Type Systems for Concurrent Programs

Similar documents
Processes as Types: A Generic Framework of Behavioral Type Systems for Concurrent Processes

Type Systems for Concurrent Programs Naoki Kobayashi Department of Computer Science Tokyo Institute of Technology Abstract

Linear Type Systems for Concurrent Languages. Eijiro Sumii Naoki Kobayashi University of Tokyo

A Behavioral Type System for Memory-Leak Freedom. Qi Tan, Kohei Suenaga, and Atsushi Igarashi Kyoto University

Supplementary Notes on Exceptions

Introduction to SML Getting Started

Verifying Concurrent ML programs

A Brief Introduction to Standard ML

A Second Look At ML. Chapter Seven Modern Programming Languages, 2nd ed. 1

An Extended Behavioral Type System for Memory-Leak Freedom. Qi Tan, Kohei Suenaga, and Atsushi Igarashi Kyoto University

CSE 505, Fall 2006, Final Examination 11 December Please do not turn the page until everyone is ready.

Threads and Continuations COS 320, David Walker

CS 4110 Programming Languages & Logics. Lecture 27 Recursive Types

l e t print_name r = p r i n t _ e n d l i n e ( Name : ^ r. name)

Runtime Atomicity Analysis of Multi-threaded Programs

Programming in Standard ML: Continued

Synchronization SPL/2010 SPL/20 1

Type-Based Analysis of Deadlock for a Concurrent Calculus with Interrupts

ITT8060: Advanced Programming (in F#)

Patterns The Essence of Functional Programming

An Operational and Axiomatic Semantics for Non-determinism and Sequence Points in C

CS 4110 Programming Languages & Logics. Lecture 28 Recursive Types

Lecture Notes on Program Equivalence

Part VI. Imperative Functional Programming

COSE212: Programming Languages. Lecture 3 Functional Programming in OCaml

Typed Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts

Introduction to Locks. Intrinsic Locks

Towards a Software Model Checker for ML. Naoki Kobayashi Tohoku University

Lecture #13: Type Inference and Unification. Typing In the Language ML. Type Inference. Doing Type Inference

CS-XXX: Graduate Programming Languages. Lecture 9 Simply Typed Lambda Calculus. Dan Grossman 2012

Lecture Notes on Aggregate Data Structures

Introduction A Tiny Example Language Type Analysis Static Analysis 2009

A First Look at ML. Chapter Five Modern Programming Languages, 2nd ed. 1

Resource Usage Analysis

A Type System for Object Initialization In the Java TM Bytecode Language

CSE341: Programming Languages Lecture 17 Implementing Languages Including Closures. Dan Grossman Autumn 2018

Static Program Analysis Part 1 the TIP language

A Protocol for Multi-threaded Processes with Choice in π-calculus

Active Testing for Concurrent Programs

02157 Functional Programming Lecture 1: Introduction and Getting Started

Active Testing for Concurrent Programs

Topic 7: Activation Records

Lecture #23: Conversion and Type Inference

Conversion vs. Subtyping. Lecture #23: Conversion and Type Inference. Integer Conversions. Conversions: Implicit vs. Explicit. Object x = "Hello";

Lectures 24 and 25: Scheduling; Introduction to Effects

Programming Idioms for Transactional Events

COMPUTER SCIENCE TRIPOS

1 Introduction. 3 Syntax

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

Concurrency WS 2014/15 Message Passing Concurrency

CSC324- TUTORIAL 5. Shems Saleh* *Some slides inspired by/based on Afsaneh Fazly s slides

Part II: Atomicity for Software Model Checking. Analysis of concurrent programs is difficult (1) Transaction. The theory of movers (Lipton 75)

Time Regions and Effects for Resource Usage Analysis

ML 4 Unification Algorithm

Combining Programming with Theorem Proving

Type-Based Information Flow Analysis for Low-Level Languages

Introduction to OCaml

CSE 505, Fall 2008, Final Examination 11 December Please do not turn the page until everyone is ready.

