Session Types for Me and You and Everyone We Know!

Transcript

1. Session Types for Me and You and Everyone We Know!

   Zeeshan Lakhani Papers We Love, Basho Technologies @zeeshanlakhani
2. None
3. None
4. None
5. None
6. None

7. A B A B [1]

8. None

9. )) <> ((

10. )) <> (( Forever

11. )) <> (( 99.99% uptime as much as possible

12. [2] [4] [3] • ⇡ – calculus is a model

    of computation for concurrent systems • compared to other forms of process calculi ⇡ – calculus has ability to pass channels as data along other channels. CCS(~1980) ! ⇡–calculus(~1992)

13. CCS(~1980) ! ⇡–calculus(~1992) [1] [5]

14. ABCD[6]

15. a session is a series of interactions which serve as

    a unit of conversation. A session is established among multiple parties via a shared name, which represents a public interaction point. [6] So, ( Multiparty ) Session Types

16. * guarantees 1. Interactions within a session never incur a

    communication error—communication safety. 2. Channels for a session are used linearly (linearity) and are deadlock-free in a single session—progress. 3. The communication sequence in a session follows the scenario declared in the session type—session fidelity, predictability. a session is a series of interactions which serve as a unit of conversation. A session is established among multiple parties via a shared name, which represents a public interaction point. [6] So, ( Multiparty ) Session Types

17. A global type plays the role of a shared agreement

    among communication peers, and is used as a basis of efficient type checking through its projection (local types) onto individual peers. Local types (projected from global view of the system) can then be used to either statically or dynamically check conformance of an implementation to a protocol. So, ( Multiparty ) Session Types [6]

18. * duality So, ( Multiparty ) Session Types [7]

19. * propositions So, ( Multiparty ) Session Types [7]

20. * causality A ! B h bool i .end C

    ! B h bool i .end So, ( Multiparty ) Session Types [6]

21. * causality So, ( Multiparty ) Session Types [6]

22. * causality B1 ! S < S ! B2 <

    B2 ! S So, ( Multiparty ) Session Types [6]

23. * causality B1 ! S < S ! B2 <

    B2 ! S sending and receiving take place in strict temporal order, no conflict oc- curs between these two communications in spite of their use of a common channel s. So, ( Multiparty ) Session Types [6]

24. * linearity “Some of the best things in life are

    free; and some are not. Truth is free. Having proved a theorem, you may use this proof as many times as you wish, at no extra cost. Food, on the other hand, has a cost. Having baked a cake, you may eat it only once. If traditional logic is about truth, then linear logic is about food.” • Value Types are qualified as linear –must be used exactly once or unlimited. Sessions channels themselves are linear. • Some implementations apply these channels as affine types–can be used once (weakened) • Correspondence with Girard’s Linear Logic So, ( Multiparty ) Session Types [8] [10] [9]

25. * bisimulation • bisimulation is solely based on local (endpoint)

    types defined without global information • globally governed session bisimilarity which uses multiparty session types as information for a global witness • one can safely modify a global specification as long as its projection on the public roles stays the same. The barbed congruence we introduce takes this into account: two networks proposing the same service, but organized in different ways, are equated even if the two networks correspond to different global specifications. So, ( Multiparty ) Session Types [11]

26. * delegation So, ( Multiparty ) Session Types The process

    performing the former action delegates to the process receiving it the capability to participate in a session by passing a channel associated with that session. Called higher-order session passing. * and reception [12] [6]

27. Global Protocol/Types • Alice sends a book title to Seller

    and Seller sends back a quote to Alice and Bob. Alice tells Bob how much she can contribute. • If the price is within Bob’s budget, Bob notifies both Seller and Alice he accepts, then sends his address to Seller and Seller answers with the delivery date. • If the price exceeds Bob’s budget, Bob asks Carol to collaborate by estab- lishing a new session. Bob sends Carol how much she has to contribute and delegates the remaining interactions with Alice and Seller to her. • If Carol’s contribution is within her budget, she accepts the quote, notifies Alice, Bob and Seller, and continues the rest of the protocol with Seller and Alice as if she were Bob. Otherwise, she notifies Alice, Bob and Seller to quit the protocol. [12]

28. [4] A B C D Global Protocol/Types [12]

29. Global Protocol/Types Ga - Alice $ role 2 | Bob

    $ role 1 | Seller $ role 3 Gb - Bob $ role 2 | Carol $ role 1 [12]

30. Global Protocol/Types [5] [12]

31. None
32. None

33. Global Protocol/Types ! string ; ? int ; ok :!

    string ; ? date ; end, quit : end [6]

34. Global Protocol/Types [12]

35. static/dynamic verification • Many initial and existing MPST focus on

    static type checking of endpoint processes (endpoint projection –EPP) against local types. • Dynamic verification’s (static/dynamic mix) importance due to needing to support heterogeneous distributed systems and work with languages without ability to enforce linear checks and syntactic session type checking. ** **[13]

36. [14] Monitoring Processes and Networks

37. • The formal monitoring framework itself is based around the

    concept of a network. In this context, a network is a set of concrete endpoints, or princi- pals, along with a global transport. A global transport consists of a global message queue and routing table, mapping abstract roles to their concrete implementations. • The semantics of monitored networks are rejection-based: should a principal attempt to send a message which does not match the speci- fication, the message is not delivered. • Safety properties ensure that the network behaves in accordance with the global specification, and transparency properties ensure that a moni- tored network behaves exactly the same as an equivalent unmonitored network which conforms to the specification. Monitoring Processes and Networks [9] [9]

