The new Actor representation in Akka Typed allows formulations that lend themselves to monadic interpretation or introspection. This leads us to explore possibilities for expressing and verifying dynamic properties like the adherence to a communication protocol between multiple agents as well as the safety properties of that protocol on a global level. Academic research in this area is far from complete, but there are interesting initial results that we explore in this session: precisely how much purity and reasoning can we bring to the distributed world?
3. Which problem are we trying to solve?
• reasoning about distributed programs is hard
• finding the flaws is large systems is hard
• we need better tools to
• help us design the interaction of distributed components
• help us implement said components
3
5. Definition
• Session: aunitofconversation
• Session Type: thestructureofaconversation,
a sequence of interactions in a communication-centric
program model
• originally only binary sessions, multiparty sessions
introduced 2008 by Kohei Honda
• primitives are
sending,receiving,sequence,choice,recursion
• http://groups.inf.ed.ac.uk/abcd/index.html
5
6. Scribble
• commonly used language for defining protocols
• defines the global protocol for all participants
• verifies the safety of the global protocol
• local projection for a single participant preserves safety
• automatic generation of FSA for local runtime validation
• type discipline for local processes requires support
for expressing linearity from the host language
• where that is unavailable use dynamic validation
6
7. An Example
• global protocol (a asks b to calculate «x/y»):
a→b: ⟨number⟩ . a→b: ⟨number⟩ .
b→a: { ok: b→a: ⟨number⟩ . end, fail: end }
• local projection for a:
[b]!⟨number⟩ . [b]!⟨number⟩ .
[b]?{ ok: [b]?⟨number⟩ . end, fail: end }
• local projection for b:
[a]?⟨number⟩ . [a]?⟨number⟩ .
[a]!{ ok: [a]!⟨number⟩ . end, fail: end }
7
8. Report from the ABCD group meeting
Glasgow, Sep 16 & 17, 2015
(in random order)
9. Talks I didn’t quite understand
• Ornela Dharda: Comparing deadlock free session typed
processes
• showing equivalence of different encodings in π-calculus
• Garrett Morris: Substructural types with class
• how to encode linearity in Haskell
• Dimitris Kouzapas: Characteristic bisimulation for
higher-order session types and Mungo: typechecking
protocols
• lots of typing rules and derivations
9
10. Julian Lange: Meeting Deadlines Together
• based on Communicating Timed Automata
• the idea is to enrich protocol descriptions with
timing information in order to allow reasoning
about whether a component can meet its SLA
• written in Haskell and using Z3 for constraint
solving, checking may take a long time (minutes)
10
11. Bernardo Toninho: Certifying data in
multiparty session types
• Be more precise about what is exchanged in the course of a protocol
• Primary tool is the use of singleton types / dependent types
• Singleton types are scoped to entities that have seen them, identical
values are not necessarily recognized as such without global
knowledge
• Projection of the global type needs to add all required local knowledge
(proofs) so that the recipient can make sense of the message
• Proofs may be compressible by using certificates or may even be
elided
• Erasure of proofs can be done within trusted systems, passing proofs
around allows separate compilation
11
12. Alceste Scalas: Towards type-safe sessions in
Scala
• encoding linear channels using Promise/Future
• abstracting over it using Channel type hierarchy
(Input, Output, End) with nice syntax sugar for
receiving and sending in a type-safe fashion,
including the handling of continuations
• distribution planned via Akka Typed actors
• multiple-use will raise exceptions, but cannot reject
non-use of a channel (i.e. omitting a required action)
12
13. Dominic Orchard: Session types for Cloud
Haskell
• local session types are projected to Haskell types
• graded monad: tracking effects of computation and defining a
combinator for how effects are composed:
(>>=) :: m s a -> (a -> m t b) -> m (Plus m s
t) b
• parameterized monad: i, j, k are pre/post-conditions
(>>=) :: m i j a -> (a -> m j k b) -> m i k b
• general idea is to track what a process does and then compare it to
what it should do
• horrible type errors due to user having to introduce fresh names
manually
13
14. Y.T.: Akka Typed—Opportunities for Session
Types
• lifting Actor behavior into a monadic representation
allows effect tracking
• either at runtime, within the interpreter for the monad
• or at compile-time, if graded monads are feasible
14
15. Simple Ticket Counter Example (Akka Typed)
15
case class Incr(replyTo: ActorRef[Count])
case class Count(n: Int)
def ticket(n: Int): ActorAction[Incr, Behavior[Incr]] =
for {
msg <- receive[Incr]
_ <- send(msg.replyTo, Count(n)).toActor
z <- ticket(n + 1)
} yield z
val counter = Action(ticket(0)) // Behavior[Incr]
val counterRef = ActorSystem("counter", Props(counter)) // ActorSystem[Incr]
16. How can we forget something?
16
trait Input
case class Intro(step1: ActorRef[Step1]) extends Input
case class Step1(replyTo: ActorRef[Step1Reply])
case class Step1Reply(step2: ActorRef[Step2]) extends Input
case class Step2()
def twoSteps: ActorAction[Input, Behavior[Input]] =
for {
Intro(step1) <- receive[Input]
self <- selfRef
_ <- send(step1, Step1(self)).toActor
Step1Reply(step2) <- receive[Input]
// what prevents usage of step1 here?
_ <- send(step2, Step2()).toActor
z <- twoSteps
} yield z
17. Roly Perera: Multiparty compatibility without
types
• the idea is that instead of projecting a global
protocol down to local ones we piece together local
sessions into a global protocol and check that one
• this saves the duplication in “implementing the
protocol in two languages”, but requires mocking
out participants for multi-team development
• can express certain types of recursion (if decidably
unfoldable)
17
18. Simon Fowler: Detecting and handling errors
in Monitored Session Erlang
• Multiparty Session Actors: actors fulfill roles that they declare
• Initiate a controller actor for a session
• Invite actors to fulfill roles
• Maintain mapping between roles and PIDs
• Message sends always go through monitor processes
• Encapsulating subsessions would be nice, in particular with
different reaction to success and failure, but this could be
problematic in the presence of network partitions.
• Inviting actors into subsessions is seen as very useful, both involving
internal as well as external participants. This is equivalent to
protocol refinement.
18
19. Florian Weber: POP3 with Scribble, StMungo
and Mungo
• Scribble formulation of the POP3 protocol
• StMungo translates local projection of that protocol
to Mungo (annotated Java) syntax
• Mungo aims at writing normal imperative code that
is annotated and verified instead of requiring the
use of a construct like graded monad or linear types
19
20. Dimitrios Kouzapas: ABCD use-case repository
• https://github.com/epsrc-abcd/session-types-use-
cases
• organization of collaboration so that new tools/
languages can be applied to existing use-cases for
validation and comparison to previous solutions
• this is a good place to start looking for examples when
trying to learn things—opening issues when things are
unclear is probably a good idea :-)
• additions of industry use-cases are welcome!
20
22. Summary
• Session types are demonstrably implementable
and applicable to real-world internet protocols
• The ABCD group is keen on practical validation of
the approach and industry feedback
• Largest barrier is deemed to be the expression of
linearity in host languages
22
23. My Largest Question: Compositionality
• Given an established Session Type, can we
formulate a set of rules or restriction for refining it
(adding to it) so that existing safety properties are
preserved?
23