A Third Look At ML. Chapter Nine Modern Programming Languages, 2nd ed. 1

Bridging the Gap between TDPE and SDPE. Eijiro Sumii Department of Information Science, Graduate School of Science, University of Tokyo

Chapter 13: Reference. Why reference Typing Evaluation Store Typings Safety Notes

Standard ML. Curried Functions. ML Curried Functions.1

Fall Lecture 3 September 4. Stephen Brookes

CS4215 Programming Language Implementation. Martin Henz

Meta-programming with Names and Necessity p.1

Programming with C Library Functions Safely

CLF: A logical framework for concurrent systems

G Programming Languages - Fall 2012

Threads and Parallelism in Java

Simply-Typed Lambda Calculus

CS558 Programming Languages

ATS: a language to make typeful programming real and fun

Concurrent ML. John Reppy January 21, University of Chicago

Defining Functions. CSc 372. Comparative Programming Languages. 5 : Haskell Function Definitions. Department of Computer Science University of Arizona

Products and Records

CSc 372, Spring 1996 Mid-term Examination Solution Key

CSE 505, Fall 2008, Final Examination 11 December Please do not turn the page until everyone is ready.

CIS 341 Final Examination 4 May 2017

A New Type System for JVM Lock Primitives

Chapter 2. Instructions: Language of the Computer. Adapted by Paulo Lopes

We can create PDAs with multiple stacks. At each step we look at the current state, the current input symbol, and the top of each stack.

Supplementary Notes on Concurrent ML

At build time, not application time. Types serve as statically checkable invariants.

Ch 9: Control flow. Sequencers. Jumps. Jumps

IT 540 Operating Systems ECE519 Advanced Operating Systems

Scope, Functions, and Storage Management

Types. Type checking. Why Do We Need Type Systems? Types and Operations. What is a type? Consensus

Session Types for Functional Multithreading

Multiple Inheritance. Computer object can be viewed as

cs242 Kathleen Fisher Reading: Concepts in Programming Languages, Chapter 6 Thanks to John Mitchell for some of these slides.

Exercise 3. Syntax Extensions. Reminder of the last lecture. This Lecture s Goals

INF 102 CONCEPTS OF PROG. LANGS FUNCTIONAL COMPOSITION. Instructors: James Jones Copyright Instructors.

Mini-ML. CS 502 Lecture 2 8/28/08

Types, Expressions, and States

Principles of Program Analysis: A Sampler of Approaches

Combining Static and Dynamic Contract Checking for Curry

Names and Functions. Chapter 2

Programming Language Concepts: Lecture 19

A concrete memory model for CompCert

Core-TyCO The Language Definition Version 0.1

Transcription:

Type Systems for Concurrent Programs Naoki Kobayashi Tokyo Institute of Technology

Type Systems for Programming Languages Guarantee partial correctness of programs fun fact (n) = if n=0 then 1 else n fact(n-1); val fact = fn: int int Given an integer as an input, fact will return an integer as an output.

Type Systems for Programming Languages Guarantee partial correctness of programs fun fact (n) = if n=0 then 1 else n fact(n-1); val fact = fn: int int Help early finding of bugs fun g(x) = fact(x+1.1); TYPE ERROR: fact requires an argument of type int, but x+1.1 has type real.

Advanced Type Systems (almost) automatic analysis of: Memory usage behavior (automatic insertion of free and malloc ) Exception (whether a raised exception is properly handled) Resource usage (e.g. a file that has been opened is eventually closed) Type systems for low-level languages Type systems for concurrent languages

Type Systems for Concurrent Programs? Traditional type systems (e.g. CML): fun f(n:int) = let val ch = channel() in recv(ch)+n end waits to receive a value from ch creates a new channel val f = fn: int int

Type Systems for Concurrent Programs? Expected Scenarios fun f(n:int) = let val ch = channel() in recv(ch)+n end Warning: there is no sender on channel ch fun g(l: Lock) = (lock(l); if n=0 then 1 else (unlock(l); 2)) Warning: Lock l is not released in then-clause

Advanced Type Systems for Concurrent Programs I/O mode ([Pierce&Sangiorgi 93]) Channels are used for correct I/O modes. Linearity ([Kobayashi, Pierce & Turner 96]) Certain channels are used once for input and ouput Race-freedom ( [Abad,Flanagan&Fruend 99, 2000] etc.) Deadlock/Livelock-freedom ([Yoshida 96; Kobayashi et al.97,98,2000; Puntigam 98] etc.) Certain communications succeed eventually.

