Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Session Types for Me and You and Everyone We Know!

Session Types for Me and You and Everyone We Know!

Concurrent and distributed systems are unwieldy, and many of the patterns we program them with are informally characterized. How can we provide safety mechanisms at runtime and structure inter-process communication? One approach is session types, a formalism to model distributed communicating processes, describing protocols as type abstractions. This talk will cover the basics of what session types are and how they provide a safety net for asynchronous interaction across our increasingly complex platforms and networks.

The flow of this talk will start with the motivation for the need to formalize communication patterns across actors/channels/processes. Then, I’ll define what session types are and briefly describe their ongoing history. Finally, I’ll describe a couple specific approaches, geared around functional dynamic languages as a form of runtime rejection, for which session types can be applied.

Zeeshan Lakhani

May 27, 2016
Tweet

More Decks by Zeeshan Lakhani

Other Decks in Programming

Transcript

  1. Session Types for Me and You
    and Everyone We Know!
    Zeeshan Lakhani
    Papers We Love, Basho Technologies
    @zeeshanlakhani

    View Slide

  2. View Slide

  3. View Slide

  4. View Slide

  5. View Slide

  6. View Slide

  7. A B A B
    [1]

    View Slide

  8. View Slide

  9. )) <> ((

    View Slide

  10. )) <> ((
    Forever

    View Slide

  11. )) <> ((
    99.99% uptime as much as
    possible

    View Slide

  12. [2]
    [4]
    [3]
    • ⇡

    calculus
    is a model of computation for concurrent systems

    compared to other forms of process calculi


    calculus
    has
    ability to pass channels as data along other channels.
    CCS(~1980) ! ⇡–calculus(~1992)

    View Slide

  13. CCS(~1980) ! ⇡–calculus(~1992)
    [1]
    [5]

    View Slide

  14. ABCD[6]

    View Slide

  15. a session is a series of interactions which serve as a unit of conversation.
    A session is established among multiple parties via a shared name, which
    represents a public interaction point.
    [6]
    So,
    (
    Multiparty
    )
    Session Types

    View Slide

  16. * guarantees
    1. Interactions within a session never incur a communication error—communication
    safety.
    2. Channels for a session are used linearly (linearity) and are deadlock-free in
    a single session—progress.
    3. The communication sequence in a session follows the scenario declared in
    the session type—session fidelity, predictability.
    a session is a series of interactions which serve as a unit of conversation.
    A session is established among multiple parties via a shared name, which
    represents a public interaction point.
    [6]
    So,
    (
    Multiparty
    )
    Session Types

    View Slide

  17. A global type plays the role of a shared agreement among communication
    peers, and is used as a basis of efficient type checking through its projection
    (local types) onto individual peers.
    Local types (projected from global view of the system) can then be used to
    either statically or dynamically check conformance of an implementation to
    a protocol.
    So,
    (
    Multiparty
    )
    Session Types
    [6]

    View Slide

  18. * duality
    So,
    (
    Multiparty
    )
    Session Types
    [7]

    View Slide

  19. * propositions
    So,
    (
    Multiparty
    )
    Session Types
    [7]

    View Slide

  20. * causality
    A
    !
    B
    h
    bool
    i
    .end
    C
    !
    B
    h
    bool
    i
    .end
    So,
    (
    Multiparty
    )
    Session Types
    [6]

    View Slide

  21. * causality
    So,
    (
    Multiparty
    )
    Session Types
    [6]

    View Slide

  22. * causality
    B1 ! S < S ! B2 < B2 ! S
    So,
    (
    Multiparty
    )
    Session Types
    [6]

    View Slide

  23. * causality
    B1 ! S < S ! B2 < B2 ! S
    sending and receiving take place in strict temporal order, no conflict oc-
    curs between these two communications in spite of their use of a common
    channel s.
    So,
    (
    Multiparty
    )
    Session Types
    [6]

    View Slide

  24. * linearity
    “Some of the best things in life are free; and some are not. Truth is free.
    Having proved a theorem, you may use this proof as many times as you wish, at
    no extra cost. Food, on the other hand, has a cost. Having baked a cake, you may
    eat it only once. If traditional logic is about truth, then linear logic is about food.”
    • Value Types are qualified as linear –must be used exactly once or unlimited.
    Sessions channels themselves are linear.
    • Some implementations apply these channels as affine types–can be used
    once (weakened)
    • Correspondence with Girard’s Linear Logic
    So,
    (
    Multiparty
    )
    Session Types
    [8]
    [10]
    [9]

    View Slide

  25. * bisimulation
    • bisimulation is solely based on local (endpoint) types defined without global
    information
    • globally governed session bisimilarity which uses multiparty session types
    as information for a global witness
    • one can safely modify a global specification as long as its projection on the
    public roles stays the same. The barbed congruence we introduce takes this
    into account: two networks proposing the same service, but organized in
    different ways, are equated even if the two networks correspond to different
    global specifications.
    So,
    (
    Multiparty
    )
    Session Types
    [11]

