MobilityReadingGroup

We first give an overview of recent research developments of our mobility group at Imperial College London.

Session types is a typing discipline for concurrent and distributed processes that allows errors such as communication mismatches and deadlocks to be detected statically. Refinement types are types elaborated by logical constraints that allow richer and finer-grained specification of application properties, combining types with logical formulae that may refer to program values and can constrain types using arbitrary predicates. Type providers, developed in F#, are compile-time components for on-demand code generation. Their architecture relies on an open-compiler, where provider-authors implement a small interface that allows them to inject new names/types into the programming context as the program is written.

In this talk, we will present a library that integrates aspects from the above fields to realise practical applications of multiparty refinement session types (MPST) for any .Net language. Our library supports the specification and validation of distributed message passing protocols based on a formulation of asynchronous MPST enriched with interaction refinements: a collection of features related to the refinement of protocols, such as message-type refinements (value constraints) and value dependent control flow. The combination of these aspects—session types for structured interactions, constraint solving from refinement types, and protocol-specific code generation—enables the specification and implementation of enriched protocols in native F# (and any .Net-compiled language) without requiring language extensions or external pre-processing of user programs. A well-typed endpoint program using our library is guaranteed to perform only compliant session I/O actions w.r.t. to the refined protocol, up to premature termination. The safety guarantees are achieved by a combination of static type checking of the generated types for messages and I/O operations, correctness by construction from code generation, and automated inlining of assertions.

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

(joint work with Julien Lange, Bernardo Toninho and Nobuko Yoshida)

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

This is joint work with Julien Lange (Kent), Bernardo Toninho (Imperial) and Nicholas Ng (Imperial).

This work exploits the logical foundation of session types to determine what kind of type discipline for the π-calculus can exactly capture, and is captured by, λ-calculus behaviours. Leveraging the proof theoretic content of the soundness and completeness of sequent calculus and natural deduction presentations of linear logic, we develop the first mutually inverse and fully abstract processes-as-functions and functions-as-processes encodings between a polymorphic session π-calculus and a linear formulation of System F. We are then able to derive results of the session calculus from the theory of the λ-calculus: (1) we obtain a characterisation of inductive and coinductive session types via their algebraic representations in System F; and (2) we extend our results to account for value and process passing, entailing strong normalisation.

The hiding operation, crucial in the construction of categories of games and strategies and hence the compositional aspect of game semantics, has a tendency, as a side effect, to remove branches of computation not leading to observable results. Accordingly, games models of programming languages are usually biased towards angelic non-determinism, where branches leading to e.g. divergence are forgotten. We present here new categories of games, which do not suffer from this bias. In our first category, we achieve this by avoiding hiding altogether; instead morphisms are uncovered strategies (with neutral/invisible events) up to weak bisimulation. Then, we show that by hiding only certain events dubbed inessential we can consider strategies up to isomorphism, and still get a category – this partial hiding remains sound up to weak bisimulation, so we get a concrete representations of morphisms (as in standard concurrent games) while avoiding the angelic bias. We give a semantics for Affine Idealized Parallel Algol which is adequate for both may and must equivalence within the model

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

This is joint work with Julien Lange and Bernardo Toninho

We first talk about a summary of recent activities in Mobility Session Type Group in Imperial College London. Then we talk about the main technical topic.

Event structures have been used for modelling forward-only process calculi. We define (categories of) reversible variants of prime, asymmetric, bundle, extended bundle, and general event structures for the purpose of using one of these variants to define truly concurrent semantics of reversible process calculi. We use the causal subcategory of reversible bundle event structures to define semantics of, CCSK, a reversible variant of CCS. We also expand CCSK to control the reversibility using a rollback primitive, which reverses a specific action and all actions caused by it. To define the event structure semantics of rollback, we use extended bundle event structures, which add asymmetric conflict to bundle event structures, and use their capacity for non-causal reversibility.

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

This is joint work with Julien Lange (Kent), Bernardo Toninho (Imperial) and Nicholas Ng (Imperial).

In this talk, we first outline recent activities in our mobility group in Department of Computing, Imperial College London.

Then we talk about the following work on Linear Logic and Session Types.

Linear logic has long been heralded as a potential model for concurrency: from Girard’s original paper, to Abramsky’s computational interpretation, reiterated by Bellin and Scott. More recently, an interpretation for intuitionistic linear logic has been given by Caires and Pfenning where propositions are viewed as session types - a well established typing discipline for concurrency - proofs as processes and proof reduction as inter-process communication.

In this talk we will detail how several generalisations and extensions of this interpretation arguably form a basis for a logical foundation that captures several interesting features of message-passing concurrent computation. Specifically, we will detail how the basic interpretation can be extended to richer typed settings such as polymorphism and dependent type theories and how to account for a meaningful notion of typed process equivalence that gives meaning to both proof conversions and type isomorphisms.

In this talk, we introduce a new game semantics framework for concurrency based on event structures, extending the work of Rideau and Winskel. In this framework, we can extend the notions of innocence and well-bracketing to the concurrent (and non-deterministic) case, generalizing the so-called “Abramsky cube”.

