Abstract
Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can only detect global deadlocks at runtime, but provides no compile-time protection against all too common communication mismatches or partial deadlocks.
This work develops a static verification framework for bounded liveness and safety in Go programs, able to detect communication errors and partial deadlocks in a general class of realistic concurrent programs, including those with dynamic channel creation and infinite recursion. Our approach infers from a Go program a faithful representation of its communication patterns as a behavioural type. By checking a syntactic restriction on channel usage, dubbed fencing, we ensure that programs are made up of finitely many different communication patterns that may be repeated infinitely many times. This restriction allows us to implement bounded verification procedures (akin to bounded model checking) to check for liveness and safety in types which in turn approximates liveness and safety in Go programs. We have implemented a type inference and liveness and safety checks in a tool-chain and tested it against publicly available Go programs.
Updated on 27th Feb 2017. See Comments.
Supplemental Material
Available for Download
Original published version of "Fencing off go: liveness and safety for channel-based programming" before corrections.
- Collection of Golang concurrency patterns. https://github. com/stillwater-sc/concurrency.Google Scholar
- Tool chain. http://mrg.doc.ic.ac.uk/tools/gong.Google Scholar
- V. Agababov, M. Buettner, V. Chudnovsky, M. Cogan, B. Greenstein, S. McDaniel, M. Piatek, C. Scott, M. Welsh, and B. Yin. Flywheel: Google’s Data Compression Proxy for the Mobile Web. In NSDI 2015, 2015. Google Scholar
Digital Library
- D. G. Anderson. Experience with ePaxos: Systems Research using Go. 2013. https://da-data.blogspot.co.uk/2013/10/ experience-with-epaxos-systems-research.html.Google Scholar
- Andrew Gerrand. Share Memory By Communicating. https:// blog.golang.org/share-memory-by-communicating.Google Scholar
- D. Brand and P. Zafiropulo. On communicating finite-state machines. J. ACM, 30:323–342, April 1983. Google Scholar
Digital Library
- N. Busi, M. Gabbrielli, and G. Zavattaro. Replication vs. recursive definitions in channel based calculi. In ICALP’03, pages 133–144, 2003. Google Scholar
Digital Library
- N. Busi, M. Gabbrielli, and G. Zavattaro. Comparing recursion, replication, and iteration in process calculi. In ICALP’04, pages 307– 319, 2004.Google Scholar
Cross Ref
- L. Caires and F. Pfenning. Session types as intuitionistic linear propositions. In CONCUR, volume 6269 of LNCS, pages 222–236. Springer, 2010. Google Scholar
Digital Library
- L. Caires, F. Pfenning, and B. Toninho. Linear logic propositions as session types. Mathematical Structures in Computer Science, 26(3):367–423, 2016.Google Scholar
Cross Ref
- M. Carbone, O. Dardha, and F. Montesi. Progress as compositional lock-freedom. In COORDINATION, volume 8459 of LNCS, pages 49–64. Springer, 2014. Google Scholar
Digital Library
- S. Chaki, S. K. Rajamani, and J. Rehof. Types as models: model checking message-passing programs. In POPL’02, pages 45–57, 2002. Google Scholar
Digital Library
- M. Coppo, M. Dezani-Ciancaglini, and N. Yoshida. Asynchronous Session Types and Progress for Object-Oriented Languages. In FMOODS’07, volume 4468 of LNCS, pages 1–31, 2007. Google Scholar
Digital Library
- M. Coppo, M. Dezani-Ciancaglini, N. Yoshida, and L. Padovani. Global Progress for Dynamically Interleaved Multiparty Sessions. MSCS, 26(2):238–302, 2016.Google Scholar
- S. Debois, T. T. Hildebrandt, T. Slaats, and N. Yoshida. Type-checking liveness for collaborative processes with bounded and unbounded recursion. Logical Methods in Computer Science, 12(1), 2016.Google Scholar
- B. Fitzpatrick. go 1.5.1 linux/amd64 deadlock detection failed, 2015. https://github.com/golang/go/issues/12734# issuecomment-142859447.Google Scholar
- E. Giachino, N. Kobayashi, and C. Laneve. Deadlock analysis of unbounded process networks. In CONCUR, volume 8704 of LNCS, pages 63–77. Springer, 2014.Google Scholar
- C. Hoare. Communicating Sequential Processes. Prentice Hall, 1985. Google Scholar
Digital Library
- K. Honda, V. T. Vasconcelos, and M. Kubo. Language primitives and type disciplines for structured communication-based programming. In ESOP’98, volume 1381 of LNCS, pages 22–138. Springer-Verlag, 1998. Google Scholar
Digital Library
- K. Honda, N. Yoshida, and M. Carbone. Multiparty Asynchronous Session Types. In POPL’08, pages 273–284. ACM, 2008. A full version in JACM: 63(1-9):1–67, 2016. Google Scholar
Digital Library
- H. Hüttel, I. Lanese, V. T. Vasconcelos, L. Caires, M. Carbone, P.-M. Deniélou, D. Mostrous, L. Padovani, A. Ravara, E. Tuosto, H. T. Vieira, and G. Zavattaro. Foundations of session types and behavioural contracts. ACM Comput. Surv., 49(1):3:1–3:36, Apr. 2016. Google Scholar
