September 12, 2009. 1The financial support of SFI is gratefully acknowledged. Adrian Francalanza, Edsko de Vries and Matthew Hennessy. Uniqueness Typing ...
Uniqueness Typing for Resource Management in Message Passing Concurrency Adrian Francalanza, Edsko de Vries1 and Matthew Hennessy1
First International Workshop on Linearity September 12, 2009
1
The financial support of SFI is gratefully acknowledged.
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
1
Motivation Servers timeSrv , rec X .getTime?x.x!htimei.X dateSrv , rec X .getDate?x.x!hdatei.X Client client0 , (νret1 ) getTime!hret1 i. ret1 ?y . (νret2 ) getDate!hret2 i. ret2 ?z. P Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
2
Motivation
timeSrv
getTime
dateSrv
client
getDate
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
3
Motivation
timeSrv
dateSrv
ret1 getTime
client
getDate
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
4
Motivation
timeSrv
dateSrv
ret1 getTime
ret2
client
getDate
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
5
Motivation
Reusing ret1 client1 , (νret1 ) getTime!hret1 i. ret1 ?y . getDate!hret1 i. ret1 ?z. P
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
6
Motivation
timeSrv
getTime
dateSrv
client
getDate
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
7
Motivation
timeSrv
dateSrv ret1
getTime
client
getDate
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
8
Motivation
timeSrv
dateSrv ret1
getTime
ret1
client
getDate
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
9
Motivation
Explicit allocation and deallocation client2 ,
alloc(x). getTime!hxi. x?y . getDate!hxi. x?z. free x. P
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
10
Runtime errors Faulty server timeSrv , rec X .getTime?x.x!htimei.x!htimei.X Client client0 , (νret1 ) getTime!hret1 i. ret1 ?y . (νret2 ) getDate!hret2 i. ret2 ?z. P
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
11
Runtime errors Faulty server timeSrv , rec X .getTime?x.x!htimei.x!htimei.X Reusing ret1 client1 , (νret1 ) getTime!hret1 i. ret1 ?y . getDate!hret1 i. ret1 ?z. P
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
12
Runtime errors Explicit allocation and deallocation client2 ,
alloc(x). getTime!hxi. x?y . getDate!hxi. x?z. free x. P
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
13
Runtime errors Explicit allocation and deallocation client2 ,
alloc(x). getTime!hxi. x?y . getDate!hxi. x?z. free x. P
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
14
Purpose of this paper
Develop a semantics for the π-calculus with explicit allocation and deallocation of channels Define what we mean by a runtime error (type mismatch and communication on deallocated channels) Develop a type system for the language which rejects programs which may exhibit runtime errors Prove that well-typed programs have no runtime errors
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
15
Type language
T ::= [T]a a
(channel type)
| ω (unrestricted) | 1 (affine) | (•, i) (unique after i steps, i ∈ N)
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
16
Unrestricted channels Initial situation Channel c is unrestricted (ω) and shared by many processes b2 A
B
a
b1 C c:ω
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
17
Unrestricted channels C sends c to A a!c b2 A
B
a c:ω
b1
C c:ω
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
18
Unrestricted channels A sends c to B b2 !c b2 A
B
a c:ω
b1
C c:ω
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
19
Linearity Initial situation Channel c is unrestricted (ω) and shared by many processes b2 A
B
a
b1 C c:ω
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
20
Linearity C sends c to A a!c b2 A
B c:1
a
b1 c:ω C c:ω
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
21
Linearity A sends c to B b2 !c.P (c ∈ / fv P) b2 A
B c:1
a
b1 c:ω C c:ω
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
22
Linearity C sends c to both A and B a!c k b1 !c b2 A
B c:1
c:1
a
b1 c:ω C c:ω
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
23
Uniqueness Initial situation C has unique (•) access to channel c b2 A
B
a
b1 C
c:•
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
24
Uniqueness C sends c to A a!c b2 A
B c:1
a
b1 c:(•, 1) C
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
25
Uniqueness A sends c to B b2 !c.P (c ∈ / fv P) b2 A
B c:1
a
b1 c:(•, 1) C
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
26
Uniqueness C sends c to both A and B a!c k b1 !c b2 A
B c:1
c:1
a
b1 c:(•, 2) C
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
27
Uniqueness C communicates with B on c c?x k c!x b2 A
B c:1
a
b1 c:(•, 1) C
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
28
Uniqueness C communicates with A on c c?x k c!x b2 A
B
a
b1 C
c:•
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
29
Uniqueness C ignores uniqueness and sends c to lots of processes d!c k e!c . . . b2 A
B
a
b1 C c:ω
··· Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
30
No uniqueness propagation
Initial situation A is connected to B1 , B2 , . . . through a shared channel b A
B1
B2
c:•
...
Bn
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
31
No uniqueness propagation
A sends the unique channel c Only one process will receive it A
B1
B2
c:•
...
Bn
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
32
Type splitting
Contraction rule Γ, u : T1 , u : T2 ` P
T = T1 ◦ T2
Γ, u : T ` P
tCon
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
33
Type splitting Splitting unrestricted channels [T]ω = [T]ω ◦ [T]ω
c:ω
pUnr
c:ω ⇒
c:ω ···
c:ω ···
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
34
Type splitting Splitting unique channels [T](•,i) = [T]1 ◦ [T](•,i+1)
c:1
pUnq
c:1 c:1
c:(•, 1)
c:(•, 2) ⇒
···
···
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
35
Subtyping
Subtyping rule Γ, u : T2 ` P
T1 ≺s T2
Γ, u : T1 ` P
tSub
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
36
Subtyping From unrestricted to linear
ω ≺s 1
sAff
c:1 c:ω ⇒ c:ω ···
c:ω ···
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
37
Subtyping From unique to unrestricted
(•, i) ≺s ω
c:•
sUnq
⇒ c:ω
···
···
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
38
Subtyping lattice • (•, 1) (•, 2) .. . ω 1
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
39
Usefulness of uniqueness Strong update Γ, u : [T2 ]• ` P Γ, u : [T1 ]• ` P
1 ⇒ (•, 1)
tRev
1 ⇒
•
⇒ (•, 1) •
⇒ •
Type of getTime getTime : [[Time]1 ]ω Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
40
Usefulness of uniqueness Deallocation Γ`P Γ, u : [T]• ` free u.P
tFree
1 ··· ⇒
⇒ (•, 1) •
⇒
⇒ •
Type of getDate getDate : [[Date]1 ]ω Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
41
Soundness proof
Theorem (Type safety) If Γ σ . P then P 9err . Theorem (Subject reduction) If Γ σ . P and σ . P → σ 0 . P 0 then there exists a environment Γ0 such that Γ0 σ 0 . P 0 .
Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
42
Conclusions Main contributions Uniqueness allows to safely support strong update and deallocation in languages based on MPC We adapted uniqueness to concurrency by taking advantage of the duality between affinity and uniqueness to allow uniqueness to be temporarily violated Future work Reasoning about well-typed processes Higher-order π-calculus Relation to separation-logic semantics of O’Hearn and Hoare? Adrian Francalanza, Edsko de Vries and Matthew Hennessy Uniqueness Typing for MPC
43
