Dynamic Multirole Session Types
Transcript of Dynamic Multirole Session Types
![Page 1: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/1.jpg)
university-logo
Dynamic Multirole Session Types
Pierre-Malo Denielou Nobuko Yoshida
Imperial College London
[email protected] [email protected]
[POPL’11]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 1 / 20
![Page 2: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/2.jpg)
university-logo
Safety of communicating systems by typing
Binary session typesThey describe the use of channel endpoints in the π-calculus.
alice = c!〈4〉.c?(x).c?(z).0 !〈nat〉.?〈nat〉.?〈string〉bob = c?(y).c!〈y + 1〉.c!〈“apple”〉 ?〈nat〉.!〈nat〉.!〈string〉
√
Type safety: payload types correspond.
alice = c!〈“apple”〉.c?(x).c?(z).0 !〈string〉.?〈nat〉.!〈string〉bob = c?(y).c!〈y + 1〉.c!〈“apple”〉 ?〈nat〉.!〈nat〉.?〈string〉
×
Communication safety: sends are matched by receives and vice-versa.
alice = c?(x).c!〈“apple”〉 c :?〈nat〉.!〈string〉bob = c?(y).c!〈y + 1〉 c :?〈nat〉.!〈nat〉
×
Ref.: [Takeushi,Honda,Kubo,PARLE’94][Honda,Vasconcelos,Kubo,ESOP’98]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 2 / 20
![Page 3: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/3.jpg)
university-logo
Safety of communicating systems by typing
Binary session typesThey describe the use of channel endpoints in the π-calculus.
alice = c!〈4〉.c?(x).c?(z).0 !〈nat〉.?〈nat〉.?〈string〉bob = c?(y).c!〈y + 1〉.c!〈“apple”〉 ?〈nat〉.!〈nat〉.!〈string〉
√
Type safety: payload types correspond.
alice = c!〈“apple”〉.c?(x).c?(z).0 !〈string〉.?〈nat〉.!〈string〉bob = c?(y).c!〈y + 1〉.c!〈“apple”〉 ?〈nat〉.!〈nat〉.?〈string〉
×
Communication safety: sends are matched by receives and vice-versa.
alice = c?(x).c!〈“apple”〉 c :?〈nat〉.!〈string〉bob = c?(y).c!〈y + 1〉 c :?〈nat〉.!〈nat〉
×
Ref.: [Takeushi,Honda,Kubo,PARLE’94][Honda,Vasconcelos,Kubo,ESOP’98]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 2 / 20
![Page 4: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/4.jpg)
university-logo
Safety of communicating systems by typing
Binary session typesThey describe the use of channel endpoints in the π-calculus.
alice = c!〈4〉.c?(x).c?(z).0 !〈nat〉.?〈nat〉.?〈string〉bob = c?(y).c!〈y + 1〉.c!〈“apple”〉 ?〈nat〉.!〈nat〉.!〈string〉
√
Type safety: payload types correspond.
alice = c!〈“apple”〉.c?(x).c?(z).0 !〈string〉.?〈nat〉.!〈string〉bob = c?(y).c!〈y + 1〉.c!〈“apple”〉 ?〈nat〉.!〈nat〉.?〈string〉
×
Communication safety: sends are matched by receives and vice-versa.
alice = c?(x).c!〈“apple”〉 c :?〈nat〉.!〈string〉bob = c?(y).c!〈y + 1〉 c :?〈nat〉.!〈nat〉
×
Ref.: [Takeushi,Honda,Kubo,PARLE’94][Honda,Vasconcelos,Kubo,ESOP’98]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 2 / 20
![Page 5: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/5.jpg)
university-logo
Safety of communicating systems by typing
Binary session typesThey describe the use of channel endpoints in the π-calculus.
alice = c!〈4〉.c?(x).c?(z).0 !〈nat〉.?〈nat〉.?〈string〉bob = c?(y).c!〈y + 1〉.c!〈“apple”〉 ?〈nat〉.!〈nat〉.!〈string〉
√
Type safety: payload types correspond.
alice = c!〈“apple”〉.c?(x).c?(z).0 !〈string〉.?〈nat〉.!〈string〉bob = c?(y).c!〈y + 1〉.c!〈“apple”〉 ?〈nat〉.!〈nat〉.?〈string〉
×
Communication safety: sends are matched by receives and vice-versa.
alice = c?(x).c!〈“apple”〉 c :?〈nat〉.!〈string〉bob = c?(y).c!〈y + 1〉 c :?〈nat〉.!〈nat〉
×
Ref.: [Takeushi,Honda,Kubo,PARLE’94][Honda,Vasconcelos,Kubo,ESOP’98]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 2 / 20
![Page 6: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/6.jpg)
university-logo
Multiparty session types (MPST)
Today’s distributed applications involve more and more agents that interactthrough complex communication patterns.Multiparty sessions types can describe these interactions and statically ensuretype and communication safety, progress and fidelity to a stipulated protocolinvolving the orchestration of several channels.
