The Newest in Session Types

Dr. Roland Kuhn @rolandkuhn — Akka Tech Lead

The Problem

Which problem are we trying to solve?

• reasoning about distributed programs is hard

• finding the flaws is large systems is hard

• we need better tools to • help us design the interaction of distributed components

• help us implement said components

3

Session Types

Definition

• Session: a unit of conversation

• Session Type: the structure of a conversation,a sequence of interactions in a communication-centric program model

• originally only binary sessions, multiparty sessions introduced 2008 by Kohei Honda

• primitives aresending, receiving, sequence, choice, recursion

• http://groups.inf.ed.ac.uk/abcd/index.html

5

Scribble

• commonly used language for defining protocols • defines the global protocol for all participants

• verifies the safety of the global protocol

• local projection for a single participant preserves safety

• automatic generation of FSA for local runtime validation

• type discipline for local processes requires support for expressing linearity from the host language

• where that is unavailable use dynamic validation

6

An Example

• global protocol (a asks b to calculate «x/y»):a→b: ⟨number⟩ . a→b: ⟨number⟩ .b→a: { ok: b→a: ⟨number⟩ . end, fail: end }

• local projection for a:[b]!⟨number⟩ . [b]!⟨number⟩ .[b]?{ ok: [b]?⟨number⟩ . end, fail: end }

• local projection for b:[a]?⟨number⟩ . [a]?⟨number⟩ .[a]!{ ok: [a]!⟨number⟩ . end, fail: end }

7

Report from the ABCD group meeting Glasgow, Sep 16 & 17, 2015

(in random order)

Talks I didn’t quite understand

• Ornela Dharda: Comparing deadlock free session typed processes • showing equivalence of different encodings in π-calculus

• Garrett Morris: Substructural types with class • how to encode linearity in Haskell

• Dimitris Kouzapas: Characteristic bisimulation for higher-order session types and Mungo: typechecking protocols • lots of typing rules and derivations

9

Julian Lange: Meeting Deadlines Together

• based on Communicating Timed Automata

• the idea is to enrich protocol descriptions with timing information in order to allow reasoning about whether a component can meet its SLA

• written in Haskell and using Z3 for constraint solving, checking may take a long time (minutes)

10

Bernardo Toninho: Certifying data in multiparty session types• Be more precise about what is exchanged in the course of a protocol

• Primary tool is the use of singleton types / dependent types

• Singleton types are scoped to entities that have seen them, identical values are not necessarily recognized as such without global knowledge

• Projection of the global type needs to add all required local knowledge (proofs) so that the recipient can make sense of the message

• Proofs may be compressible by using certificates or may even be elided

• Erasure of proofs can be done within trusted systems, passing proofs around allows separate compilation

11

Alceste Scalas: Towards type-safe sessions in Scala• encoding linear channels using Promise/Future

• abstracting over it using Channel type hierarchy (Input, Output, End) with nice syntax sugar for receiving and sending in a type-safe fashion, including the handling of continuations

• distribution planned via Akka Typed actors

• multiple-use will raise exceptions, but cannot reject non-use of a channel (i.e. omitting a required action)

12

Dominic Orchard: Session types for Cloud Haskell• local session types are projected to Haskell types

• graded monad: tracking effects of computation and defining a combinator for how effects are composed:(>>=) :: m s a -> (a -> m t b) -> m (Plus m s t) b

• parameterized monad: i, j, k are pre/post-conditions(>>=) :: m i j a -> (a -> m j k b) -> m i k b

• general idea is to track what a process does and then compare it to what it should do

• horrible type errors due to user having to introduce fresh names manually

13

Y.T.: Akka Typed—Opportunities for Session Types• lifting Actor behavior into a monadic representation

allows effect tracking • either at runtime, within the interpreter for the monad

• or at compile-time, if graded monads are feasible

14

Simple Ticket Counter Example (Akka Typed)

15

case class Incr(replyTo: ActorRef[Count])case class Count(n: Int) def ticket(n: Int): ActorAction[Incr, Behavior[Incr]] = for { msg <- receive[Incr] _ <- send(msg.replyTo, Count(n)).toActor z <- ticket(n + 1) } yield z

val counter = Action(ticket(0)) // Behavior[Incr]val counterRef = ActorSystem("counter", Props(counter)) // ActorSystem[Incr]

How can we forget something?

16

trait Inputcase class Intro(step1: ActorRef[Step1]) extends Inputcase class Step1(replyTo: ActorRef[Step1Reply])case class Step1Reply(step2: ActorRef[Step2]) extends Inputcase class Step2() def twoSteps: ActorAction[Input, Behavior[Input]] = for { Intro(step1) <- receive[Input] self <- selfRef _ <- send(step1, Step1(self)).toActor Step1Reply(step2) <- receive[Input] // what prevents usage of step1 here? _ <- send(step2, Step2()).toActor z <- twoSteps } yield z

Roly Perera: Multiparty compatibility without types• the idea is that instead of projecting a global

protocol down to local ones we piece together local sessions into a global protocol and check that one

• this saves the duplication in “implementing the protocol in two languages”, but requires mocking out participants for multi-team development

• can express certain types of recursion (if decidably unfoldable)

17

Simon Fowler: Detecting and handling errors in Monitored Session Erlang• Multiparty Session Actors: actors fulfill roles that they declare • Initiate a controller actor for a session

• Invite actors to fulfill roles

• Maintain mapping between roles and PIDs

• Message sends always go through monitor processes

• Encapsulating subsessions would be nice, in particular with different reaction to success and failure, but this could be problematic in the presence of network partitions.

• Inviting actors into subsessions is seen as very useful, both involving internal as well as external participants. This is equivalent to protocol refinement.

18

Florian Weber: POP3 with Scribble, StMungo and Mungo• Scribble formulation of the POP3 protocol

• StMungo translates local projection of that protocol to Mungo (annotated Java) syntax

• Mungo aims at writing normal imperative code that is annotated and verified instead of requiring the use of a construct like graded monad or linear types

19

Dimitrios Kouzapas: ABCD use-case repository

• https://github.com/epsrc-abcd/session-types-use-cases

• organization of collaboration so that new tools/languages can be applied to existing use-cases for validation and comparison to previous solutions

• this is a good place to start looking for examples when trying to learn things—opening issues when things are unclear is probably a good idea :-)

• additions of industry use-cases are welcome!

20

Summary

Summary

• Session types are demonstrably implementable and applicable to real-world internet protocols

• The ABCD group is keen on practical validation of the approach and industry feedback

• Largest barrier is deemed to be the expression of linearity in host languages

22

My Largest Question: Compositionality

• Given an established Session Type, can we formulate a set of rules or restriction for refining it (adding to it) so that existing safety properties are preserved?

23

©Typesafe 2015 – All Rights Reserved