Embed Size (px)
Citation preview
Building Graphical Choreographiesfrom Communicating Machines
Principles and Applications
Julien Langebased on works with L. Bocchi, N. Ng, E. Tuosto, and N. Yoshida
May 2017
J. LangeBuilding Graphical Choreographies from Communicating Machines
http://mrg.doc.ic.ac.uk/
Us ∈ Mobility Research Group
www.scribble.org
Online tool : http://scribble.doc.ic.ac.uk/
Interactions with Industries
Interactions with Industries
Selected Publications 2016/2017• [ECOOP’17] Alceste Scala, Raymond Hu, Ornela Darda, NY: A Linear Decomposition of
Multiparty Sessions for Safe Distributed Programming.. • [COORDINATION’17] Keigo Imai, NY and Shoji Yuen: Session-ocaml: a session-based
library with polarities and lenses. • [FoSSaCS’17] Julien Lange , NY: On the Undecidability of Asynchronous Session
Subtyping. • [FASE’17] Raymond Hu , NY: Explicit Connection Actions in Multiparty Session Types. • [CC’17] Rumyana Neykova , NY: Let It Recover: Multiparty Protocol-Induced Recovery. • [POPL’17] Julien Lange , Nicholas Ng , Bernardo Toninho , NY: Fencing off Go: Liveness
and Safety for Channel-based Programming. • [FPL’16] Xinyu Niu , Nicholas Ng , Tomofumi Yuki , Shaojun Wang , NY, Wayne Luk :
EURECA Compilation: Automatic Optimisation of Cycle-Reconfigurable Circuits. • [ECOOP’16] Alceste Scala, NY: Lightweight Session Programming in Scala • [CC’16] Nicholas Ng, NY: Static Deadlock Detection for Concurrent Go by Global
Session Graph Synthesis. • [FASE’16] Raymond Hu, NY: Hybrid Session Verification through Endpoint API
Generation. • [TACAS’16] Julien Lange, NY: Characteristic Formulae for Session Types. • [ESOP’16] Dimitrios Kouzapas, Jorge A. Pérez, NY: On the Relative Expressiveness of
Higher-Order Session Processes. • [POPL’16] Dominic Orchard, NY: Effects as sessions, sessions as effects .
Selected Publications 2016/2017• [ECOOP’17] Alceste Scala, Raymond Hu, Ornela Darda, NY :A Linear
Decomposition of Multiparty Sessions for Safe Distributed Programming. • [COORDINATION’17] Keigo Imai, NY and Shoji Yuen: Session-ocaml: a session-
based library with polarities and lenses. • [FoSSaCS’17] Julien Lange , NY : On the Undecidability of Asynchronous Session
Subtyping. • [FASE’17] Raymond Hu , NY : Explicit Connection Actions in Multiparty Session
Types. • [CC’17] Rumyana Neykova , NY: Let It Recover: Multiparty Protocol-Induced
Recovery. • [POPL’17] Julien Lange , Nicholas Ng , Bernardo Toninho , NY: Fencing off Go:
Liveness and Safety for Channel-based Programming.• [FPL’16] Xinyu Niu , Nicholas Ng , Tomofumi Yuki , Shaojun Wang , NY, Wayne Luk:
EURECA Compilation: Automatic Optimisation of Cycle-Reconfigurable Circuits. • [ECOOP’16] Alceste Scala, NY: Lightweight Session Programming in Scala • [CC’16] Nicholas Ng, NY: Static Deadlock Detection for Concurrent Go by Global
Session Graph Synthesis. • [FASE’16] Raymond Hu, NY: Hybrid Session Verification through Endpoint API
Generation. • [TACAS’16] Julien Lange, NY: Characteristic Formulae for Session Types.• [ESOP’16] Dimitrios Kouzapas, Jorge A. Pérez, NY: On the Relative Expressiveness
of Higher-Order Session Processes. • [POPL’16] Dominic Orchard, NY: Effects as Sessions, Sessions as Effects.