38. Monitoring Processes and Networks [14]

39. description language – Scribble module s r c . com

    . simonjf . ScribbleExamples . PingPong . PingPong ; g l o b a l p r o t o c o l PingPong ( r o l e A, r o l e B) { rec loop { ping ( ) from A to B; pong ( ) from B to A; c o n t i n u e loop ; } } a language for representing protocols for interactions (2011) [15] [16]

40. description language – Scribble a language for representing protocols for

    interactions (2011) module s r c . com . simonjf . ScribbleExamples . PingPong . PingPong A ; l o c a l p r o t o c o l PingPong a t A( r o l e A, r o l e B) { rec loop { ping ( ) to B; pong ( ) from B; c o n t i n u e loop ; } } module s r c . com . simonjf . ScribbleExamples . PingPong . PingPong B ; l o c a l p r o t o c o l PingPong a t B( r o l e A, r o l e B) { rec loop { ping ( ) from A; pong ( ) to A; c o n t i n u e loop ; } } [15] [16]

41. description language – Scribble [17]

42. description language – Scribble [18]

43. Runtime Generation – Global ! Local [18]

44. Example – Monitored Session Erlang A conversation key is a

    3-tuple (M,R,S), where M is the process ID of the monitor, R is the name of the role that the participant is playing in the ses- sion, and S is the process ID of the conversation instance process for the session. [9]

45. Example – Monitored Session Erlang [9]

46. Example – Monitored Session Erlang [9]

47. Session Types w/ Gradual Typing • In session types, the

    choice operations on the sender and receiver side natu- rally generate a subtyping relation: a receiver may accept more alternations than provided by a sender. This calculus comes with a new, dynamically checked notion of sender and receiver choice coercions, which allow a re- ceiver to accept fewer alternatives than provided by the sender. • Coercion may also add or remove cases from the set of labels on which the session type branches. • Blame (from blame calculus) labels identify source of (potential) run-time errors [19]

48. TheFuture [20]

49. TheFuture • What patterns do we see? • More work

    with contracts and 3rd-party module interaction. • Handling more complex distributed behaviors around actor placement, chang- ing an actor’s behavior, on defining levels of consistency and/or consensus? • Session types for epidemic broadcast protocols and selective hearing[21]

50. [1] M. Dezani-Ciancaglini and U. de’Liguoro. Sessions and session types:

    An overview. In WS-FM’09, pages 1–28, 2009. [2] J. M. Wing, “FAQ on π-Calculus,” Misc. Pap., no. December, pp. 1–8, 2002. [3] R. Milner. Communicating and Mobile Systems: The Pi Calculus. http://www.amazon.com/Communicating-Mobile-Systems-Pi-Calculus/dp/ 0521658691. [4] D. Sangiorgi and D. Walker. The Pi-Calculus: A Theory of Mobile Processes. http://www.amazon.com/Pi-Calculus-Theory-Mobile-Processes/ dp/0521543274. [5] B. Toninho, R. Harper, and S. Brooks, “Thesis Proposal : A Logical Foundation for Session-based Concurrent Computation,” 2014. [6] K. Honda, N. Yoshida, and M. Carbone, “Multiparty asynchronous session types,” Proc. of POPL’08, vol. 43, no. 1, pp. 273–284, 2008. [7] P. Wadler, “Propositions as sessions,” ACM SIGPLAN Not., vol. 38, no. 9, pp. 189–201, 2003. [8] P. Wadler, “A taste of linear logic,” no. September 1993, 2014. [9] S. Fowler, “Monitoring Erlang / OTP Applications using Multiparty Session Types,” 2015. [10] T. B. Laumann Jespersen, P. Munksgaard, and K. F. Larsen, “Session Types for Rust,” Work. Generic Program., pp. 13–22, 2015. the bibs

51. [11] D. Kouzapas and N. Yoshida, “Globally governed session semantics,”

    Log. Methods Comput. Sci., vol. 10, no. 4, pp. 1–45, 2014. [12] M. Coppo, M. Dezani-Ciancaglini, L. Padovani, and N. Yoshida, “A gentle introduction to multiparty asynchronous session types,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 9104, pp. 146–178, 2015. [13] M. Carbone and F. Montesi, “Deadlock-freedom-by-design: multiparty asynchronous global programming,” POPL Princ. Program. Lang., pp. 263– 274, 2013. [14] L. Bocchi, T. C. Chen, R. Demangeon, K. Honda, and N. Yoshida, “Monitoring networks through multiparty session types,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 7892 LNCS, pp. 50–65, 2013. [15] K. Honda, A. Mukhamedov, and G. Brown, “Scribbling Interactions with,” pp. 55–75, 2011. [16] S. Fowler. MSE-Examples. https://github.com/SimonJF/mse-examples. [17] R. Demangeon and K. Honda, “Practical interruptible conversations: Distributed Dynamic Verification with Session Types and Python - Mobility Reading Group,” pp. 1–18. [18] R. Neykova and N. Yoshida, “Multiparty session actors,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 8459 LNCS, no. 3, pp. 131–146, 2014. the bibs

52. [19] P. Thiemann, “Session Types with Gradual Typing,” Symp. Trust.

    Glob. Comput., 2014. [20] J. Lange, E. Tuosto, and N. Yoshida, “From communicating machines to graphical choreographies,” Proc. 42nd Annu. ACM SIGPLAN-SIGACT Symp. Princ. Program. Lang. - POPL ’15, pp. 221–232, 2015. [21] C. Meiklejohn and P. Van Roy, “Selective Hearing: An Approach to Distributed, Eventually Consistent Edge Computation,” 2015. the bibs