Comparing Type Systems for Deadlock Freedom
CCOMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM
ORNELA DARDHA AND JORGE A. P´EREZSchool of Computing Science, University of Glasgow, UK e-mail address : [email protected] of Groningen, The Netherlands e-mail address : [email protected]
Abstract.
Message-passing software systems exhibit non-trivial forms of concurrency anddistribution; they are expected to respect intended protocols among interacting services,but also to never “get stuck”. This intuitive requirement has been expressed by liveness properties such as progress or (dead)lock freedom; various type systems ensure theseproperties for concurrent processes. Unfortunately, very little is known about the preciserelationship between these type systems and the classes of typed processes they induce.This paper puts forward the first comparative study of different type systems formessage-passing concurrent processes that enforce deadlock-freedom. We compare twoclasses of deadlock-free typed processes, here denoted L and K . The class L standsout for its canonicity: it results naturally from Curry-Howard interpretations of linearlogic propositions as session types . The class K , obtained by encoding session types intoKobayashi’s linear types with usages, includes processes not typable in other type systems.We show that L is strictly included in K . We also identify the precise condition underwhich L and K coincide. One key observation is that the degree of sharing betweenparallel processes determines a new expressiveness hierarchy for typed concurrent processes.Furthermore, we provide two type-preserving procedures for rewriting processes in K intoprocesses in L . Our two procedures suggest that, while effective, the degree of sharing is arather subtle criterion for distinguishing typed concurrent processes. Introduction
In this paper, we formally relate different type systems for concurrent processes specified inthe π -calculus [MPW92]. A fundamental model of computation, the π -calculus stands out forits expressiveness , which enables us to represent and reason about message-passing programsin functional, object-oriented, and distributed paradigms [SW01]. Another distinctive aspectof the π -calculus is its support for rich type systems that discipline process behavior [San02].Following Milner’s seminal work on sorting [Mil91], various type systems for the π -calculushave revealed a rich landscape of models for concurrency with disciplined communication;examples include graph types [Yos96], linear types [KPT96], generic types [IK04], and session types [HVK98]. Recently, logical foundations for message-passing concurrency, inthe style of the Curry-Howard correspondence (“propositions as types”), have been putforward [CP10, Wad12]. By disciplining the use of channels, types for message-passing Key words and phrases: concurrency, π -calculus, type systems, session types, deadlock freedom. LOGICAL METHODSIN COMPUTER SCIENCE DOI:10.2168/LMCS-??? © O. Dardha and J.A. P´erezCreative Commons a r X i v : . [ c s . L O ] J a n O. DARDHA AND J.A. P´EREZ processes strongly influence their expressiveness. Contrasting different type systems throughthe classes of well-typed processes that they induce is a central theme in this work.Our interest is in session-based concurrency , the model of concurrency captured by session types [Hon93, THK94, HVK98]. Session types promote a type-based approach tocommunication correctness: dialogues between participants are structured into sessions ,basic communication units; descriptions of interaction sequences are then abstracted assession types which are checked against process specifications. In session-based concurrency,types enforce correct communications through different safety and liveness properties. Twobasic (and intertwined) correctness properties are communication safety and session fidelity :while the former ensures absence of errors (e.g., communication mismatches), the latterensures that well-typed processes respect the protocols prescribed by session types.A very desirable liveness property for safe processes is that they should never “getstuck”. This is the well-known progress property which, in its standard meaning, assertsthat a well-typed term either is a final value or can further reduce [Pie02]. In calculi forconcurrency, this property admits several formalizations: two of them are deadlock freedom and lock freedom . Intuitively, deadlock freedom ensures that certain communications willeventually succeed unless the whole process diverges; lock freedom is a stronger property:it guarantees that certain communications will eventually succeed, regardless of whetherprocesses diverge, modulo some fairness assumption on the scheduler [Kob02a]. Notice thatin the absence of divergent behaviors, deadlock freedom and lock freedom coincide.Another formalization, which we call here session progress , has been proposed forsession-based concurrency [CD10, CDM14]: “a process has session progress if combined withanother process providing the corresponding co-actions (a so-called catalyzer ), then thecomposition reduces”. Intuitively, a process is either composable if it can be composed withan appropriate catalyzer for some of its actions, or uncomposable otherwise. Carbone etal. [CDM14] proved that session progress and (dead)lock freedom coincide for uncomposableprocesses; for composable processes, session progress states potential (dead)lock freedom.We will return to this informal distinction between composable and uncomposable processesbelow (Definition 2.1 will make it formal).There is a vast literature on type systems for which typability entails (dead)lock freedomor session progress—see, e.g., [Kob02a, Kob06, DdY08, CD10, CP10, CPT16, Pad13, VV13,Pad14,GKL14]. Unfortunately, these sophisticated systems rely on different principles and/orconsider different variants of the (session) π -calculus. Also, different papers sometimes usedifferent terminology. As a result, very little is known about the relationship between thesetype systems. This begs for the following research questions: How do these type systemsrelate to each other, exactly? What classes of deadlock-free processes do they induce?
