Upload
others
View
37
Download
0
Embed Size (px)
Citation preview
Session-Typed Concurrent Programming1
Stephanie Balzer Carnegie Mellon University
POPL 2019 TutorialFest
1 Supported by a Mozilla Research Grant and an NSF grant (No. CCF-1718267)
Content of tutorial
Message-passing programming and session types • types for typing such programs
Linear logic and session types • benefits and limitations
Manifest sharing • controlled sharing for concurrency (non-determinism)
Manifest sharing and the pi-calculus • expressiveness of untyped asynchronous pi-calculus recovered
Current & future research
�2
Learning objectives of tutorial
• How to program with session types • What linearity is good for in programming • How logic can guide programming language design • Expressiveness of session-typed programming • Hands-on experience with Concurrent C0
�3
Message-passing concurrent programming
�5
P1
P2
P3
P4
P5
Legend: channel messageprocess
Computation: by message exchange along channels
Program: network of processes connected by channels
a
b
c
N-ary channels: e.g., a connects P1, P2, and P3
Message-passing concurrent programming
�5
P1
P2
P3
P4
P5
Legend: channel messageprocess
Computation: by message exchange along channels
Program: network of processes connected by channels
a
b
c
M
N-ary channels: e.g., a connects P1, P2, and P3
Message-passing concurrent programming
�5
P1
P2
P3
P4
P5
Legend: channel messageprocess
Computation: by message exchange along channels
Program: network of processes connected by channels
a
b
c
M
N-ary channels: e.g., a connects P1, P2, and P3
Message-passing concurrent programming
�6
P1
P2
P3
P4
P5
Legend: channel messageprocess
Computation: by message exchange along channels
Program: network of processes connected by channels
a
b
c
N-ary channels: e.g., a connects P1, P2, and P3
Message-passing concurrent programming
�6
P1
P2
P3
P4
P5
Legend: channel messageprocess
Computation: by message exchange along channels
Program: network of processes connected by channels
a
b
c
M
N-ary channels: e.g., a connects P1, P2, and P3
Message-passing concurrent programming
�6
P1
P2
P3
P4
P5
Legend: channel messageprocess
Computation: by message exchange along channels
Program: network of processes connected by channels
a
b
c
M N-ary channels: e.g., a connects P1, P2, and P3
Message-passing concurrent programming
�6
P1
P2
P3
P4
P5
Legend: channel messageprocess
Computation: by message exchange along channels
Program: network of processes connected by channels
a
b
c
N-ary channels: e.g., a connects P1, P2, and P3
non-determinism
Message-passing concurrent programming
�6
P1
P2
P3
P4
P5
Legend: channel messageprocess
Computation: by message exchange along channels
Program: network of processes connected by channels
a
b
c
N-ary channels: e.g., a connects P1, P2, and P3
non-determinism
formal model: pi-calculus[Milner 1992]
Example: queue
�7
“P” “O” “P”
queueclient
dequeue enqueue
enqueue: client sends “enq” followed by “L” along q
q t1 t2 t3
Example: queue
�8
“P” “O” “P”
queueclient
q t1 t2 t3
enqueue: client sends “enq” followed by “L” along q
Example: queue
�9
enqueue: client sends “enq” followed by “L” along q
“P” “O” “P”
queueclient
q t1 t2 t3
“P” “O” “P” “L”q t1 t2 t3 t4
Example: queue
�9
enqueue: client sends “enq” followed by “L” along q
“P” “O” “P”
queueclient
q t1 t2 t3
“P” “O” “P” “L”q t1 t2 t3 t4
dequeue: client sends “deq”, then receives “P”
Example: queue
�9
enqueue: client sends “enq” followed by “L” along q
“P” “O” “P”
queueclient
q t1 t2 t3
“P” “O” “P” “L”q t1 t2 t3 t4
dequeue: client sends “deq”, then receives “P”
“O” “P” “L”q t2 t3 t4
Example: queue
• In our example, we’ve stored characters in the queue • However, we can also store channel references:
�10
Example: queue
• In our example, we’ve stored characters in the queue • However, we can also store channel references:
�10
q t1 t2 t3
Example: queue
• In our example, we’ve stored characters in the queue • However, we can also store channel references:
�10
q t1 t2 t3
“higher-order” channels (session types)
Example: queue
• In our example, we’ve stored characters in the queue • However, we can also store channel references:
�10
q t1 t2 t3
“higher-order” channels (session types)
“mobility” (pi-calculus)
Types for protocols of message exchange
Session types [Honda 1993]
�11
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
Types for protocols of message exchange
Session types [Honda 1993]
�11
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
input: receive message of type T, continue as type A’
Types for protocols of message exchange
Session types [Honda 1993]
�12
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
Types for protocols of message exchange
Session types [Honda 1993]
�12
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
output: send message of type T, continue as type A’
Types for protocols of message exchange
Session types [Honda 1993]
�13
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
Types for protocols of message exchange
Session types [Honda 1993]
�13
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
external choice: receive label li, continue as type Ai
Types for protocols of message exchange
Session types [Honda 1993]
�14
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
Types for protocols of message exchange
Session types [Honda 1993]
�14
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
internal choice: send label li, continue as type Ai
Types for protocols of message exchange
Session types [Honda 1993]
�15
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
Types for protocols of message exchange
Session types [Honda 1993]
�15
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
termination: close session and terminate
Types for protocols of message exchange
Session types [Honda 1993]
�16
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
Types for protocols of message exchange
Session types [Honda 1993]
�16
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
recursive session types
Types for protocols of message exchange
Session types [Honda 1993]
�17
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
Types for protocols of message exchange
Session types [Honda 1993]
�17
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
A , ?[T ].A0 | ![T ].A0 |N{l1 : A1, . . . , ln : An} | �{l1 : A1, . . . , ln : An} |end | X | µX.A0
T , A | int | . . .
Example:
Session types change with protocol
�18
“P” “O” “P”
queueclient
q
What is the type of channel q?
