a verified, end-to-end compiler for a choreographic language
Johannes Åman Pohjola | |
🗣 | Alejandro Gómez-Londoño |
James Shaker | |
Michael Norrish |
CakeML
HOL4
Message passing concurrency
Choreographies are a way of describing communicating systems as global programs
A
B
A
B
A.x -> B.x
A.x -> B.x
A
Send("B",x)
B
x = Receive("A")
A.x -> B.x
let y@A = foo()
let w@B = bar()
A
Send("B",x)
y = foo()
B
x = Receive("A")
w = bar()
A.x -> B.x
let y@A = crunch()
let w@B = crunch()
A.x -> B.x
let y@A = crunch()
let w@B = crunch()
if y@A
A->B[T]
...
else
A->B[F]
...
A.x -> B.x
let y@A = crunch()
let w@B = crunch()
if y@A
A->B[T]
...
else
A->B[F]
...
A
if y
Choose("B",T)
...
else
Choose("B",F)
...
B
if Choice("A")
...
else
...
A.x -> B.x
B.y -> C.y
...
A.x -> B.x
B.y -> C.y
...
G | ::= |
A.x -> B.y; G | (com) |
| |
A -> B[b]; G | (sel) | |
| |
Let x@A = foo(..); G | (let) | |
| |
If x@A
Then G
Else G | (if) | |
| |
Fix fn G | (fix) | |
| |
Call fn | (call) | |
| |
End | (end) |
Where:
Communication
A.x -> B.y;C
Communication
S
A.x -> B.y;C
Communication
S(A,x) = d
A.x -> B.y;C
Communication
A.x -> B.y;C
S[(B,y)|->d]
Communication
S[(B,y)|->d]
C
A.x -> B.x
B.y -> C.y
...
A.x -> B.x
B.y -> C.y
...
EPN
An endpoint language
EP | ::= |
Send p x; EP |
| |
Receive p y; EP | |
| |
InternalChoice p b; EP | |
| |
ExternalChoice p EP EP | |
| |
Let v f vl in EP | |
| |
If v Then EP
Else EP | |
| |
Fix fn EP | |
| |
Call fn | |
| |
End |
EPN | ::= |
<p,s,q,EP> | (Single) |
| |
<p,s,q,EP> || EPN | (Parallel) |
Where:
p
) is a process names
) is a mappings from varible names to values
representing the process state,q
) is a queue of unread messagesEP
) is the endpoint code<A,sa,qa,>
Send "B" x
...
sa(x) = d
<B,sb,qb,>
Receive "A" x
...
<A,sa,qa,>
...
sa(x) = d
<B,sb,qb',>
Receive "A" x
...
qb' = ("A",d)::qb
<A,sa,qa,>
...
<B,sb',qb,>
...
sb' = sb[x |-> d]
EPN
EPN
Selection
Payload
Closure
IntChoice b p
...
Let fv = b
Send p fv
...
ExternalChoice p e1 e2
Receive p fv
If fv Then e1 Else e2
Send p vlm
...
Send p v
Send p l
Send p m
...
Receive p vlm
...
Receive p v
Receive p l
Receive p m
...
Fix fn
Let x = ...
Receive p y
...
Letrec fn(x,y,...)
Let x = ...
Receive p y
...
A.x -> B.x
B.y -> A.y
...
let x@A = [1,2,3]
A.x -> B.y
let y@B = sort x
B.y -> A.y
...
A
Let x = [1,2,3]
Send B x
Receive A y
...
B
Receive A x
Let y = sort x
Send A y
...
A
Let x = [1,2,3]
Send B x
Receive A y
...
B
Receive A x
Let y = sort x
Send A y
...
A
let x = [1,2,3]
let _ = #send B x
let x = #receive A
...
B
let x = #receive A
let y = sort x
let _ = #send A y
...
A.x -> B.x
B.y -> A.y
...
Send
and Receive
are FFI primitivesSemantic preservation
$(s,c)\xrightarrow{}(s',c')$ |
$\exists{c'',s''.\;}(s',c')\rightarrow^{\ast}(s'',c'')\,\land\, [\![s,c]\!]\rightarrow^{\ast}[\![s'',c'']\!]$ |
Semantic reflection
$[\![s,c]\!]\xrightarrow{}epn$ |
$\exists{c',s'.\;}epn\rightarrow^{\ast}[\![s',c']\!]\,\land\, (s,c)\rightarrow^{\ast}(s',c')$ |
Deadlock-freedom*
$\text{fv}(c) \subseteq \text{fv}(s)$ |
$c\equiv end \lor \exists{s' c'.}{(s,c) \rightarrow (s',c')}$ |