Multiparty session types in a nutshell
G
Projection
����������
�� ��<<<<<<<<<Globaltype
G = alice→bob〈nat〉;bob→carol〈nat〉;end
ONMLHIJKTalice
Typechecking
��
ONMLHIJKTbob
��
ONMLHIJKTcarol
��
Localtypes
Tbob = ?〈alice,nat〉.!〈carol,nat〉.end
Palice Pbob Pcarol ProcessesPbob = ?〈alice〉(x).
!〈carol,x + 1〉.0
Ref.: [Carbone,Honda,Yoshida,POPL’08] [Bettini et al.,CONCUR’08]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 3 / 20
![Page 7: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/7.jpg)
university-logo
Multiparty session types (MPST)
Today’s distributed applications involve more and more agents that interactthrough complex communication patterns.Multiparty sessions types can describe these interactions and statically ensuretype and communication safety, progress and fidelity to a stipulated protocolinvolving the orchestration of several channels.
Multiparty session types in a nutshell
G
Projection
����������
�� ��<<<<<<<<<Globaltype
G = alice→bob〈nat〉;bob→carol〈nat〉;end
ONMLHIJKTalice
Typechecking
��
ONMLHIJKTbob
��
ONMLHIJKTcarol
��
Localtypes
Tbob = ?〈alice,nat〉.!〈carol,nat〉.end
Palice Pbob Pcarol ProcessesPbob = ?〈alice〉(x).
!〈carol,x + 1〉.0
Ref.: [Carbone,Honda,Yoshida,POPL’08] [Bettini et al.,CONCUR’08]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 3 / 20
![Page 8: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/8.jpg)
university-logo
Multiparty session example
Map-Reduce in MPST
client1 Reduce))SSSS
server //
Map 55kkkk
))SSSS client2 // server
client3
55kkkk BC_ _ _ _oo
@A_ _ _ _
Gorg =µx.(server→client1〈Map〉;server→client2〈Map〉;server→client3〈Map〉;client1→server〈Reduce〉;client2→server〈Reduce〉;client3→server〈Reduce〉);x
Multiparty session type system propertiesType safety (no payload type error)
Communication safety (no communication mismatch)
Progress (deadlock freedom)
Open problem: dynamic sets of participantsMultiparty protocols are often more dynamic: participants join and leave long-runninginstances. Ex: Pub-sub, clusters, web services, . . . etc.
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 4 / 20
![Page 9: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/9.jpg)
university-logo
Multiparty session example
Map-Reduce in MPST
client1 Reduce))SSSS
server //
Map 55kkkk
))SSSS client2 // server
client3
55kkkk BC_ _ _ _oo
@A_ _ _ _
Gorg =µx.(server→client1〈Map〉;server→client2〈Map〉;server→client3〈Map〉;client1→server〈Reduce〉;client2→server〈Reduce〉;client3→server〈Reduce〉);x
Multiparty session type system propertiesType safety (no payload type error)
Communication safety (no communication mismatch)
Progress (deadlock freedom)
Open problem: dynamic sets of participantsMultiparty protocols are often more dynamic: participants join and leave long-runninginstances. Ex: Pub-sub, clusters, web services, . . . etc.
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 4 / 20
![Page 10: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/10.jpg)
university-logo
Multiparty session example
Map-Reduce in MPST
client1 Reduce))SSSS
server //
Map 55kkkk
))SSSS client2 // server
client3
55kkkk BC_ _ _ _oo
@A_ _ _ _
Gorg =µx.(server→client1〈Map〉;server→client2〈Map〉;server→client3〈Map〉;client1→server〈Reduce〉;client2→server〈Reduce〉;client3→server〈Reduce〉);x
Multiparty session type system propertiesType safety (no payload type error)
Communication safety (no communication mismatch)
Progress (deadlock freedom)
Open problem: dynamic sets of participantsMultiparty protocols are often more dynamic: participants join and leave long-runninginstances. Ex: Pub-sub, clusters, web services, . . . etc.
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 4 / 20
![Page 11: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/11.jpg)
university-logo
Map-Reduce with dynamic multirole session types
client Reduce''OOOOO
server //
Map 77ooooo
''OOOOO...
// server
client
77ooooo BC_ _ _ _oo
@A_ _ _ _
Global typeG = µx.
∀x :client.{server→x〈Map〉;x→server〈Reduce〉};
x
RolesRoles correspond to a communication pattern within a session. Multiple participantscan instantiate a given role in the same session. A participant can play several roles.
Universal quantification∀x : r .G′ quantifies over the current participants p1, ...,pn of role r and, in parallelprocesses, binds x to each in the subsequent interaction, as in
∀x : r .G′ ≡ G′{p1/x} | ... |G′{pn/x}
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 5 / 20
![Page 12: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/12.jpg)
university-logo
Map-Reduce with dynamic multirole session types
client Reduce''OOOOO
server //
Map 77ooooo
''OOOOO...
// server
client
77ooooo BC_ _ _ _oo
@A_ _ _ _
Global typeG = µx.
∀x :client.{server→x〈Map〉;x→server〈Reduce〉};
x
RolesRoles correspond to a communication pattern within a session. Multiple participantscan instantiate a given role in the same session. A participant can play several roles.
Universal quantification∀x : r .G′ quantifies over the current participants p1, ...,pn of role r and, in parallelprocesses, binds x to each in the subsequent interaction, as in
∀x : r .G′ ≡ G′{p1/x} | ... |G′{pn/x}
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 5 / 20
![Page 13: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/13.jpg)
university-logo
Map-Reduce with dynamic multirole session types
client Reduce''OOOOO
server //
Map 77ooooo
''OOOOO...
// server
client
77ooooo BC_ _ _ _oo
@A_ _ _ _
Global typeG = µx.
∀x :client.{server→x〈Map〉;x→server〈Reduce〉};
x
RolesRoles correspond to a communication pattern within a session. Multiple participantscan instantiate a given role in the same session. A participant can play several roles.
Universal quantification∀x : r .G′ quantifies over the current participants p1, ...,pn of role r and, in parallelprocesses, binds x to each in the subsequent interaction, as in
∀x : r .G′ ≡ G′{p1/x} | ... |G′{pn/x}
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 5 / 20
![Page 14: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/14.jpg)
university-logo
Map-Reduce with dynamic multirole session types
client Reduce''OOOOO
server //
Map 77ooooo
''OOOOO...
// server
client
77ooooo BC_ _ _ _oo
@A_ _ _ _
Global typeG = µx.
∀x :client.{server→x〈Map〉;x→server〈Reduce〉};
x
RolesRoles correspond to a communication pattern within a session. Multiple participantscan instantiate a given role in the same session. A participant can play several roles.
Universal quantification∀x : r .G′ quantifies over the current participants p1, ...,pn of role r and, in parallelprocesses, binds x to each in the subsequent interaction, as in
∀x : r .G′ ≡ G′{p1/x} | ... |G′{pn/x}
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 5 / 20
![Page 15: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/15.jpg)
university-logo
Dynamic multirole session types
RolesRoles correspond to a communication pattern within a session. Multiple participantscan instantiate a given role in the same session. A participant can play several roles.
Universal quantification∀x : r .G′ quantifies over the current participants p1, ...,pn of role r and, in parallelprocesses, binds x to each in the subsequent interaction, as in
∀x : r .G′ ≡ G′{p1/x} | ... |G′{pn/x}
Target properties for dynamic multirole session typesType safety (no payload type error)
Communication safety (no communication mismatch)
Progress (deadlock freedom)
Join progress (inclusion of joining participants)
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 6 / 20
![Page 16: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/16.jpg)
university-logo
Global Types
Global types follow standard Multiparty Session Type syntax, with the addition ofuniversal quantification and explicit parallel composition.