Type Systems for Concurrent Programs? Expected Scenarios fun f(n:int) = let val ch = channel() in recv(ch)+n end Warning: there is no sender on channel ch fun g(l: Lock) = (lock(l); if n=0 then 1 else (unlock(l); 2)) Warning: Lock l is not released in then-clause

Target Language Outline Syntax Programming Examples Expected Properties of Programs Type System with Channel Usage More Advanced Type Systems Future Directions

Target Language: π-calculus[milner et al.] Consists of basic concurrency primitives parallel composition new r in c![1, r] c?[x, y].y![x] Channel creation Message send Message reception r![1]

Target Language: π-calculus[milner et al.] Consists of basic concurrency primitives new r in c![1, r] c?[x, y].y![x] Expressive enough to model various features of modern programming languages (Higher-order) Functions Concurrent objects Synchronization mechanisms (locks, etc.)

Target Language: π-calculus[milner et al.] P, Q (Processes) ::= 0 (inaction) new x in P x![ v 1,..., v n ] x?[ y 1,..., y n ]. P P Q if b then P else Q P (channel creation) (output) (input) (parallel execution) (conditional) (replication) x![v 1,...,v n ] x?[y 1,...,y n ].Q [v 1 /y 1,...,v n /y n ]Q (c.f. (λx.m)n [N/x]M )

Example: Function Server Server succ?[n, r].r![n+1] Client new r in (succ![1,r] r?[x]...) succ?[n, r].r![n+1] succ![1,rep] rep?[m].print![m] server client succ?[n, r].r![n+1] rep![2] rep?[m].print![m] succ?[n, r].r![n+1] print![2]

Example: Lock Unlocked state = presence of a value Locked state = lack of a value lock creation: new lock in (lock![ ] ) lock acquisition: lock?[]... lock release: lock![] lock![ ] lock?[ ]. CS1.lock![ ] lock?[ ]. CS2.lock![ ] lock?[ ]. CS1.lock![ ] CS2.lock![ ] lock?[ ]. CS1.lock![ ] lock![ ] CS1.lock![ ] lock![ ]

Desired Properties A server is always listening to clients requests. A server will eventually send a reply for each request. ping?[r].if b then r![1] else r![2] ping?[r].if b then 0 else r![1] A process can eventually acquire a lock. An acquired lock will be eventually released.

Outline Target Language Type System with Channel Usage Types Type-checking Applications to programming languages More Advanced Type Systems Future Directions

Type System with Channel Usage Checks how (input or output) and in which order channels are used. A reply channel is used once for output: ping?[r].(... r![1]) A lock channel is used for output after it is used for input: lock?[].(... lock![]) Related type systems: Input/Output Channel Types [Pierce & Sangiorgi 93] Linear Channel Types [Kobayashi,Pierce & Turner 96] Type systems for deadlock/livelock-freedom [Kobayashi et al] Types as abstract processes [Igarashi&Kobayashi] [Rehof et al]

Channel Types τ chan the type of a channel used for sending/receiving a value of type τ ping?[r: int chan ping?[r: int chan ping?[r: int chan ].r![ abc ] ].r![1] ].if b then 0 else r![1]

Channel Types with Usage τ chan(u) the type of a channel used for sending/receiving a value of type τ according to usage U ping?[r: int chan(!) ].r![ abc ] ping?[r: int chan(!) ].r![1] ping?[r: int chan(!) ].if b then 0 else r![1] Should be used once for output

Channel Usage U ::= 0?.U!.U not used used for input, and then as U used for output, and then as U U 1 U 2 used as U 1 and U 2 in parallel U 1 & U 2 used as U 1 or U 2 µα.u U recursion used as U arbitrarily many times (abbreviates µα.((u α) & 0)

