Session Types for Me and You and Everyone We Know!

Transcript

1. Session Types for Me and You
   and Everyone We Know!
   Zeeshan Lakhani
   Papers We Love, Basho Technologies
   @zeeshanlakhani
   

   View Slide

2. View Slide

3. View Slide

4. View Slide

5. View Slide

6. View Slide

7. A B A B
   [1]
   

   View Slide

8. View Slide

9. )) <> ((
   

   View Slide

10. )) <> ((
    Forever
    

    View Slide

11. )) <> ((
    99.99% uptime as much as
    possible
    

    View Slide

12. [2]
    [4]
    [3]
    • ⇡
    –
    calculus
    is a model of computation for concurrent systems
    •
    compared to other forms of process calculi
    ⇡
    –
    calculus
    has
    ability to pass channels as data along other channels.
    CCS(~1980) ! ⇡–calculus(~1992)
    

    View Slide

13. CCS(~1980) ! ⇡–calculus(~1992)
    [1]
    [5]
    

    View Slide

14. ABCD[6]
    

    View Slide

15. a session is a series of interactions which serve as a unit of conversation.
    A session is established among multiple parties via a shared name, which
    represents a public interaction point.
    [6]
    So,
    (
    Multiparty
    )
    Session Types
    

    View Slide

16. * guarantees
    1. Interactions within a session never incur a communication error—communication
    safety.
    2. Channels for a session are used linearly (linearity) and are deadlock-free in
    a single session—progress.
    3. The communication sequence in a session follows the scenario declared in
    the session type—session fidelity, predictability.
    a session is a series of interactions which serve as a unit of conversation.
    A session is established among multiple parties via a shared name, which
    represents a public interaction point.
    [6]
    So,
    (
    Multiparty
    )
    Session Types
    

    View Slide

17. A global type plays the role of a shared agreement among communication
    peers, and is used as a basis of efficient type checking through its projection
    (local types) onto individual peers.
    Local types (projected from global view of the system) can then be used to
    either statically or dynamically check conformance of an implementation to
    a protocol.
    So,
    (
    Multiparty
    )
    Session Types
    [6]
    

    View Slide

18. * duality
    So,
    (
    Multiparty
    )
    Session Types
    [7]
    

    View Slide

19. * propositions
    So,
    (
    Multiparty
    )
    Session Types
    [7]
    

    View Slide

20. * causality
    A
    !
    B
    h
    bool
    i
    .end
    C
    !
    B
    h
    bool
    i
    .end
    So,
    (
    Multiparty
    )
    Session Types
    [6]
    

    View Slide

21. * causality
    So,
    (
    Multiparty
    )
    Session Types
    [6]
    

    View Slide

22. * causality
    B1 ! S < S ! B2 < B2 ! S
    So,
    (
    Multiparty
    )
    Session Types
    [6]
    

    View Slide

23. * causality
    B1 ! S < S ! B2 < B2 ! S
    sending and receiving take place in strict temporal order, no conflict oc-
    curs between these two communications in spite of their use of a common
    channel s.
    So,
    (
    Multiparty
    )
    Session Types
    [6]
    

    View Slide

24. * linearity
    “Some of the best things in life are free; and some are not. Truth is free.
    Having proved a theorem, you may use this proof as many times as you wish, at
    no extra cost. Food, on the other hand, has a cost. Having baked a cake, you may
    eat it only once. If traditional logic is about truth, then linear logic is about food.”
    • Value Types are qualified as linear –must be used exactly once or unlimited.
    Sessions channels themselves are linear.
    • Some implementations apply these channels as affine types–can be used
    once (weakened)
    • Correspondence with Girard’s Linear Logic
    So,
    (
    Multiparty
    )
    Session Types
    [8]
    [10]
    [9]
    

    View Slide

25. * bisimulation
    • bisimulation is solely based on local (endpoint) types defined without global
    information
    • globally governed session bisimilarity which uses multiparty session types
    as information for a global witness
    • one can safely modify a global specification as long as its projection on the
    public roles stays the same. The barbed congruence we introduce takes this
    into account: two networks proposing the same service, but organized in
    different ways, are equated even if the two networks correspond to different
    global specifications.
    So,
    (
    Multiparty
    )
    Session Types
    [11]
    

    View Slide

26. * delegation
    So,
    (
    Multiparty
    )
    Session Types
    The process performing the former action delegates to the process receiving
    it the capability to participate in a session by passing a channel associated
    with that session.
    Called higher-order session passing.
    * and reception
    [12]
    [6]
    