In this paper we present the first formal comparison between different type systems forthe π -calculus that enforce liveness properties related to (dead)lock freedom. More concretely,we tackle the above open questions by comparing L and K , two salient, representative classesof deadlock-free (session) typed processes: • L contains session processes that are well-typed according to the Curry-Howard correspon-dence of linear logic propositions as session types [CP10, CPT16, Wad12]. This suffices,because the type system derived from such a correspondence ensures communication safety,session fidelity, and deadlock freedom. • K contains session processes that enjoy communication safety and session fidelity (asensured by the type system of Vasconcelos [Vas12]) and satisfy deadlock freedom. This OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 3 class of processes is defined indirectly, by combining Kobayashi’s type system based on usages [Kob02a, Kob06, Kob07] with Dardha et al.’s encodability result [DGS12].Let us clarify the nature of processes in L and K . As Definition 4.2 formally states,processes in L and K are typed under some typing context, possibly non empty. As such,these classes contain both composable processes (if the typing context is not empty) anduncomposable processes (if the typing context is empty). Thus, strictly speaking, processesin L and K have session progress (as described above), which is strictly weaker than deadlockfreedom (or a potential form of it), for a process with session progress does not necessarilysatisfy deadlock freedom. However, since we shall focus on uncomposable processes, forwhich session progress and deadlock freedom coincide, we shall refer to L and K as classesof deadlock-free processes.There are good reasons for considering L and K . On the one hand, due to its deeplogical foundations, L appears to us as the canonical class of deadlock-free session processes,upon which all other classes should be compared. Indeed, this class arguably offers the mostprincipled yardstick for comparisons. On the other hand, K integrates session type checkingwith the sophisticated usage discipline developed by Kobayashi for π -calculus processes.This indirect approach to deadlock freedom, developed in [CDM14, Dar16], is fairly general,as it can capture sessions with subtyping, polymorphism, and higher-order communication.Also, as informally shown in [CDM14], K strictly includes classes of session typed processesinduced by other type systems for deadlock freedom [DdY08, CD10, Pad13].One key observation in our work is a property of typed parallel processes, the degree ofsharing (Definition 3.10), which is key in distinguishing two salient classes of deadlock-freesession processes, and in shedding light on their formal underpinnings. Intuitively, thedegree of sharing bounds the number of sessions shared by the parallel components of aprocess. We use it to establish that K corresponds to a family of classes of deadlock-freeprocesses, denoted K , K , · · · , K n . Intuitively, K is the subclass of K with independentparallel composition : for all processes P | Q ∈ K , sub-processes P and Q do not share anysessions. Then, K is the subclass of K which contains K but admits also processes withparallel components that share at most one session . This way, K n contains deadlock-freesession processes whose parallel components share at most n sessions . Contributions.
In this paper, we present three main technical contributions:(1) We show that the inclusion between the constituent classes of K is strict (Theorem 4.1).We have: K ⊂ K ⊂ K ⊂ · · · ⊂ K n ⊂ K n +1 (1.1)Although not very surprising, the significance of this result lies in the fact that it talksabout concurrency (via the degree of sharing) but implicitly also about the potentialsequentiality of parallel processes. As such, processes in K n are necessarily “moreparallel” than those in K n +1 . Interestingly, the degree of sharing in K , . . . , K n can becharacterized in a simple way, via a natural condition in the typing rule for parallelcomposition in Kobayashi’s type system for deadlock-freedom (see Figure 6).(2) We show that L and K coincide (Theorem 4.2). Combined with (1.1), this implies thatthere are deadlock-free session processes that cannot be typed by systems derived fromthe Curry-Howard interpretation of session types [CP10,CPT16,Wad12], but that can beadmitted by the (indirect) approach of [DGS12]. This result is significant: it establishesthe precise status of logically motivated systems (i.e., based on [CP10, CPT16, Wad12]) O. DARDHA AND J.A. P´EREZ K L = K K K n Deadlock-free session processes
Figure 1: Graphical summary of technical contributions.with respect to previous disciplines, not based on Curry-Howard principles. Indeed, itformally confirms that linear logic interpretations of session types naturally induce themost basic form of concurrent cooperation (sharing of exactly one session), embodied asthe principle of “composition plus hiding”, a distinguishing feature of such interpretations.(3) We define two rewriting procedures for transforming processes in K into processes in L (Definition 5.8 and C.14). Intuitively, due to our previous observation and characteriza-tion of the degree of sharing in session typed processes, it is quite natural to transform aprocess in K into another, more parallel process in L . In essence, the first rewriting proce-dure exploits type information to replace sequential prefixes with representative parallelcomponents; the second procedure refines this idea by considering value dependencies ,i.e., causal dependencies between independent sessions not captured by types. Ourrewriting procedures satisfy type-preservation and operational correspondence properties(cf. Theorems 5.1, 5.2, C.1, and C.2). These correctness properties not only witness tothe significance of our rewriting procedures; they also confirm that the degree of sharingis a subtle criterion for formally distinguishing deadlock-free, session typed processes.Figure 1 graphically summarizes these contributions. To the best of our knowledge, ourwork defines the first formal comparison between fundamentally distinct type systems fordeadlock freedom in message-passing processes. Previous comparisons, such as the onesin [CDM14] and [CPT16, § Organization.
The paper is structured as follows. Next, § π -calculus and the type system of [Vas12]. In § § L and K , formalizes the hierarchy (1.1),and shows that L = K . § K n into L andestablishes its correctness; its optimization with value dependencies is discussed in § § § § OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 5
P, Q ::= x (cid:104) v (cid:105) .P (output) (inaction) x ( y ) .P (input) P | Q (composition) x (cid:47) l j .P (selection) ( ν xy ) P (session restriction) x (cid:46) { l i : P i } i ∈ I (branching) v ::= x (channel)( R-Com ) ( ν xy )( x (cid:104) v (cid:105) .P | y ( z ) .Q ) → ( ν xy )( P | Q [ v / z ])( R-Case ) ( ν xy )( x (cid:47) l j .P | y (cid:46) { l i : P i } i ∈ I ) → ( ν xy )( P | P j ) j ∈ I ( R-Par ) P → Q = ⇒ P | R → Q | R ( R-Res ) P → Q = ⇒ ( ν xy ) P → ( ν xy ) Q ( R-Str ) P ≡ P (cid:48) , P → Q, Q (cid:48) ≡ Q = ⇒ P (cid:48) → Q (cid:48) Figure 2: The session π -calculus: syntax (top) and semantics (bottom).This paper is a revised version of the workshop paper [DP15], extended with new material:we present full technical details, illustrative examples, and comparisons with related worksnot presented in [DP15]. Moreover, the first rewriting procedure, presented in [DP15] andgiven in §
5, has been substantially simplified and its correctness properties have been refined.The second rewriting procedure, based on value dependencies and discussed in §
6, is new tothis paper. The content of § § Session π - calculus We present the session π -calculus and its corresponding type system. We consider a fragmentof the typed framework put forward by Vasconcelos [Vas12], which ensures communicationsafety and session fidelity (but not progress nor deadlock-freedom). Below we follow closelythe definitions and results from [Vas12], pointing out differences where appropriate.2.1. Process Model.