G ::= Global types| p→p′{li 〈~pi 〉〈Ui 〉.Gi}i∈I Labelled messages| ∀x : r \~p.G Universal quantification| G |G′ Parallel composition| G;G′ Sequential composition| µx.G Recursion| x Recursion variable| ε Inaction| end End
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 7 / 20
![Page 17: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/17.jpg)
university-logo
Publisher-Subscriber exampleA set of publishers repeatedly broadcast their messages to a set of subscribers.
sub
pub
Msg 22fffffffffffff //
''NNNNNNNNNNNNNN
##HHHHHHHHHHHHHHHH sub
...... ED__
BC ���
_ _ _ _ _ _ _ _oo
pub
77pppppppppppppp//
;;vvvvvvvvvvvvvvvv
Msg ,,XXXXXXXXXXXXX sub
sub@A_ _ _ _ _ _ _
GF���
__
Global type for Pub-SubWe write the global type using the universal quantifier for both the pub and the subroles. The global type is the following:
µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 8 / 20
![Page 18: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/18.jpg)
university-logo
Publisher-Subscriber exampleA set of publishers repeatedly broadcast their messages to a set of subscribers.
sub
pub
Msg 22fffffffffffff //
''NNNNNNNNNNNNNN
##HHHHHHHHHHHHHHHH sub
...... ED__
BC ���
_ _ _ _ _ _ _ _oo
pub
77pppppppppppppp//
;;vvvvvvvvvvvvvvvv
Msg ,,XXXXXXXXXXXXX sub
sub@A_ _ _ _ _ _ _
GF���
__
Global type for Pub-SubWe write the global type using the universal quantifier for both the pub and the subroles. The global type is the following:
µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 8 / 20
![Page 19: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/19.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =a[alice :pub](s).µX .(
s∀(y :sub).{s!〈y ,Msg〈m〉〉});XP0 = a〈G〉
Pbob =a[bob :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
Pcarol =a[carol :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN] [JOIN] [POLL] [POLL] [SEND] [RECV] [JOIN] [POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 20: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/20.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =a[alice :pub](s).µX .(
s∀(y :sub).{s!〈y ,Msg〈m〉〉});X(ν s)(a〈s〉[∅] | s :ε)
Pbob =a[bob :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
Pcarol =a[carol :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT]
[JOIN] [JOIN] [POLL] [POLL] [SEND] [RECV] [JOIN] [POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 21: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/21.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =s∀(y :sub).{
s!〈y ,Msg〈m〉〉}); µX ...
(ν s)(a〈s〉[pub :{alice}] |s :ε)
Pbob =a[bob :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
Pcarol =a[carol :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN]
[JOIN] [POLL] [POLL] [SEND] [RECV] [JOIN] [POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 22: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/22.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =s∀(y :sub).{
s!〈y ,Msg〈m〉〉}); µX ...
(ν s)(a〈s〉[pub :{alice},sub :{bob}] |s :ε)
Pbob =s∀(x :pub).{
s?〈x ,Msg(w)〉}); µX ...
Pcarol =a[carol :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN] [JOIN]
[POLL] [POLL] [SEND] [RECV] [JOIN] [POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 23: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/23.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =s∀(y :sub).{
s!〈y ,Msg〈m〉〉}); µX ...
(ν s)(a〈s〉[pub :{alice},sub :{bob}] |s :ε)
Pbob =s?〈alice,Msg(w)〉; µX ...
Pcarol =a[carol :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN] [JOIN] [POLL]
[POLL] [SEND] [RECV] [JOIN] [POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 24: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/24.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =s!〈bob,Msg〈m〉〉; µX ...
(ν s)(a〈s〉[pub :{alice},sub :{bob}] |s :ε)
Pbob =s?〈alice,Msg(w)〉; µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
Pcarol =a[carol :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN] [JOIN] [POLL] [POLL]
[SEND] [RECV] [JOIN] [POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 25: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/25.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =µX .(
s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
(ν s)(a〈s〉[pub :{alice},sub :{bob}] |s :〈alice,bob,Msg〈m〉〉)
Pbob =s?〈alice,Msg(w)〉; µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
Pcarol =a[carol :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN] [JOIN] [POLL] [POLL] [SEND]
[RECV] [JOIN] [POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 26: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/26.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =µX .(
s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
(ν s)(a〈s〉[pub :{alice},sub :{bob}] |s :ε)
Pbob =µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
Pcarol =a[carol :sub](s).µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN] [JOIN] [POLL] [POLL] [SEND] [RECV]
[JOIN] [POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 27: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/27.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =µX .(
s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
(ν s)(a〈s〉[pub :{alice},sub :{bob,carol}] |s :ε)
Pbob =µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
Pcarol =µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN] [JOIN] [POLL] [POLL] [SEND] [RECV] [JOIN]
[POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 28: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/28.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =(s!〈bob,Msg〈m〉〉 |
s!〈carol,Msg〈m〉〉); µX ...