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
Action: Type:
q: queue
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
Action: Type:
q: queue
send “enq” along q q:
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
Action: Type:
q: queue
send “enq” along q q: ?[char].queue
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
Action: Type:
q: queue
send “enq” along q q: ?[char].queue
send “L” along q q:
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
Action: Type:
q: queue
send “enq” along q q: ?[char].queue
send “L” along q q: queue
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
Action: Type:
q: queue
send “enq” along q q: ?[char].queue
send “L” along q q: queue
send “deq” along q q:
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
Action: Type:
q: queue
send “enq” along q q: ?[char].queue
send “L” along q q: queue
send “deq” along q q: �{none : end, some : ![char].queue}
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
receive “some” along q q:
Action: Type:
q: queue
send “enq” along q q: ?[char].queue
send “L” along q q: queue
send “deq” along q q: �{none : end, some : ![char].queue}
Session types change with protocol
�19
queue = N{enq : ?[char].queue,deq : �{none : end, some : ![char].queue}}
receive “some” along q q:
Action: Type:
q: queue
send “enq” along q q: ?[char].queue
send “L” along q q: queue
send “deq” along q q: �{none : end, some : ![char].queue}![char].queue
Session types change with protocol
�20
What if?
“P” “O” “P”
queueclient 1
q
client 2
Action: Type:q: queue
Session types change with protocol
�20
What if?
“P” “O” “P”
queueclient 1
q
client 2
Action: Type:q: queue
client 1 sends “enq” along q q:
Session types change with protocol
�20
What if?
“P” “O” “P”
queueclient 1
q
client 2
Action: Type:q: queue
client 1 sends “enq” along q q: ?[char].queue
Session types change with protocol
�20
What if?
“P” “O” “P”
queueclient 1
q
client 2
Action: Type:q: queue
client 1 sends “enq” along q q: ?[char].queue
client 2 sends “enq” along q
Session types change with protocol
�20
What if?
“P” “O” “P”
queueclient 1
q
client 2
Action: Type:q: queue
client 1 sends “enq” along q q: ?[char].queue
client 2 sends “enq” along q q is not at expected type!
Preservation (session fidelity)
• Expectations of client and provider match, if they do initially.
• How can we recover preservation?
�21
Preservation (session fidelity)
• Expectations of client and provider match, if they do initially.
• How can we recover preservation?
�21
Use linear logic as a foundation for session types
Preservation (session fidelity)
• Expectations of client and provider match, if they do initially.
• How can we recover preservation?
�21
Use linear logic as a foundation for session types
Let’s view session types as linear propositions
Preservation (session fidelity)
• Expectations of client and provider match, if they do initially.
• How can we recover preservation?
�21
Use linear logic as a foundation for session types
Linear logic allows us to treat channels as “resources”
Let’s view session types as linear propositions
Preservation (session fidelity)
• Expectations of client and provider match, if they do initially.
• How can we recover preservation?
�21
Use linear logic as a foundation for session types
Linear logic allows us to treat channels as “resources”
What does that mean?
Let’s view session types as linear propositions
Linear logic
�23
� ` C
�, A ` Cweaken
�, A,A ` C
�, A ` Ccontract
Rejects the following two structural rules:
“drop resource” “duplicate resource”
Linear logic
�23
� ` C
�, A ` Cweaken
�, A,A ` C
�, A ` Ccontract
Rejects the following two structural rules:
“drop resource” “duplicate resource”
Presented work based on intuitionistic linear logic
Linear logic
�23
� ` C
�, A ` Cweaken
�, A,A ` C
�, A ` Ccontract
Rejects the following two structural rules:
“drop resource” “duplicate resource”
Presented work based on intuitionistic linear logic
Distinction of provider (right) from clients (left) of turnstile
Weakening
�25
� ` C
�, A ` Cweaken
“P” “O” “P”
queueclient
q
Terminating client without terminating or passing on queue
Weakening
�25
� ` C
�, A ` Cweaken
“P” “O” “P”
queueclient
q
Terminating client without terminating or passing on queue
“P” “O” “P”q
Weakening
�25
� ` C
�, A ` Cweaken
“P” “O” “P”
queueclient
q
Terminating client without terminating or passing on queue
“P” “O” “P”q
Providing process without a client
Contraction
�26
“P” “O” “P”
queueclient
q
Passing on channel reference and keeping it
�, A,A ` C
�, A ` Ccontract
Contraction
�26
“P” “O” “P”
queueclient
q
Passing on channel reference and keeping it
�, A,A ` C
�, A ` Ccontract
“P” “O” “P”q
Contraction
�26
“P” “O” “P”
queueclient
q
Passing on channel reference and keeping it
Providing process has multiple clients
�, A,A ` C
�, A ` Ccontract
“P” “O” “P”q
Tree structure
�27
Without weakening and contraction, process graph forms a tree.
parent: client
child: provider
Tree structure
�27
Without weakening and contraction, process graph forms a tree.
parent: client
child: provider
Every providing process has exactly one client.
Tree structure
�27
Without weakening and contraction, process graph forms a tree.
parent: client
child: provider
Every providing process has exactly one client.
Session fidelity restored.
Reconstructing session types from linear propositions [Caires & Pfenning 2010, Wadler 2012]
�28
Curry-Howard correspondence: intuitionistic linear logic - session-typed pi-calculus [Caires & Pfenning 2010]
Logic: Type theory:
Linear propositions Session types
Proofs Programs
Cut reduction Communication
Reconstructing session types from linear propositions [Caires & Pfenning 2010, Wadler 2012]
�28
Curry-Howard correspondence: intuitionistic linear logic - session-typed pi-calculus [Caires & Pfenning 2010]
Logic: Type theory:
Linear propositions Session types
Proofs Programs
Cut reduction Communication
Let’s discover this correspondence together!
Intuitionistic linear logic
�29
Connectives:A,B , A⌦B multiplicative conjunction
A ( B multiplicative implication
ANB additive conjunction
A�B additive disjunction
!A ”of course”, persistent truth
Intuitionistic linear logic
�29
Connectives:A,B , A⌦B multiplicative conjunction
A ( B multiplicative implication
ANB additive conjunction
A�B additive disjunction
!A ”of course”, persistent truth
Judgment: x1 : A1, . . . , xn : An ` P :: (x : A)
Intuitionistic linear logic
�29
Connectives:A,B , A⌦B multiplicative conjunction
A ( B multiplicative implication
ANB additive conjunction
A�B additive disjunction
!A ”of course”, persistent truth
Judgment: x1 : A1, . . . , xn : An ` P :: (x : A)
Intuitionistic linear logic
�29
Connectives:A,B , A⌦B multiplicative conjunction
A ( B multiplicative implication
ANB additive conjunction
A�B additive disjunction
!A ”of course”, persistent truth
Judgment: x1 : A1, . . . , xn : An ` P :: (x : A)
Intuitionistic linear logic
�29
Connectives:A,B , A⌦B multiplicative conjunction
A ( B multiplicative implication
ANB additive conjunction
A�B additive disjunction
!A ”of course”, persistent truth
Judgment: x1 : A1, . . . , xn : An ` P :: (x : A)
Intuitionistic linear logic
�29
Connectives:A,B , A⌦B multiplicative conjunction
A ( B multiplicative implication
ANB additive conjunction
A�B additive disjunction
!A ”of course”, persistent truth
Judgment: x1 : A1, . . . , xn : An ` P :: (x : A)
“Process P offers a session of type A along channel x using the sessions A1, …, An provided along channels x1, …, xn.”