Let
P, Q, . . . range over processes, x, y, . . . over channel names (or session endpoints ), and v, v (cid:48) , . . . over values; for simplicity, the sets of values and channelscoincide. In examples, we use n to denote a terminated channel that cannot be further used.We briefly comment on the syntax of processes, given in Figure 2 (upper part). The maindifference with respect to the syntax in [Vas12] is that we do not consider boolean values norconditional processes (if-then-else). Process x (cid:104) v (cid:105) .P denotes the output of v along x , withcontinuation P . Dually, process x ( y ) .P denotes an input along x with continuation P , with y denoting a placeholder. Rather than the non-deterministic choice operator P + Q of theuntyped π -calculus [MPW92], the session π -calculus includes operators for (deterministic)internal and external labelled choices, denoted x (cid:47) l j .P and x (cid:46) { l i : P i } i ∈ I , respectively.Process x (cid:47) l j .P uses x to select l j from a labelled choice process x (cid:46) { l i : P i } i ∈ I , so as totrigger P j ; labels are indexed by the finite set I and are pairwise distinct. We also have theinactive process (denoted ), the parallel composition of P and Q (denoted P | Q ), and the double restriction operator, noted ( ν xy ) P : the intention is that x and y denote dual sessionendpoints in P . We omit whenever possible and write, e.g., x (cid:104) n (cid:105) instead of x (cid:104) n (cid:105) . .Notions of bound/free variables in processes are standard; we write fn ( P ) to denote theset of free variables of P . Also, we write P [ v / z ] to denote the (capture-avoiding) substitution O. DARDHA AND J.A. P´EREZ of free occurrences of z in P with v . Finally, we follow Barendregt’s convention , whereby allvariables in binding occurrences in any mathematical context are pairwise distinct and alsodistinct from the free variables.The operational semantics is given in terms of a reduction relation, noted P → Q , anddefined by the rules in Figure 2 (lower part). Reduction relies on a standard notion of structural congruence , noted ≡ , defined by the following axioms: P | Q ≡ Q | P ( P | Q ) | R ≡ P | ( Q | R ) P | ≡ P ( ν xy ) P | Q ≡ ( ν xy )( P | Q ) ( ν xy ) ≡ ( ν wx )( ν yz ) P ≡ ( ν yz )( ν wx ) P We write → ∗ to denote the reflexive, transitive closure of → . Observe that interactioninvolves prefixes with different channels (endpoints), and always occurs in the context of anoutermost double restriction. Key rules are ( R-Com ) and (
R-Case ), denoting the interactionof output/input prefixes and selection/branching constructs, respectively. Rules (
R-Par ),(
R-Res ), and (
R-Str ) are standard [Vas12].2.2.
Type System.
The syntax of session types, ranged over
T, S, . . . , is given by thefollowing grammar.
T, S ::= end | ? T.S | ! T.S | & { l i : S i } i ∈ I | ⊕ { l i : S i } i ∈ I Above, end is the type of an endpoint with a terminated protocol. The type ?
T.S isassigned to an endpoint that first receives a value of type T and then continues accordingto the protocol described by S . Dually, type ! T.S is assigned to an endpoint that firstoutputs a value of type T and then continues according to the protocol described by S .Type & { l i : S i } i ∈ I is used for external choices, and generalises input types; dually, type ⊕{ l i : S i } i ∈ I is used for internal choices, and generalises output types. Notice that sessiontypes describe protocol as sequences of actions; they do not admit parallel operators.With respect to the syntax of types in [Vas12], here we only consider channel endpointtypes (no ground types such as bool ). Also, types in the system in [Vas12] can be qualifiedas either linear or unrestricted . Our session types are linear—the only unrestricted sessiontype is end . Focusing on linear types suffices for our purposes, and leads to simplificationsin typing rules and auxiliary notions, such as well-formedness (see below).A central notion in session-based concurrency is duality , which relates session typesoffering opposite (i.e., complementary) behaviors and stands at the basis of communicationsafety and session fidelity. Given a session type T , its dual type T is defined as follows: end (cid:44) end ! T.S (cid:44) ? T.S ? T.S (cid:44) ! T.S ⊕{ l i : S i } i ∈ I (cid:44) & { l i : S i } i ∈ I & { l i : S i } i ∈ I (cid:44) ⊕{ l i : S i } i ∈ I Typing contexts, ranged over by Γ , Γ (cid:48) , are produced by the following grammar:Γ , Γ (cid:48) ::= ∅ | Γ , x : T where ‘ ∅ ’ denotes the empty context. We standardly require the variables appearing in acontext to be pairwise distinct. It is often convenient to treat typing contexts as sets oftyping assignments x : T . This way, e.g., we write x : T ∈ Γ if Γ = Γ (cid:48) , x : T , for some Γ (cid:48) . Wewrite un (Γ) if and only if x : T ∈ Γ implies T = end . We sometimes write Γ un to indicate OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 7 ( T-Nil ) un (Γ)Γ (cid:96) ST ( T-Par ) Γ (cid:96) ST P Γ (cid:96) ST Q Γ , Γ (cid:96) ST P | Q ( T-Res ) Γ , x : T, y : T (cid:96) ST P Γ (cid:96) ST ( ν xy ) P ( T-In ) Γ , x : S, y : T (cid:96) ST P Γ , x : ? T.S (cid:96) ST x ( y ) .P ( T-Out ) Γ , x : S (cid:96) ST P Γ , x : ! T.S, y : T (cid:96) ST x (cid:104) y (cid:105) .P ( T-Brch ) Γ , x : S i (cid:96) ST P i ∀ i ∈ I Γ , x : & { l i : S i } i ∈ I (cid:96) ST x (cid:46) { l i : P i } i ∈ I ( T-Sel ) Γ , x : S j (cid:96) ST P ∃ j ∈ I Γ , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .P Figure 3: Typing rules for the session π - calculus.that un (Γ). Given a context Γ and a process P , a session typing judgment is of the formΓ (cid:96) ST P .We may now settle some useful terminology: Definition 2.1 ((Un)Composable Processes) . Let Γ (cid:96) ST P . If Γ is empty, we write (cid:96) ST P and say that P is uncomposable ; otherwise, if Γ is non-empty, we say P is composable .Typing rules are given in Figure 3. Rule ( T-Nil ) states that is only well-typed undera fully terminated context. Rule ( T-Par ) types the parallel composition of two processesby composing their corresponding typing contexts. Rule (
T-Res ) types a restricted processby requiring that the two endpoints have dual types. Rules (
T-In ) and (
T-Out ) type thereceiving and sending of a value over a channel x , respectively. Finally, Rules ( T-Brch ) and(
T-Sel ) are generalizations of input and output over a labelled set of processes.The main guarantees of the type system in [Vas12] are communication safety and sessionfidelity , i.e., typed processes respect their ascribed protocols, as represented by session types.
Theorem 2.1 (Strengthening – Lemma 7.3 in [Vas12]) . Let Γ (cid:96) ST P and x (cid:54)∈ fn ( P ). IfΓ = Γ (cid:48) , x : T then Γ (cid:48) (cid:96) ST P . Theorem 2.2 (Preservation for ≡ – Lemma 7.4 in [Vas12]) . If Γ (cid:96) ST P and P ≡ Q , thenΓ (cid:96) ST Q . Theorem 2.3 (Preservation – Theorem 7.2 in [Vas12]) . If Γ (cid:96) ST P and P → Q , thenΓ (cid:96) ST Q .Following [Vas12], we say that processes of the form x (cid:104) v (cid:105) .P , x ( z ) .Q , x (cid:47) l j .P , and x (cid:46) { l i : P i } i ∈ I are prefixed at x . We call redexes processes of the form x (cid:104) v (cid:105) .P | y ( z ) .Q and x (cid:47) l j .P | y (cid:46) { l i : P i } i ∈ I . The following notion of well-formed processes, a specialization ofthe definition in [Vas12], is key to single out meaningful typed processes: Definition 2.2 (Well-Formedness) . A process is well-formed if for each of its structuralcongruent processes of the form ( ν x y ) . . . ( ν x n y n )( P | Q | R ) the following condition holds. • If P is prefixed at x and Q is prefixed at y then P | Q is a redex. In the presence of unrestricted types, as given in [Vas12], Rule (
T-Par ) requires a splitting operator ,noted ◦ in [Vas12]. However, since we consider only linear session types, the ◦ operator boils down to ‘ , ’. O. DARDHA AND J.A. P´EREZ
We have the following result:
Theorem 2.4 (Safety – Theorem 7.3 in [Vas12]) . If (cid:96) ST P then P is well-formed.Therefore, if (cid:96) ST P and P reduces to Q in zero or more steps, then Q is well-formed;this is Theorem 7.1 in [Vas12].2.3. Deadlock-freedom.
As already motivated, a very desirable liveness property forsession π -calculus processes is that they should never “get stuck”. Unfortunately, the sessiontype system given in [Vas12] (and summarized above) does not exclude deadlocked processes.Intuitively, this is because typed processes may contain cyclic causal dependencies enforcedby communication prefixes in processes but not described by their session types. Indeed, aparticularly insidious class of deadlocks is due to cyclic interleaving of channels in processes.Consider the following example: Example 2.1 (A Stuck Process) . Process P (cid:44) ( ν xy )( ν wz )( x (cid:104) n (cid:105) .w (cid:104) n (cid:105) | z ( t ) .y ( s )) repre-sents the implementation of two independent sessions, which get intertwined (blocked) dueto the nesting induced by input and output prefixes. Process P is well-typed in [Vas12]: wehave n : end (cid:96) ST P , even if P is unable to reduce. Below we define deadlock-freedom in the session π -calculus by following [KL17, Def. 5.2]: Definition 2.3 (Deadlock-freedom) . A process P is deadlock-free if the following conditionholds: whenever P → ∗ P (cid:48) and one of the following holds • P (cid:48) ≡ ( ν (cid:102) xy )( x (cid:104) v (cid:105) .Q | Q ) • P (cid:48) ≡ ( ν (cid:102) xy )( x ( y ) .Q | Q ) • P (cid:48) ≡ ( ν (cid:102) xy )( x (cid:47) l j .Q | Q ) • P (cid:48) ≡ ( ν (cid:102) xy )( x (cid:46) { l i : P i } i ∈ I | Q )then there exists R such that P (cid:48) → R . Remark 2.4 (Defining Deadlock-Freedom) . Definition 2.3 above is also closely related to thedefinition of deadlock and deadlock-freedom in [Kob02a]. Indeed, Definition 2.4 in [Kob02a]states that a process P is in deadlock if it reaches one of the first two items stated inDefinition 2.3 and cannot reduce from there. Then, a process P defined as deadlock-free if itnever reduces to a Q that is in deadlock. We shall be following the type system in [Kob06],where the notion of deadlock-freedom is defined only informally: a process is deadlock-free ifwhen “given a request, it will eventually returns a result unless the process diverges”. Example 2.2 (A Deadlocked Process (and Its Deadlock-Free Variant)) . It is easy to see that P in Example 2.1 is not deadlock-free, in the sense of Definition 2.3. A deadlock-free variantof P is P (cid:48) (cid:44) ( ν xy )( ν wz )( x (cid:104) n (cid:105) .w (cid:104) n (cid:105) | y ( s ) .z ( t )) , which also is typable: n : end (cid:96) ST P (cid:48) .Observe how the difference between P and P (cid:48) is in the parallel component on the right-handside: the two input prefixes have been swapped. Two Approaches to Deadlock-Freedom
We introduce two typed approaches to deadlock-free, session π -calculus processes. The firstcomes from interpretations of linear logic propositions as session types [CP10,CPT16,Wad12]and is described in § § OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 9 ( R-ChCom ) x (cid:104) v (cid:105) .P | x ( z ) .Q → P | Q [ v / z ]( R-Fwd ) ( ν x )([ x ↔ y ] | P ) → P [ y / x ]( R-ChCase ) x (cid:47) l j .P | x (cid:46) { l i : P i } i ∈ I → P | P j j ∈ I ( R-ChRes ) P → Q = ⇒ ( ν x ) P → ( ν x ) Q Figure 4: Reduction rules for processes in L .session processes and types [DGS12] into the linear types with usages for the π - calculus.Based on these two approaches, in § L and K .3.1. Linear Logic Foundations of Session Types.
The linear logic interpretation ofsession types was introduced by Caires and Pfenning [CP10, CPT16], and developed byWadler [Wad12] and others. Here we consider an interpretation based on classical linearlogic (
CLL ) with mix principles, following [Cai14, CP17].The syntax and semantics of linear logic processes are as in § ν x ) P instead of the double restrictionoperator ( ν xy ) P . Second, we have a so-called forwarding process , denoted [ x ↔ y ], whichintuitively “fuses” channels/names x and y . More formally, we have: P, Q ::= x (cid:104) v (cid:105) .P | x ( y ) .P | x (cid:47) l j .P | x (cid:46) { l i : P i } i ∈ I | ( ν x ) P | [ x ↔ y ] | P | Q | In what follows, the bound output ( ν y ) x (cid:104) y (cid:105) .P will be abbreviated as x ( y ) P . Also, we write( ν (cid:101) x ) P to abbreviate ( ν x ) . . . ( ν x n ) P .Differences in the reduction rules are summarized in Figure 4. In particular, observehow interaction of input/output prefixes and of selection/branching constructs is no longercovered by an outermost restriction.As for the type system, we consider the so-called linear logic types which correspond tolinear logic propositions (without exponentials). They are given by the following grammar: A, B ::= ⊥ | | A ⊗ B | A (cid:79) B | & { l i : A i } i ∈ I | ⊕ { l i : A i } i ∈ I Intuitively, ⊥ and are used to type a terminated endpoint. Type A ⊗ B is associatedto an endpoint that first outputs an object of type A and then behaves according to B .Dually, type A (cid:79) B is the type of an endpoint that first inputs an object of type A and thencontinues as B . The interpretation of & { l i : A i } i ∈ I and ⊕{ l i : A i } i ∈ I as types for branchingand selection behaviors is precisely as in session types (cf. § CLL ( · ) ⊥ .The dual of type A , denoted A , is inductively defined as follows: (cid:44) ⊥⊥ (cid:44) A ⊗ B (cid:44) A (cid:79) BA (cid:79) B (cid:44) A ⊗ B & { l i : A i } i ∈ I (cid:44) ⊕{ l i : A i } i ∈ I ⊕{ l i : A i } i ∈ I (cid:44) & { l i : A i } i ∈ I Recall that A (cid:40) B (cid:44) A (cid:79) B . As explained in [Cai14], considering mix principles meansadmitting ⊥ (cid:40) and (cid:40) ⊥ , and therefore ⊥ = . We write • to denote either ⊥ or , andtherefore • = • . ( T- ) (cid:96) LL x : • ( T- ⊥ ) P (cid:96) LL ∆ P (cid:96) LL x : • , ∆ ( T- id ) [ x ↔ y ] (cid:96) LL x : A, y : A ( T- (cid:79) ) P (cid:96) LL ∆ , y : A, x : Bx ( y ) .P (cid:96) LL ∆ , x : A (cid:79) B ( T- ⊗ ) P (cid:96) LL ∆ , y : A Q (cid:96) LL ∆ (cid:48) , x : Bx ( y ) . ( P | Q ) (cid:96) LL ∆ , ∆ (cid:48) , x : A ⊗ B ( T- ⊕ ) P (cid:96) LL ∆ , x : A j j ∈ Ix (cid:47) l j .P (cid:96) LL ∆ , x : ⊕ { l i : A i } i ∈ I ( T- & ) P i (cid:96) LL ∆ , x : A i ∀ i ∈ Ix (cid:46) { l i : P i } i ∈ I (cid:96) LL ∆ , x :& { l i : A i } i ∈ I ( T- cut ) P (cid:96) LL ∆ , x : A Q (cid:96) LL ∆ (cid:48) , x : A ( ν x )( P | Q ) (cid:96) LL ∆ , ∆ (cid:48) ( T- mix ) P (cid:96) LL ∆ Q (cid:96) LL ∆ (cid:48) P | Q (cid:96) LL ∆ , ∆ (cid:48) Figure 5: Typing rules for the π - calculus with linear logic types.Typing contexts, ranged over ∆ , ∆ (cid:48) , . . . , are produced by the following grammar:∆ , ∆ (cid:48) ::= · | ∆ , x : A where ‘ · ’ denotes the empty typing context. Typing judgments are of the form P (cid:96) LL ∆.Figure 5 gives the corresponding typing rules. One salient point is the “composition plushiding” principle implemented by Rule ( T- cut ), which integrates parallel composition andrestriction in a single rule. Indeed, unlike the system in [Vas12], there is no dedicated rulefor restriction. Also, Rule ( T- mix ) enables to type the independent parallel composition ofprocesses, i.e., the composition of two processes that do not share sessions.We now collect main results for this type system; see [CPT16, Cai14, CP17] for details.We first state type preservation: Theorem 3.1 (Type Preservation) . If P (cid:96) LL ∆ and P −−→ Q then Q (cid:96) LL ∆.We now state deadlock-freedom. For any P , define live ( P ) if and only if P ≡ ( ν (cid:101) n )( π.Q | R ), where π is an input, output, selection, or branching prefix. Theorem 3.2 (Deadlock-Freedom) . If P (cid:96) LL · and live ( P ) then P −−→ Q , for some Q .3.2. Deadlock-Freedom by Encodability.
