Fencing off Go: Liveness and Safety for Channel-based Programming (extended version)

Go is a production-level statically typed programming languagewhose design features explicit message-passing primitives andlightweight threads, enabling (and encouraging) programmers todevelop concurrent systems where components interact throughcommunication more so than by lock-based shared memory con-currency. Go can only detect global deadlocks at runtime, but pro-vides no compile-time protection against all too common commu-nication mismatches or partial deadlocks.This work develops a static verification framework for livenessand safety in Go programs, able to detect communication errorsand partial deadlocks in a general class of realistic concurrent pro-grams, including those with dynamic channel creation, unboundedthread creation and recursion. Our approach infers from a Go pro-gram a faithful representation of its communication patterns as abehavioural type. By checking a syntactic restriction on channelusage, dubbed fencing, we ensure that programs are made up offinitely many different communication patterns that may be re-peated infinitely many times. This restriction allows us to imple-ment procedures to check for liveness and safety in types which inturn approximates liveness and safety in Go programs. We have im-plemented a type inference and liveness and safety checks in a tool-chain and tested it against publicly available Go programs. This isa revised version of a paper [31] that appeared in POPL 2017,see § 9 for details.