Channel Usage: Example Server-client connection: µα.(?. α)! Server must be always listening to requests Reply channel:!? Lock channel:!?.! Lock is released first Client can send requests arbitrarily many times Lock should be released each time it is acquired

Example: Lock newlock?[lock: unit chan(?.!) ].lock?[ ]. CS.lock![ ] newlock?[lock: unit chan(?.!) ]. lock?[ ]. CS.if b then 0 else lock![ ] newlock?[lock: unit chan(?.!) ]. lock?[ ]. CS.(lock![ ] lock![ ] ) Should be used as a lock channel

Outline Target Language Type System with Channel Usage Types Type-checking Applications to programming langauges More Advanced Type Systems Conclusion

Type Judgment x 1 : τ 1,..., x n : τ n P P is a well-typed process under the assumption that each x i has type τ i Example: x: int chan(!) x![1] x: int chan(!), b:bool if b then x![1] else 0 ping: (int chan(!)) chan(?) ping?[r].r![1]

Typing Rules Γ, y: τ, x:(τ chan(u)) P Γ, x :(τ chan(?.u )) x? [y].p Γ P Q Γ P Q

Example of Type Derivation r : int chan(!) r![1] ping : (int chan(!)) chan(?)) ping?[r]. r![1] ping : (int chan(!)) chan(ω?)) ping?[r]. r![1]

Example of Type Derivation r : int chan(!) r![1] 0 r : int chan(!&0) r : int chan(0) if b then r![1] else 0 ping : (int chan(!&0)) chan(?)) ping?[r]. if b then r![1] else 0

Outline Target Language Type System with Channel Usage Types Type-checking Applications to programming languages More Advanced Type Systems Future Directions

Applications - type a rep_chan = a chan(!); type constructor rep_chan defined - proc ping[r: int rep_chan] = r![1]; Process ping : int rep_chan->pr defined - proc ping2[r: int rep_chan] = if b then 0 else r![1] ; Type error: r must have type int rep_chan, but it has type int chan(0&!) in: if b then 0 else r![1]

Applications - type Lock = unit chan(?.!); type constructor Lock defined - proc cr[lock:lock] = lock?[].docr![].lock![]; Process cr: Lock -> pr defined - proc cr2[lock:lock] = lock?[].docr![].(lock![] lock![]); Type error: lock must have type Lock, but it has type unit chan(?.(!!)) in: lock?[].docr![].(lock![] lock![]);

Outline Target Language Type System with Channel Usage More Advanced Type Systems Deadlock-freedom Race analysis Future Directions

More Advanced Type Systems Type systems for deadlock/livelockfreedom [Kobayashi et al. 1997-2000] A server will eventually send a reply. ping?[r: int chan(!)]. new x, y in (x?[ ].y![ ] y?[ ].(x![ ] r![ ])). A process can eventually acquire a lock, and will release it afterwards. Type systems for race analysis [Abadi, Flanagan, Freund 1999,2000]

Outline Target Language Type System with Channel Usage More Advanced Type Systems Deadlock-freedom Race analysis Future Directions

Combination with Model Checking Type systems Work for very large programs with infinite states Properties checked are limited Model checking Various properties can be checked Work for finite state systems Proper abstractions are necessary to deal with large or infinite state systems

Combination with Model Checking [Igarashi&Kobayashi 2001] [Chaki, Rajamani,&Rehof 2002] User Program (Concrete Process)? P = ϕ Type check/inference Process Type (Abstract Process)? Γ =ϕ Model checking

Combination with Theorem Provers ML Coq,... Typed π? Fully automated, but less general Less automated, but more general

Applications to Other Problems Analysis of Security Protocols Authenticity by Typing [Gordon&Jeffrey 2001] Resource Usage Analysis [Igarashi&Kobayashi 2002] An opened file should be eventually closed, and should not be accessed afterwards. File( (read&write); close) An empty stack should not be poped. Stack( (push;(pop&0)))

Conclusion Type systems for concurrent programs are mature enough to be applied to concurrent languages (e.g. Race analyzer for Java [Flanagan and Freund PLDI2000]) Future directions Combination with other methods for program verification/analysis Technology shift to other problems (security protocols, resource usage)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback