![]() Mungo statically typechecks that method calls follow the object’s protocol, as defined by its typestate specification. A typestate is a state machine specifying a Java object protocol, namely the permitted sequence of method calls of that object. The Mungo tool extends Java with (optional) typestate specifications. The generated API skeleton is then further extended with the necessary logic, and finally typechecked by Mungo. StMungo translates a communication protocol, namely a sequence of sends and receives of messages, given as a multiparty session type in the Scribble language, into a typestate specification and a Java API skeleton. The StMungo (“Scribble-to-Mungo”) tool is a bridge between multiparty session types and typestates. This is a tutorial paper on Mungo, a toolchain based on multiparty session types and their connection to typestates for safe distributed programming in Java language. In particular, parametricity is key to derive non-trivial results about internal protocol independence, a concurrent analogous of representation independence, and non-interference properties of modular, distributed systems. Combined, our results confer strong correctness guarantees for communicating systems. Our polymorphic session-typed process language satisfies strong forms of type preservation and global progress, is strongly normalizing, and enjoys a relational parametricity principle. In our theory, polymorphism accounts for the exchange of abstract communication protocols and dynamic instantiation of heterogeneous interfaces, as opposed to the exchange of data types and dynamic instantiation of individual message types. To this end, we develop a logically motivated theory of parametric polymorphism, reminiscent of the Girard-Reynolds polymorphic λ-calculus, but casted in the setting of concurrent processes. We investigate a notion of behavioral genericity in the context of session type disciplines. The program logic is shown sound against an operational semantics of programs, and proved programs are guaranteed to follow the given protocols and to be free of data races, memory leaks, and communication errors. We demonstrate its applicability on a number of examples. We develop a program logic based on separation logic that unifies these principles and allows fine-grained reasoning about endpoint-sharing programs. Secondly, threads may compete for receiving on an endpoint provided that the successful reception of the message grants them ownership of that endpoint retrospectively. Firstly, threads may concurrently use an endpoint in any way that does not advance the state of the protocol. In this paper, we identify two principles that can guarantee obedience to a communication protocol even in the presence of endpoint sharing. Approaches that do allow such sharing often do not prove that channels obey their protocols. Many existing verification techniques for message-passing programs assume that at most one thread may attempt to send or receive on a channel endpoint at any given point in time, and expressly forbid endpoint sharing. $\gamma$ is a variable update function from $(Q \times \Sigma_1 \times X)$ to $(\Sigma_2 \cup X)^*$ using copyless assignments and $q_0 \in Q$ is an initial state.Recent advances in the formal verification of message-passing programs are based on proving that programs correctly implement a given protocol. $\delta$ is a state transition function from $(Q \times \Sigma_1)$ to $Q$, ![]() $X$ is a finite set of string variables, $F$ is a partial output function from $Q$ to $(\Sigma_2 \cup X)^*$ with constraint of copyless assignment, $Q$ is a finite set of states, $\Sigma_1$ is a finite set of input symbols, $\Sigma_2$ is a finite set of output symbols, Formally, a streaming string transducer is a 8-tuple $(Q,\Sigma_1,\Sigma_2,X,F,\delta,\gamma,q_0)$ machine, where
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |