SessionTypes: independent deadlock freedom

2024-11-10 00:07:51 +00:00 · 2018-05-13 20:06:07 -04:00 · 2018-05-13 20:06:07 -04:00 · e7dac822fb
commit e7dac822fb
parent 4874184ac9
1 changed files with 164 additions and 0 deletions
--- a/SessionTypes.v
+++ b/SessionTypes.v
@ -1417,3 +1417,167 @@ Section online_store_with_warehouse.
 End online_store_with_warehouse.
 End Multiparty.
 (** * A bonus: running orthogonal protocols in parallel *)
 Inductive mayTouch : proc -> channel -> Prop :=
 | MtSend1 : forall ch (A : Set) (v : A) k,
    mayTouch (Send ch v k) ch
 | MtSend2 : forall ch (A : Set) (v : A) k ch',
    mayTouch k ch'
    -> mayTouch (Send ch v k) ch'
 | MtRecv1 : forall ch (A : Set) (k : A -> _),
    mayTouch (Recv ch k) ch
 | MtRecv2 : forall ch (A : Set) (v : A) k ch',
    mayTouch (k v) ch'
    -> mayTouch (Recv ch k) ch'
 | MtNewChannel : forall ch chs ch' k,
    mayTouch (k ch') ch
    -> mayTouch (NewChannel chs k) ch
 | MtBlockChannel : forall ch ch' k,
    mayTouch k ch
    -> mayTouch (BlockChannel ch' k) ch
 | MtPar1 : forall ch pr1 pr2,
    mayTouch pr1 ch
    -> mayTouch (Par pr1 pr2) ch
 | MtPar2 : forall ch pr1 pr2,
    mayTouch pr2 ch
    -> mayTouch (Par pr1 pr2) ch
 | MtDup : forall ch pr1,
    mayTouch pr1 ch
    -> mayTouch (Dup pr1) ch.
 Hint Constructors mayTouch.
 Import BasicTwoParty Multiparty.
 Lemma lstep_mayTouch : forall pr l pr',
    lstep pr l pr'
    -> forall ch, mayTouch pr' ch -> mayTouch pr ch.
 Proof.
  induct 1; invert 1; eauto;
    eapply MtRecv2;
    match goal with
    | [ H : _ = _ |- _ ] => rewrite <- H; eauto
    end.
 Qed.
 Hint Immediate lstep_mayTouch.
 Lemma Input_mayTouch : forall pr ch (A : Set) (v : A) pr',
    lstep pr (Input {| Channel := ch; Value := v |}) pr'
    -> mayTouch pr ch.
 Proof.
  induct 1; eauto.
 Qed.
 Lemma Output_mayTouch : forall pr ch (A : Set) (v : A) pr',
    lstep pr (Output {| Channel := ch; Value := v |}) pr'
    -> mayTouch pr ch.
 Proof.
  induct 1; eauto.
 Qed.
 Hint Immediate Input_mayTouch Output_mayTouch.
 Lemma independent_execution : forall pr1 pr2 pr,
  lstepSilent^* (pr1 || pr2) pr
  -> (forall ch, mayTouch pr1 ch -> mayTouch pr2 ch -> False)
  -> exists pr1' pr2', pr = pr1' || pr2'
                       /\ lstepSilent^* pr1 pr1'
                       /\ lstepSilent^* pr2 pr2'.
 Proof.
  induct 1; simplify; eauto.
  invert H.
  specialize (IHtrc _ _ eq_refl).
  match type of IHtrc with
  | ?P -> _ => assert P by eauto
  end.
  first_order.
  eauto 10.
  specialize (IHtrc _ _ eq_refl).
  match type of IHtrc with
  | ?P -> _ => assert P by eauto
  end.
  first_order.
  eauto 10.
  exfalso; eauto.
  exfalso; eauto.
 Qed.
 Theorem independently_deadlock_free : forall pr1 pr2,
    invariantFor (trsys_of pr1)
                 (fun pr => inert pr
                            \/ exists pr', lstep pr Silent pr')
    -> invariantFor (trsys_of pr2)
                    (fun pr => inert pr
                               \/ exists pr', lstep pr Silent pr')
    -> (forall ch, mayTouch pr1 ch -> mayTouch pr2 ch -> False)
    -> invariantFor (trsys_of (pr1 || pr2))
                    (fun pr => inert pr
                               \/ exists pr', lstep pr Silent pr').
 Proof.
  unfold invariantFor; simplify.
  propositional; subst.
  apply independent_execution in H3; auto.
  first_order; subst.
  apply H in H3; apply H0 in H4; auto.
  first_order; eauto.
 Qed.
 Ltac NoDup :=
  repeat match goal with
         | [ H : NoDup _ |- _ ] => invert H
         end; simplify.
 Ltac mayTouch :=
  match goal with
  | [ H : mayTouch (match ?E with _ => _ end) _ |- _ ] => cases E
  | [ H : mayTouch _ _ |- _ ] => invert H; try solve [ equality ]
  end.
 Example online_store_no_deadlock' : forall k input output
                                           product payment_info payment_checker in_stock
                                           add_review payment_success send_payment_info
                                           in_stock_or_not request_product
                                           merchant_to_warehouse warehouse_to_merchant,
  NoDup [input; output;
           request_product; in_stock_or_not; send_payment_info; payment_success; add_review;
             merchant_to_warehouse; warehouse_to_merchant]
    -> invariantFor (trsys_of ((addN k input output
                                || add2_client input output)
                               || ((customer' request_product in_stock_or_not
                                              send_payment_info payment_success add_review
                                              product payment_info
                                    || (merchant' request_product in_stock_or_not
                                                  send_payment_info payment_success add_review
                                                  merchant_to_warehouse
                                                  warehouse_to_merchant payment_checker
                                        || (warehouse merchant_to_warehouse
                                                      warehouse_to_merchant
                                                      in_stock || Done))))))
                    (fun pr => inert pr
                               \/ exists pr', lstep pr Silent pr').
 Proof.
  simplify.
  eapply independently_deadlock_free.
  eapply invariant_weaken.
  apply adding_no_deadlock.
  NoDup; equality.
  simplify.
  first_order; subst; eauto.
  apply online_store_no_deadlock'.
  NoDup; repeat constructor; simplify; equality.
  simplify.
  NoDup; propositional.
  generalize dependent H1.
  repeat mayTouch; intro; repeat mayTouch.
 Qed.