(ν s)(a〈s〉[pub :{alice},sub :{bob,carol}] |s :ε)
Pbob =µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
Pcarol =µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN] [JOIN] [POLL] [POLL] [SEND] [RECV] [JOIN] [POLL]
... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 29: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/29.jpg)
university-logo
Processes and operational semantics by example
Processes for Pub-SubG = µx.(∀x :pub.∀y :sub.x→y〈Msg〉);x
P0 = a〈G〉P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});X
P(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Palice =(s!〈bob,Msg〈m〉〉 |
s!〈carol,Msg〈m〉〉); µX ...
(ν s)(a〈s〉[pub :{alice},sub :{bob,carol}] |s :ε)
Pbob =µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
Pcarol =µX .(
s∀(x :pub).{s?〈x ,Msg(w)〉});X
[INIT] [JOIN] [JOIN] [POLL] [POLL] [SEND] [RECV] [JOIN] [POLL] ... [SEND] [SEND] [POLL] [RECV] ...
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 9 / 20
![Page 30: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/30.jpg)
university-logo
Another example: peer-to-peer chatAt every step, each client sends a message to every other client.
G =µx.(∀x :client.∀y :client\x .{x→y Msg〈string〉});x
client //
$$IIIIIIIIIIIIIII
Msg
��
clientMsgoo
zzuuuuuuuuuuuuuuu
��client //
::uuuuuuuuuuuuuuu
OO
clientMsgoo
ddIIIIIIIIIIIIIII
Msg
OO
Local TypeTclient(z)= µx.(∀y :client\z.{!〈y ,Msg〈string〉〉} |
∀x :client\z.{?〈x ,Msg〈string〉〉});x
How do we go from the global type to the local type?We need a projection algorithm that handles universal quantifiers.
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 10 / 20
![Page 31: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/31.jpg)
university-logo
Another example: peer-to-peer chatAt every step, each client sends a message to every other client.
G =µx.(∀x :client.∀y :client\x .{x→y Msg〈string〉});x
client //
$$IIIIIIIIIIIIIII
Msg
��
clientMsgoo
zzuuuuuuuuuuuuuuu
��client //
::uuuuuuuuuuuuuuu
OO
clientMsgoo
ddIIIIIIIIIIIIIII
Msg
OO
Local TypeTclient(z)= µx.(∀y :client\z.{!〈y ,Msg〈string〉〉} |
∀x :client\z.{?〈x ,Msg〈string〉〉});x
How do we go from the global type to the local type?We need a projection algorithm that handles universal quantifiers.
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 10 / 20
![Page 32: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/32.jpg)
university-logo
Projection: G ↑ z : r
The projection from a global type G to a participant z playing role r is written G ↑ z : r .
Intuition(∀x : r .G) ↑ pi : r
(G{p1/x} | ... | G{pi/x} | ... | G{pk/x}) ↑ pi : r(G{p1/x} ↑ pi : r) | ... | (G{pi/x} ↑ pi : r) | ... | (G{pk/x} ↑ pi : r)
(G{pi/x} ↑ pi : r) | ∀x : r \pi .(G ↑ pi : r)
Main rules(∀x : r \~p.G) ↑ z : r = G{z/x} ↑ z : r | ∀x : r \z ::~p.(G ↑ z : r) (z 6∈~p)
(∀x : r \~p.G) ↑ z : r = ∀x : r \~p.(G ↑ z : r) (z∈~p)
(∀x : r ′ \~p.G) ↑ z : r = ∀x : r \~p.(G ↑ z : r) (otherwise)
The other projection rules are standard.
Ref.: [Yoshida,Denielou,Bejleri,Hu,FOSSACS’10]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 11 / 20
![Page 33: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/33.jpg)
university-logo
Projection: G ↑ z : r
The projection from a global type G to a participant z playing role r is written G ↑ z : r .
