Ferrite: A Judgmental Embedding of Session Types in Rust

TL;DR

Ferrite introduces a novel Rust embedding for session types that supports both linear and shared sessions, enabling protocol verification in real-world, aliasing scenarios.

Contribution

Ferrite presents a judgmental embedding of session types in Rust, supporting shared and linear sessions, with a formal foundation and practical implementation.

Findings

Supports shared and linear session types in Rust

Provides a formal judgmental embedding technique

Includes a case study on Servo's canvas component

Abstract

\emph{Session types} have proved viable in expressing and verifying the protocols of message-passing systems. While message passing is a dominant concurrency paradigm in practice, real world software is written without session types. A limitation of existing session type libraries in mainstream languages is their restriction to linear session types, precluding application scenarios that demand sharing and thus aliasing of channel references. This paper introduces Ferrite, a shallow embedding of session types in Rust that supports both \emph{linear} and \emph{shared} sessions. The formal foundation of Ferrite constitutes the shared session type calculus $\sills$, which Ferrite encodes via a novel \emph{judgmental embedding} technique. The fulcrum of the embedding is the notion of a typing judgment that allows reasoning about shared and linear resources to type a session. Typing rules are then encoded as functions over judgments, with a valid typing derivation manifesting as a well-typed Rust program. This Rust program generated by Ferrite serves as a \emph{certificate}, ensuring that the application will proceed according to the protocol defined by the session type. The paper details the features and implementation of Ferrite and includes a case study on implementing Servo's canvas component in Ferrite.