Building Graphical Choreographiesfrom Communicating Machines
Principles and Applications
Julien Langebased on works with L. Bocchi, N. Ng, E. Tuosto, and N. Yoshida
May 2017
J. LangeBuilding Graphical Choreographies from Communicating Machines
separation
alignment
cohesion
Single bird » local behaviour » CFSM
Flock » global behaviour » choreography
J. LangeBuilding Graphical Choreographies from Communicating Machines
separation
alignment
cohesion
Single bird » local behaviour » CFSM
Flock » global behaviour » choreography
J. LangeBuilding Graphical Choreographies from Communicating Machines
Introduction
§ Parts of distributed systems change/evolve, not always in acoordinated way,
§ these changes are often not documented.
§ Service oriented systems are sometimes composed dynamically,
§ it is often unclear how complex the overall system has become.
§ Cognizant’s Zero Deviation Lifecyle.
A global point of view of a distributed system is essential for top-levelmanagement.
J. LangeBuilding Graphical Choreographies from Communicating Machines
Choreography
Local TypeiLocal Type1 Local Typen
ProcessiProcess1 Processn
Validate Validate Validate
Project Project Project
§ Choreography-driven development, cf. Multiparty Session Typestop-down approach (POPL’08 & ESOP’12)
§ Not applicable without a priori knowledge of a choreography
§ Our goal: from Communicating Finite-State Machines to GlobalGraphs
J. LangeBuilding Graphical Choreographies from Communicating Machines
Choreography
Local TypeiLocal Type1 Local Typen
ProcessiProcess1 Processn
Validate Validate Validate
§ Choreography-driven development, cf. Multiparty Session Typestop-down approach (POPL’08 & ESOP’12)
§ Not applicable without a priori knowledge of a choreography§ Our goal: from Communicating Finite-State Machines to Global
Graphs
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
apple
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
orange apple
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
orange apple
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
orange
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
orange
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
orange orange
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
orange orange orange
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
orange orange orange orange
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
orange orange orange orange orange
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Background: CFSMs
A0
A1 A2
A3
AB!apple AB!orange
AB!apple
AB!orangeAB!drink
. . . . . .
İ
İ
. . . . . .
N
B0
B1 B2
B3
AB?appleAB?orange
AB?apple
AB?orangeAB?drink
BA!orange
A B
orange orange orange orange orange orange
“On Communicating Finite-State Machines”, Brand & Zafiropulo (’83)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Global Graphs
A0 A1
A2 A3
A4Alice
AB!bwin
AC!cwin
BA?sig CA?msg
CA?msg BA?sig
AD!free
B0
B1 B2
Bob
AB?bwin
CB?blose
BC!close
BA!sig
C0
C1C2 C3
C4 C5 Carol
BC?closeCD!busy
AC?cwin
CD!busy
CA!msg
BC?close
AC?cwinCD!busy
CB!blose
CB!blose
D0 D1
Dave
AD?free
CD?busy
AÑC :cwin
CÑB :blose
AÑB :bwin
BÑC :close
CÑD :busy
BÑA :sig
CÑA :msg
AÑD : free
Four Player Game
J. LangeBuilding Graphical Choreographies from Communicating Machines
Global Graphs
A0 A1
A2 A3
A4Alice
AB!bwin
AC!cwin
BA?sig CA?msg
CA?msg BA?sig
AD!free
B0
B1 B2
Bob
AB?bwin
CB?blose
BC!close
BA!sig
C0
C1C2 C3
C4 C5 Carol
BC?closeCD!busy
AC?cwin
CD!busy
CA!msg
BC?close
AC?cwinCD!busy
CB!blose
CB!blose
D0 D1
Dave
AD?free
CD?busy
AÑC :cwin
CÑB :blose
AÑB :bwin
BÑC :close
CÑD :busy
BÑA :sig
CÑA :msg
AÑD : free
Four Player Game
J. LangeBuilding Graphical Choreographies from Communicating Machines
A0 A1
A2 A3
A4Alice
AB!bwin
AC!cwin
BA?sig CA?msg
CA?msg BA?sig
AD!free
B0
B1 B2
Bob
AB?bwin
CB?blose
BC!close
BA!sig
C0
C1C2 C3
C4 C5 Carol
BC?closeCD!busy
AC?cwin
CD!busy
CA!msg
BC?close
AC?cwinCD!busy
CB!blose
CB!blose
D0 D1
Dave
AD?free
CD?busy
CFSMs
AÑC :cwin
CÑB :blose
AÑB :bwin
BÑC :close
CÑD :busy
BÑA :sig
CÑA :msg
AÑD : free
Denielou & Yoshida – ESOP’12
J. LangeBuilding Graphical Choreographies from Communicating Machines
A0 A1
A2 A3
A4Alice
AB!bwin
AC!cwin
BA?sig CA?msg
CA?msg BA?sig
AD!free
B0
B1 B2
Bob
AB?bwin
CB?blose
BC!close
BA!sig
C0
C1C2 C3
C4 C5 Carol
BC?closeCD!busy
AC?cwin
CD!busy
CA!msg
BC?close
AC?cwinCD!busy
CB!blose
CB!blose
D0 D1
Dave
AD?free
CD?busy
CFSMs
AÑC :cwin
CÑB :blose
AÑB :bwin
BÑC :close
CÑD :busy
BÑA :sig
CÑA :msg
AÑD : free
Denielou & Yoshida – ESOP’12
This work
This work
J. LangeBuilding Graphical Choreographies from Communicating Machines
Objectives
Two main objectives:
§ Sound Condition for Safety: generalised multiparty compatibility
If S “ pM1, . . . ,Mkq is compatible then S is “safe”, i.e.,every sent message is eventually received and no deadlock.
