Refinements for Session-typed Concurrency Josh Acay & Frank Pfenning May 4, 2016 1
Message-passing Concurrency • Processes represented as nodes • Channels between processes as edges • Each channel is “provided” by a specific process (P provides c, Q provides d etc.) c d e P Q R May 4, 2016 2
Message-passing Concurrency • Processes compute internally • Exchange messages along channels c d e P Q R May 4, 2016 3
Message-passing Concurrency • Processes compute internally • Exchange messages along channels c d e P Q R 3 May 4, 2016 3
Message-passing Concurrency • Processes compute internally • Exchange messages along channels c d e P Q R 3 “aaa” May 4, 2016 3
Message-passing Concurrency • Processes compute internally • Exchange messages along channels c d e P Q R 3 end “aaa” May 4, 2016 3
Message-passing Concurrency • Processes compute internally • Exchange messages along channels c d P Q 3 “aaa” May 4, 2016 3
Message-passing Concurrency • Processes can also send channels they own c d e P Q R May 4, 2016 4
Message-passing Concurrency • Processes can also send channels they own c d e P Q R e May 4, 2016 4
Message-passing Concurrency • Processes can also send channels they own e R c d P Q e May 4, 2016 4
Linear Session-types • Don’t want to send int if expecting string • Don’t try to receive if other process is not sending • Assign types to each channel from provider’s perspective c : B d : int ⊃ string ∧ A e : 1 Q P R May 4, 2016 5
Linear Session-types • Don’t want to send int if expecting string • Don’t try to receive if other process is not sending • Assign types to each channel from provider’s perspective c : B e : 1 d : string ∧ A Q P R 3 May 4, 2016 5
Linear Session-types • Don’t want to send int if expecting string • Don’t try to receive if other process is not sending • Assign types to each channel from provider’s perspective c : B e : 1 d : A Q P R 3 “aaa” May 4, 2016 5
Linear Session-types • Don’t want to send int if expecting string • Don’t try to receive if other process is not sending • Assign types to each channel from provider’s perspective c : B e : 1 d : A Q P R 3 end “aaa” May 4, 2016 5
Linear Session-types • Don’t want to send int if expecting string • Don’t try to receive if other process is not sending • Assign types to each channel from provider’s perspective c : B d : A Q P 3 “aaa” May 4, 2016 5
Linear Session Types • Example interface specification: queue = &{enq: A –o queue, deq: ⊕ {none: 1, some: A ⊗ queue}} * where A is some predetermined type Terminate 1 &{lab i :A i } i External choice (receive) between lab i , continue as A i Receive channel of type A, continue as B A –o B τ ⊃ B Receive value of type τ, continue as B ⊕ {lab i :A i } i Internal choice (send) between lab i , continue as A i A ⊗ B Send channel of type A, continue as B τ ∧ B Send value of type τ, continue as B May 4, 2016 6
Implementation of Queues queue = &{enq: A –o queue, deq: ⊕ {none: 1, some: A ⊗ queue}} empty : queue q ← empty = case q enq � x ← recv q ; e ← empty ; q ← elem x e deq � q.none ; close q elem : A –o queue –o queue q ← elem x r = case q enq � y ← recv q ; r.enq ; send r y ; q ← elem x r deq � q.some ; send q x ; q ← r May 4, 2016 7
Intersections and Unions • Allows describing more interesting behavior • Intersection of two types: A ⊓ B – c : A ⊓ B if channel c offers both behaviors • Union of two types: A ⊔ B – c : A ⊔ B if channel c offers either behavior May 4, 2016 8
Refinement Types • What if we want to track more properties of queues? Empty, non-empty, even length? • We can define them in the base system: empty-queue = &{enq: A –o nonempty-queue, deq: ⊕ {none: 1}} nonempty-queue = &{enq: A –o nonempty-queue, deq: ⊕ {some: A ⊗ queue}} May 4, 2016 9
Refinement Types • But we need intersections and unions to write interesting programs queue A = empty-queue ⊔ nonempty-queue empty : empty-queue elem : (A –o queue –o nonempty-queue) concat : (empty-queue –o empty-queue –o empty-queue) ⊓ (queue –o nonempty-queue –o nonempty-queue) ⊓ (nonempty-queue –o queue –o nonempty-queue) May 4, 2016 10
Decidability of Type-checking • Algorithmic system that is easy to translate to code • Prove sound and complete with respect to the original system • Partial implementation in Haskell May 4, 2016 11
Type Safety • Progress – Deadlock freedom in concurrent setting – At least one process can make progress if the configuration is well-typed • Preservation [ currently in progress ] – Session fidelity in concurrent setting – Processes obey session-types May 4, 2016 12
Recommend
More recommend
