Papers by Luís Cruz-Filipe
$$\mu $$XL: Explainable Lead Generation with Microservices and Hypothetical Answers
Lecture Notes in Computer Science, Dec 31, 2022
Reasoning About Choreographic Programs
Lecture Notes in Computer Science, 2023
arXiv (Cornell University), Aug 15, 2018
We present Multiparty Classical Choreographies (MCC), a language model where global descriptions ... more We present Multiparty Classical Choreographies (MCC), a language model where global descriptions of communicating systems (choreographies) implement typed multiparty sessions. Typing is achieved by generalising classical linear logic to judgements that explicitly record parallelism by means of hypersequents. Our approach unifies different lines of work on choreographies and processes with multiparty sessions, as well as their connection to linear logic. Thus, results developed in one context are carried over to the others. Key novelties of MCC include support for server invocation in choreographies, as well as logic-driven compilation of choreographies with replicated processes.
Keep me out of the loop: a more flexible choreographic projection
EPiC series in computing, Jun 3, 2023
Choreographic programming is a paradigm where programmers write global descrip- tions of distribu... more Choreographic programming is a paradigm where programmers write global descrip- tions of distributed protocols, called choreographies, and correct implementations are au- tomatically generated by a mechanism called projection. Not all choreographies are pro- jectable, because decisions made by one process must be communicated to other processes whose behaviour depends on them – a property known as knowledge of choice.The standard formulation of knowledge of choice disallows protocols such as third-party authentication with retries, where two processes iteratively interact, and other processes wait to be notified at the end of this loop. In this work we show how knowledge of choice can be weakened, extending the class of projectable choreographies with these and other interesting behaviours. The whole development is formalised in Coq. Working with a proof assistant was crucial to our development, because of the help it provided with detecting counterintuitive edge cases that would otherwise have gone unnoticed.
Journal of Automated Reasoning, May 27, 2023
Choreographic programming is a paradigm for writing coordination plans for distributed systems fr... more Choreographic programming is a paradigm for writing coordination plans for distributed systems from a global point of view, from which correct-by-construction decentralised implementations can be generated automatically. Theory of choreographies typically includes a number of complex results that are proved by structural induction. The high number of cases and the subtle details in some of these proofs has led to important errors being found in published works. In this work, we formalise the theory of a choreographic programming language in Coq. Our development includes the basic properties of this language, a proof of its Turing completeness, a compilation procedure to a process language, and an operational characterisation of the correctness of this procedure. Our formalisation experience illustrates the benefits of using a theorem prover: we get both an additional degree of confidence from the mechanised proof, and a significant simplification of the underlying theory. Our results offer a foundation for the future formal development of choreographic languages.
Lecture Notes in Computer Science, 2023
Programming communicating processes is challenging, because it requires writing separate programs... more Programming communicating processes is challenging, because it requires writing separate programs that perform compatible send and receive actions at the right time during execution. Leaving this task to the programmer can easily lead to bugs. Choreographic programming addresses this challenge by equipping developers with high-level abstractions for codifying the desired communication structures from a global viewpoint. Given a choreography, implementations of the involved processes can be automatically generated by endpoint projection (EPP). While choreographic programming prevents manual mistakes in the implementation of communications, the correctness of a choreographic programming framework crucially hinges on the correctness of its complex compiler, which has motivated formalisation of theories of choreographic programming in theorem provers. In this paper, we build upon one of these formalisations to construct a toolchain that produces executable code from a choreography.
arXiv (Cornell University), Nov 5, 2021
Choreographic programming is an emerging programming paradigm for concurrent and distributed syst... more Choreographic programming is an emerging programming paradigm for concurrent and distributed systems, whereby developers write the communications that should be enacted and then a distributed implementation is automatically obtained by means of a compiler. Theories of choreographic programming typically come with strong theoretical guarantees about the compilation process, most notably: the generated implementations operationally correspond to their source choreographies and are deadlock-free. Currently, the most advanced incarnation of the paradigm is Choral, an object-oriented choreographic programming language that targets Java. Choral deviated significantly from known theories of choreographies, and in particular introduced the possibility of expressing higher-order choreographies (choreographies parameterised over choreographies) that are fully distributed. As a consequence, it is unclear whether the usual guarantees of choreographic programming can still hold in the more general setting of higher-order choreographies. In this article, we introduce Chorλ, the first functional choreographic programming language: it introduces a new formulation of the standard communication primitive found in choreographies as a function, and it is based upon the λ-calculus. Chorλ is the first theory that explains the core ideas of higher-order choreographic programming (as in Choral). Interestingly, bridging the gap between practice and theory requires developing a new evaluation strategy and typing discipline for λ terms that accounts for the distributed nature of computation in choreographies. We illustrate the expressivity of Chorλ with a series of examples, which include also reconstructions of the key examples found in the original presentation of Choral. Our theory supports all the expected properties of choreographic programming. By offering the first interpretation of choreographies as terms in λ-calculus, our work also serves to bridge the gap between the communities of functional and choreographic programming. 2012 ACM Subject Classification Theory of computation → Lambda calculus; Theory of computation → Distributed computing models; Computing methodologies → Distributed programming languages
Can You Answer While You Wait?
