MobilityReadingGroup

This work exploits the logical foundation of session types to determine what kind of type discipline for the π-calculus can exactly capture, and is captured by, λ-calculus behaviours. Leveraging the proof theoretic content of the soundness and completeness of sequent calculus and natural deduction presentations of linear logic, we develop the first mutually inverse and fully abstract processes-as-functions and functions-as-processes encodings between a polymorphic session π-calculus and a linear formulation of System F. We are then able to derive results of the session calculus from the theory of the λ-calculus: (1) we obtain a characterisation of inductive and coinductive session types via their algebraic representations in System F; and (2) we extend our results to account for value and process passing, entailing strong normalisation.

The hiding operation, crucial in the construction of categories of games and strategies and hence the compositional aspect of game semantics, has a tendency, as a side effect, to remove branches of computation not leading to observable results. Accordingly, games models of programming languages are usually biased towards angelic non-determinism, where branches leading to e.g. divergence are forgotten. We present here new categories of games, which do not suffer from this bias. In our first category, we achieve this by avoiding hiding altogether; instead morphisms are uncovered strategies (with neutral/invisible events) up to weak bisimulation. Then, we show that by hiding only certain events dubbed inessential we can consider strategies up to isomorphism, and still get a category – this partial hiding remains sound up to weak bisimulation, so we get a concrete representations of morphisms (as in standard concurrent games) while avoiding the angelic bias. We give a semantics for Affine Idealized Parallel Algol which is adequate for both may and must equivalence within the model

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

This is joint work with Julien Lange and Bernardo Toninho

We first talk about a summary of recent activities in Mobility Session Type Group in Imperial College London. Then we talk about the main technical topic.

Event structures have been used for modelling forward-only process calculi. We define (categories of) reversible variants of prime, asymmetric, bundle, extended bundle, and general event structures for the purpose of using one of these variants to define truly concurrent semantics of reversible process calculi. We use the causal subcategory of reversible bundle event structures to define semantics of, CCSK, a reversible variant of CCS. We also expand CCSK to control the reversibility using a rollback primitive, which reverses a specific action and all actions caused by it. To define the event structure semantics of rollback, we use extended bundle event structures, which add asymmetric conflict to bundle event structures, and use their capacity for non-causal reversibility.

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

This is joint work with Julien Lange (Kent), Bernardo Toninho (Imperial) and Nicholas Ng (Imperial).

In this talk, we first outline recent activities in our mobility group in Department of Computing, Imperial College London.

Then we talk about the following work on Linear Logic and Session Types.

Linear logic has long been heralded as a potential model for concurrency: from Girard’s original paper, to Abramsky’s computational interpretation, reiterated by Bellin and Scott. More recently, an interpretation for intuitionistic linear logic has been given by Caires and Pfenning where propositions are viewed as session types - a well established typing discipline for concurrency - proofs as processes and proof reduction as inter-process communication.

In this talk we will detail how several generalisations and extensions of this interpretation arguably form a basis for a logical foundation that captures several interesting features of message-passing concurrent computation. Specifically, we will detail how the basic interpretation can be extended to richer typed settings such as polymorphism and dependent type theories and how to account for a meaningful notion of typed process equivalence that gives meaning to both proof conversions and type isomorphisms.

In this talk, we introduce a new game semantics framework for concurrency based on event structures, extending the work of Rideau and Winskel. In this framework, we can extend the notions of innocence and well-bracketing to the concurrent (and non-deterministic) case, generalizing the so-called “Abramsky cube”.

This talk focuses on the deterministic case. I will first introduce the concurrent strategies and their composition, in the existing linear setting. I will then present our extension to nonlinearity using copy indices and symmetry to represent uniformity. I will then present our notions of concurrent innocence & well-bracketing, to finish on our result of intensional full abstraction for PCF. Time permitting, I will discuss extensions of this result to non-angelic nondeterminism and probabilities.