Intuitionistic linear logic
�30
Judgment: x1 : A1, . . . , xn : An ` P :: (x : A)
“Process P offers a session of type A along channel x using the sessions A1, …, An provided along channels x1, …, xn.”
Intuitionistic linear logic
�30
Judgment: x1 : A1, . . . , xn : An ` P :: (x : A)
“Process P offers a session of type A along channel x using the sessions A1, …, An provided along channels x1, …, xn.”
P
x : A
x1 : A1 xn : An
Additive conjunction
�31
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
Additive conjunction
�31
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
Additive conjunction
�31
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
Additive conjunction
�31
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
Additive conjunction
�31
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
Additive conjunction
�32
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
�, x : A ` Q :: (z : C)
�, x : ANB ` x.inl;Q :: (z : C)(T-NL1)
Additive conjunction
�32
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
�, x : A ` Q :: (z : C)
�, x : ANB ` x.inl;Q :: (z : C)(T-NL1)
Additive conjunction
�32
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
�, x : A ` Q :: (z : C)
�, x : ANB ` x.inl;Q :: (z : C)(T-NL1)
Additive conjunction
�32
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
�, x : A ` Q :: (z : C)
�, x : ANB ` x.inl;Q :: (z : C)(T-NL1)
Additive conjunction
�32
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
�, x : A ` Q :: (z : C)
�, x : ANB ` x.inl;Q :: (z : C)(T-NL1)
Additive conjunction
�33
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
�, x : A ` Q :: (z : C)
�, x : ANB ` x.inl;Q :: (z : C)(T-NL1)
�, x : B ` Q :: (z : C)
�, x : ANB ` x.inr;Q :: (z : C)(T-NL2)
Additive conjunction
�33
� ` P1 :: (x : A) � ` P2 :: (x : B)
� ` casex of(P1, P2) :: (x : ANB)(T-NR)
�, x : A ` Q :: (z : C)
�, x : ANB ` x.inl;Q :: (z : C)(T-NL1)
�, x : B ` Q :: (z : C)
�, x : ANB ` x.inr;Q :: (z : C)(T-NL2)
External choice: client chooses. Generalizes to .N{l : A}
Additive disjunction
�34
� ` P :: (x : A)
� ` x.inl;P :: (x : A�B)(T-�R1)
� ` P :: (x : B)
� ` x.inr;P :: (x : A�B)(T-�R2)
Internal choice: provider chooses. Generalizes to .�{l : A}
�, x : A ` Q1 :: (z : C) �, x : B ` Q2 :: (z : C)
�, x : A�B ` casex of(Q1, Q2) :: (z : C)(T-�L)
Multiplicative implication
�36
�, y : A ` P :: (x : B)
� ` y recv x;P :: (x : A ( B)(T-(R)
� ` Q :: (y : A) �0, x : B ` Q0 :: (z : C)
�,�0, x : A ( B ` send x (y Q);Q0 :: (z : C)(T-(L)
Channel input: provider receives a channel.
Multiplicative implication
�36
�, y : A ` P :: (x : B)
� ` y recv x;P :: (x : A ( B)(T-(R)
� ` Q :: (y : A) �0, x : B ` Q0 :: (z : C)
�,�0, x : A ( B ` send x (y Q);Q0 :: (z : C)(T-(L)
Channel input: provider receives a channel.
Multiplicative implication
�36
�, y : A ` P :: (x : B)
� ` y recv x;P :: (x : A ( B)(T-(R)
� ` Q :: (y : A) �0, x : B ` Q0 :: (z : C)
�,�0, x : A ( B ` send x (y Q);Q0 :: (z : C)(T-(L)
Channel input: provider receives a channel.
Multiplicative implication
�36
�, y : A ` P :: (x : B)
� ` y recv x;P :: (x : A ( B)(T-(R)
� ` Q :: (y : A) �0, x : B ` Q0 :: (z : C)
�,�0, x : A ( B ` send x (y Q);Q0 :: (z : C)(T-(L)
Channel input: provider receives a channel.
Multiplicative implication
�36
�, y : A ` P :: (x : B)
� ` y recv x;P :: (x : A ( B)(T-(R)
� ` Q :: (y : A) �0, x : B ` Q0 :: (z : C)
�,�0, x : A ( B ` send x (y Q);Q0 :: (z : C)(T-(L)
Channel input: provider receives a channel.
Multiplicative implication
�36
�, y : A ` P :: (x : B)
� ` y recv x;P :: (x : A ( B)(T-(R)
� ` Q :: (y : A) �0, x : B ` Q0 :: (z : C)
�,�0, x : A ( B ` send x (y Q);Q0 :: (z : C)(T-(L)
Channel input: provider receives a channel.
Multiplicative implication
�36
�, y : A ` P :: (x : B)
� ` y recv x;P :: (x : A ( B)(T-(R)
� ` Q :: (y : A) �0, x : B ` Q0 :: (z : C)
�,�0, x : A ( B ` send x (y Q);Q0 :: (z : C)(T-(L)
Channel input: provider receives a channel.
Multiplicative conjunction
�37
� ` Q :: (y : A) �0 ` P :: (x : B)
�,�0 ` send x (y Q);P :: (x : A⌦B)(T-⌦R)
�, x : B, y : A ` Q0 :: (z : C)
�, x : A⌦B ` y recv x;Q0 :: (z : C)(T-⌦L)
Channel output: provider sends a channel.