Intuition(∀x : r .G) ↑ pi : r
(G{p1/x} | ... | G{pi/x} | ... | G{pk/x}) ↑ pi : r(G{p1/x} ↑ pi : r) | ... | (G{pi/x} ↑ pi : r) | ... | (G{pk/x} ↑ pi : r)
(G{pi/x} ↑ pi : r) | ∀x : r \pi .(G ↑ pi : r)
Main rules(∀x : r \~p.G) ↑ z : r = G{z/x} ↑ z : r | ∀x : r \z ::~p.(G ↑ z : r) (z 6∈~p)
(∀x : r \~p.G) ↑ z : r = ∀x : r \~p.(G ↑ z : r) (z∈~p)
(∀x : r ′ \~p.G) ↑ z : r = ∀x : r \~p.(G ↑ z : r) (otherwise)
The other projection rules are standard.
Ref.: [Yoshida,Denielou,Bejleri,Hu,FOSSACS’10]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 11 / 20
![Page 34: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/34.jpg)
university-logo
Typing system: Γ ` P . ∆
We show only a selection of rules.(Γ is the environment, P a process, ∆ a session type)
Γ ` u :〈G〉 Γ ` P . ∆,y :G ↑ pΓ ` u[p](y).P . ∆
[JOIN]Γ ` P . ∆,c :end
Γ ` quit〈c〉;P . ∆,c :end[LEAVE]
Γ,x : r ` P . c :T Γ `~pΓ ` c∀(x : r \~p).{P} . c :∀x : r \~p.T
[POLLING]
Theorem (Type safety)Suppose Γ ` P . ∆. For any P ′ such that P −→∗ P ′, P ′ has no type error.
Theorem (Type Safety)G = alice→bob Msg〈nat〉
alice = s!〈bob,Msg“apple”〉 s!〈bob,Msg(string)〉bob = s?〈alice,Msg(y)〉 s?〈alice,Msg(nat)〉
×
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 12 / 20
![Page 35: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/35.jpg)
university-logo
Limitations of the system seen so far ...
The semantics and type system presented so far are not constrained enough ...
Leaving a sessionThe typing rule [LEAVE] only allows a participant to leave when its local type is end. Itmeans that if G is of the form µx.G0;x;end, no one can leave ...
µx.∀x :client.∀y :client\x .{x→y Msg〈string〉};x;end
Polling consistency for communication safetya[z :client](s).µX .(s∀(y :client\z).{s!〈y ,Msg〈m〉〉}
| s∀(x :client\z).{s?〈x ,Msg(w)〉});X
All local polling operations should give the same list, otherwise messages areunexpected or absent.
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 13 / 20
![Page 36: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/36.jpg)
university-logo
Multiparty locking
We need to temporarily block late participants from joining in the middle of a sessionexecution in order to prevent any interference with polling: we introduce a lockingmechanism written lock{G}.
G = µx.lock{∀x :client.∀y :client\x .{x→y Msg〈string〉}};x;end
It translates locally into two operations of lock and unlock.
Semantics
a[R,Λ]
[ LOCK]
&&MMMMMMMMMMM
[ JOIN,QUIT]
��
a•[R,Λ]
[ POLL,SEND,RECV]��
[ UNLOCK]
LL
[ UNLOCK]88qqqqqqqqqqq
a◦[R,Λ]
[ JOIN,QUIT]��
[ LOCK]
RR[ LOCK]oo
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 14 / 20
![Page 37: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/37.jpg)
university-logo
Locking
Typing locks
G ::= ... | lock{G} T ::= ... | lock | unlockWell-locked global types are of the form lock{G0};end.Persistently well-locked global types are of the form µx.lock{G0};x;end
lock{G} ↑ z : r = lock; (G ↑ z : r);unlock
Typing ensures that locks are in the right positions to avoid deadlocks.Participants can safely leave a session instead of locking.
Single iteration chat client
G = µx.lock{∀x :client.∀y :client\x .{x→y Msg〈string〉}};x;end
Pclient(p) = a[p :client](s).slock; (s∀(y :client\z).{s!〈y ,Msg〈m〉〉} |s∀(x :client\z).{s?〈x ,Msg(w)〉});sunlock;
quit〈s〉
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 15 / 20
![Page 38: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/38.jpg)
university-logo
Theorems
Theorem (Type safety)Suppose Γ ` P . ∆. For any P ′ such that P −→∗ P ′, P ′
has no type error.
∀x : r .G
Theorem (Communication Safety)Every sent message is expected by a receiver. Everyreceiver will receive a message.
Theorem (Progress)Well-locked and well-typed processes do not reach adeadlock state.
lock{G}
µx.lock{G};x
Theorem (Join progress)Persistantly well-locked and well-typed processes canprogress and integrate new joiners.
