Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Crash-Stop Failures in Asynchronous Multiparty Session Types

Adam D. Barwell, Ping Hou, Nobuko Yoshida, Fangyi Zhou

TL;DR

This work extends asynchronous multiparty session types to model crash-stop failures in distributed systems by introducing crash branches in global and local types and a dedicated stop type for crashed endpoints. The framework supports optional reliability via a configurable set of reliable roles and preserves correctness-by-construction guarantees—safety, deadlock-freedom, and liveness—through a top-down design that links global specifications to local implementations. It provides a formal asynchronous calculus with crash-aware operational semantics and a corresponding type system, along with a comprehensive relationship between global-type reductions and configurations via projection and association theorems. A case study on Non-Blocking Atomic Commits demonstrates practical applicability to distributed transactions, while the discussion of alternatives and related work clarifies the design choices and scope. The results lay groundwork for further work on crash-recover models and broader failure modes in MPST-enabled distributed programming.

Abstract

Session types provide a typing discipline for message-passing systems. However, their theory often assumes an ideal world: one in which everything is reliable and without failures. Yet this is in stark contrast with distributed systems in the real world. To address this limitation, we introduce a new asynchronous multiparty session types (MPST) theory with crash-stop failures, where processes may crash arbitrarily and cease to interact after crashing. We augment asynchronous MPST and processes with crash handling branches, and integrate crash-stop failure semantics into types and processes. Our approach requires no user-level syntax extensions for global types, and features a formalisation of global semantics, which captures complex behaviours induced by crashed/crash handling processes. Our new theory covers the entire spectrum, ranging from the ideal world of total reliability to entirely unreliable scenarios where any process may crash, using optional reliability assumptions. Under these assumptions, we demonstrate the sound and complete correspondence between global and local type semantics, which guarantee deadlock-freedom, protocol conformance, and liveness of well-typed processes by construction, even in the presence of crashes.

Crash-Stop Failures in Asynchronous Multiparty Session Types

TL;DR

This work extends asynchronous multiparty session types to model crash-stop failures in distributed systems by introducing crash branches in global and local types and a dedicated stop type for crashed endpoints. The framework supports optional reliability via a configurable set of reliable roles and preserves correctness-by-construction guarantees—safety, deadlock-freedom, and liveness—through a top-down design that links global specifications to local implementations. It provides a formal asynchronous calculus with crash-aware operational semantics and a corresponding type system, along with a comprehensive relationship between global-type reductions and configurations via projection and association theorems. A case study on Non-Blocking Atomic Commits demonstrates practical applicability to distributed transactions, while the discussion of alternatives and related work clarifies the design choices and scope. The results lay groundwork for further work on crash-recover models and broader failure modes in MPST-enabled distributed programming.

Abstract

Session types provide a typing discipline for message-passing systems. However, their theory often assumes an ideal world: one in which everything is reliable and without failures. Yet this is in stark contrast with distributed systems in the real world. To address this limitation, we introduce a new asynchronous multiparty session types (MPST) theory with crash-stop failures, where processes may crash arbitrarily and cease to interact after crashing. We augment asynchronous MPST and processes with crash handling branches, and integrate crash-stop failure semantics into types and processes. Our approach requires no user-level syntax extensions for global types, and features a formalisation of global semantics, which captures complex behaviours induced by crashed/crash handling processes. Our new theory covers the entire spectrum, ranging from the ideal world of total reliability to entirely unreliable scenarios where any process may crash, using optional reliability assumptions. Under these assumptions, we demonstrate the sound and complete correspondence between global and local type semantics, which guarantee deadlock-freedom, protocol conformance, and liveness of well-typed processes by construction, even in the presence of crashes.
Paper Structure (33 sections, 6 equations, 12 figures)

This paper contains 33 sections, 6 equations, 12 figures.

Table of Contents

  1. Introduction
  2. Overview
  3. Asynchronous Multiparty Session Calculus with Crash-Stop Semantics
  4. Syntax of Session Calculus with Crash-Stop Failures
  5. Operational Semantics of Session Calculus with Crash-Stop Failures
  6. Asynchronous Multiparty Session Types with Crash-Stop Semantics
  7. Global and Local Types with Crash-Stop Failures
  8. Crash-Stop Semantics of Global Types
  9. Crash-Stop Semantics of Configurations
  10. Alternative Modellings for Crash-Stop Failures
  11. Relating Global Type and Configuration Semantics
  12. Properties Guaranteed by Projection
  13. A Type System with Crash-Stop Semantics
  14. Typing Rules
  15. Properties of Typed Sessions
  16. ...and 18 more sections

Figures (12)

  • Figure 1: Top-down view of MPST with crash.
  • Figure 2: Syntax of values, expressions, sessions, processes, and queues. Appreciable changes w.r.t. the standard session calculus POPL21AsyncMPSTSubtyping are $\colorbox{\highlightColour}{$\text{highlighted}$}$.
  • Figure 3: Expression evaluation.
  • Figure 4: Reduction relation on sessions with crash-stop failures.
  • Figure 5: Structural precongruence rules for queues, processes, and sessions.
  • ...and 7 more figures

Theorems & Definitions (54)

  • proof
  • proof
  • proof
  • proof
  • proof
  • proof
  • proof
  • proof
  • proof
  • proof
  • ...and 44 more