Digital Library
- A. Igarashi and N. Kobayashi. A generic type system for the picalculus. Theor. Comput. Sci., 311(1-3):121–163, 2004. Google Scholar
Digital Library
- N. Kobayashi. Type-based information flow analysis for the picalculus. Acta Inf., 42(4-5):291–347, 2005. Google Scholar
Digital Library
- N. Kobayashi. A new type system for deadlock-free processes. In CONCUR’06, volume 4137 of LNCS, pages 233–247, 2006. Google Scholar
Digital Library
- N. Kobayashi and D. Sangiorgi. A hybrid type system for lockfreedom of mobile processes. TOPLAS, 32(5):16:1–16:49, May 2008. Google Scholar
Digital Library
- N. Kobayashi, K. Suenaga, and L. Wischik. Resource usage analysis for the p-calculus. Logical Methods in Computer Science, 2(3), 2006.Google Scholar
- J. Lange, N. Ng, B. Toninho, and N. Yoshida. Full version of this paper. Available at https://arxiv.org/abs/1610.08843.Google Scholar
- J. Lange, E. Tuosto, and N. Yoshida. From Communicating Machines to Graphical Choreographies. In S. K. Rajamani and D. Walker, editors, POPL’15, pages 221–232. ACM Press, 2015. Google Scholar
Digital Library
- R. Milner. A Calculus of Communicating Systems, volume 92 of Lecture Notes in Computer Science. Springer, Berlin, 1980. Google Scholar
Digital Library
- R. Milner. Communication and Concurrency. Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1989. Google Scholar
Digital Library
- R. Milner and D. Sangiorgi. Barbed bisimulation. In W. Kuich, editor, ICALP, volume 623 of LNCS, pages 685–695. Springer-Verlag, 1992. Google Scholar
Digital Library
- I. Moraru, D. G. Andersen, and M. Kaminsky. There is More Consensus in Egalitarian Parliaments. In SOSP’13, pages 358–372, New York, NY, USA, 2013. ACM. Google Scholar
Digital Library
- N. Ng and N. Yoshida. Static Deadlock Detection for Concurrent Go by Global Session Graph Synthesis. In CC 2016, pages 174–184. ACM, 2016. Google Scholar
Digital Library
- H. R. Nielson and F. Nielson. Higher-order concurrent programs with finite communication topology (extended abstract). In POPL ’94, pages 84–97. ACM, 1994. Google Scholar
Digital Library
- L. Padovani. Deadlock and Lock Freedom in the Linear π-Calculus. In T. A. Henzinger and D. Miller, editors, CSL-LICS’14, pages 72:1– 72:10. ACM Press, 2014. Google Scholar
Digital Library
- Rob Pike. Go Concurrency Patterns, 2012.Google Scholar
- https://talks. golang.org/2012/concurrency.slide.Google Scholar
- Sameer Ajamni. Advanced Go Concurrency Patterns, 2013. https: //talk.golang.org/2013/advconc.slide.Google Scholar
- Sameer Ajmani. Go Concurrency Patterns: Pipelines and cancellation, 2014. https://blog.golang.org/pipelines.Google Scholar
- D. Sangiorgi and D. Walker. The π-Calculus: a Theory of Mobile Processes. Cambridge University Press, 2001. Google Scholar
Digital Library
- K. Stadmüller, M. Sulzmann, and P. Thiemann. Static Trace-Based Deadlock Analysis for Synchronous Mini-Go. In APLAS, 2016. to appear.Google Scholar
Cross Ref
- K. Takeuchi, K. Honda, and M. Kubo. An Interaction-based Language and its Typing System. In PARLE’94, volume 817 of LNCS, pages 398–413. Springer-Verlag, 1994. Google Scholar
Digital Library
- The Go Authors. Effective Go. https://golang.org/doc/ effective_go.html.Google Scholar
- B. Toninho, L. Caires, and F. Pfenning. Higher-order processes, functions, and sessions: A monadic integration. In ESOP’13, pages 350–369, 2013. Google Scholar
Digital Library
- B. Toninho, L. Caires, and F. Pfenning. Corecursion and nondivergence in session-typed processes. In TGC’14, pages 159–175, 2014.Google Scholar
- P. Wadler. Proposition as Sessions. In ICFP’12, pages 273–286, 2012. Google Scholar
Digital Library
- S. Weirich and B. Yorgey. Unbound library. https://hackage. haskell.org/package/unbound.Google Scholar
Index Terms
Fencing off go: liveness and safety for channel-based programming
Recommendations
Fencing off go: liveness and safety for channel-based programming
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesGo is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through ...
Deciding safety and liveness in TPTL
We show that deciding whether a TPTL formula describes a safety property is EXPSPACE-complete. Moreover, deciding whether a TPTL formula describes a liveness property is in 2-EXPSPACE. Our algorithms for deciding these problems extend those presented by ...
Verifying safety and liveness for the FlexTM hybrid transactional memory
DATE '13: Proceedings of the Conference on Design, Automation and Test in EuropeWe consider the verification of safety (strict serializability and abort consistency) and liveness (obstruction and livelock freedom) for the hybrid transactional memory framework FlexTM. This framework allows for flexible implementations of ...







Comments