In concurrent and distributed systems, software components are expected to communicate according to predetermined protocols and APIs - and if a component does not observe them, the system's reliability is compromised. Furthermore, isolating and fixing protocol/API errors can be very difficult. Many methods have been proposed to check the correctness of communicating systems, ranging from compile-time to run-time verification; among such methods, session types have been applied for both static type-checking, and run-time monitoring. This work takes a fresh look at the run-time verification of communicating systems using session types, in theory and in practice. On the theoretical side, we develop a novel formal model of session-monitored processes; with it, we formulate and prove new results on the monitorability of session types, connecting their run-time and static verification - in terms of soundness (i.e., whether monitors only flag ill-typed processes) and completeness (i.e., whether all ill-typed processes can be flagged by a monitor). On the practical side, we show that our monitoring theory is indeed realisable: building upon our formal model, we develop a Scala toolkit for the automatic generation of session monitors. Our executable monitors can be used to instrument black-box processes written in any programming language; we assess the viability of our approach with a series of benchmarks.
翻译:在同时和分布的系统中,软件组件预计将按照预定协议和API系统进行通信,如果某一部件没有遵守这些协议和API,则该系统的可靠性就会受到损害。此外,孤立和确定协议/API错误可能非常困难。提出了许多方法来检查通信系统的正确性,从汇编时间到运行时间核查;在这种方法中,届会类型既用于静态类型检查,又用于运行时间监测。这项工作对使用届会类型、理论和实践的通信系统的运行时间核查进行了新的审视。在理论方面,我们开发了一个会议监测进程的新的正式模式;通过这一模式,我们制定并证明会议类型监测的新结果,将其运行时间和静态核查连接到正常状态(即是否只监测标记不型号程序)和完整性(即,是否所有不型式程序都可以通过监测标出)。在实际方面,我们显示我们的监测理论确实真实可行:在我们正式模式的基础上,我们开发了一个会议监测会议类型的正式模式,我们将运行时间和静态核查连接起来的新结果-从正确性的角度(即只监测旗帜型程序)和完整(即监测所有不型号程序是否可由监测)任何监测)。我们使用自动生成工具的工具,可以评估。
相关内容
微信扫码咨询专知VIP会员