Unit of multiplicative conjunction
�39
· ` close x :: (x : 1)(T-1R)
� ` Q :: (z : C)
�, x : 1 ` wait x;Q :: (z : C)(T-1L)
Unit of multiplicative conjunction
�39
· ` close x :: (x : 1)(T-1R)
� ` Q :: (z : C)
�, x : 1 ` wait x;Q :: (z : C)(T-1L)
Unit of multiplicative conjunction
�39
· ` close x :: (x : 1)(T-1R)
� ` Q :: (z : C)
�, x : 1 ` wait x;Q :: (z : C)(T-1L)
Unit of multiplicative conjunction
�39
· ` close x :: (x : 1)(T-1R)
� ` Q :: (z : C)
�, x : 1 ` wait x;Q :: (z : C)(T-1L)
Unit of multiplicative conjunction
�39
· ` close x :: (x : 1)(T-1R)
� ` Q :: (z : C)
�, x : 1 ` wait x;Q :: (z : C)(T-1L)
Unit of multiplicative conjunction
�39
· ` close x :: (x : 1)(T-1R)
� ` Q :: (z : C)
�, x : 1 ` wait x;Q :: (z : C)(T-1L)
Termination
Unit of multiplicative conjunction
�39
· ` close x :: (x : 1)(T-1R)
� ` Q :: (z : C)
�, x : 1 ` wait x;Q :: (z : C)(T-1L)
Termination
and must consist of at least one label.N �
Recap
�40
Connectives:A,B , A⌦B channel output
A ( B channel input
�{l : A} internal choice
N{l : A} external choice
1 termination
Recap
�40
queueA = N{enq : A ( queueA,deq : �{none : 1, some : A⌦ queueA}}
Example:
Connectives:A,B , A⌦B channel output
A ( B channel input
�{l : A} internal choice
N{l : A} external choice
1 termination
Judgmental rules
�41
� ` P (x : A) �0, x : A ` Q :: (z : C)
�,�0 ` x P ;Q :: (z : C)(T-cut)
Parallel composition (spawning new process)
Judgmental rules
�41
� ` P (x : A) �0, x : A ` Q :: (z : C)
�,�0 ` x P ;Q :: (z : C)(T-cut)
Parallel composition (spawning new process)
y : A ` fwd x y :: (x : A)(T-id)
Judgmental rules
�41
� ` P (x : A) �0, x : A ` Q :: (z : C)
�,�0 ` x P ;Q :: (z : C)(T-cut)
Parallel composition (spawning new process)
Forward: process offering along x terminates, client henceforth interacts with process offering along y.
y : A ` fwd x y :: (x : A)(T-id)
Let’s program in Concurrent C0!
C0 [Pfenning 2010, Arnold 2010] • safe subset of C supporting contracts • teaching language developed at CMU • http://c0.typesafety.net
Concurrent C0 [Willsey & Prabhu & Pfenning 2016] • extends C0 with session types
Installing Concurrent C0 • see http://www.cs.cmu.edu/~balzers/popl_tutorial_2019
�42
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree
�43
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
�43
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
�43
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress
�43
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress• What are the dangers to progress?
�43
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress• What are the dangers to progress?• 2 scenarios:
�43
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress• What are the dangers to progress?• 2 scenarios:
• provider ready to synchronize, client not
�43
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress• What are the dangers to progress?• 2 scenarios:
• provider ready to synchronize, client not• client ready to synchronize, provider not
�43
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress• What are the dangers to progress?• 2 scenarios:
• provider ready to synchronize, client not• client ready to synchronize, provider not
�43
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress• What are the dangers to progress?• 2 scenarios:
• provider ready to synchronize, client not• client ready to synchronize, provider not
�43a b “a waits for b”
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress• What are the dangers to progress?• 2 scenarios:
• provider ready to synchronize, client not• client ready to synchronize, provider not
�43a b “a waits for b”
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress• What are the dangers to progress?• 2 scenarios:
• provider ready to synchronize, client not• client ready to synchronize, provider not
• green arrows can only go along edges, thus there are no cycles
�43a b “a waits for b”
✓
What about type safety?
Preservation (aka session fidelity)• no weakening and contraction: process graph forms a tree• every provider has a unique client
Progress• What are the dangers to progress?• 2 scenarios:
• provider ready to synchronize, client not• client ready to synchronize, provider not
• green arrows can only go along edges, thus there are no cycles
�43a b “a waits for b”
✓
✓
Of course!
�44
ConnectivesA,B , A⌦B channel output
A ( B channel input
�{l : A} internal choice
N{l : A} external choice
1 termination
!A persisten truth
Of course!
�44
ConnectivesA,B , A⌦B channel output
A ( B channel input
�{l : A} internal choice
N{l : A} external choice
1 termination
!A persisten truth
Of course!
�44
ConnectivesA,B , A⌦B channel output
A ( B channel input
�{l : A} internal choice
N{l : A} external choice
1 termination
!A persisten truth
Unrestricted proposition, can be used arbitrarily often
Of course!
�44
ConnectivesA,B , A⌦B channel output
A ( B channel input
�{l : A} internal choice
N{l : A} external choice
1 termination
!A persisten truth
Unrestricted proposition, can be used arbitrarily often
;� ` P :: (x : A)
Of course!
�44
ConnectivesA,B , A⌦B channel output
A ( B channel input
�{l : A} internal choice
N{l : A} external choice
1 termination
!A persisten truth
Unrestricted proposition, can be used arbitrarily often
;� ` P :: (x : A)
structural context (weakening and contraction)
Of course!
�45
What is the computational meaning of “of course”?
PQ copy PQ
P’
Copy: obtain linear copy from linear server process
Of course!
�45
What is the computational meaning of “of course”?
PQ copy PQ
P’
Copy: obtain linear copy from linear server process
Corresponds to replication in the pi-calculus
Of course!
�45
What is the computational meaning of “of course”?
PQ copy PQ
P’
Copy: obtain linear copy from linear server process
Corresponds to replication in the pi-calculus
For some applications, a copying semantics is sufficient. For other applications, sharing is necessary.
Manifest sharing - key ideas [Balzer & Pfenning 2017]
Acquire-release • Multiple aliases (shared channels) to a process permitted, but
communication requires exclusive access.
�47
Manifest sharing - key ideas [Balzer & Pfenning 2017]
Acquire-release • Multiple aliases (shared channels) to a process permitted, but
communication requires exclusive access.
Manifestation in type structure • Enrich type structure with adjoint modalities to prescribe acquire and
release points.
�47
Manifest sharing - key ideas [Balzer & Pfenning 2017]
Acquire-release • Multiple aliases (shared channels) to a process permitted, but
communication requires exclusive access.
Manifestation in type structure • Enrich type structure with adjoint modalities to prescribe acquire and
release points.
Equi-synchronizing session type • Invariant guaranteeing that a process is released to the same type at
which it was previously acquired, should it be released at all. • Avoids run-time type checking upon acquire.
�47
Manifest sharing - key ideas [Balzer & Pfenning 2017]
Acquire-release • Multiple aliases (shared channels) to a process permitted, but
communication requires exclusive access.
Manifestation in type structure • Enrich type structure with adjoint modalities to prescribe acquire and
release points.
