1 Ivan Lanese Computer Science Department University of Bologna Italy Behavioural Theory for SSCC Joint work with Luis Cruz-Filipe, Francisco Martins, Antonio Ravara and Vasco Vasconcelos Univerisities of Lisbon, Portugal

Roadmap l SSCC l Behavioural theory l Program transformations l Conclusions

Roadmap l SSCC l Behavioural theory l Program transformations l Conclusions

Stream-based Service Centred Calculus l SSCC is a calculus for modelling services based on sessions and streams l One of the Sensoria core calculi –Follows the same thread of SCC and CaSPiS l SSCC provides operators for –Defining and invoking services –Describing conversations (sessions) between services –Orchestrating complex service systems

SSCC syntax P :: = P j Q ( ºa ) P 0 rec X : P X 9 > > > > = > > > > ; S t an d ar d opera t ors a ) P a ( P ¾ S erv i ces v : P ( x ) P ¾ C onversa t i ons s t ream P as f i n Q f ee d v : P f ( x ) : P 9 = ; O rc h es t ra t i on

SSCC services l Services are defined by their name a and their protocol P l Service definition and service invocation are symmetric l Invocations and definitions interact creating two session endpoints executing their respective protocols l Sessions are not available when programming –Only runtime construct a ) P j a ( Q ! ( ºr )( r B P j r C Q )

SSCC conversations l Sessions can exchange information via input and output l We can imagine to extend conversations with all the typical session constructs (e.g., choice) ( ºr )( r B v : P j r C ( x ) Q ) ! ( ºr )( r B P j r C Q [ v = x ])

Orchestrating SSCC services l We propose the stream construct –Induces a clear style of programming –Good tradeoff between expressive power and structured communication l P and Q are concurrently executing l f is a communication stream (i.e., a queue) from P to Q l P can feed values inside f (feed v.P’) –Non blocking –Values stored in the nearest stream l Q can read values from f (f(x).Q’) –Blocking –Reads from stream f s t ream P as f i n Q

A stream at work s t ream f ee d v : P as f = hi i n f ( x ) : Q ! s t ream P as f = h v i i n f ( x ) : Q ! s t ream P as f = hi i n Q [ v = x ]

Orchestrating 3 services l Invoke services a and b and use their results to invoke c s t ream ( a ( ( x ) f ee d x ) j ( b ( ( y ) f ee d y ) as f = hi i n f ( z ) : f ( w ) : c ( z : w : ( t ) f ee d t

Useful macros l Direct communications b * v : P, s t ream b ( v : f ee d ² as f i n f ( z ) : P b + ( x ) P, s t ream b ) ( z ) : f ee d z as f i n f ( x ) : P

Roadmap l SSCC l Behavioural theory l Program transformations l Conclusions

Why a behavioural theory? l To understand the relationships between the different operators l To be able to reason axiomatically on systems l To be able to prove the correctness of program transformations and optimizations

Which behavioural theory? l We consider the classic bisimilarity approach –Processes should be able to mimik each other labelled transitions l We have labels for session communications, service invocations, feeds, reads from stream, internal actions… l We choose full (substitution-closed) bisimilarity –Strong bisimilarity ~ f for more basic transformations –Weak bisimilarity ≈ f allows optimizations »Abstracts away internal actions ≈ ≡ '

A compositionality result l Strong and weak full bisimilarity are congruences –Capture the corresponding contextual equivalences –Axioms can be applied to subterms –Transformations can be applied to arbitrarily complex systems l The congruence result does not hold for strong/weak plain bisimilarity l We will present some useful axioms –We are not interested in a complete axiomatization

Structural congruence is a bisimulation r./ ( ºa ) P ´ ( ºa )( r./ P ) l Standard rules for parallel composition, restriction and recursion l Additional scope extension rules

Session axioms l Different sessions are independent l Terminated sessions can be garbage collected ( º r ) D [[ r. 0 ; r / 0 ]] » f D [[ 0 ; 0 ]] i f D d oesno t b i n d rr./ ( s./ Q j P ) » f s./ Q j r./ P i f s 6 = r