This talk focuses on the deterministic case. I will first introduce the concurrent strategies and their composition, in the existing linear setting. I will then present our extension to nonlinearity using copy indices and symmetry to represent uniformity. I will then present our notions of concurrent innocence & well-bracketing, to finish on our result of intensional full abstraction for PCF. Time permitting, I will discuss extensions of this result to non-angelic nondeterminism and probabilities.

In this talk, I will present methods and mathematical tools to give operational, yet compositional, causal models of programming languages, using Winskel’s event structures. We first illustrate the methodology on a first-order concurrent programming language, in the setting of weak memory models where causal models turn out to be handy to understand cleanly reorderings operated by the hardware.

We then turn to higher-order languages, such as the π-calculus and the λ-calculus. We show how name binding can be elegantly expressed in the semantics by means of game semantics. Types, seen as protocols, become games, and (open) programs become strategies. From there, we can build a cartesian-closed category that supports interpretation of higher-order concurrent and nondeterministic computations. We show we can support interpretations sound and adequate for to may, must and fair convergences, using essential events (unobservable events keeping track of nondeterministic choices).

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

I will give a brief overview of the Scala programming language, highlighting some similarities and differences with respect to Java and Haskell. I will also mention how the Mobility Reading Group at Imperial College London uses Scala for its research on type-safe concurrent and distributed applications

We give a summary of our recent research developments on multiparty session types for verifying distributed, parallel and concurrent programs, and our collaborations with industry partners. We shall first talk how the session types were discovered from the theory of the pi-calculus by Kohei Honda, and how we started collaborations with industry to develop a protocol description language called Scribble. We then talk about the recent developments in Scribble, the network protocol verifications with demos.

Since the year 2000, Mario and Mariangiola’s research has been devoted to the study of session types for ensuring safety and liveness of communication protocols. Mariangiola first proposed a formalisation of Java with session types and later it was extended to asynchronous communications with Mario, which was later applied to the design and implementation of Session Java (SJ). These contributions initiated a flurry of research activity aiming at applying session types to many real-world programming languages. Mariangiola first studied a theory of progress in the session types for the pi-calculus, whose core theory was later extended with Mario to multiparty session types. This formalism became the core of the current version of an open-source protocol description language, Scribble, which is developed at Red Hat and Imperial. The Scribble language is used in the multi-million-USD Ocean Observatory Initiative project. I will talk about how their elegant works give the practical impacts to communication-intensive programming frameworks.

Concurrent programming is difficult. This talk is about applying programming languages & concurrency research, specifically behavioural types as an abstraction, to verify concurrent Go programs. The talk covers what behavioural types are and how they can be used to reason in Go’s concurrency model.

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

This is joint work with Julien Lange, Bernardo Toninho, and Nobuko Yoshida.

Go is a production-level statically typed programming language whose design features explicit message-passing primitives and lightweight threads, enabling (and encouraging) programmers to develop concurrent systems where components interact through communication more so than by lock-based shared memory concurrency. Go can detect global deadlocks at runtime, but does not provide any compile-time protection against all too common communication mismatches and partial deadlocks.

In this work we present a static verification framework for liveness and safety in Go programs, able to detect communication errors and deadlocks by model checking. Our toolchain infers from a Go program a faithful representation of its communication patterns as behavioural types, where the types are model checked for liveness and safety.

This is joint work with Julien Lange, Bernardo Toninho, and Nobuko Yoshida.

Designing, developing and maintaining concurrent applications is an error-prone and time-consuming task; most difficulties arise because compilers are usually unable to check whether the inputs/outputs performed by a program at runtime will adhere to a given protocol specification. To address this problem, we leverage the native features of the Scala programming language, type system and standard library, to introduce (1) a representation of protocols (session types) as Scala types, and (2) a library, called lchannels, with a convenient API for type-safe protocol-based programming, supporting local and distributed communication.

Graphical choreographies, or global graphs, are general multiparty session specifications featuring expressive constructs such as forking, merging, and joining for representing application-level protocols. Global graphs can be directly translated into modelling notations such as BPMN and UML. In the first part of the talk, I will first present an algorithm whereby a global graph can be constructed from asynchronous interactions represented by communicating finite-state machines (CFSMs); and a sound characterisation of a subset of safe CFSMs from which global graphs can be constructed. In the second part, I will outline a few recent applications of this work to communicating timed automata and the

In this talk, we first outline recent activities in our mobility group in Department of Computing, Imperial College London. Then we talk about the following work on protocols and Scala.

Designing, developing and maintaining concurrent applications is an error-prone and time-consuming task; most difficulties arise because compilers are usually unable to check whether the inputs/outputs performed by a program at runtime will adhere to a given protocol specification. To address this problem, we leverage the native features of the Scala programming language, type system and standard library, to introduce (1) a representation of protocols (session types) as Scala types, and (2) a library, called lchannels, with a convenient API for type-safe protocol-based programming, supporting local and distributed communication.

During the talk, we will briefly illustrate the theoretical basis of our approach (starting from the representation of protocols as session types), provide a quick introduction to Scala, and show a demo of the lchannels library.