Springer eBooks, 2022
How to Get More Out of Your Oracles
Lecture Notes in Computer Science, 2017
Formal verification of large computer-generated proofs often relies on certified checkers based o... more Formal verification of large computer-generated proofs often relies on certified checkers based on oracles. We propose a methodology for such proofs, advocating a separation of concerns between formalizing the underlying theory and optimizing the algorithm implemented in the checker, based on the observation that such optimizations can benefit significantly from adequately adapting the oracle.
EPiC series in computing, Jan 23, 2018
In 2016, Heule, Kullmann and Marek solved the Boolean Pythagorean Triples problem: is there a bin... more In 2016, Heule, Kullmann and Marek solved the Boolean Pythagorean Triples problem: is there a binary coloring of the natural numbers such that every Pythagorean triple contains an element of each color? By encoding a finite portion of this problem as a propositional formula and showing its unsatisfiability, they established that such a coloring does not exist. Subsequently, this answer was verified by a correct-by-construction checker extracted from a Coq formalization, which was able to reproduce the original proof. However, none of these works address the question of formally addressing the relationship between the propositional formula that was constructed and the mathematical problem being considered. In this work, we formalize the Boolean Pythagorean Triples problem in Coq. We recursively define a family of propositional formulas, parameterized on a natural number n, and show that unsatisfiability of this formula for any particular n implies that there does not exist a solution to the problem. We then formalize the mathematical argument behind the simplification step in the original proof of unsatisfiability and the logical argument underlying cube-and-conquer, obtaining a verified proof of Heule et al.'s solution.
Annals of Mathematics and Artificial Intelligence, Mar 14, 2018
In the database world, integrity constraints are essential to guarantee database integrity. The r... more In the database world, integrity constraints are essential to guarantee database integrity. The related problem of database repair deals with finding the best way to change a database so that it satisfies its integrity constraints. These two topics have been studied intensively since the 1980s. The formalism of active integrity constraints, proposed in 2004, aims at addressing them jointly, by providing a syntax whereby a particular subclass of integrity constraints can be specified together with preferred ways to repair inconsistency. In the last decade, several authors have proposed adaptations of the notion of integrity constraints to other reasoning frameworks than relational databases. In this article, we extend this line of work in two ways. First, we target multi-context systems, a generalpurpose framework for combining heterogeneous reasoning systems, able to model most other reasoning frameworks, as we demonstrate. Second, we extend the notions of active integrity constraints and grounded repairs to this generalized setting. This way of including repair suggestions inside integrity constraints, subject to a validity check, enables us to
DRAT proofs have become the standard for verifying unsatisfiability proofs emitted by modern SAT ... more DRAT proofs have become the standard for verifying unsatisfiability proofs emitted by modern SAT solvers. However, recent work showed that the specification of the format differs from its implementation in existing tools due to optimizations necessary for efficiency. Although such differences do not compromise soundness of DRAT checkers, the sets of correct proofs according to the specification and to the implementation are incomparable. We discuss how it is possible to design DRAT checkers faithful to the specification by carefully modifying the standard optimization techniques. We implemented such modifications in a configurable DRAT checker. Our experimental results show negligible overhead due to these modifications, suggesting that efficient verification of the DRAT specification is possible. Furthermore, we show that the differences between specification and implementation of DRAT often arise in practice.
arXiv (Cornell University), Apr 27, 2023
Choreographic programming is a paradigm where a concurrent or distributed system is developed in ... more Choreographic programming is a paradigm where a concurrent or distributed system is developed in a top-down fashion. Programs, called choreographies, detail the desired interactions between processes, and can be compiled to distributed implementations based on message passing. Choreographic languages usually guarantee deadlock-freedom and provide an operational correspondence between choreographies and their compiled implementations, but until now little work has been done on verifying other properties. This paper presents a Hoare-style logic for reasoning about the behaviour of choreographies, and illustrate its usage in representative examples. We show that this logic is sound and complete, and discuss decidability of its judgements. Using existing results from choreographic programming, we show that any functional correctness property proven for a choreography also holds for its compiled implementation.
arXiv (Cornell University), Feb 11, 2016
Choreographic Programming is a paradigm for developing concurrent software that is correct by con... more Choreographic Programming is a paradigm for developing concurrent software that is correct by construction, by syntactically disallowing mismatched I/O operations in programs, called choreographies. Due to their benefits, choreographies have been largely adopted for the writing of business processes and communication protocols. However, current choreography language models cannot capture many kinds of communication structures, limiting their applicability. In this paper, we present Procedural Choreographies (PC), a new language model that includes the novel feature of reusable choreographic procedures, parameterised on the processes they use. PC also combines, for the first time in choreographies, general recursion with the ability to create new processes at runtime. The combination of these features yields a powerful framework where we can write divide-and-conquer concurrent algorithms based on message passing. This enhanced expressivity makes it possible to write new behaviours that cannot be faithfully implemented (unrealisability); to tackle this issue, we endow PC with a new typing discipline that supports both decidable type checking and type inference. PC is equipped with an EndPoint Projection (EPP) that, from a well-typed choreography, synthesises a correct-byconstruction distributed implementation in a process calculus. Extending a previous line of work on choreographies, our model supports two important properties wrt the programming of concurrent algorithms: implicit parallelism and transparent projection.