In this talk, I will present methods and mathematical tools to give operational, yet compositional, causal models of programming languages, using Winskel’s event structures. We first illustrate the methodology on a first-order concurrent programming language, in the setting of weak memory models where causal models turn out to be handy to understand cleanly reorderings operated by the hardware.

We then turn to higher-order languages, such as the π-calculus and the λ-calculus. We show how name binding can be elegantly expressed in the semantics by means of game semantics. Types, seen as protocols, become games, and (open) programs become strategies. From there, we can build a cartesian-closed category that supports interpretation of higher-order concurrent and nondeterministic computations. We show we can support interpretations sound and adequate for to may, must and fair convergences, using essential events (unobservable events keeping track of nondeterministic choices).

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

I will give a brief overview of the Scala programming language, highlighting some similarities and differences with respect to Java and Haskell. I will also mention how the Mobility Reading Group at Imperial College London uses Scala for its research on type-safe concurrent and distributed applications

We give a summary of our recent research developments on multiparty session types for verifying distributed, parallel and concurrent programs, and our collaborations with industry partners. We shall first talk how the session types were discovered from the theory of the pi-calculus by Kohei Honda, and how we started collaborations with industry to develop a protocol description language called Scribble. We then talk about the recent developments in Scribble, the network protocol verifications with demos.

Since the year 2000, Mario and Mariangiola’s research has been devoted to the study of session types for ensuring safety and liveness of communication protocols. Mariangiola first proposed a formalisation of Java with session types and later it was extended to asynchronous communications with Mario, which was later applied to the design and implementation of Session Java (SJ). These contributions initiated a flurry of research activity aiming at applying session types to many real-world programming languages. Mariangiola first studied a theory of progress in the session types for the pi-calculus, whose core theory was later extended with Mario to multiparty session types. This formalism became the core of the current version of an open-source protocol description language, Scribble, which is developed at Red Hat and Imperial. The Scribble language is used in the multi-million-USD Ocean Observatory Initiative project. I will talk about how their elegant works give the practical impacts to communication-intensive programming frameworks.

Concurrent programming is difficult. This talk is about applying programming languages & concurrency research, specifically behavioural types as an abstraction, to verify concurrent Go programs. The talk covers what behavioural types are and how they can be used to reason in Go’s concurrency model.

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

This is joint work with Julien Lange, Bernardo Toninho, and Nobuko Yoshida.

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

This is joint work with Julien Lange, Bernardo Toninho, and Nobuko Yoshida.

Designing, developing and maintaining concurrent applications is an error-prone and time-consuming task; most difficulties arise because compilers are usually unable to check whether the inputs/outputs performed by a program at runtime will adhere to a given protocol specification. To address this problem, we leverage the native features of the Scala programming language, type system and standard library, to introduce (1) a representation of protocols (session types) as Scala types, and (2) a library, called lchannels, with a convenient API for type-safe protocol-based programming, supporting local and distributed communication.

Graphical choreographies, or global graphs, are general multiparty session specifications featuring expressive constructs such as forking, merging, and joining for representing application-level protocols. Global graphs can be directly translated into modelling notations such as BPMN and UML. In the first part of the talk, I will first present an algorithm whereby a global graph can be constructed from asynchronous interactions represented by communicating finite-state machines (CFSMs); and a sound characterisation of a subset of safe CFSMs from which global graphs can be constructed. In the second part, I will outline a few recent applications of this work to communicating timed automata and the

In this talk, we first outline recent activities in our mobility group in Department of Computing, Imperial College London. Then we talk about the following work on protocols and Scala.

Designing, developing and maintaining concurrent applications is an error-prone and time-consuming task; most difficulties arise because compilers are usually unable to check whether the inputs/outputs performed by a program at runtime will adhere to a given protocol specification. To address this problem, we leverage the native features of the Scala programming language, type system and standard library, to introduce (1) a representation of protocols (session types) as Scala types, and (2) a library, called lchannels, with a convenient API for type-safe protocol-based programming, supporting local and distributed communication.