§ Construction of a Global Graph:
If G is the global graph constructed from S, then
S “ pM1, . . . ,Mkq ” pGç1, . . . ,Gçkq
J. LangeBuilding Graphical Choreographies from Communicating Machines
The Plan
1. Build TSpSq, the transition system of all synchronous executions2. Check for safety on TSpSq to
§ ensure equivalence between original system and the projectionsof the choreography,
§ guarantee safety (no deadlock, no orphan message)
3. Build a choreography (global graph) from TSpSq, relying on§ the theory of regions, and§ Petri nets.
J. LangeBuilding Graphical Choreographies from Communicating Machines
1. Synchronous Transition System of CFSMs
J. LangeBuilding Graphical Choreographies from Communicating Machines
Synchronous Transition System (TSpSq)
A0 A1
A2 A3
A4Alice
AB!bwin
AC!cwin
BA?sig CA?msg
CA?msg BA?sig
AD!free
B0
B1 B2
Bob
AB?bwin
CB?blose
BC!close
BA!sig
C0
C1C2 C3
C4 C5 Carol
BC?closeCD!busy
AC?cwin
CD!busy
CA!msg
BC?close
AC?cwinCD!busy
CB!blose
CB!blose
D0 D1
Dave
AD?free
CD?busy
Four Player Game (CFSMs)
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
Synchronous Transition System (TSpSq)
J. LangeBuilding Graphical Choreographies from Communicating Machines
2. Check for Safety: Generalised Multiparty Compatibility (GMC)
1. Representability
2. Branching Property
J. LangeBuilding Graphical Choreographies from Communicating Machines
Checking Compatibility (i) – Representability
Representability§ For each participant: projection of TSpSq « original machine
B0
B1 B2
Bob
AB?bwin
CB?blose
BC!close
BA!sig«
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
pAÑB :bwinqçB“AB?bwinpBÑA :sigqçB “BA!sigpCÑD :busyqçB“ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Checking Compatibility (i) – Representability
Representability§ For each participant: projection of TSpSq « original machine
B0
B1 B2
Bob
AB?bwin
CB?blose
BC!close
BA!sig«
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
pAÑB :bwinqçB“AB?bwinpBÑA :sigqçB “BA!sigpCÑD :busyqçB“ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Checking Compatibility (i) – Representability
Representability§ For each participant: projection of TSpSq « original machine
B0
B1 B2
Bob
AB?bwin
CB?blose
BC!close
BA!sig«
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
pAÑB :bwinqçB“AB?bwinpBÑA :sigqçB “BA!sigpCÑD :busyqçB“ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Checking Compatibility (ii) – Branching Property
Each branchingn1
e e1 in TS must be either
J. LangeBuilding Graphical Choreographies from Communicating Machines
Checking Compatibility (ii) – Branching Property
Each branchingn1
e e1 in TS must be either
§ commuting:
n1
n2 n3
n4
e e1
e1 e
J. LangeBuilding Graphical Choreographies from Communicating Machines
Checking Compatibility (ii) – Branching Property
Each branchingn1
e e1 in TS must be either
§ or, each last node nk
n1 n2 nke e1 e e1 e e1
e1 ek´1
must be a “well-formed” choice, i.e.,§ for each participant
§ it receives a different message in each branch, or§ it is not involved in the choice
§ there is a unique sender
Last node,reachable
from n1, fromwhich e and e1
can be fired.