The second approach to deadlock-free sessionprocesses is indirect , in that establishing deadlock-freedom for session processes appealsto encodings into a polyadic π -calculus whose type system enforces deadlock freedom byexploiting usages , obligations , and capabilities [Kob02a, Kob06].We follow closely the presentation and technical results in [Kob06]. Next, we introducethe syntax of the (polyadic) π -calculus ( § § § § π -calculus processes and typeswith usages, respectively, are given in § OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 11
Polyadic π -calculus.Syntax. The syntax of the polyadic π - calculus is as follows: v ::= x (channel) l j v (variant value) P, Q ::= x (cid:104) (cid:101) v (cid:105) .P (output) (inaction) x ( (cid:101) z ) .P (input) P | Q (composition) case v of { l i x i (cid:46) P i } i ∈ I (case) ( ν x ) P (session restriction)We discuss differences with respect to § § v , . . . , v n (denoted (cid:101) v ) and an input prefix involvesa tuple of variables z , . . . , z n (denoted (cid:101) z ). This choice is for convenience, as encoding sessionprocesses into “standard” π -calculus processes [DGS12] requires transmitting tuples whoselength is at most two. Also, while in [Kob06] input and output prefixes are annotatedwith a capability annotation t ∈ N ∪ ∞ , we omit such annotations to enhance clarity.Moreover, rather than the branching and selection constructs in § π -calculus presented above we have the caseconstruct case v of { l i x i (cid:46) P i } i ∈ I , which uses the variant value l j v [SW01]. Furthermore,we do not consider the let construct and replication processes in [Kob06]. Finally, in linewith § §
2) we use the restriction ( ν x ) P . As before, wewrite ( ν (cid:101) x ) P to denote the process ( ν x ) · · · ( ν x n ) P . Notions of free and bound variablesare as usual; we write fn ( P ) to denote the set of free variables of P . Reduction Semantics.
Following [Kob06], the reduction semantics of polyadic π -calculusprocesses relies on the structural relation (cid:22) : Definition 3.1 (Def A2 in [Kob06]) . The structural relation (cid:22) is the least reflexive andtransitive relation closed under the following rules (where P ≡ Q denotes ( P (cid:22) Q ) ∧ ( Q (cid:22) P )): P | Q ≡ Q | P ( P | Q ) | R ≡ P | ( Q | R ) P | ≡ P ( ν x ) P | Q ≡ ( ν x )( P | Q ) if x is not free in Q ( ν x ) ≡ ( ν x )( ν y ) P ≡ ( ν y )( ν x ) PP (cid:22) Q = ⇒ P | R (cid:22) Q | R P (cid:22) Q = ⇒ ( ν x ) P (cid:22) ( ν x ) Q Thus, P (cid:22) Q intuitively means that P can be restructured to Q by using the above laws.We shall refer to ≡ as structural equivalence. The reduction rules are then as follows:( R π - Com ) x (cid:104) (cid:101) v (cid:105) .P | x ( (cid:101) z ) .Q → P | Q [ (cid:101) v / (cid:101) z ]( R π - Case ) case l j v of { l i x i (cid:46) P i } i ∈ I → P j [ v / x j ] j ∈ I ( R π - Par ) P → Q = ⇒ P | R → Q | R ( R π - Res ) P → Q = ⇒ ( ν x ) P → ( ν x ) Q ( R π - Str ) P (cid:22) P (cid:48) , P → Q, Q (cid:48) (cid:22) Q = ⇒ P (cid:48) → Q (cid:48) The main difference with respect to the reduction semantics in [Kob06] (cf. Definition A3)is the case construct, which is not present in [Kob06]. Hence, for the semantics of case weuse a reduction step, rather than a structural axiom. As before, we write → ∗ to denote thereflexive, transitive closure of → . Thus, we require at most bi-adic communication; we use polyadic communication for notational uniformity.
Since the definition of deadlock-freedom in [Kob06] is only informal (cf. Remark 2.4),we shall adopt the following definition, which mirrors Definition 2.3:
Definition 3.2 (Deadlock-freedom) . A process P is deadlock-free if the following conditionholds: whenever P → ∗ P (cid:48) and either • P (cid:48) ≡ ( ν (cid:101) x )( x (cid:104) (cid:101) v (cid:105) .Q | Q ) • P (cid:48) ≡ ( ν (cid:101) x )( x ( (cid:101) y ) .Q | Q ) • P (cid:48) ≡ ( ν (cid:101) x )( case l j v of { l i x i (cid:46) P i } i ∈ I | Q )then there exists R such that P (cid:48) → R .3.2.2. Types with Usages.