    View Slide

  26. * delegation
    So,
    (
    Multiparty
    )
    Session Types
    The process performing the former action delegates to the process receiving
    it the capability to participate in a session by passing a channel associated
    with that session.
    Called higher-order session passing.
    * and reception
    [12]
    [6]

    View Slide

  27. Global Protocol/Types
    • Alice sends a book title to Seller and Seller sends back a quote to Alice and
    Bob. Alice tells Bob how much she can contribute.
    • If the price is within Bob’s budget, Bob notifies both Seller and Alice he
    accepts, then sends his address to Seller and Seller answers with the delivery
    date.
    • If the price exceeds Bob’s budget, Bob asks Carol to collaborate by estab-
    lishing a new session. Bob sends Carol how much she has to contribute and
    delegates the remaining interactions with Alice and Seller to her.
    • If Carol’s contribution is within her budget, she accepts the quote, notifies
    Alice, Bob and Seller, and continues the rest of the protocol with Seller and
    Alice as if she were Bob. Otherwise, she notifies Alice, Bob and Seller to
    quit the protocol.
    [12]

    View Slide

  28. [4]
    A B C D
    Global Protocol/Types
    [12]

    View Slide

  29. Global Protocol/Types
    Ga
    -
    Alice
    $
    role
    2 |
    Bob
    $
    role
    1 |
    Seller
    $
    role
    3
    Gb
    -
    Bob
    $
    role
    2 |
    Carol
    $
    role
    1
    [12]

    View Slide

  30. Global Protocol/Types
    [5]
    [12]

    View Slide

  31. View Slide

  32. View Slide

  33. Global Protocol/Types
    !
    string
    ; ?
    int
    ;
    ok
    :!
    string
    ; ?
    date
    ;
    end, quit
    :
    end [6]

    View Slide

  34. Global Protocol/Types
    [12]

    View Slide

  35. static/dynamic verification
    • Many initial and existing MPST focus on static type checking of endpoint
    processes (endpoint projection –EPP) against local types.
    • Dynamic verification’s (static/dynamic mix) importance due to needing to
    support heterogeneous distributed systems and work with languages without
    ability to enforce linear checks and syntactic session type checking.
    **
    **[13]

    View Slide

  36. [14]
    Monitoring Processes and Networks

    View Slide

  37. • The formal monitoring framework itself is based around the concept of a
    network. In this context, a network is a set of concrete endpoints, or princi-
    pals, along with a global transport. A global transport consists of a global
    message queue and routing table, mapping abstract roles to their concrete
    implementations.
    • The semantics of monitored networks are rejection-based: should a
    principal attempt to send a message which does not match the speci-
    fication, the message is not delivered.
    • Safety properties ensure that the network behaves in accordance with the
    global specification, and transparency properties ensure that a moni-
    tored network behaves exactly the same as an equivalent unmonitored
    network which conforms to the specification.
    Monitoring Processes and Networks
    [9]
    [9]

    View Slide

  38. Monitoring Processes and Networks
    [14]

    View Slide

  39. description language

    Scribble
    module s r c . com . simonjf . ScribbleExamples . PingPong . PingPong ;
    g l o b a l p r o t o c o l PingPong ( r o l e A, r o l e B)
    {
    rec loop
    {
    ping ( ) from A to B;
    pong ( ) from B to A;
    c o n t i n u e loop ;
    }
    }
    a language for representing protocols for interactions (2011)
    [15]
    [16]

    View Slide

  40. description language

    Scribble
    a language for representing protocols for interactions (2011)
    module s r c . com . simonjf . ScribbleExamples . PingPong . PingPong A ;
    l o c a l p r o t o c o l PingPong a t A( r o l e A, r o l e B)
    {
    rec loop
    {
    ping ( ) to B;
    pong ( ) from B;
    c o n t i n u e loop ;
    }
    }
    module s r c . com . simonjf . ScribbleExamples . PingPong . PingPong B ;
    l o c a l p r o t o c o l PingPong a t B( r o l e A, r o l e B)
    {
    rec loop
    {
    ping ( ) from A;
    pong ( ) to A;
    c o n t i n u e loop ;
    }
    }
    [15]
    [16]

    View Slide

  41. description language

    Scribble
    [17]

    View Slide

  42. description language

    Scribble
    [18]

    View Slide

  43. Runtime Generation

    Global
    !
    Local
    [18]

    View Slide

  44. Example

    Monitored Session Erlang
    A conversation key is a 3-tuple (M,R,S), where
    M
    is the process ID of the
    monitor,
    R
    is the name of the role that the participant is playing in the ses-
    sion, and
    S
    is the process ID of the conversation instance process for the
    session.
    [9]

    View Slide

  45. Example

    Monitored Session Erlang
    [9]