During the talk, we will briefly illustrate the theoretical basis of our approach (starting from the representation of protocols as session types), provide a quick introduction to Scala, and show a demo of the lchannels library.

In this talk, first we summarise the recent activities on session types in Imperial College London http://mrg.doc.ic.ac.uk/.

Then we talk about a new recovery strategy in Erlang based on Multiparty session types, which was presented in 26th ACM International Conference on Compiler Construction (CC'17).

Fault-tolerant communication systems rely on recovery strategies which are often error-prone (e.g. a programmer manually specifies recovery strategies) or inefficient (e.g. the whole system is restarted from the beginning). In this talk, we will present an algorithm to efficiently compute a safe global state from which a system of interacting processes should be recovered. We statically analyse the communication flow of a program, given as a multiparty protocol, to extract the causal dependencies between processes and to localise failures. We formalise our recovery algorithm and prove its safety. A recovered communication system is free from deadlocks, orphan messages and reception errors. Our recovery algorithm incurs less communication cost (only affected processes are notified) and overall execution time (only required states are repeated). On top of our analysis, we design and implement a runtime framework in Erlang where failed processes and their dependencies are soundly restarted from a computed safe state. We evaluate our recovery framework on message-passing benchmarks and a use case for crawling web pages. The experimental results indicate our framework outperforms a built-in static recovery strategy in Erlang when a part obstract goes here.

Session types is a well-established typing discipline for message passing concurrency, originally developed in the pi-calculus and later studied in functional and object-oriented settings. The first part of this talk is a tutorial on session types and its connections to linear logic. A recent interpretation of propositions as session types for intuitionistic linear logic has been given by Caires and Pfenning, viewing proofs as processes and proof reduction as inter-process communication. We discuss how several generalisations and extensions of this interpretation arguably form a basis for a logical foundation that captures several interesting features of message-passing concurrent computation. Specifically, we will detail how the basic interpretation can be extended to richer typed settings such as polymorphism and dependent type theories, and how to account for a notion of typed process equivalence that gives meaning to both proof conversions and type isomorphisms. We will then briefly introduce the key concepts and intuitions behind multiparty session types (MPST).

The second part of this talk will demonstrate Scribble, a toolchain based on MPST, and applications in Java by using MPST to generate protocol-specific APIs for implementing distributed endpoints. This practical approach builds on the linear understanding of session types as a hybrid form of session safety: the interaction structure of an endpoint is captured via static Java typing, complemented by lightweight run-time checks on linear usage of channels. Examples include Scribble specifications and Java implementations of interoperable clients/servers for standard protocols such as HTTP and SMTP, and Web service choreographies. Finally, we demonstrate a recent extension of MPST with explicit connection actions, that allow sessions with dynamic and optional participants.

In this talk, first we summarise the recent activities on session types in Imperial College London http://mrg.doc.ic.ac.uk/.

Then we talk about a new recovery strategy in Erlang based on Multiparty session types, which was presented in 26th ACM International Conference on Compiler Construction (CC'17).

Fault-tolerant communication systems rely on recovery strategies which are often error-prone (e.g. a programmer manually specifies recovery strategies) or inefficient (e.g. the whole system is restarted from the beginning). In this talk, we will present an algorithm to efficiently compute a safe global state from which a system of interacting processes should be recovered. We statically analyse the communication flow of a program, given as a multiparty protocol, to extract the causal dependencies between processes and to localise failures. We formalise our recovery algorithm and prove its safety. A recovered communication system is free from deadlocks, orphan messages and reception errors. Our recovery algorithm incurs less communication cost (only affected processes are notified) and overall execution time (only required states are repeated). On top of our analysis, we design and implement a runtime framework in Erlang where failed processes and their dependencies are soundly restarted from a computed safe state. We evaluate our recovery framework on message-passing benchmarks and a use case for crawling web pages. The experimental results indicate our framework outperforms a built-in static recovery strategy in Erlang when a part of the protocol can be safely recovered.