 .

[31]  Lorenzo Clemente,et al.  Decidable Topologies for Communicating Automata with FIFO and Bag Channels , 2014, CONCUR.

[32]  Luca Padovani,et al.  A Gentle Introduction to Multiparty Asynchronous Session Types , 2015, SFM.

[33]  Sam Lindley,et al.  Embedding session types in Haskell , 2016, Haskell.

[34]  Frank Pfenning,et al.  Substructural Proofs as Automata , 2016, APLAS.

[35]  Daniel Brand,et al.  On Communicating Finite-State Machines , 1983, JACM.

[36]  Mario Bravetti,et al.  Undecidability of asynchronous session subtyping , 2016, Inf. Comput..

[37]  Gwen Salaün,et al.  Counterexample Guided Synthesis of Monitors for Realizability Enforcement , 2012, ATVA.

[38]  Benedikt Bollig,et al.  Message-passing automata are expressively equivalent to EMSO logic , 2006, Theor. Comput. Sci..

[39]  Nobuko Yoshida,et al.  Hybrid Session Verification Through Endpoint API Generation , 2016, FASE.

[40]  Parosh Aziz Abdulla,et al.  Optimal dynamic partial order reduction , 2014, POPL.

[41]  Kohei Honda,et al.  An Interaction-based Language and its Typing System , 1994, PARLE.

[42]  Tevfik Bultan,et al.  Realizability analysis for message-based interactions using shared-state projections , 2010, FSE '10.

[43]  Samik Basu,et al.  Automated Choreography Repair , 2016, FASE.

[44]  Nobuko Yoshida,et al.  Global Principal Typing in Partially Commutative Asynchronous Sessions , 2009, ESOP.

[45]  Parosh Aziz Abdulla,et al.  On-the-Fly Analysis of Systems with Unbounded, Lossy FIFO Channels , 1998, CAV.

[46]  Ahmed Bouajjani,et al.  Bounded phase analysis of message-passing programs , 2012, International Journal on Software Tools for Technology Transfer.

[47]  Julien Lange,et al.  Multiparty Compatibility for Concurrent Objects , 2016, PLACES.

[48]  Nobuko Yoshida,et al.  Characteristic Formulae for Session Types , 2016, TACAS.

[49]  Salvatore La Torre,et al.  Context-Bounded Analysis of Concurrent Queue Systems , 2008, TACAS.

[50]  Luca Padovani,et al.  A simple library implementation of binary sessions* , 2016, Journal of Functional Programming.

[51]  Samik Basu,et al.  Deciding choreography realizability , 2012, POPL '12.

[52]  Constantin Enea,et al.  On the Completeness of Verifying Message Passing Programs under Bounded Asynchrony , 2018, CAV.

[53]  Pranav Garg,et al.  Natural proofs for asynchronous programs using almost-synchronous reductions , 2014, OOPSLA 2014.

[54]  Anca Muscholl,et al.  On Communicating Automata with Bounded Channels , 2007, Fundam. Informaticae.

[55]  Alain Finkel,et al.  Synchronizability of Communicating Finite State Machines is not Decidable , 2017, ICALP.

[56]  Nobuko Yoshida,et al.  Multiparty Session Types Meet Communicating Automata , 2012, ESOP.

[57]  Laura Bocchi,et al.  Timed runtime monitoring for multiparty conversations , 2017, Formal Aspects of Computing.

[58]  Nobuko Yoshida,et al.  Effects as sessions, sessions as effects , 2016, POPL.

[59]  Bernardo Toninho,et al.  Fencing off go: liveness and safety for channel-based programming , 2016, POPL.

[60]  Nobuko Yoshida,et al.  Explicit Connection Actions in Multiparty Session Types , 2017, FASE.

[61]  YoshidaNobuko,et al.  Less is more: multiparty session types revisited , 2019 .

[62]  Philippe Darondeau,et al.  Quasi-static scheduling of communicating tasks , 2010, Inf. Comput..

[63]  Akash Lal,et al.  Asynchronous programs with prioritized task-buffers , 2012, SIGSOFT FSE.

[64]  Ken Friis Larsen,et al.  Session types for Rust , 2015, WGP@ICFP.

[65]  Parosh Aziz Abdulla,et al.  Verifying Programs with Unreliable Channels , 1996, Inf. Comput..

[66]  Nobuko Yoshida,et al.  Lightweight Session Programming in Scala , 2016, ECOOP.

[67]  Salvatore La Torre,et al.  Bounded Model Checking of Multi-threaded C Programs via Lazy Sequentialization , 2014, CAV.

[68]  Nobuko Yoshida,et al.  Static deadlock detection for concurrent go by global session graph synthesis , 2016, CC.

[69]  Nobuko Yoshida,et al.  Practical interruptible conversations: distributed dynamic verification with multiparty session types and Python , 2015, Formal Methods Syst. Des..

[70]  Anca Muscholl,et al.  A Kleene theorem and model checking algorithms for existentially bounded communicating automata , 2006, Inf. Comput..

[71]  Benedikt Bollig,et al.  Propositional Dynamic Logic for Message-Passing Systems , 2010, Log. Methods Comput. Sci..

[72]  Laura Bocchi,et al.  Monitoring Networks through Multiparty Session Types , 2013, FMOODS/FORTE.

[73]  Emilio Tuosto,et al.  Choreography-Based Analysis of Distributed Message Passing Programs , 2016, 2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP).

[74]  Dinghao Wu,et al.  KISS: keep it simple and sequential , 2004, PLDI '04.

[75]  Eric G. Manning,et al.  On the Progress of Communications between Two Finite State Machines , 1984, Inf. Control..

[76]  Alain Finkel,et al.  Verifying Identical Communicating Processes is Undecidable , 1997, Theor. Comput. Sci..

[77]  Nobuko Yoshida,et al.  Less is more: multiparty session types revisited , 2019, Proc. ACM Program. Lang..

[78]  C.-H. Luke Ong,et al.  Automatic Verification of Erlang-Style Concurrency , 2013, SAS.