µx.lock{G};x
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 16 / 20
![Page 39: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/39.jpg)
university-logo
Implementation
An extension to OCaml: addition of session declarations.The compiler generates from the global type a taylored runtimeThe runtime deals with transport (UDP, TCP, AMQP) and registryProgrammers can use a continuation-based programming interfaceType safety comes from the Ocaml type system.Communication safety, progress and join progress are ensured by theruntime.
DemoDon’t hesitate to ask for one ;-).
Ref.: [Corin,Denielou,TGC’07][Barghavan,Corin,Denielou,Fournet,Leifer,CSF’09]
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 17 / 20
![Page 40: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/40.jpg)
university-logo
Extension (work in progress) to dynamic topologiesMany situations are still outside of the scope of dynamic multirole session types.
Line topology
client // client // client // · · · // client
We equip roles with topologies, ie relations between participantsWe introduce new quantifiers for global and local types:
foreach(x < y : r){G} follows sequentially the topology;
The protocol defined above is: foreach(x < y :client){x→y〈Msg〉}.Projection to z gives: ∀(x :pred(z)){?〈x ,Msg〉};∀(y :succ(z)){!〈y ,Msg〉}
pareach(x < y : r){G} executes all edges concurrently.
Topologies are externalAbsent from the global types, local types, processes.
Consequently, type checking is as easy as in DMST, yet all the strong safety propertiesstill hold!
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 18 / 20
![Page 41: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/41.jpg)
university-logo
Conclusion and future work
Dynamic multirole session typesA notion of roles to abstract dynamic sets of participants
A new universal quantification ∀x : r .G to ease programming and typing
Statically enforced strong type, communication safety and progressguarantees
Ongoing workIntegration to a programming language with more distributed implementations.
Give a structured topology to roles: participants form more than just sets
Security and runtime-enforcement
Collaborations with industry partners (see next slide ...)
http://www.doc.ic.ac.uk/˜malo/dynamic/
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 19 / 20
![Page 42: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/42.jpg)
university-logo
Industrial collaboration
Ocean Observatory InitiativeBuilding a self-governing cyberinfrastructurefor oceanography observation.
Savara, JBoss, RedHat
RabbitMQ, VMware
Scribble language
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 20 / 20
![Page 43: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/43.jpg)
university-logo
Appendix
1 Existential2 Definition of processes3 Operational semantics4 Auction example5 Well-formedness conditions6 Locked semantics
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 1 / 7
![Page 44: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/44.jpg)
university-logo
Existential quantification?
Ok, let’s add it:
G ::= ... | ∃x : r .G | ...
Who chooses?
G′ = ∀x :client.{∃y :server.x→y〈Msg〉}Potentially, a server y can be chosen by every client x or by none: for communicationsafety, every server needs to know for every client if he was chosen.
If the registry chooses, it becomes a special case of role topology or of the notion ofsubroles. The question of how to specify how the participant is chosen is still open.
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 2 / 7
![Page 45: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/45.jpg)
university-logo
Definition of processes
P ::= Processes| a〈G〉 Session Init| a[p](s).P Join| quit〈s〉 Quit| s!〈p, l〈~p〉(e)〉 Send| s?〈p,{li 〈~pi 〉(xi ).Pi}i∈I〉 Receive| s∀(x : r \~p).{P} Poll| P | P Parallel| P;P Sequential
| if e then P else P Conditional| µX .P | X | 0 Recursion| (ν a :G)P Restriction| (ν s)P Session restriction| s :h Message buffer| a〈s〉[R] Session registry
Processes for Pub-SubP0 = a〈G〉
P(z :pub,m) = a[z :pub](s).µX .(s∀(y :sub).{s!〈y ,Msg〈m〉〉});XP(z :sub) = a[z :sub](s).µX .(s∀(x :pub).{s?〈x ,Msg(w)〉});X
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 3 / 7
![Page 46: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/46.jpg)
university-logo
Operational semantics
a〈s〉[R] keeps the current list of participants in R.