The type system for deadlock-freedom in [Kob06] exploits typeswith usages. Usages rely on obligations and capabilities , which are endowed with so-called levels to describe inter-channel dependencies: • An obligation of level n must be fulfilled by using only capabilities of level less than n .Said differently, an action of obligation n may be prefixed by actions of capabilities lessthan n . • For an action with capability of level n , there must exist a co-action with obligation oflevel less than n or equal to n .More formally, we have: Definition 3.3 (Usages) . The syntax of usages
U, U (cid:48) , . . . is defined by the following grammar: U ::= (not usable) | ? oκ .U (used in input) | ! oκ .U (used in output) | ( U | U ) (used in parallel) | ↑ t U (lift obligation levels of U up to t )where the obligation o and the capability κ range over the set of natural numbers union ∞ .The set of usages induced by the above definition is a strict subset of the usages definedin [Kob06]. Their intuitive interpretation is as follows. Usage describes a channel thatcannot be used at all. A usage ? oκ .U (resp. ! oκ .U ) is associated to a channel that can be usedonce for input (resp. output) and then according to usage U . We let α range over ‘?’ and ‘!’.We will often omit , and so we will write, e.g., α oκ instead of α oκ . . The usage U | U canbe associated to a channel that is used according to U and U , possibly in parallel. Notation 3.4 (Co-actions) . We write α to denote the co-action of α , i.e., ! = ? and ? = !.We rely on a number of auxiliary definitions for usages; they all follow [Kob06]: Definition 3.5 (Capabilities and Obligations) . Let U be a usage. The input and output capability levels (resp. obligation levels ) of U , written cap ? ( U ) and cap ! ( U ) (resp. ob ? ( U )and ob ! ( U )), are defined as: cap α ( ) (cid:44) ∞ ob α ( ) (cid:44) ∞ cap α ( α oκ .U ) (cid:44) ∞ ob α ( α oκ .U ) (cid:44) ∞ cap α ( α oκ .U ) (cid:44) κ ob α ( α oκ .U ) (cid:44) o cap α ( U | U ) (cid:44) min( cap α ( U ) , cap α ( U )) ob α ( U | U ) (cid:44) min( ob α ( U ) , ob α ( U )) cap α ( ↑ t U ) (cid:44) cap α ( U ) ob α ( ↑ t U ) (cid:44) max( t, ob α ( U ))We write ob ( U ) for max( ob ? ( U ) , ob ! ( U )). OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 13
The reduction relation on usages, noted U → U (cid:48) , intuitively says that if a channel withusage U is used for communication then it should be used according to U (cid:48) afterwards. Westart by defining an auxiliary structural relation on usages. Definition 3.6 (Structural relation on usages [Kob06]) . Let (cid:22) be the least reflexive andtransitive relation on usages defined by the following rules: U | U (cid:22) U | U ↑ t ( U | U ) (cid:22) ( ↑ t U ) | ( ↑ t U ) ( U | U ) | U (cid:22) U | ( U | U ) U (cid:22) U (cid:48) ∧ U (cid:22) U (cid:48) = ⇒ U | U (cid:48) (cid:22) U | U (cid:48) ↑ t α oκ .U (cid:22) α max( o,t ) κ .U U (cid:22) U (cid:48) = ⇒↑ t U (cid:22)↑ t U (cid:48) We now have:
Definition 3.7.
The reduction relation → on usages is the smallest relation closed underthe following rules: ( U-Com ) ? oκ .U | ? o (cid:48) κ (cid:48) .U → U | U ( U-Par ) U → U (cid:48) = ⇒ U | U (cid:48)(cid:48) → U (cid:48) | U (cid:48)(cid:48) ( U-SubStruct ) U (cid:22) U , U → U , U (cid:22) U (cid:48) = ⇒ U → U (cid:48) The reflexive, transitive closure of → (written → ∗ ) is defined as expected.The following key definition ensures that if some action has a capability of level n thenthe obligation level of its co-actions should be at most n . Definition 3.8 (Reliability) . Let α and α be co-actions (cf. Notation 3.4). We write con α ( U ) when ob α ( U ) ≤ cap α ( U ). We write con ( U ) when con ? ( U ) and con ! ( U ) hold. Usage U is reliable , noted rel ( U ), if con ( U (cid:48) ) holds for all U (cid:48) such that U → ∗ U (cid:48) .Having defined usages (and their associated notions), we move to define types. The syntaxof types τ, τ (cid:48) , . . . builds upon usages as follows: τ ::= chan ( (cid:101) τ ; U ) (channel types) | (cid:104) l i : τ i (cid:105) i ∈ I (variant type)The syntax of types follows closely our syntax of processes. Above, (cid:101) τ indicates a sequenceof types, possibly empty. Type chan ( (cid:101) τ ; U ) is associated to a channel that behaves accordingto usage U to exchange a tuple of values each with types τ , . . . , τ n . When (cid:101) τ is empty, wewrite chan ( − ; U ): a channel with this type behaves according to U without exchanging anyvalues. Differences with respect to the syntax of types in [Kob06] are: (i) we do not considerBoolean nor product types, and (ii) we consider the variant type (cid:104) l i : τ i (cid:105) i ∈ I from [SW01]to denote the disjoint union of labeled types, where labels l i ( i ∈ I ) are pairwise distinct.Variant types are essential to encode selection and branching in session types [DGS12].Typing contexts, ranged over Γ , Γ (cid:48) , . . . , are produced by the following grammar:Γ , Γ (cid:48) ::= ∅ | Γ , x : τ where ‘ ∅ ’ denotes the empty context. Given a context Γ = x : τ , · · · , x n : τ n , we write dom (Γ) to denote its domain, i.e., the set { x , . . . , x n } .Following [Kob06], we use ≺ to denote a partial order that statically tracks the timeswhen channels are created. That is, x ≺ y means that x was created more recently than y . Typing judgments are of the form Γ (cid:96) n ≺ (cid:101) v (for values) and Γ (cid:96) n ≺ P (for processes). Theannotation n ≥ (cid:96) n ≺ P is the main difference with respect to the rules in the typesystem by Kobayashi [Kob06]: it explicitly denotes the greatest degree of sharing admittedin parallel processes. Before commenting on the typing rules, given in Figure 6, we present some importantauxiliary notions, extracted from [Kob06].