Equi-synchronizing session type • Invariant guaranteeing that a process is released to the same type at
which it was previously acquired, should it be released at all. • Avoids run-time type checking upon acquire.
�47
let’s look at each in turn
Programmatic working of acquire-release
�48
q1
q2
q
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
Programmatic working of acquire-release
�48
q1
q2
q
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
producer and consumer contend for access to queue
Programmatic working of acquire-release
�48
q1
q2
q
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
producer and consumer contend for access to queue
acq
Programmatic working of acquire-release
�49
q2
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
Programmatic working of acquire-release
�49
q1’
q2
q
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
Programmatic working of acquire-release
�49
q1’
q2
q
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
consumer has exclusive access to queue
Programmatic working of acquire-release
�49
q1’
q2
q
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
rel
consumer has exclusive access to queue
Programmatic working of acquire-release
�50
q2
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
Programmatic working of acquire-release
�50
q1
q2
q
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
Programmatic working of acquire-release
�50
q1
q2
q
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
Note: acquire and release messages by client have matching actions by provider
Programmatic working of acquire-release
�50
q1
q2
q
t2elem empty
a2
consumer:
producer:
c
p
Legend: x linear channel x y shared channel y
What should be the type of q?
Note: acquire and release messages by client have matching actions by provider
Manifestation of acquire-release in typing
�51
queue A = N{enq ∶ A� queue A,deq ∶ ⊕{none ∶ 1, some ∶ A⊗ queue A}}
Manifestation of acquire-release in typing
�52
queue A = N{enq ∶ A� queue A,deq ∶ ⊕{none ∶ queue A, some ∶ A⊗ queue A}}
Manifestation of acquire-release in typing
�53
queue A = N{enq ∶ A� queue A,deq ∶ ⊕{none ∶ queue A, some ∶ A⊗ queue A}}
Manifestation of acquire-release in typing
�53
acquire
queue A = N{enq ∶ A� queue A,deq ∶ ⊕{none ∶ queue A, some ∶ A⊗ queue A}}
Manifestation of acquire-release in typing
�53
acquire
queue A = N{enq ∶ A� queue A,deq ∶ ⊕{none ∶ queue A, some ∶ A⊗ queue A}}
release
release release
Manifestation of acquire-release in typing
�53
acquire
queue A = N{enq ∶ A� queue A,deq ∶ ⊕{none ∶ queue A, some ∶ A⊗ queue A}}
release
release release
Legend: process in linear phase process in shared phase
Adjoint stratification of session types1
�54
1 Generalization of [Benton 1994; Reed 2009; Pfenning and Griffith 2015]
Adjoint stratification of session types1
�54
stratify session types into a linear and shared layer, s.t. S > L
1 Generalization of [Benton 1994; Reed 2009; Pfenning and Griffith 2015]
Adjoint stratification of session types1
�54
stratify session types into a linear and shared layer, s.t. S > L
1 Generalization of [Benton 1994; Reed 2009; Pfenning and Griffith 2015]
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
Adjoint stratification of session types1
�54
stratify session types into a linear and shared layer, s.t. S > L
1 Generalization of [Benton 1994; Reed 2009; Pfenning and Griffith 2015]
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Adjoint stratification of session types1
�54
stratify session types into a linear and shared layer, s.t. S > L
1 Generalization of [Benton 1994; Reed 2009; Pfenning and Griffith 2015]
connect layers with modalities going back and forth
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Adjoint stratification of session types1
�54
stratify session types into a linear and shared layer, s.t. S > L
1 Generalization of [Benton 1994; Reed 2009; Pfenning and Griffith 2015]
connect layers with modalities going back and forth
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Adjoint stratification of session types1
�54
stratify session types into a linear and shared layer, s.t. S > L
1 Generalization of [Benton 1994; Reed 2009; Pfenning and Griffith 2015]
connect layers with modalities going back and forth
2 Based on [Cervesato et al. 2002; Watkins et al. 2001]
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
support of communication of shared channels, using for receive and for send2
⇧∃
Adjoint stratification of session types1
�54
stratify session types into a linear and shared layer, s.t. S > L
1 Generalization of [Benton 1994; Reed 2009; Pfenning and Griffith 2015]
connect layers with modalities going back and forth
2 Based on [Cervesato et al. 2002; Watkins et al. 2001]
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
support of communication of shared channels, using for receive and for send2
⇧∃
Adjoint stratification of session types1
�55
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Shared queue
�56
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Shared queue
�56
queue AS = ↑SL N{enq ∶ ⇧x∶AS. ↓SL queue AS,deq ∶ ⊕{none ∶ ↓SL queue AS, some ∶ ∃x∶AS. ↓SL queue AS}}
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Shared queue
�56
queue AS = ↑SL N{enq ∶ ⇧x∶AS. ↓SL queue AS,deq ∶ ⊕{none ∶ ↓SL queue AS, some ∶ ∃x∶AS. ↓SL queue AS}}
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Shared queue
�56
queue AS = ↑SL N{enq ∶ ⇧x∶AS. ↓SL queue AS,deq ∶ ⊕{none ∶ ↓SL queue AS, some ∶ ∃x∶AS. ↓SL queue AS}}
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Shared queue
�56
queue AS = ↑SL N{enq ∶ ⇧x∶AS. ↓SL queue AS,deq ∶ ⊕{none ∶ ↓SL queue AS, some ∶ ∃x∶AS. ↓SL queue AS}}
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Shared queue
�56
queue AS = ↑SL N{enq ∶ ⇧x∶AS. ↓SL queue AS,deq ∶ ⊕{none ∶ ↓SL queue AS, some ∶ ∃x∶AS. ↓SL queue AS}}
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
and prescribe acquire-release points, resp.↑SL ↓SL
Equi-synchronizing session type
�57
Invariant guaranteeing that a process is released to the same type at which it was previously acquired, should it be released at all.
Equi-synchronizing session type
�57
Invariant guaranteeing that a process is released to the same type at which it was previously acquired, should it be released at all.
Guarantees session fidelity w/o run-time checking upon acquire
Equi-synchronizing session type
�57
queue AS = ↑SL N{enq ∶ ⇧x∶AS. ↓SL queue AS,deq ∶ ⊕{none ∶ ↓SL queue AS, some ∶ ∃x∶AS. ↓SL queue AS}}
Invariant guaranteeing that a process is released to the same type at which it was previously acquired, should it be released at all.