a〈G〉 −→ (ν s)(a〈s〉[R] | s :ε) (∀ri ∈G,R(ri ) = ∅)b INITc
a[p : r ](y).P | a〈s〉[R · r :P] −→ P{s[p : r ]/y} | a〈s〉[R · r :P]{p}] bJOINc
quit〈s[p : r ]〉 | a〈s〉[R · r :P] −→ a〈s〉[R · r :P\p] bQUITc
s[p : r ]!〈p′ : r ′, l〈~p〉〈v〉〉 | a〈s〉[R] | s :h −→ a〈s〉[R] | s :h · (p : r , p′ : r ′, l〈~p〉〈v〉)(p∈R(r)∧p′∈R(r ′)) bSENDc
s[p : r ]?〈p′ : r ′,{li 〈~pi 〉(xi ).Pi}i∈I〉 | a〈s〉[R]
| s : (p′ : r ′, p : r , lk 〈~pk 〉〈v〉) ·h −→ Pk{v/xk} | a〈s〉[R] | s :h(p∈R(r)∧k ∈ I) bRECVc
s[p : r ′]∀(x : r \~p).{P} | a〈s〉[R] −→ P{p1/x} | ... | P{pk/x} | a〈s〉[R]
(R(r)\~p = {p1, ..,pk}∧p∈R(r ′)) bPOLLc
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 4 / 7
![Page 47: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/47.jpg)
university-logo
Auction example, disambiguation of parallel branches
A single broker forms pairs of buyers and sellers.
aliceNotify //______
Stop##GGGGGGGGGGGGGGG bob Price // alice Order // bob
broker
Match〈bob〉Quit〈ben〉
55jjjjjj
55jjjjjjjjjjj//Quit〈bob〉 //______
Match〈ben〉
))TTTTTTTTTTT
Quit〈bob〉Quit〈ben〉 ))TTTTTTTTTTT alex
Notify ))SSSSSS
Stop55kkkkkkkkkkk
alanStop
//
Stop
;;wwwwwwwwwwwwwwwben Price // alex Order // ben
Global type for Auction
G =∀x :buyer.∀y :seller.broker→x{Match〈y〉.x→y〈Notify〉.y→x〈Price〉.x→y〈Order〉,Quit〈y〉. x→y 〈Stop〉};end
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 5 / 7
![Page 48: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/48.jpg)
university-logo
Well-formedness
Syntax correctness
× G1 = µx.(server→client〈Msg〉;x | server→broker〈Notify〉;x)√G2 = µx.(server→client〈Msg〉 | server→broker〈Notify〉);x√G3 = µx.server→client〈Msg〉;x | µy.server→broker〈Notify〉;y
Projectability (projection always returns)
× G4 = broker→buyer{Notify.buyer→seller〈Msg〉;seller→buyer〈Pay〉,Quit.buyer→seller〈Msg〉}√
G5 = broker→buyer{Notify.buyer→seller〈Price〉;seller→buyer〈Pay〉,Quit.buyer→seller〈Stop〉}
Linearity (no possible confusion between parallel branches)
× G6 = ∀x :buyer.∀y :seller.{broker→x〈Msg〉.x→y〈Notify〉}√G7 = ∀x :buyer.∀y :seller.{broker→x〈Msg〈y〉〉.x→y〈Notify〉}
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 6 / 7
![Page 49: Dynamic Multirole Session Types](https://reader034.fdocuments.us/reader034/viewer/2022042619/589d777b1a28ab174a8b931f/html5/thumbnails/49.jpg)
university-logo
Locked semantics
Syntax and semanticsP ::= ... | c lock | c unlock | a◦[R,Λ] | a•[R,Λ]
Λ ::= ∅ | Λ∪{p : r}
s[p : r ]lock | a〈s〉[R] −→ a◦〈s〉[R,{p : r}] bLOCKc
s[p : r ]lock | a◦〈s〉[R,Λ] −→{
a◦〈s〉[R,Λ]{p : r}]a•〈s〉[R,Λ]{p : r}]
(R 6≈ Λ]{p : r})(R≈ Λ]{p : r})
bUPcbTOPc
s[p : r ]unlock | a•〈s〉[R,Λ]{p : r}] −→{
a•〈s〉[R,Λ]a〈s〉[R]
(Λ 6= ∅)(Λ = ∅)
bDOWNcbUNLOCKc
s[p : r ]!〈p′ : r ′, l〈~p〉〈v〉〉 | a•〈s〉[R,Λ] | s :h −→ a•〈s〉[R,Λ] | s :h · (p : r , p′ : r ′, l〈~p〉〈v〉). . . bSENDc
Denielou, Yoshida (Imperial) Dynamic Multirole Session Types Dublin Concurrency Workshop 7 / 7