Space-Time-Types:
Behavioural and Spatial Type Systems

Nowadays distributed computing systems are based on a simple paradigm of asynchronous message passing, since communication is the key feature of such systems and message passing is a natural way of modelling interaction. However, a global computing scenario poses new problems that are not present in the classical sequential and centralised systems. Situations like (partial) failures, disruption of connections, code mobility, dynamic reconfiguration of networks, make this domain intrinsically complex, whose analysis is particularly challenging. Moreover, the demand for safe and trustworthy applications and systems is increasing, as users become aware of the vulnerability of their present systems.

Solid mathematical foundations are essential to provide such guarantees. Provably correct solutions require rigorous mathematical models and analysis techniques, so that one may define precisely what are the problems to address, and how to perform proofs for the claimed properties. To express and prove properties logical systems are needed, but since most interesting properties are undecidable one cannot find complete proof systems. Furthermore, some decidable properties are intrinsically difficult to verify.

The typical solution is to use a decidable static analysis system (correct by over-approximating, but necessarily incomplete), of low computational complexity (to be of practical to use). A popular approach is the use of type systems to discipline the computational mechanisms programming languages, disallowing interactions that may lead to erroneous operations. Types are abstract representations of the correct behaviour of the entities of a program. A language is type safe, if it is equipped with a type (proof) system that guarantees that if a program is typable, the computation mechanism preserves the typability of the intermediate steps, and the absence of run-time errors.

The goal of the project is to develop new type systems to statically verify behavioural and structural properties of global, distributed open systems. We shall pursue our previous work on three inter-related subjects: non-uniform types for concurrent objects, investigating decidability issues; session types for component interoperability, investigating their extension to multi-party protocols; spatial types, investigating static analyses methods to prove not only behavioural and but also structural properties of distributed systems. Moreover, we plan to study the relationship between behavioural and session types, looking for a unified notion and system, and to relate spatial to behavioural types, characterising the latter in terms of the former.

Our goal is the development of static analysis systems to verify safety and liveness properties of concurrent distributed systems specified in calculi of mobile processes. The properties we are interested in are not only behavioural, like deadlock freedom or conformance to a protocol, but also structural (or spatial), like connectivity or resource usage. The existing systems treat only some of the behavioural properties, in a limited way (not purely static, or in very restricted settings). Building on existing work on behavioural types and on spatial logics, we aim at the development of richer notions of types, able of expressing behavioural and spatial properties of distributed systems. We envisage expressive, yet decidable and computationally tractable static analysis systems, which allow to formally prove that a process enjoys a certain property, and that there will be no run-time property violations.

Non-uniform Types

• S. Gay, V. T. Vasconcelos and A. Ravara.
  Dynamic Interfaces.
  2007.

  abstract — (BibTeX)

  Abstract

  We define a small class-based object-oriented language in which the availability of methods depends on an object's state: objects' interfaces are dynamic. We define a static type system in which the typing of a method specifies pre- and post-conditions for its object's state, and each class has a session type which provides a global specification of the availability of methods in each state. The state of an object may also depend on the result of a method whose return type is an enumeration. Linear typing guarantees unique ownership of objects. We prove a type safety theorem, and a theorem about consistency between a class's session type and the typings of its methods. We then consider inheritance and the associated subtyping relation on dynamic interfaces. A subtyping relation on session types, related to that found in previous literature, characterizes the relationship between method availability in a subclass and in its superclass. We illustrate the language and its type system with an example based on a hierarchy of classes for accessing files, and conclude by outlining several ways in which our theory can be extended towards more practical languages.

Session Types

• L. Cruz-Filipe, I. Lanese, F. Martins, A. Ravara and V. Vasconcelos.
  Behavioural theory at work: program transformations in a service-centred calculus.
  In 10th IFIP International Conference on Formal Methods for Open Object-based Distributed Systems (FMOODS'08), 2008.
  To appear in Lecture Notes in Computer Science.

  abstract — (BibTeX)

  Abstract

  We analyse the relationship between object-oriented modelling and session-based, service-oriented modelling, starting from a typical UML Sequence Diagram and providing a program transformation into a service-oriented model. We also provide a similar transformation from session-based specifications into request-response specifications. All transformations are specified in SSCC — a process calculus for modelling and analysing service-oriented systems — and proved correct with respect to a suitable form of behavioural equivalence (full weak bisimilarity). Since the equivalence is proved to be compositional, results remain valid in arbitrary contexts.

• I. Lanese, F. Martins, V. T. Vasconcelos and A. Ravara.
  Disciplining Orchestration and Conversation in Service-Oriented Computing.
  sefm, 0:305–314, 2007.

  abstract — (BibTeX)

  Abstract

  We give a formal account of a calculus for modeling service-based systems, suitable to describe both service composition (orchestration) and the protocol that services run when invoked (conversation). The calculus includes primitives for defining and invoking services, for isolating conversations between clients and servers, and for orchestrating services.

  The calculus is equipped with a reduction and a labeled transition semantics related by an equivalence result. To hint how the structuring mechanisms of the language can be exploited for static analysis we present a simple type system guaranteeing the compatibility between client and server protocols, an application of bisimilarity to prove equivalence among services, and we discuss deadlock-avoidance.