    View Slide

27. Global Protocol/Types
    • Alice sends a book title to Seller and Seller sends back a quote to Alice and
    Bob. Alice tells Bob how much she can contribute.
    • If the price is within Bob’s budget, Bob notifies both Seller and Alice he
    accepts, then sends his address to Seller and Seller answers with the delivery
    date.
    • If the price exceeds Bob’s budget, Bob asks Carol to collaborate by estab-
    lishing a new session. Bob sends Carol how much she has to contribute and
    delegates the remaining interactions with Alice and Seller to her.
    • If Carol’s contribution is within her budget, she accepts the quote, notifies
    Alice, Bob and Seller, and continues the rest of the protocol with Seller and
    Alice as if she were Bob. Otherwise, she notifies Alice, Bob and Seller to
    quit the protocol.
    [12]
    

    View Slide

28. [4]
    A B C D
    Global Protocol/Types
    [12]
    

    View Slide

29. Global Protocol/Types
    Ga
    -
    Alice
    $
    role
    2 |
    Bob
    $
    role
    1 |
    Seller
    $
    role
    3
    Gb
    -
    Bob
    $
    role
    2 |
    Carol
    $
    role
    1
    [12]
    

    View Slide

30. Global Protocol/Types
    [5]
    [12]
    

    View Slide

31. View Slide

32. View Slide

33. Global Protocol/Types
    !
    string
    ; ?
    int
    ;
    ok
    :!
    string
    ; ?
    date
    ;
    end, quit
    :
    end [6]
    

    View Slide

34. Global Protocol/Types
    [12]
    

    View Slide

35. static/dynamic verification
    • Many initial and existing MPST focus on static type checking of endpoint
    processes (endpoint projection –EPP) against local types.
    • Dynamic verification’s (static/dynamic mix) importance due to needing to
    support heterogeneous distributed systems and work with languages without
    ability to enforce linear checks and syntactic session type checking.
    **
    **[13]
    

    View Slide

36. [14]
    Monitoring Processes and Networks
    

    View Slide

37. • The formal monitoring framework itself is based around the concept of a
    network. In this context, a network is a set of concrete endpoints, or princi-
    pals, along with a global transport. A global transport consists of a global
    message queue and routing table, mapping abstract roles to their concrete
    implementations.
    • The semantics of monitored networks are rejection-based: should a
    principal attempt to send a message which does not match the speci-
    fication, the message is not delivered.
    • Safety properties ensure that the network behaves in accordance with the
    global specification, and transparency properties ensure that a moni-
    tored network behaves exactly the same as an equivalent unmonitored
    network which conforms to the specification.
    Monitoring Processes and Networks
    [9]
    [9]
    

    View Slide

38. Monitoring Processes and Networks
    [14]
    

    View Slide

39. description language
    –
    Scribble
    module s r c . com . simonjf . ScribbleExamples . PingPong . PingPong ;
    g l o b a l p r o t o c o l PingPong ( r o l e A, r o l e B)
    {
    rec loop
    {
    ping ( ) from A to B;
    pong ( ) from B to A;
    c o n t i n u e loop ;
    }
    }
    a language for representing protocols for interactions (2011)
    [15]
    [16]
    

    View Slide

40. description language
    –
    Scribble
    a language for representing protocols for interactions (2011)
    module s r c . com . simonjf . ScribbleExamples . PingPong . PingPong A ;
    l o c a l p r o t o c o l PingPong a t A( r o l e A, r o l e B)
    {
    rec loop
    {
    ping ( ) to B;
    pong ( ) from B;
    c o n t i n u e loop ;
    }
    }
    module s r c . com . simonjf . ScribbleExamples . PingPong . PingPong B ;
    l o c a l p r o t o c o l PingPong a t B( r o l e A, r o l e B)
    {
    rec loop
    {
    ping ( ) from A;
    pong ( ) to A;
    c o n t i n u e loop ;
    }
    }
    [15]
    [16]
    

    View Slide

41. description language
    –
    Scribble
    [17]
    

    View Slide

42. description language
    –
    Scribble
    [18]
    

    View Slide

43. Runtime Generation
    –
    Global
    !
    Local
    [18]
    

    View Slide

44. Example
    –
    Monitored Session Erlang
    A conversation key is a 3-tuple (M,R,S), where
    M
    is the process ID of the
    monitor,
    R
    is the name of the role that the participant is playing in the ses-
    sion, and
    S
    is the process ID of the conversation instance process for the
    session.
    [9]
    