HAL (Le Centre pour la Communication Scientifique Directe), Feb 11, 2016
Choreographic Programming is an emerging paradigm for correct-by-construction concurrent programm... more Choreographic Programming is an emerging paradigm for correct-by-construction concurrent programming. However, its applicability is limited by the current lack of support for reusable procedures. We propose Procedural Choreographies (PC), a choreographic language model with full procedural abstraction. PC includes unbounded process creation and name mobility, yielding a powerful framework for writing correct concurrent algorithms that can be compiled into a process calculus. This increased expressivity requires a typing discipline to ensure that processes are properly connected when enacting procedures.
Theoretical Computer Science, Jun 1, 2007
A complete and decidable Hoare-style calculus for iteration-free probabilistic sequential program... more A complete and decidable Hoare-style calculus for iteration-free probabilistic sequential programs is presented using a state logic with truthfunctional propositional (not arithmetical) connectives.
Reconciling Communication Delays and Negation
Springer eBooks, 2022
arXiv (Cornell University), Feb 28, 2023
Choreographic programming is a paradigm where developers write the global specification (called c... more Choreographic programming is a paradigm where developers write the global specification (called choreography) of a communicating system, and then a correct-by-construction distributed implementation is compiled automatically. Unfortunately, it is possible to write choreographies that cannot be compiled, because of issues related to an agreement property known as knowledge of choice. This forces programmers to reason manually about implementation details that may be orthogonal to the protocol that they are writing. Amendment is an automatic procedure for repairing uncompilable choreographies. We present a formalisation of amendment from the literature, built upon an existing formalisation of choreographic programming. However, in the process of formalising the expected properties of this procedure, we discovered a subtle counterexample that invalidates the original published and peer-reviewed pen-and-paper theory. We discuss how using a theorem prover led us to both finding the issue, and stating and proving a correct formulation of the properties of amendment. 2012 ACM Subject Classification Theory of computation → Concurrency; Theory of computation → Automated reasoning; Software and its engineering → Concurrent programming languages Keywords and phrases choreographic programming, theorem proving, compilation, program repair Digital Object Identifier 10.4230/LIPIcs... buyer.offer −→ seller.x; If seller.acceptable(x) Then seller.product −→ buyer.y; End Else End Listing 1 An unprojectable choreography.
arXiv (Cornell University), Mar 7, 2023
Programming communicating processes is challenging, because it requires writing separate programs... more Programming communicating processes is challenging, because it requires writing separate programs that perform compatible send and receive actions at the right time during execution. Leaving this task to the programmer can easily lead to bugs. Choreographic programming addresses this challenge by equipping developers with high-level abstractions for codifying the desired communication structures from a global viewpoint. Given a choreography, implementations of the involved processes can be automatically generated by endpoint projection (EPP). While choreographic programming prevents manual mistakes in the implementation of communications, the correctness of a choreographic programming framework crucially hinges on the correctness of its complex compiler, which has motivated formalisation of theories of choreographic programming in theorem provers. In this paper, we build upon one of these formalisations to construct a toolchain that produces executable code from a choreography.
arXiv (Cornell University), Nov 5, 2021
Choreographic programming is an emerging programming paradigm for concurrent and distributed syst... more Choreographic programming is an emerging programming paradigm for concurrent and distributed systems, whereby developers write the communications that should be enacted and then a distributed implementation is automatically obtained by means of a compiler. Theories of choreographic programming typically come with strong theoretical guarantees about the compilation process, most notably: the generated implementations operationally correspond to their source choreographies and are deadlock-free. Currently, the most advanced incarnation of the paradigm is Choral, an object-oriented choreographic programming language that targets Java. Choral deviated significantly from known theories of choreographies, and in particular introduced the possibility of expressing higher-order choreographies (choreographies parameterised over choreographies) that are fully distributed. As a consequence, it is unclear whether the usual guarantees of choreographic programming can still hold in the more general setting of higher-order choreographies. In this article, we introduce Chorλ, the first functional choreographic programming language: it introduces a new formulation of the standard communication primitive found in choreographies as a function, and it is based upon the λ-calculus. Chorλ is the first theory that explains the core ideas of higher-order choreographic programming (as in Choral). Interestingly, bridging the gap between practice and theory requires developing a new evaluation strategy and typing discipline for λ terms that accounts for the distributed nature of computation in choreographies. We illustrate the expressivity of Chorλ with a series of examples, which include also reconstructions of the key examples found in the original presentation of Choral. Our theory supports all the expected properties of choreographic programming. By offering the first interpretation of choreographies as terms in λ-calculus, our work also serves to bridge the gap between the communities of functional and choreographic programming. 2012 ACM Subject Classification Theory of computation → Lambda calculus; Theory of computation → Distributed computing models; Computing methodologies → Distributed programming languages
Uploads
Papers by Luís Cruz-Filipe