Examples of equi-synchronizing session types:
Guarantees session fidelity w/o run-time checking upon acquire
Equi-synchronizing session type
�57
queue AS = ↑SL N{enq ∶ ⇧x∶AS. ↓SL queue AS,deq ∶ ⊕{none ∶ ↓SL queue AS, some ∶ ∃x∶AS. ↓SL queue AS}}
Invariant guaranteeing that a process is released to the same type at which it was previously acquired, should it be released at all.
Examples of equi-synchronizing session types:
queue A = N{enq ∶ A� queue A,deq ∶ ⊕{none ∶ 1, some ∶ A⊗ queue A}}
Guarantees session fidelity w/o run-time checking upon acquire
Equi-synchronizing session type
�57
queue AS = ↑SL N{enq ∶ ⇧x∶AS. ↓SL queue AS,deq ∶ ⊕{none ∶ ↓SL queue AS, some ∶ ∃x∶AS. ↓SL queue AS}}
Invariant guaranteeing that a process is released to the same type at which it was previously acquired, should it be released at all.
Examples of equi-synchronizing session types:
queue A = N{enq ∶ A� queue A,deq ∶ ⊕{none ∶ 1, some ∶ A⊗ queue A}}
Guarantees session fidelity w/o run-time checking upon acquire
Non-equi-synchronizing:queue AS = ↑SL N{enq ∶ ⇧x∶AS. ↓SL queue AS,
deq ∶ ⊕{none ∶ ↓SL↑SL 1, some ∶ ∃x∶AS. ↓SL queue AS}}
Typing judgments
�58
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
Typing judgments
�58
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
�; � �⌃ P ∶∶ (xL ∶ AL) linear process P, providing session of type AL
along xL, using channels in Γ and Δ
� �⌃ P ∶∶ (xS ∶ AS) shared process P, providing session of type AS
along xS, using channels in Γ
� shared (structural) context
� linear context
Typing judgments
�58
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
�; � �⌃ P ∶∶ (xL ∶ AL) linear process P, providing session of type AL
along xL, using channels in Γ and Δ
� �⌃ P ∶∶ (xS ∶ AS) shared process P, providing session of type AS
along xS, using channels in Γ
� shared (structural) context
� linear context
Typing judgments
�58
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
�; � �⌃ P ∶∶ (xL ∶ AL) linear process P, providing session of type AL
along xL, using channels in Γ and Δ
� �⌃ P ∶∶ (xS ∶ AS) shared process P, providing session of type AS
along xS, using channels in Γ
� shared (structural) context
� linear context
Typing judgments
�59
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
�; � �⌃ P ∶∶ (xL ∶ AL) linear process P, providing session of type AL
along xL, using channels in Γ and Δ
� �⌃ P ∶∶ (xS ∶ AS) shared process P, providing session of type AS
along xS, using channels in Γ
� shared (structural) context
� linear context
Typing judgments
�60
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
�; � �⌃ P ∶∶ (xL ∶ AL) linear process P, providing session of type AL
along xL, using channels in Γ and Δ
� �⌃ P ∶∶ (xS ∶ AS) shared process P, providing session of type AS
along xS, using channels in Γ
� shared (structural) context
� linear context
Typing judgments
�61
AS � ↑SLAL
AL,BL � ⊕{l ∶ AL} � AL ⊗BL � 1 � ∃x∶AS.BL �N{l ∶ AL} � AL � BL � ↓SLAS � ⇧x∶AS.BL
+
-
�; � �⌃ P ∶∶ (xL ∶ AL) linear process P, providing session of type AL
along xL, using channels in Γ and Δ
� �⌃ P ∶∶ (xS ∶ AS) shared process P, providing session of type AS
along xS, using channels in Γ
� shared (structural) context
� linear context
Typing of acquire
�62
�, xS ∶↑SL AL; �, xL ∶ AL �⌃ QxL ∶∶ (zL ∶ CL)�, xS ∶↑SL AL; � �⌃ xL ← acquire xS ;QxL ∶∶ (zL ∶ CL) (T-↑SLL)
Typing of acquire
�62
�, xS ∶↑SL AL; �, xL ∶ AL �⌃ QxL ∶∶ (zL ∶ CL)�, xS ∶↑SL AL; � �⌃ xL ← acquire xS ;QxL ∶∶ (zL ∶ CL) (T-↑SLL)
Typing of acquire
�62
�, xS ∶↑SL AL; �, xL ∶ AL �⌃ QxL ∶∶ (zL ∶ CL)�, xS ∶↑SL AL; � �⌃ xL ← acquire xS ;QxL ∶∶ (zL ∶ CL) (T-↑SLL)
�; ⋅ �⌃ PxL ∶∶ (xL ∶ AL)� �⌃ xL ← accept xS ;PxL ∶∶ (xS ∶↑SL AL) (T-↑SLR)
Typing of acquire
�62
�, xS ∶↑SL AL; �, xL ∶ AL �⌃ QxL ∶∶ (zL ∶ CL)�, xS ∶↑SL AL; � �⌃ xL ← acquire xS ;QxL ∶∶ (zL ∶ CL) (T-↑SLL)
�; ⋅ �⌃ PxL ∶∶ (xL ∶ AL)� �⌃ xL ← accept xS ;PxL ∶∶ (xS ∶↑SL AL) (T-↑SLR)
Typing of release
�63
�, xS ∶ AS; � �⌃ QxS ∶∶ (zL ∶ CL)�; �, xL ∶↓SL AS �⌃ xS ← release xL ;QxS ∶∶ (zL ∶ CL) (T-↓SLL)
Typing of release
�63
�, xS ∶ AS; � �⌃ QxS ∶∶ (zL ∶ CL)�; �, xL ∶↓SL AS �⌃ xS ← release xL ;QxS ∶∶ (zL ∶ CL) (T-↓SLL)
Typing of release
�63
�, xS ∶ AS; � �⌃ QxS ∶∶ (zL ∶ CL)�; �, xL ∶↓SL AS �⌃ xS ← release xL ;QxS ∶∶ (zL ∶ CL) (T-↓SLL)
� �⌃ PxS ∶∶ (xS ∶ AS)�; ⋅ �⌃ xS ← detach xL ;PxS ∶∶ (xL ∶↓SL AS) (T-↓SLR)
Typing of release
�63
�, xS ∶ AS; � �⌃ QxS ∶∶ (zL ∶ CL)�; �, xL ∶↓SL AS �⌃ xS ← release xL ;QxS ∶∶ (zL ∶ CL) (T-↓SLL)
� �⌃ PxS ∶∶ (xS ∶ AS)�; ⋅ �⌃ xS ← detach xL ;PxS ∶∶ (xL ∶↓SL AS) (T-↓SLR)
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client
�65
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client• state-altering exchange only along linear channels
�65
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client• state-altering exchange only along linear channels
�65
✓
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client• state-altering exchange only along linear channels
Progress
�65
✓
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client• state-altering exchange only along linear channels
Progress• acquire-release amounts to “locking”
�65
✓
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client• state-altering exchange only along linear channels
Progress• acquire-release amounts to “locking”• possibility of cyclic dependencies
�65
✓
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client• state-altering exchange only along linear channels
Progress• acquire-release amounts to “locking”• possibility of cyclic dependencies
�65
R2
R1 R3
✓
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client• state-altering exchange only along linear channels
Progress• acquire-release amounts to “locking”• possibility of cyclic dependencies
�65
R2
R1 R3
a b “a waits for b to release resource”
✓
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client• state-altering exchange only along linear channels
Progress• acquire-release amounts to “locking”• possibility of cyclic dependencies
�65
R2
R1 R3
a b “a waits for b to release resource”
✓
What about type safety?