    View Slide

  46. Example

    Monitored Session Erlang
    [9]

    View Slide

  47. Session Types w/ Gradual Typing
    • In session types, the choice operations on the sender and receiver side natu-
    rally generate a subtyping relation: a receiver may accept more alternations
    than provided by a sender. This calculus comes with a new, dynamically
    checked notion of sender and receiver choice coercions, which allow a re-
    ceiver to accept fewer alternatives than provided by the sender.
    • Coercion may also add or remove cases from the set of labels on which the
    session type branches.
    • Blame (from blame calculus) labels identify source of (potential) run-time
    errors
    [19]

    View Slide

  48. TheFuture
    [20]

    View Slide

  49. TheFuture
    • What patterns do we see?
    • More work with contracts and 3rd-party module interaction.
    • Handling more complex distributed behaviors around actor placement, chang-
    ing an actor’s behavior, on defining levels of consistency and/or consensus?
    • Session types for epidemic broadcast protocols and selective hearing[21]

    View Slide

  50. [1] M. Dezani-Ciancaglini and U. de’Liguoro. Sessions and session types:
    An overview. In WS-FM’09, pages 1–28, 2009.
    [2] J. M. Wing, “FAQ on π-Calculus,” Misc. Pap., no. December, pp. 1–8,
    2002.
    [3] R. Milner. Communicating and Mobile Systems: The Pi Calculus.
    http://www.amazon.com/Communicating-Mobile-Systems-Pi-Calculus/dp/
    0521658691.
    [4] D. Sangiorgi and D. Walker. The Pi-Calculus: A Theory of Mobile
    Processes. http://www.amazon.com/Pi-Calculus-Theory-Mobile-Processes/
    dp/0521543274.
    [5] B. Toninho, R. Harper, and S. Brooks, “Thesis Proposal : A Logical
    Foundation for Session-based Concurrent Computation,” 2014.
    [6] K. Honda, N. Yoshida, and M. Carbone, “Multiparty asynchronous
    session types,” Proc. of POPL’08, vol. 43, no. 1, pp. 273–284, 2008.
    [7] P. Wadler, “Propositions as sessions,” ACM SIGPLAN Not., vol. 38, no.
    9, pp. 189–201, 2003.
    [8] P. Wadler, “A taste of linear logic,” no. September 1993, 2014.
    [9] S. Fowler, “Monitoring Erlang / OTP Applications using Multiparty
    Session Types,” 2015.
    [10] T. B. Laumann Jespersen, P. Munksgaard, and K. F. Larsen, “Session
    Types for Rust,” Work. Generic Program., pp. 13–22, 2015.
    the bibs

    View Slide

  51. [11] D. Kouzapas and N. Yoshida, “Globally governed session semantics,”
    Log. Methods Comput. Sci., vol. 10, no. 4, pp. 1–45, 2014.
    [12] M. Coppo, M. Dezani-Ciancaglini, L. Padovani, and N. Yoshida, “A
    gentle introduction to multiparty asynchronous session types,” Lect. Notes
    Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes
    Bioinformatics), vol. 9104, pp. 146–178, 2015.
    [13] M. Carbone and F. Montesi, “Deadlock-freedom-by-design: multiparty
    asynchronous global programming,” POPL Princ. Program. Lang., pp. 263–
    274, 2013.
    [14] L. Bocchi, T. C. Chen, R. Demangeon, K. Honda, and N. Yoshida,
    “Monitoring networks through multiparty session types,” Lect. Notes
    Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes
    Bioinformatics), vol. 7892 LNCS, pp. 50–65, 2013.
    [15] K. Honda, A. Mukhamedov, and G. Brown, “Scribbling Interactions
    with,” pp. 55–75, 2011.
    [16] S. Fowler. MSE-Examples. https://github.com/SimonJF/mse-examples.
    [17] R. Demangeon and K. Honda, “Practical interruptible conversations:
    Distributed Dynamic Verification with Session Types and Python - Mobility
    Reading Group,” pp. 1–18.
    [18] R. Neykova and N. Yoshida, “Multiparty session actors,” Lect. Notes
    Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes
    Bioinformatics), vol. 8459 LNCS, no. 3, pp. 131–146, 2014.
    the bibs

    View Slide

  52. [19] P. Thiemann, “Session Types with Gradual Typing,” Symp. Trust.
    Glob. Comput., 2014.
    [20] J. Lange, E. Tuosto, and N. Yoshida, “From communicating machines
    to graphical choreographies,” Proc. 42nd Annu. ACM SIGPLAN-SIGACT
    Symp. Princ. Program. Lang. - POPL ’15, pp. 221–232, 2015.
    [21] C. Meiklejohn and P. Van Roy, “Selective Hearing: An Approach to
    Distributed, Eventually Consistent Edge Computation,” 2015.
    the bibs

    View Slide