A Language-Agnostic Logical Relation for Message-Passing Protocols

TL;DR

This paper introduces a language-agnostic logical relation framework for verifying protocol compliance in heterogeneous message-passing systems, applicable across different languages and including foreign objects, with mechanization in Coq.

Contribution

It presents the first mechanized, language-agnostic logical relation for certifying protocol adherence in heterogeneous message-passing systems, accommodating arbitrary inhabitants.

Findings

Successfully mechanized in Coq

Applicable to both per-instance and once-and-for-all verification

Handles typed, untyped, and foreign objects

Abstract

Today's computing landscape has been gradually shifting to applications targeting distributed and *heterogeneous* systems, such as cloud computing and Internet of Things (IoT) applications. These applications are predominantly *concurrent*, employ *message-passing*, and interface with *foreign objects*, ranging from externally implemented code to actual physical devices such as sensors. Verifying that the resulting systems adhere to the intended protocol of interaction is challenging -- the usual assumption of a common implementation language, let alone a type system, no longer applies, ruling out any verification method based on them. This paper develops a framework for certifying *protocol compliance* of heterogeneous message-passing systems. It contributes the first mechanization of a *language-agnostic logical relation*, asserting that its inhabitants comply with the protocol specified. This definition relies entirely on a labelled transition-based semantics, accommodating arbitrary inhabitants, typed and untyped alike, including foreign objects. As a case study, the paper considers two scenarios: (1) *per-instance verification* of a specific application or hardware device, and (2) *once-and-for-all verification* of well-typed applications for a given type system. The logical relation and both scenarios are mechanized in the Coq theorem prover.