Download - The Newest in Session Types
The Newest in Session Types
Dr. Roland Kuhn @rolandkuhn — Akka Tech Lead
The Problem
Which problem are we trying to solve?
• reasoning about distributed programs is hard
• finding the flaws is large systems is hard
• we need better tools to • help us design the interaction of distributed components
• help us implement said components
3
Session Types
Definition
• Session: a unit of conversation
• Session Type: the structure of a conversation,a sequence of interactions in a communication-centric program model
• originally only binary sessions, multiparty sessions introduced 2008 by Kohei Honda
• primitives aresending, receiving, sequence, choice, recursion
• http://groups.inf.ed.ac.uk/abcd/index.html
5
Scribble
• commonly used language for defining protocols • defines the global protocol for all participants
• verifies the safety of the global protocol
• local projection for a single participant preserves safety
• automatic generation of FSA for local runtime validation
• type discipline for local processes requires support for expressing linearity from the host language
• where that is unavailable use dynamic validation
6
An Example
• global protocol (a asks b to calculate «x/y»):a→b: ⟨number⟩ . a→b: ⟨number⟩ .b→a: { ok: b→a: ⟨number⟩ . end, fail: end }
• local projection for a:[b]!⟨number⟩ . [b]!⟨number⟩ .[b]?{ ok: [b]?⟨number⟩ . end, fail: end }
• local projection for b:[a]?⟨number⟩ . [a]?⟨number⟩ .[a]!{ ok: [a]!⟨number⟩ . end, fail: end }
7
Report from the ABCD group meeting Glasgow, Sep 16 & 17, 2015
(in random order)
Talks I didn’t quite understand
• Ornela Dharda: Comparing deadlock free session typed processes • showing equivalence of different encodings in π-calculus
• Garrett Morris: Substructural types with class • how to encode linearity in Haskell
• Dimitris Kouzapas: Characteristic bisimulation for higher-order session types and Mungo: typechecking protocols • lots of typing rules and derivations
9
Julian Lange: Meeting Deadlines Together
• based on Communicating Timed Automata
• the idea is to enrich protocol descriptions with timing information in order to allow reasoning about whether a component can meet its SLA
• written in Haskell and using Z3 for constraint solving, checking may take a long time (minutes)
10
Bernardo Toninho: Certifying data in multiparty session types• Be more precise about what is exchanged in the course of a protocol
• Primary tool is the use of singleton types / dependent types
• Singleton types are scoped to entities that have seen them, identical values are not necessarily recognized as such without global knowledge
• Projection of the global type needs to add all required local knowledge (proofs) so that the recipient can make sense of the message
• Proofs may be compressible by using certificates or may even be elided
• Erasure of proofs can be done within trusted systems, passing proofs around allows separate compilation
11
Alceste Scalas: Towards type-safe sessions in Scala• encoding linear channels using Promise/Future
• abstracting over it using Channel type hierarchy (Input, Output, End) with nice syntax sugar for receiving and sending in a type-safe fashion, including the handling of continuations
• distribution planned via Akka Typed actors
• multiple-use will raise exceptions, but cannot reject non-use of a channel (i.e. omitting a required action)
12
Dominic Orchard: Session types for Cloud Haskell• local session types are projected to Haskell types
• graded monad: tracking effects of computation and defining a combinator for how effects are composed:(>>=) :: m s a -> (a -> m t b) -> m (Plus m s t) b
• parameterized monad: i, j, k are pre/post-conditions(>>=) :: m i j a -> (a -> m j k b) -> m i k b
• general idea is to track what a process does and then compare it to what it should do
• horrible type errors due to user having to introduce fresh names manually
13
Y.T.: Akka Typed—Opportunities for Session Types• lifting Actor behavior into a monadic representation
allows effect tracking • either at runtime, within the interpreter for the monad
• or at compile-time, if graded monads are feasible
14
Simple Ticket Counter Example (Akka Typed)
15
case class Incr(replyTo: ActorRef[Count])case class Count(n: Int) def ticket(n: Int): ActorAction[Incr, Behavior[Incr]] = for { msg <- receive[Incr] _ <- send(msg.replyTo, Count(n)).toActor z <- ticket(n + 1) } yield z
val counter = Action(ticket(0)) // Behavior[Incr]val counterRef = ActorSystem("counter", Props(counter)) // ActorSystem[Incr]
How can we forget something?
16
trait Inputcase class Intro(step1: ActorRef[Step1]) extends Inputcase class Step1(replyTo: ActorRef[Step1Reply])case class Step1Reply(step2: ActorRef[Step2]) extends Inputcase class Step2() def twoSteps: ActorAction[Input, Behavior[Input]] = for { Intro(step1) <- receive[Input] self <- selfRef _ <- send(step1, Step1(self)).toActor Step1Reply(step2) <- receive[Input] // what prevents usage of step1 here? _ <- send(step2, Step2()).toActor z <- twoSteps } yield z
Roly Perera: Multiparty compatibility without types• the idea is that instead of projecting a global
protocol down to local ones we piece together local sessions into a global protocol and check that one
• this saves the duplication in “implementing the protocol in two languages”, but requires mocking out participants for multi-team development
• can express certain types of recursion (if decidably unfoldable)
17
Simon Fowler: Detecting and handling errors in Monitored Session Erlang• Multiparty Session Actors: actors fulfill roles that they declare • Initiate a controller actor for a session
• Invite actors to fulfill roles
• Maintain mapping between roles and PIDs
• Message sends always go through monitor processes
• Encapsulating subsessions would be nice, in particular with different reaction to success and failure, but this could be problematic in the presence of network partitions.
• Inviting actors into subsessions is seen as very useful, both involving internal as well as external participants. This is equivalent to protocol refinement.
18
Florian Weber: POP3 with Scribble, StMungo and Mungo• Scribble formulation of the POP3 protocol
• StMungo translates local projection of that protocol to Mungo (annotated Java) syntax
• Mungo aims at writing normal imperative code that is annotated and verified instead of requiring the use of a construct like graded monad or linear types
19
Dimitrios Kouzapas: ABCD use-case repository
• https://github.com/epsrc-abcd/session-types-use-cases
• organization of collaboration so that new tools/languages can be applied to existing use-cases for validation and comparison to previous solutions
• this is a good place to start looking for examples when trying to learn things—opening issues when things are unclear is probably a good idea :-)
• additions of industry use-cases are welcome!
20
Summary
Summary
• Session types are demonstrably implementable and applicable to real-world internet protocols
• The ABCD group is keen on practical validation of the approach and industry feedback
• Largest barrier is deemed to be the expression of linearity in host languages
22
My Largest Question: Compositionality
• Given an established Session Type, can we formulate a set of rules or restriction for refining it (adding to it) so that existing safety properties are preserved?
23
©Typesafe 2015 – All Rights Reserved