Abstract
In large-scale distributed infrastructures, applications are realised through communications among distributed components. The need for methods for assuring safe interactions in such environments is recognised, however the existing frameworks, relying on centralised verification or restricted specification methods, have limited applicability. This paper proposes a new theory of monitored π-calculus with dynamic usage of multiparty session types (MPST), offering a rigorous foundation for safety assurance of distributed components which asynchronously communicate through multiparty sessions. Our theory establishes a framework for semantically precise decentralised run-time enforcement and provides reasoning principles over monitored distributed applications, which complement existing static analysis techniques. We introduce asynchrony through the means of explicit routers and global queues, and propose novel equivalences between networks, that capture the notion of interface equivalence, i.e. equating networks offering the same services to a user. We illustrate our static–dynamic analysis system with an ATM protocol as a running example and justify our theory with results: satisfaction equivalence, local/global safety and transparency, and session fidelity.
Highlights
One of the main challenges in the engineering of distributed systems is the comprehensive verification of distributed software without relying on ad hoc and expensive testing techniques
We formally define a satisfaction relation to express when the behaviour of a network conforms to a global specification and we prove a number of properties of our model: local safety (Theorem 5.2) states that a monitored process respects its local protocol, i.e. that dynamic verification by monitoring is sound; global safety (Theorem 5.4) extends local safety to networks involving multiple principals; local transparency (Theorem 6.1) states that a monitored process has equivalent behaviour to an unmonitored but well-behaved process; and global transparency (Theorem 6.3) states that a network where each principal is monitored has equivalent behaviour to an unmonitored but well-behaved network
Jia et al [35] proposed a linear-logic based session-calculus close to ours describing monitor semantics for higher-order sessions which include rules for blame assignment. Compared to these related works, our contribution focuses on the enforcement of global safety, with protocols specified as multiparty session types with assertions
Summary
One of the main challenges in the engineering of distributed systems is the comprehensive verification of distributed software without relying on ad hoc and expensive testing techniques. Our theory is based on the idea that, if the endpoint processes in a system are independently verified (either statically or dynamically) to conform a local type, the corresponding global protocol is respected as a whole To this goal, we propose a new formal model and a bisimulation theory for heterogeneous networks of monitored and unmonitored processes. We introduce a stronger property than global safety, session fidelity (Theorem 7.13), which guarantees conformance of each monitored process in a network to the ensemble of local specifications, and requires that the overall flow of messages throughout the router is correct In this way, session fidelity shows the correspondency between the behaviour of a monitored system and the behaviour specified by a global protocol.
Sign-in/Register to view highlights & summary 
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call