J. LangeBuilding Graphical Choreographies from Communicating Machines
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
A : AB!bwin‰ AC!cwin B : AB?bwin‰ CB?bloseD : not involved in the choice C : AC?cwin‰ BC?close
J. LangeBuilding Graphical Choreographies from Communicating Machines
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
A : AB!bwin‰ AC!cwin B : AB?bwin‰ CB?bloseD : not involved in the choice C : AC?cwin‰ BC?close
J. LangeBuilding Graphical Choreographies from Communicating Machines
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
A : AB!bwin‰ AC!cwin B : AB?bwin‰ CB?bloseD : not involved in the choice C : AC?cwin‰ BC?close
J. LangeBuilding Graphical Choreographies from Communicating Machines
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
A : AB!bwin‰ AC!cwin B : AB?bwin‰ CB?bloseD : not involved in the choice C : AC?cwin‰ BC?close
J. LangeBuilding Graphical Choreographies from Communicating Machines
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
A : AB!bwin‰ AC!cwin B : AB?bwin‰ CB?bloseD : not involved in the choice C : AC?cwin‰ BC?close
J. LangeBuilding Graphical Choreographies from Communicating Machines
3. Build a global graph
J. LangeBuilding Graphical Choreographies from Communicating Machines
1: From TS to Petri Net
pA0,B0,C0,D0q
pA0,B0,C2,D1q pA1,B0,C1,D0q
pA1,B0,C4,D1q
pA1,B1,C0,D0q
pA1,B1,C2,D1q pA1,B2,C3,D0q
pA1,B2,C5,D1q pA2,B0,C3,D0q
pA3,B2,C0,D1q
pA2,B0,C5,D1q
pA4,B0,C0,D1q
CÑD :busy
AÑC :cwinAÑB :bwin
AÑC :cwin AÑB :bwin
CÑD :busy
CÑB :blose
CÑB :blose
CÑD :busyBÑC :close
BÑC :close CÑD :busy BÑA :sig
BÑA :sig
CÑA :msgCÑD :busy
CÑA :msg
BÑA :sig
AÑD : free
p1
AÑB :bwin
p3
BÑC :close
p5
BÑA :sig
p7
AÑC :cwin
p4
CÑB :blose
p6
CÑA :msg
p8
AÑD : free
p2
CÑD :busy
p9
We use the work of Cortadella et al. (1998), based on the theory ofregions, to derive a safe and extended free-choice Petri net from the
Synchronous Transition System.
J. LangeBuilding Graphical Choreographies from Communicating Machines
2: From Petri Net to One-source Petri Net
p1
AÑB :bwin
p3
BÑC :close
p5
BÑA :sig
p7
AÑC :cwin
p4
CÑB :blose
p6
CÑA :msg
p8
AÑD : free
p2
CÑD :busy
p9
p1
AÑB :bwin
p3
BÑC :close
p5
BÑA :sig
p7
AÑC :cwin
p4
CÑB :blose
p6
CÑA :msg
p8
AÑD : free
p2
CÑD :busy
p9
t0
p0
J. LangeBuilding Graphical Choreographies from Communicating Machines
3: From One-source Petri Net to Joined Petri Net
p1
AÑB :bwin
p3
BÑC :close
p5
BÑA :sig
p7
AÑC :cwin
p4
CÑB :blose
p6
CÑA :msg
p8
AÑD : free
p2
CÑD :busy
p9
t0
p0
p1
AÑB :bwin
p3
BÑC :close
p10
t2
p5
BÑA :sig
p7
AÑC :cwin
p4
CÑB :blose
p6
CÑA :msg
p8
AÑD : free
p2
CÑD :busy
p9
t1
p11
t0
p0
J. LangeBuilding Graphical Choreographies from Communicating Machines
4 & 5 : From Joined Petri Net to Global Graph
p1
AÑB :bwin
p3
BÑC :close
p10
t2
p5
BÑA :sig
p7
AÑC :cwin
p4
CÑB :blose
p6
CÑA :msg
p8
AÑD : free
p2
CÑD :busy
p9
t1
p11
t0
p0
p1
AÑB :bwin
p3
BÑC :close
p10
t2
p5
BÑA :sig
p7
AÑC :cwin
p4
CÑB :blose
p6
CÑA :msg
p8
AÑD : free
p2
CÑD :busy
p9
t1
p11
t0
p0
AÑC :cwin
CÑB :blose
AÑB :bwin
BÑC :close
CÑD :busy
BÑA :sig
CÑA :msg
AÑD : free
