Globl Session Types for Dynmic Checking of Protocol Conformnce of Multi-Agent Systems (Extended Abstrct) Dvide Ancon, Mtteo Brbieri, nd Vivin Mscrdi DIBRIS, University of Genov, Itly emil: dvide@disi.unige.it, mtteo.brbieri@oniriclbs.com, mscrdi@disi.unige.it 1 Introduction Multi-gent systems (MASs) hve been proved to be n industril-strength technology for integrting nd coordinting heterogeneous systems. However, due to their intrinsiclly distributed nture, testing MASs is difficult tsk. In recent work [1] we hve tckled the problem of runtime verifiction of the conformnce of MAS implementtion to specified protocol by exploiting globl session types on top of the Json gent oriented progrmming lnguge [2]. Globl session types [3,6,4] (or session types, for short) re behviorl types designed for specifying in compct wy multiprty interctions between distributed components, nd verifying their correctness. Session types cn be nturlly represented s cyclic Prolog terms (tht is, regulr terms), nd their interprettion cn be given by trnsition function, tht cn be suitbly implemented with Prolog predicte. With such predicte, Json monitor gent cn be utomticlly implemented to dynmiclly check tht the messge exchnge between the gents of system conforms to specified protocol. In this pper we continue our reserch in two directions: on the one hnd, we investigte the theoreticl foundtions of our frmework; on the other we extend it by introducing new conctention opertor tht llows significnt enhncement of the expressive power of our session types. As two significnt exmples, we show how two non trivil protocols cn be compctly represented in our frmework: ping-pong protocol, nd n lternting bit protocol, in the version proposed by Deniélou nd Yoshid [5]. Both protocols cnnot be specified esily (if t ll) by other session type frmeworks, while in our pproch they cn be expressed by two deterministic types (in sense mde precise in the sequel) tht cn be effectively employed for dynmic checking of the conformnce of the system to the protocol. 2 Globl session types nd their interprettion A session type τ represents set of possibly infinite sequences of sending ctions, nd is defined on top of the following type constructors:
λ (empty sequence), representing the singleton set {ɛ} contining the empty sequence ɛ. :τ (seq), representing the set of ll sequences obtined by dding the sending ction t the beginning of ny sequence in τ. τ 1 + τ 2 (choice), representing the union of the sequences of τ 1 nd τ 2. τ 1 τ 2 (fork), representing the set obtined by shuffling the sequences in τ 1 with the sequences in τ 2. τ 1 τ 2 (conct), representing the set of sequences obtined by conctenting ny sequence of τ 1 with ny sequence of τ 2. As n exmple, the session type ((( 1 :λ) ( 2 :λ)) + (( 3 :λ) ( 4 :λ))) (( 5 : 6 :λ) ( 7 :λ)) denotes the set of messge sequences { } 1 2 5 6 7, 1 2 5 7 6, 1 2 7 5 6, 2 1 5 6 7, 2 1 5 7 6, 2 1 7 5 6, 3 4 5 6 7, 3 4 5 7 6, 3 4 7 5 6, 4 3 5 6 7, 4 3 5 7 6, 4 3 7 5 6 Session types re regulr terms, tht is, cn be cyclic: more bstrctly, they re finitely brnching trees (where nodes re type constructors) whose depth cn be infinite, but tht cn only hve finite set of subtrees. A regulr term cn be represented by finite set of syntctic equtions, s hppens, for instnce, in Json nd in most modern Prolog implementtions. For instnce, the two equtions T 1 = (λ + ( 1 :T 1 )) T 2 T 2 = (λ + ( 2 :T 2 )) represent the following infinite, but regulr, session types (λ+( 1 :(λ+( 1 :...)))) (λ + ( 2 :(λ + ( 2 :...)))) nd (λ + ( 2 :(λ + ( 2 :...)))), respectively. To ensure termintion of dynmic checking of protocol conformnce, we only consider contrctive (or gurded) types. Definition 1. A session type τ is contrctive if it does not contin pths whose nodes cn only be constructors in {+,, } (such pths re necessrily infinite). The type represented by the eqution T 1 = (λ+( 2 :T 1 )) is contrctive: its infinite pth contins infinite occurrences of +, but lso of the : constructor; conversely, the type represented by the eqution T 2 = (λ + ((T 2 T 2 ) + (T 2 T 2 ))) is not contrctive. Trivilly, every finite type (tht is, non cyclic) is contrctive. The interprettion of session type depends on the notion of trnsition, totl function δ:t A P fin (T), where T nd A denote the set of contrctive session types nd of sending ctions, respectively. As it is customry, we write τ 1 τ2 to men τ 2 δ(τ 1, ). Figure 1 (in the Appendix) defines the inductive rules for the trnsition function. The uxiliry function ɛ, inductively defined in Figure 2 (in the Appendix), specifies the session types whose interprettion is equivlent to λ. Proposition 1. Let τ be contrctive type. Then τ τ for some nd τ if nd only if ɛ(τ) does not hold.
Note tht the proposition bove does not hold if we drop the hypothesis requiring τ to be contrctive; for instnce, if τ is defined by T = T + T, then neither ɛ(τ) holds, nor there exist, τ s.t. τ τ. Proposition 2. If τ is contrctive nd τ τ for some, then τ is contrctive s well. The two propositions bove ensures termintion when the rules defined in Figures 1 nd 2 re turned into n lgorithm (implemented, for instnce, in Prolog cluses, s done for Json [1]). Definition 2. Let τ 0 be contrctive type. A run ρ for τ 0 is sequence τ 0 0 n 1... τn n n+1 τn+1... such tht τ 1 1 either the sequence is infinite, or there exists k such tht ɛ(τ k ); for ll τ i, i, nd τ i+1 in the sequence, τ i i τi+1 holds. We denote by α(ρ) the possibly infinite sequence of sending ctions 0 1... n... contined in ρ. The interprettion τ 0 of τ 0 is the set {α(ρ) ρ is run for τ 0 } if τ 0 dmits t lest one run, {ɛ} otherwise. Note tht, differently from other pproches [4], session types re interpreted coinductively: for instnce, the session type defined by T = :T denotes the set { ω } (tht is, the singleton set contining the infinite sequence of sending ction ), nd not the empty set. Finlly, we introduce the notion of deterministic session type. A deterministic type τ ensures tht dynmic checking of the implementtion of the protocol specified by τ is complete nd efficient; for non deterministic types, completeness of dynmic checking is gurnteed only by less efficient bcktrcking procedure; without tht, the lgorithm my fil to recognize correct sequence of sending ctions. Definition 3. A contrctive session type τ is deterministic if for ny possible run ρ of τ nd ny possible τ in ρ, if τ τ, τ τ, nd τ τ, then. 3 Exmples In this section we provide two exmples to show the expressive power of our formlism. 3.1 Ping-pong Protocol This protocol requires tht first Alice sends n (with n 1, but lso possibly infinite) consecutive ping messges to Bob, nd then Bob replies with exctly
n pong messges. The converstion continues forever in this wy, but t ech itertion Alice is llowed to chnge the number of sent ping messges. For simplicity we encode with ping nd pong the only two possible sending ctions; then, the protocol cn be specified by the following contrctive nd deterministic session type (defined by the vrible Forever): Forever = PingPong Forever PingPong = ping:((pong:λ) + ((PingPong) (pong:λ))) 3.2 Alternting Bit Protocol We consider the Alternting Bit protocol, in the version defined by Deniélou nd Yoshid [5]. Four different sending ctions my occur: Alice sends msg1 to Bob (sending ction msg 1 ), Alice sends msg2 to