Preservation (aka session fidelity)• acquire-release and equi-synchronizing invariant guarantee that every
linear process has a unique client• state-altering exchange only along linear channels
Progress• acquire-release amounts to “locking”• possibility of cyclic dependencies
�65
R2
R1 R3
a b “a waits for b to release resource”
✓
progress must permit deadlock
Progress must permit deadlock
�66
For example, dining philosophers:
sfork = ↑SL↓SL sfork😋
😋 😋
😋 😋
🍴
🍴
🍴
🍴
🍴
🎂sfork
sfork
sfork sfork
sfork
Progress must permit deadlock
�66
For example, dining philosophers:
sfork = ↑SL↓SL sfork😋
😋 😋
😋 😋
🍴
🍴
🍴
🍴
🍴
🎂sfork
sfork
sfork sfork
sforkBoth potentially deadlocking and non-deadlocking version (Dijkstra’s solution) encodable in SILLS
Progress must permit deadlock
�66
For example, dining philosophers:
sfork = ↑SL↓SL sfork😋
😋 😋
😋 😋
🍴
🍴
🍴
🍴
🍴
🎂sfork
sfork
sfork sfork
sforkBoth potentially deadlocking and non-deadlocking version (Dijkstra’s solution) encodable in SILLS
Progress theorem:
blocked process: linear process attempting to acquire
configuration is stuck only if all processes are blocked
Curry-Howard isomorphism revisited
Linear session types w/o manifest sharing: • linear propositions — session types • proofs — processes • cut reduction — communication
�67
Curry-Howard isomorphism revisited
Linear session types w/o manifest sharing: • linear propositions — session types • proofs — processes • cut reduction — communication
�67
Session types with manifest sharing: • linear propositions — session types • proofs — processes • interleaving of:
• proof construction —acquire • proof reduction — communication • proof deconstruction — release
Curry-Howard isomorphism revisited
Linear session types w/o manifest sharing: • linear propositions — session types • proofs — processes • cut reduction — communication
�67
deadlock: failure of proof construction
Session types with manifest sharing: • linear propositions — session types • proofs — processes • interleaving of:
• proof construction —acquire • proof reduction — communication • proof deconstruction — release
Expressiveness of linear session types
• In the simply-typed λ-calculus, the addition of a recursive type recovers full expressiveness of the untyped λ-calculus.
�69
U = U ! U
Expressiveness of linear session types
• In the simply-typed λ-calculus, the addition of a recursive type recovers full expressiveness of the untyped λ-calculus.
• Unfortunately, recursion alone is insufficient to recover the expressiveness of the untyped π-calculus for linear session-typed π-calculus.
�69
U = U ! U
Expressiveness of linear session types
• In the simply-typed λ-calculus, the addition of a recursive type recovers full expressiveness of the untyped λ-calculus.
• Unfortunately, recursion alone is insufficient to recover the expressiveness of the untyped π-calculus for linear session-typed π-calculus.
�69
U = U ! U
both recursion and sharing are necessary [Balzer & Pfenning & Toninho 2018]
Expressiveness of linear session types
• In the simply-typed λ-calculus, the addition of a recursive type recovers full expressiveness of the untyped λ-calculus.
• Unfortunately, recursion alone is insufficient to recover the expressiveness of the untyped π-calculus for linear session-typed π-calculus.
�69
U = U ! U
both recursion and sharing are necessary [Balzer & Pfenning & Toninho 2018]
key: sharing of channels and acquire-release discipline
Expressiveness of linear session types
• In the simply-typed λ-calculus, the addition of a recursive type recovers full expressiveness of the untyped λ-calculus.
• Unfortunately, recursion alone is insufficient to recover the expressiveness of the untyped π-calculus for linear session-typed π-calculus.