• V. T. Vasconcelos, S. J. Gay and A. Ravara.
  Type checking a multithreaded functional language with session types.
  Theor. Comput. Sci., 368(1-2):64–87, 2006.

  abstract — (BibTeX)

  Abstract

  We define a language whose type system, incorporating session types, allows complex protocols to be specified by types and verified by static type checking. A session type, associated with a communication channel, specifies the state transitions of a protocol and also the data types of messages associated with transitions; thus type checking can verify both correctness of individual messages and correctness of sequences of transitions. Previously, session types have mainly been studied in the context of the π-calculus; instead, our formulation is based on a multithreaded functional language with side-effecting input/output operations. Our typing judgements statically describe dynamic changes in the types of channels, and our function types not only specify argument and result types but also describe changes in channels. We formalize the syntax, semantics and type checking system of our language, and prove subject reduction and runtime type safety theorems.

• A. Vallecillo, V. T. Vasconcelos and A. Ravara.
  Typing the Behavior of Software Components using Session Types.
  Fundam. Inf., 73(4):583–598, 2006.

  abstract — (BibTeX)

  Abstract

  This paper proposes the use of session types to extend with behavioural information the simple descriptions usually provided by software component interfaces. We show how session types allow not only high level specifications of complex interactions, but also the definition of powerful interoperability tests at the protocol level, namely compatibility and substitutability of components. We present a decidable proof system to verify these notions, which makes our approach of a pragmatic nature.

• N. Yoshida and V. T. Vasconcelos.
  Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited: Two Systems for Higher-Order Session Communication.
  Electron. Notes Theor. Comput. Sci., 171(4):73–93, 2007.

  abstract — (BibTeX)

  Abstract

  Session primitives and types provide a flexible programming style for structured interaction, and are used to statically check the safe and consistent composition of protocols in communication-centric distributed software. Unfortunately authors working on session types have recently realised that some of the previously published systems fail to satisfy the basic theorems of Subject Reduction and Type Safety. This report discusses the issues involved in higher-order session communication, presents a formulation of the recursive types as well as proofs of the Subject Reduction and Type Safety Theorems of the original session typing system by Honda-Vasconcelos-Kubo in ESOP'98. It also proposes a variant which allows a more liberal higher-order session communication, based on an idea of Gay and Hole.

Spatial Types

• L. Caires.
  Spatial-Behavioral Types for Concurrency and Resource Control in Distributed Systems.
  To appear in Theoretical Computer Science.

  (BibTeX)

• L. Caires.
  Logical Semantics of Types for Concurrency.
  In Algebra and Coalgebra in Computer Science (CALCO 07), volume 4624 of Lecture Notes in Computer Science, pages 16–35. Springer Berlin / Heidelberg, September 2007.

  abstract — (BibTeX)

  Abstract

  We motivate and present a logical semantic approach to types for concurrency and to soundness of related systems. The approach is illustrated by the development of a generic type system for the π- calculus, which may be instantiated for specific notions of typing by extension with adequate subtyping principles. Soundness of our type system is established using a logical predicate technique, based on a compositional spatial logic interpretation of types.

• L. Caires.
  Spatial-Behavioral Types, Distributed Services, and Resources.
  In Trustworthy Global Computing (TGC'06), volume 4661 of Lecture Notes in Computer Science, pages 98–115. Springer Berlin / Heidelberg, 2007.

  abstract — (BibTeX)

  Abstract

  We develop a notion of spatial-behavioral typing suitable to discipline interactions in service-based systems modeled in a distributed object calculus. Our type structure reflects a resource aware model of behavior, where a parallel composition type operator expresses resource independence, a sequential composition type operator expresses implicit synchronization, and a modal operator expresses resource ownership. Soundness of our type system is established using a logical relations technique, building on a interpretation of types as properties expressible in a spatial logic.

• T. Carvalho.
  Spatial Types for Concurrency: A Spatial Logic to Specify and Verify Distributed Systems.
  Master's thesis, IST, 2007.
  Tese de Mestrado em Matemática e Aplicações.

  abstract — (BibTeX)

  Abstract

  The problem of specifying and verifying properties is considered to be a classical problem in computer science. Recently, there has been a growing interest in spatial properties of processes in distributed systems. So, several modal logics have been proposed such that the proof systems are, in general, undecidable. An exception is the model-checker of Luís Caires.

  Traditionally, type systems are used to guarantee the absence of errors in programming languages due to being decidable and to their low complexity. But recently, they have also been used to ensure spatial properties of processes.

  The aim of this thesis is to define a decidable logic (syntax, semantics and deductive system), which allows both spatial and behavioural properties of concurrent processes to be specified and verified, namely invariants.

  This work first considers a simple language of processes and an expressive language of formulas. The former is the nondeterministic choice free fragment of a process algebra — Milner's CCS — while the latter is based on the Spatial Logic of Caíres and Cardelli and on the Process Logic of Milner. Adopting a "propositions as types" approach, where types are formulas, denotational semantics are estab- lished through certain structural and transition relations, and subtyping is interpreted as a certain logical entailment. Furthermore, a type system is defined as a deductive system and some results are proved about it, namely weak consistency and completeness. Finally, a complete application of the system is developed, thus expressing its potential.