J. LangeBuilding Graphical Choreographies from Communicating Machines
Prototype Implementation
https://bitbucket.org/julien-lange/gmc-synthesis
J. LangeBuilding Graphical Choreographies from Communicating Machines
Applications of choreography synthesis
1. Timed systems:
Meeting Deadlines Together (CONCUR 2015)Laura Bocchi, Julien Lange & Nobuko Yoshida
2. Deadlock detection in Go:
Static Deadlock Detection for Go by Global Session GraphSynthesis (CC 2016)
Nicholas Ng & Nobuko Yoshida:
3. Analysis of Erlang libraries:
Choreography-Based Analysis of Distributed MessagePassing Programs (PDP 2016)
Ramsay Taylor, Emilio Tuosto, Neil Walkinshaw, & John Derrick
J. LangeBuilding Graphical Choreographies from Communicating Machines
Meeting Deadlines Together (CONCUR 2015)Laura Bocchi, Julien Lange & Nobuko Yoshida
J. LangeBuilding Graphical Choreographies from Communicating Machines
From Communicating Timed Automatato Timed Choreographies
U1
U0
U2
UW!taskx ă 1x :“ 0
AU?resultx ď 20
W0 W1 W2UW?tasky “ 1
y :“ 0, y 1 :“ 0
WA!datay ă 2^ y 1 ă 10
y :“ 0
WA!stopy ă 2
A0 A1 A2
WA?dataz “ 3z :“ 0
WA?stopz “ 3z :“ 0
AU!resultz ď 5
User pUq Worker pWq Aggregator pAq
§ Each machine owns several clocks (not shared)§ Time elapses at the same pace for each clock
J. LangeBuilding Graphical Choreographies from Communicating Machines
U (x ă 1 |x :“ 0)
task
W (y “ 1 |y :“ 0,y 1 :“ 0)
W (y ă 2^ y 1 ă 10 |y :“ 0)
data
A (z “ 3 |z :“ 0)
W (y ă 2)
stop
A (z “ 3 |z :“ 0)
A (z ď 5)
result
U (x ď 20)
§ Construction as in the untimed setting
§ Additional safety checks for time constraints
J. LangeBuilding Graphical Choreographies from Communicating Machines
Safety checks for CTAs
§ MC: (Generalised) Multiparty Compatibility
§ IE: Interaction Enabling
§ CE: Cycle Enabling
Property S „ pTSpSqçpqpPP Safety Progress Non-Zeno Eventual ReceptionMC X X 7 7 7MC+IE X X X 7 7MC+CE X X 7 X 7MC+IE+CE X X X X X
L. Bocchi, J. Lange, and N. Yoshida. Meeting Deadlines Together.More at www.doc.ic.ac.uk/˜jlange/cta/
J. LangeBuilding Graphical Choreographies from Communicating Machines
Static Deadlock Detection for Go by Global Session GraphSynthesis (CC 2016)
Nicholas Ng & Nobuko Yoshida:
J. LangeBuilding Graphical Choreographies from Communicating Machines
Choreography Synthesis for Go (i)
Some Go facts:
§ Developed by Google for multi-core programming
§ Concurrency model built on CSP (process calculi)
§ Message-passing communication over channels
“Do not communicate by sharing memory; instead, sharememory by communicating” – Effective Go (developer guide)
J. LangeBuilding Graphical Choreographies from Communicating Machines
Choreography Synthesis for Go (ii)
Go has a runtime deadlock detector, but it is very limited!
J. LangeBuilding Graphical Choreographies from Communicating Machines
Choreography Synthesis for Go (iii)
https://www.doc.ic.ac.uk/˜cn06/pub/2016/dingo
J. LangeBuilding Graphical Choreographies from Communicating Machines
Summing up
§ An effective way of checking properties of CFSMs, and whetherone can construct a global graph from them.