Stream axioms (1) l Stream = parallel composition + communication l Terminated streams can be garbage collected s t ream P as f i n Q » f P j Q i ff = 2 f n ( Q ) an d P d oesno t con t a i n f ee d s t ream 0 as f i n P » f P i ffd oesno t occur i n P s t ream P as f i n ( Q j Q 0 ) » f ( s t ream P as f i n Q ) j Q 0 i ff = 2 f n ( Q 0 )

Stream axioms (2) l Uncatched feeds are τ steps l Different streams are independent s t ream P as f i ns t ream P 0 as g i n Q » f s t ream P 0 as g i ns t ream P as f i n Q i ff 6 = g s t ream P as f i n 0 ¼ f P f f ee d v : Q ! Q g

Sessions vs streams l Feeds are unaffected by sessions l Session outputs are unaffected by streams l More in general r./ ( f ee d v j P ) » f f ee d v j r./ P s t ream v j P as f i n Q » f v j s t ream P as f i n Q r./ ( Q j P ) » f Q j r./ P i f Q con t a i nsnosess i on i npu t / ou t pu t s t ream R j P as f i n Q » f R j s t ream P as f i n Q i f R con t a i nsno f ee d s

Roadmap l SSCC l Behavioural theory l Program transformations l Conclusions

Object-oriented interaction pattern l UML sequence diagrams show the exchange of messages among components of a complex system… l …but have no session information

Session-oriented interaction pattern l There are two sessions: –r between A and B –s between B and C l There are local communications in B

The session-oriented pattern in SSCC l The pattern can be implemented in SSCC l Communications between different sessions in B exploit auxiliary services SC, ( º b ; c )( A j B j C ) A, b ( w : ( y ) P B, ( º b 1 ; b 2 )( B 1 j B 2 ) C, c ) ( x ) v : S B 1, b ) ( x ) b 1 * x : b 2 + ( y ) y : Q B 2, c ( b 1 + ( x ) x : ( y ) b 2 * y : R :

Optimization: using a subsession

The subsession pattern in SSCC l Now the SSCC implementation is: l A and C are as before l Two auxiliary communications have been eliminated l Two are still used E, b ) ( x )( º b 1 )( c ( x : ( y ) b 1 * y : R j b 1 + ( y ) y : Q ) SC 0, ( º b ; c )( A j E j C )

Is the program transformation correct? l The two diagrams can be proved full weak bisimilar l The proof exploits: –Standard coinductive techniques –Congruence –Some axioms (session independence, garbage collection) l Since full weak bisimilarity is a congruence the optimization can be applied in any context

Introducing streams l We can use a stream to avoid the remaining auxiliary communications l Correctness proof similar to the previous one SC 0, ( º b ; c )( A j G j C ) G, b ) ( x ) s t ream c ( x : ( y ) f ee d y : R as f i n f ( y ) : y : Q

Breaking sessions l Current technologies does not provide sessions –Only request and request/response primitives –Correspond to sessions with fixed protocol l Useful to break sessions in smaller pieces –A long session may correspond to a sequence of request/responses –Next request/response name sent as continuation l Arbitrary sessions can not be broken preserving the semantics –Correct for all sequential sessions –Sequentiality can be proved using a type system

Roadmap l SSCC l Behavioural theory l Program transformations l Conclusions

Conclusions l SSCC can model session-based communication patterns l Behavioural theory allows to work axiomatically on patterns l Complex program transformations can be specified and proved correct

Future work l On program transformations –Develop a methodology to drive the application of transformations –Apply to other case studies l On SSCC –Further understanding its behavioral theory –Add kill and compensation primitives l On types –Type systems for deadlock freedom –Type systems for termination

End of talk s t ream i van ( ques t i on : ( x ) : f ee d x as f i n f ( x ) : t h i n k