Parameterized Concurrent Multi-Party Session Types

Session types have been proposed as a means of statically verifying implementations of communication protocols. Although prior work has been successful in verifying some classes of protocols, it does not cope well with parameterized, multi-actor scenarios with inherent asynchrony. For example, the sliding window protocol is inexpressible in previously proposed session type systems. This paper describes System-A, a new typing language which overcomes many of the expressiveness limitations of prior work. System-A explicitly supports asynchrony and parallelism, as well as multiple forms of parameterization. We define System-A and show how it can be used for the static verification of a large class of asynchronous communication protocols.Comment: In Proceedings FOCLASA 2012, arXiv:1208.432

Softly safely spoken: Role playing for Session Types

Session types have made much progress at permitting programs be statically verified concordant with a specified protocol. However, it is difficult to build abstractions of, or encapsulate Session types, thus limiting their flexibility. Global session types add further constraints to communication, by permitting the order of exchanges amongst many participants to be specified. The cost is that the number of participants is statically fixed. We introduce Roles in which, similarly to global session types, the number of roles and the conversations involving roles are statically known, but participants can dynamically join and leave roles and the number of participants within a role is not statically known. Statically defined roles which conform to a specified conversation can be dynamically instantiated, participants can be members of multiple roles simultaneously and can participate in multiple conversations concurrently

Parameterised Multiparty Session Types

For many application-level distributed protocols and parallel algorithms, the set of participants, the number of messages or the interaction structure are only known at run-time. This paper proposes a dependent type theory for multiparty sessions which can statically guarantee type-safe, deadlock-free multiparty interactions among processes whose specifications are parameterised by indices. We use the primitive recursion operator from G\"odel's System T to express a wide range of communication patterns while keeping type checking decidable. To type individual distributed processes, a parameterised global type is projected onto a generic generator which represents a class of all possible end-point types. We prove the termination of the type-checking algorithm in the full system with both multiparty session types and recursive types. We illustrate our type theory through non-trivial programming and verification examples taken from parallel algorithms and Web services usecases.Comment: LMCS 201

Partial and Complete Processes in Multiparty Sessions

AbstractMultiparty sessions describe the interactions among multiple agents in a distributed environment and require essentially two steps: the specification of the communication protocols and the implementation of such protocols as processes. Multiparty session types address this methodology: global and session types provide the communication protocols, whereas the processes describe the behaviour of the peers involved in the sessions. Because of the close relationships between types and processes, some information, such as the names of senders and receivers, are replicated both in types and in processes. In multiparty conversations it is quite natural that participants with essentially the same role are implemented by processes that follow the same pattern, differing only in the senders and receivers of communication actions. In order to allow for a lighter and less rigid development of processes, we propose a translation tool which allows one to write processes in a simplified syntax, called partial syntax, where the names of senders/receivers for input/output operations are omitted. By adding the missing information, partial processes can be automatically translated in complete processes, for which an operational semantics is defined. The partial syntax, in particular, allows one to use the same process template to implement similar participants. In this paper we present a translation and type checking algorithm from partial to complete processes, which, if successful, also assures that the target processes are well typed. The algorithm is synthesised from a rule-based description of the translation in natural semantics and it is proved sound and complete with respect to the translation rules

Modular session types for objects

Session types allow communication protocols to be specified type-theoretically so that protocol implementations can be verified by static type checking. We extend previous work on session types for distributed object-oriented languages in three ways. (1) We attach a session type to a class definition, to specify the possible sequences of method calls. (2) We allow a session type (protocol) implementation to be modularized, i.e. partitioned into separately-callable methods. (3) We treat session-typed communication channels as objects, integrating their session types with the session types of classes. The result is an elegant unification of communication channels and their session types, distributed object-oriented programming, and a form of typestate supporting non-uniform objects, i.e. objects that dynamically change the set of available methods. We define syntax, operational se-mantics, a sound type system, and a sound and complete type checking algorithm for a small distributed class-based object-oriented language with structural subtyping. Static typing guarantees that both sequences of messages on channels, and sequences of method calls on objects, conform to type-theoretic specifications, thus ensuring type-safety. The language includes expected features of session types, such as delegation, and expected features of object-oriented programming, such as encapsulation of local state.Comment: Logical Methods in Computer Science (LMCS), International Federation for Computational Logic, 201

Reasoning about Concurrency for Security Tunnels

There has been excellent progress on languages for rigorously describing key exchange protocols and techniques for proving that the network security tunnels they establish preserve confidentiality and integrity. New problems arise in describing and analyzing establishment protocols and tunnels when they are used as building blocks to achieve high-level security goals for network administrative domains. We introduce a language called the tunnel calculus and associated analysis techniques that can address functional problems arising in the concurrent establishment of tunnels. In particular, we use the tunnel calculus to explain and resolve cases where interleavings of establishment messages can lead to deadlock. Deadlock can be avoided by making unwelcome security compromises, but we prove that it can be eliminated systematically without such compromises using a concept of session to relate tunnels. Our main results are noninterference and progress theorems familiar to the concurrency community, but not previously applied to tunnel establishment protocols

Synchronous Multiparty Session Types

AbstractSynchronous communication is useful to model multiparty sessions where control for timing events and strong sequentially order of messages are essential to the problem specification. This paper continues the work on multiparty session types initiated by Honda et al. [Honda, K., N. Yoshida and M. Carbone, Multiparty asynchronous session types, in: G. C. Necula and P. Wadler, editors, POPL (2008), pp. 273–284] for synchronous communications. It provides a more relaxed syntax of the calculus, multicasting, higher-order communication via multipolarity labels and a clear definition of delegation in global types. The linearity property defines when a channel can be used in two different communications without creating a race condition and the type system checks if all the processes of a session implement the communication behavior specified in the global type. The type system of the calculus is proved to be sound with respect to the operational semantics and coherent with respect to the global types