§ An algorithm based on the theory of regions.
§ A CFSMs characterisation of well-formed generalised globaltypes.
§ Applications:§ An extension for communicating timed automata§ Deadlock detection in Go§ Analysis of Erlang libraries
J. LangeBuilding Graphical Choreographies from Communicating Machines
Thanks!
Any questions?
https://bitbucket.org/julien-lange/gmc-synthesis
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : εCB : εAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : εCB : εAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : appleCB : εAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : appleCB : εAC : cabbageBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : appleCB : εAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : appleCB : dateAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : appleCB : dateAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : appleCB : εAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : appleCB : εAC : εBA : banana
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : appleCB : εAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : apple ¨ cakeCB : εAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : cakeCB : εAC : εBA : ε
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : cakeCB : εAC : εBA : biscuit
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : cakeCB : εAC : εBA : biscuit
ORPHAN MESSAGE CONFIGURATION!
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : cakeCB : εAC : εBA : biscuit
J. LangeBuilding Graphical Choreographies from Communicating Machines
Violating the no-race condition
AB!apple
AC!cabbage
BA?banana
AB!cake
AC!carrot
BA?banana
AB!apple
BA?biscuit
AB?apple
CB?date
BA!banana
AB?cake
CB?date
BA!banana
AB?apple
BA!biscuit
AC?carrotAC?cabbage
CB!date
A B C
AÑB :apple
AÑC :cabbage
CÑB :date
BÑA :banana
AÑB :cake
AÑC :carrot
CÑB :date
BÑA :banana
AÑB :apple
BÑA :biscuit
AB : cakeCB : εAC : εBA : biscuit
J. LangeBuilding Graphical Choreographies from Communicating Machines
References
§ Julien Lange, Emilio Tuosto, and Nobuko Yoshida. “From CommunicatingMachines to Graphical Choreographies”. In: POPL. 2015
§ Laura Bocchi, Julien Lange, and Nobuko Yoshida. “Meeting DeadlinesTogether”. In: CONCUR. 2015
§ Ramsay Taylor et al. “Choreography-Based Analysis of Distributed MessagePassing Programs”. In: PDP 2016
§ Nicholas Ng and Nobuko Yoshida. “Static deadlock detection for concurrent goby global session graph synthesis”. In: CC 2016
J. LangeBuilding Graphical Choreographies from Communicating Machines
Related work (i)
§ Pierre-Malo Denielou and Nobuko Yoshida. “Multiparty Session Types MeetCommunicating Automata”. In: ESOP. LNCS. Springer, 2012
§ Julien Lange and Emilio Tuosto. “Synthesising Choreographies from LocalSession Types”. In: CONCUR. LNCS. Springer, 2012
§ Pierre-Malo Denielou and Nobuko Yoshida. “Multiparty Compatibility inCommunicating Automata: Characterisation and Synthesis of Global SessionTypes”. In: ICALP. LNCS. 2013
§ Laura Bocchi, Weizhen Yang, and Nobuko Yoshida. “Timed Multiparty SessionTypes”. In: CONCUR 2014. 2014
§ Pavel Krcal and Wang Yi. “Communicating Timed Automata: The MoreSynchronous, the More Difficult to Verify”. In: CAV. LNCS. 2006
J. LangeBuilding Graphical Choreographies from Communicating Machines
Related work (ii)
§ Kohei Honda, Nobuko Yoshida, and Marco Carbone. “Multiparty asynchronoussession types”. In: POPL. ACM, 2008
§ Dimitris Mostrous, Nobuko Yoshida, and Kohei Honda. “Global Principal Typingin Partially Commutative Asynchronous Sessions”. In: ESOP. LNCS. Springer,2009
§ Samik Basu, Tevfik Bultan, and Meriem Ouederni. “Synchronizability forVerification of Asynchronously Communicating Systems”. In: VMCAI. LNCS.Springer, 2012
§ Samik Basu, Tevfik Bultan, and Meriem Ouederni. “Deciding choreographyrealizability”. In: POPL. ACM, 2012
J. LangeBuilding Graphical Choreographies from Communicating Machines