Bob (sending ction msg 2 ), Bob sends ck1 to Alice (sending ction ck 1 ), Bob sends ck2 to Alice (sending ction ck 2 ). Also in this cse the protocol is n infinite itertion, but the following constrints hve to be stisfied: The n-th occurrence of msg 1 must precede the n-th occurrence of msg 2. The n-th occurrence of ck 1 must follow the n-th occurrence of msg 1, nd precede the (n + 1)-th occurrence of msg 1. The n-th occurrence of ck 2 must follow the n-th occurrence of msg 2, nd precede the (n + 1)-th occurrence of msg 2. We first show non deterministic contrctive type specifying such protocol (defined by the vrible AltBit 1 ). AltBit 1 = msg 1 :M 2 AltBit 2 = msg 2 :M 1 M 2 = (((msg 2 :λ) (ck 1 :λ)) M 1 ) + (((msg 2 :ck 2 :λ) (ck 1 :λ)) AltBit 1 ) M 1 = (((msg 1 :λ) (ck 2 :λ)) M 2 ) + (((msg 1 :ck 1 :λ) (ck 2 :λ)) AltBit 2 ) Since the type is not deterministic, its use for dynmiclly checking the implementtion of the protocol does not ensure completeness. The corresponding miniml deterministic type (defined by the vrible AltBit 1 ) is the following: References AltBit 1 = msg 1 :M 2 M 2 = (msg 2 : A 1 ) + (ck 1 : AltBit 2 ) A 1 = (ck 1 : M 1 ) + (ck 2 : ck 1 : AltBit 1 ) AltBit 2 = msg 2 : M 1 M 1 = (msg 1 : A 2 ) + (ck 2 : AltBit 1 ) A 2 = (ck 2 : M 2 ) + (ck 1 : ck 2 : AltBit 2 ) 1. D. Ancon, S. Drossopoulou, nd V. Mscrdi. Automtic Genertion of Self- Monitoring MASs from Multiprty Globl Session Types in Json. In Declrtive Agent Lnguges nd Technologies (DALT 2012). Workshop Notes., pges 1 17, 2012.
2. R. H. Bordini, J. F. Hübner, nd M. Wooldridge. Progrmming Multi-Agent Systems in AgentSpek Using Json. John Wiley & Sons, 2007. 3. M. Crbone, K. Hond, nd N. Yoshid. Structured communiction-centred progrmming for web services. In ESOP 07 (prt of ETAPS 2007), volume 4421 of LNCS, pges 2 17. Springer, 2007. 4. G. Cstgn, M. Dezni-Cincglini, nd L. Pdovni. On globl types nd multiprty session. Logicl Methods in Computer Science, 8(1), 2012. 5. P.-M. Deniélou nd N. Yoshid. Multiprty session types meet communicting utomt. In ESOP 12 (prt of ETAPS 2012), LNCS. Springer, 2012. 6. K. Hond, N. Yoshid, nd M. Crbone. Multiprty synchronous session types. In POPL 2008, pges 273 284. ACM, 2008. A Appendix (seq) :τ τ (choice-l) τ 1 + τ 2 τ 1 τ 2 τ 2 (choice-r) τ 1 + τ 2 τ 2 τ 2 τ 2 (fork-l) τ 1 τ (fork-r) 2 τ 1 τ2 τ 1 τ 2 τ 1 τ 2 τ 2 τ 2 (ct-l) τ 1 τ 2 τ 1 (ct-r) τ2 τ 1 τ 2 τ 2 ɛ(τ 1) Fig. 1. Rules defining the trnsition function ɛ(τ1) ɛ(τ2) (ɛ-seq) (ɛ-choice) ɛ(λ) ɛ(τ 1 + τ 2) (ɛ-fork) ɛ(τ1) ɛ(τ2) ɛ(τ 1 τ 2) (ɛ-ct) ɛ(τ1) ɛ(τ2) ɛ(τ 1 τ 2) Fig. 2. Rules defining session types equivlent to λ