�69
U = U ! U
both recursion and sharing are necessary [Balzer & Pfenning & Toninho 2018]
key: sharing of channels and acquire-release discipline
encoding of untyped asynchronous π-calculus into SILLS and proof of its operational and observational correspondence
Acquire-release introduces non-determinism
�70
coin = ↑SL ⊕{head ∶↓SL coin, tail ∶↓SL coin}}Processes:head: coin sends “head” and recurs as tail processtail: coin sends “tail” and recurs as head process
ndchoice: spawns new coin and flipper processes and then reads (“flips”) the coin and terminates
⊕{yes ∶ 1,no ∶ 1}filpper: reads (“flips”) given coin once and terminates 1← coin
Acquire-release introduces non-determinism
�70
coin = ↑SL ⊕{head ∶↓SL coin, tail ∶↓SL coin}}Processes:head: coin sends “head” and recurs as tail processtail: coin sends “tail” and recurs as head process
ndchoice: spawns new coin and flipper processes and then reads (“flips”) the coin and terminates
⊕{yes ∶ 1,no ∶ 1}filpper: reads (“flips”) given coin once and terminates 1← coin
coin flipping requires prior acquire
Acquire-release introduces non-determinism
�70
coin = ↑SL ⊕{head ∶↓SL coin, tail ∶↓SL coin}}Processes:head: coin sends “head” and recurs as tail processtail: coin sends “tail” and recurs as head process
ndchoice: spawns new coin and flipper processes and then reads (“flips”) the coin and terminates
⊕{yes ∶ 1,no ∶ 1}filpper: reads (“flips”) given coin once and terminates 1← coin
coin flipping requires prior acquire
value read by ndchoice depends on order of two acquires
Untyped, asynchronous π-calculus encoding
Characteristics of untyped, asynchronous π-calculus: • Arity: a π-calculus channel may connect arbitrarily many processes • Non-determinsm: e.g., • Untyped: π-calculus channels are untyped
�71
c(x ).P | chai | c(y).Q
Untyped, asynchronous π-calculus encoding
Characteristics of untyped, asynchronous π-calculus: • Arity: a π-calculus channel may connect arbitrarily many processes • Non-determinsm: e.g., • Untyped: π-calculus channels are untyped
�71
1
US
Basic idea: • π-calculus process → linear SILLS process of type • π-calculus channel → shared SILLS process of universal type
c(x ).P | chai | c(y).Q
Untyped, asynchronous π-calculus encoding
Characteristics of untyped, asynchronous π-calculus: • Arity: a π-calculus channel may connect arbitrarily many processes • Non-determinsm: e.g., • Untyped: π-calculus channels are untyped
�71
1
US
US = ↑SL N{ins ∶ ⇧x∶US. ↓SL US,del ∶ ⊕{none ∶↓SL US,
some ∶ ∃x∶US. ↓SL US}}
Basic idea: • π-calculus process → linear SILLS process of type • π-calculus channel → shared SILLS process of universal type
c(x ).P | chai | c(y).Q
Untyped, asynchronous π-calculus encoding
Characteristics of untyped, asynchronous π-calculus: • Arity: a π-calculus channel may connect arbitrarily many processes • Non-determinsm: e.g., • Untyped: π-calculus channels are untyped
�71
1
US
US = ↑SL N{ins ∶ ⇧x∶US. ↓SL US,del ∶ ⊕{none ∶↓SL US,
some ∶ ∃x∶US. ↓SL US}}unordered “buffer”
Basic idea: • π-calculus process → linear SILLS process of type • π-calculus channel → shared SILLS process of universal type
c(x ).P | chai | c(y).Q
Untyped, asynchronous π-calculus encoding
�72
US = ↑SL N{ins ∶ ⇧x∶US. ↓SL US,del ∶ ⊕{none ∶↓SL US,
some ∶ ∃x∶US. ↓SL US}}
Untyped, asynchronous π-calculus encoding
�72
US = ↑SL N{ins ∶ ⇧x∶US. ↓SL US,del ∶ ⊕{none ∶↓SL US,
some ∶ ∃x∶US. ↓SL US}}Processes:empty: empty bufferUS
elem: non-deterministically deletes channel from arbitrary point in buffer using ndchoice
US
send: attempts to acquire given buffer and inserts received channel
⇧x∶US.1← US
poll_receive: perpetually attempts to acquire given buffer for deletion until it succeeds
∃x∶US.1← US
Untyped, asynchronous π-calculus encoding
�72
US = ↑SL N{ins ∶ ⇧x∶US. ↓SL US,del ∶ ⊕{none ∶↓SL US,
some ∶ ∃x∶US. ↓SL US}}Processes:empty: empty bufferUS
elem: non-deterministically deletes channel from arbitrary point in buffer using ndchoice
US
send: attempts to acquire given buffer and inserts received channel
⇧x∶US.1← US
poll_receive: perpetually attempts to acquire given buffer for deletion until it succeeds
∃x∶US.1← US
P � 0 � x�y� � x(y).P � ⌫xP � P1 � P2 � !P
Untyped, asynchronous π-calculus:
Untyped, asynchronous π-calculus encoding
�72
US = ↑SL N{ins ∶ ⇧x∶US. ↓SL US,del ∶ ⊕{none ∶↓SL US,
some ∶ ∃x∶US. ↓SL US}}Processes:empty: empty bufferUS
elem: non-deterministically deletes channel from arbitrary point in buffer using ndchoice
US
send: attempts to acquire given buffer and inserts received channel
⇧x∶US.1← US
poll_receive: perpetually attempts to acquire given buffer for deletion until it succeeds
∃x∶US.1← US
P � 0 � x�y� � x(y).P � ⌫xP � P1 � P2 � !P
translate P in terms of processes
Untyped, asynchronous π-calculus:
Deadlock-freedom [Balzer et al. 2019]
Two forms of waiting: • waiting to synchronize: • waiting to release:
�74
Deadlock-freedom [Balzer et al. 2019]
Two forms of waiting: • waiting to synchronize: • waiting to release:
�74
a b “a waits for b to synchronize”
Deadlock-freedom [Balzer et al. 2019]
Two forms of waiting: • waiting to synchronize: • waiting to release:
�74
a b “a waits for b to release resource”a b “a waits for b to synchronize”
Deadlock-freedom [Balzer et al. 2019]
Two forms of waiting: • waiting to synchronize: • waiting to release:
�74
a b “a waits for b to release resource”a b “a waits for b to synchronize”
R2
R1 R3
Deadlock-freedom [Balzer et al. 2019]
Two forms of waiting: • waiting to synchronize: • waiting to release:
�74
a b “a waits for b to release resource”a b “a waits for b to synchronize”
R2
R1 R3 R1
Deadlock-freedom [Balzer et al. 2019]
Two forms of waiting: • waiting to synchronize: • waiting to release:
�74
a b “a waits for b to release resource”a b “a waits for b to synchronize”
R2
R1 R3 R1
plain “locking-up” is no longer sufficient
Deadlock-freedom [Balzer et al. 2019]
Two forms of waiting: • waiting to synchronize: • waiting to release:
�74
a b “a waits for b to release resource”a b “a waits for b to synchronize”
R2
R1 R3 R1
plain “locking-up” is no longer sufficient
see “manifest deadlock-freedom” [Balzer et al. 2019]
Session types for Rust (with Mozilla Research)
• Development of a library for Manifest Sharing in Rust • Explore application to Servo
�75
Digital contracts (with Das & Hoffmann & Pfenning)
• Development of Nomos, a new digital contract language • Static guarantees:
• protocol enforcement (shared session types) • control over resource usage (resource analysis) • tracking of assets (linear type system)
�76
Summary
• Message-passing concurrent programming • Session types are a natural fit for typing such programs • Session types have logical foundation via Curry-Howard
correspondence • linear session types • shared session types
• Manifest sharing recovers the expressiveness of the untyped asynchronous pi-calculus
�77
Summary
• Message-passing concurrent programming • Session types are a natural fit for typing such programs • Session types have logical foundation via Curry-Howard
correspondence • linear session types • shared session types
• Manifest sharing recovers the expressiveness of the untyped asynchronous pi-calculus
�77
Thank you for your attention!