    View Slide

45. Example
    –
    Monitored Session Erlang
    [9]
    

    View Slide

46. Example
    –
    Monitored Session Erlang
    [9]
    

    View Slide

47. Session Types w/ Gradual Typing
    • In session types, the choice operations on the sender and receiver side natu-
    rally generate a subtyping relation: a receiver may accept more alternations
    than provided by a sender. This calculus comes with a new, dynamically
    checked notion of sender and receiver choice coercions, which allow a re-
    ceiver to accept fewer alternatives than provided by the sender.
    • Coercion may also add or remove cases from the set of labels on which the
    session type branches.
    • Blame (from blame calculus) labels identify source of (potential) run-time
    errors
    [19]
    

    View Slide

48. TheFuture
    [20]
    

    View Slide

49. TheFuture
    • What patterns do we see?
    • More work with contracts and 3rd-party module interaction.
    • Handling more complex distributed behaviors around actor placement, chang-
    ing an actor’s behavior, on defining levels of consistency and/or consensus?
    • Session types for epidemic broadcast protocols and selective hearing[21]
    

    View Slide

50. [1] M. Dezani-Ciancaglini and U. de’Liguoro. Sessions and session types:
    An overview. In WS-FM’09, pages 1–28, 2009.
    [2] J. M. Wing, “FAQ on π-Calculus,” Misc. Pap., no. December, pp. 1–8,
    2002.
    [3] R. Milner. Communicating and Mobile Systems: The Pi Calculus.
    http://www.amazon.com/Communicating-Mobile-Systems-Pi-Calculus/dp/
    0521658691.
    [4] D. Sangiorgi and D. Walker. The Pi-Calculus: A Theory of Mobile
    Processes. http://www.amazon.com/Pi-Calculus-Theory-Mobile-Processes/
    dp/0521543274.
    [5] B. Toninho, R. Harper, and S. Brooks, “Thesis Proposal : A Logical
    Foundation for Session-based Concurrent Computation,” 2014.
    [6] K. Honda, N. Yoshida, and M. Carbone, “Multiparty asynchronous
    session types,” Proc. of POPL’08, vol. 43, no. 1, pp. 273–284, 2008.
    [7] P. Wadler, “Propositions as sessions,” ACM SIGPLAN Not., vol. 38, no.
    9, pp. 189–201, 2003.
    [8] P. Wadler, “A taste of linear logic,” no. September 1993, 2014.
    [9] S. Fowler, “Monitoring Erlang / OTP Applications using Multiparty
    Session Types,” 2015.
    [10] T. B. Laumann Jespersen, P. Munksgaard, and K. F. Larsen, “Session
    Types for Rust,” Work. Generic Program., pp. 13–22, 2015.
    the bibs
    

    View Slide

51. [11] D. Kouzapas and N. Yoshida, “Globally governed session semantics,”
    Log. Methods Comput. Sci., vol. 10, no. 4, pp. 1–45, 2014.
    [12] M. Coppo, M. Dezani-Ciancaglini, L. Padovani, and N. Yoshida, “A
    gentle introduction to multiparty asynchronous session types,” Lect. Notes
    Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes
    Bioinformatics), vol. 9104, pp. 146–178, 2015.
    [13] M. Carbone and F. Montesi, “Deadlock-freedom-by-design: multiparty
    asynchronous global programming,” POPL Princ. Program. Lang., pp. 263–
    274, 2013.
    [14] L. Bocchi, T. C. Chen, R. Demangeon, K. Honda, and N. Yoshida,
    “Monitoring networks through multiparty session types,” Lect. Notes
    Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes
    Bioinformatics), vol. 7892 LNCS, pp. 50–65, 2013.
    [15] K. Honda, A. Mukhamedov, and G. Brown, “Scribbling Interactions
    with,” pp. 55–75, 2011.
    [16] S. Fowler. MSE-Examples. https://github.com/SimonJF/mse-examples.
    [17] R. Demangeon and K. Honda, “Practical interruptible conversations:
    Distributed Dynamic Verification with Session Types and Python - Mobility
    Reading Group,” pp. 1–18.
    [18] R. Neykova and N. Yoshida, “Multiparty session actors,” Lect. Notes
    Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes
    Bioinformatics), vol. 8459 LNCS, no. 3, pp. 131–146, 2014.
    the bibs
    

    View Slide

52. [19] P. Thiemann, “Session Types with Gradual Typing,” Symp. Trust.
    Glob. Comput., 2014.
    [20] J. Lange, E. Tuosto, and N. Yoshida, “From communicating machines
    to graphical choreographies,” Proc. 42nd Annu. ACM SIGPLAN-SIGACT
    Symp. Princ. Program. Lang. - POPL ’15, pp. 221–232, 2015.
    [21] C. Meiklejohn and P. Van Roy, “Selective Hearing: An Approach to
    Distributed, Eventually Consistent Edge Computation,” 2015.
    the bibs
    

    View Slide