Definition 3.9 (Auxiliary Operators on Types) . The type system uses the following auxiliaryoperators and notions:(1) The unary operation ↑ t on usages extends to types as follows: ↑ t ( chan ( (cid:101) τ ; U )) = chan ( (cid:101) τ ; ↑ t U )(2) The composition operation on types, denoted | , is defined as follows: chan ( (cid:101) τ ; U ) | chan ( (cid:101) τ ; U ) (cid:44) chan ( (cid:101) τ ; ( U | U )) (cid:104) l i : τ i (cid:105) i ∈ I | (cid:104) l i : τ i (cid:105) i ∈ I (cid:44) (cid:104) l i : τ i (cid:105) i ∈ I The generalisation of | to typing contexts, denoted (Γ | Γ )( x ), is defined as expected.(3) The operator “ ; ≺ ” combines a type assignment x : chan ( (cid:101) τ ; α oκ ) and a context Γ into anew context. Precisely, x : chan ( (cid:101) τ ; α oκ ) ; ≺ Γ represents the context Γ (cid:48) , defined as follows: dom (Γ (cid:48) ) (cid:44) { x } ∪ dom (Γ)Γ (cid:48) ( x ) (cid:44) (cid:40) chan ( (cid:101) τ ; α oκ .U ) if Γ( x ) = chan ( (cid:101) τ ; U ) chan ( (cid:101) τ ; α oκ ) if x / ∈ dom (Γ)Γ (cid:48) ( y ) (cid:44) (cid:40) ↑ κ Γ( y ) if y (cid:54) = x ∧ x ≺ y ↑ κ +1 Γ( y ) if y (cid:54) = x ∧ x (cid:54)≺ y Typing Rules.
We start by formalizing the notion of degree of sharing given in § Definition 3.10 (Degree of Sharing) . A process has a degree of sharing n (with n ≥
0) iffor each of its structural equivalent processes of the form ( ν (cid:101) x )( P | Q ) sub-processes P and Q share at most n names.Considering this, the typing rules for the π -calculus with usage types are given inFigure 6. All rules are as in [Kob06], excepting Rule ( T π -Par n ), ( T π - LVal ), and ( T π - Case )which are discussed below. Rule ( T π - Nil ) states that the terminated process is typed undera terminated channel. Rule ( T π - Res ) states that process ( ν x ) P is well-typed if the usage for x is reliable (cf. Definition 3.8). Rules ( T π - In ) and ( T π - Out ) type input and output processeswith polyadic communication in a typing context where the “ ; ≺ ” operator (Definition 3.9(3))is used to increase the obligation level of the channels in continuation P .We discuss modifications with respect to [Kob06]. Rules ( T π - LVal ) and ( T π - Case ) type achoice: the first types a variant value with a variant type; the second types a case processusing a variant value as its guard. Given a degree of sharing n ≥
0, Rule ( T π -Par n ) statesthat the parallel composition of processes P and Q (typable under Γ and Γ , respectively) iswell-typed under the typing context Γ | Γ only if | dom (Γ ) ∩ dom (Γ ) | ≤ n . This conditionallows us to characterize the “concurrent cooperation” between P and Q . One then mayview Rule ( T π -Par n ) is as a “rule scheme” with different instances, one for each differentvalue of n . As a consequence, if Γ (cid:96) n ≺ P then Γ (cid:96) k ≺ P , for any k ≤ n . Observe that thecorresponding typing rule in the type system in [Kob06] can be recovered simply by removingthis condition for the degree of sharing. OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 15 ( T π -Var ) x : τ (cid:96) n ≺ x : τ ( T π -Tup ) Γ (cid:96) n ≺ v : τ · · · Γ k (cid:96) n ≺ v k : τ k (cid:101) v = v , . . . , v k Γ | · · · | Γ k (cid:96) n ≺ (cid:101) v : (cid:101) τ ( T π -LVal ) Γ (cid:96) n ≺ v : τ j ∃ j ∈ I Γ (cid:96) n ≺ l j v : (cid:104) l i : τ i (cid:105) i ∈ I ( T π -Nil ) ∅ (cid:96) n ≺ ( T π -Res ) Γ , x : chan ( (cid:101) τ ; U ) (cid:96) n ≺∪{ ( x,y ) | y ∈ fn ( P ) \{ x }} P rel ( U )Γ (cid:96) n ≺ ( ν x ) P ( T π -Par n ) Γ (cid:96) n ≺ P Γ (cid:96) n ≺ Q | dom (Γ ) ∩ dom (Γ ) | ≤ n Γ | Γ (cid:96) n ≺ P | Q ( T π -Out ) Γ (cid:96) n ≺ P Γ (cid:96) n ≺ (cid:101) v : (cid:101) τx : chan ( (cid:101) τ ; ! κ ) ; ≺ (Γ | Γ ) (cid:96) n ≺ x (cid:104) ˜ v (cid:105) .P ( T π -In ) Γ , (cid:101) y : (cid:101) τ (cid:96) n ≺ Px : chan ( (cid:101) τ ; ? κ ) ; ≺ Γ (cid:96) n ≺ x ( (cid:101) y ) .P ( T π -Case ) Γ (cid:96) n ≺ v : (cid:104) l i : τ i (cid:105) i ∈ I Γ , x i : τ i (cid:96) n ≺ P i ∀ i ∈ I Γ | Γ (cid:96) n ≺ case v of { l i x i (cid:46) P i } i ∈ I Figure 6: Typing rules for the π - calculus, with degree of sharing n . Typing rules for valuesappear in the first line; the remaining typing rules are for processes.3.2.4. Technical Results.
Type soundness of the type system given in Figure 6 implies thatwell-typed processes are deadlock-free (cf. Definition 3.2). We now state these technicalresults from [Kob06] and discuss changes in their proofs, which are due to our Rule ( T π -Par n ).In all cases, we explain how the required modifications are minimal.First, typing is preserved by the structural relation (cid:22) (cf. Definition 3.1): Lemma 3.11.
If Γ (cid:96) n ≺ P and P (cid:22) Q then Γ (cid:96) n ≺ Q .The only difference between the above statement and Lemma 4 in [Kob06] is theannotation for the degree of sharing—the “ n ” in the typing judgments for P and Q .As in [Kob06], the proof of our Lemma 3.11 is by induction on the derivation of P (cid:22) Q .Notice that explicitly tracking the degree of sharing does not affect the cases of the proofinvolving parallel composition. The most interesting such cases concern the rules for scopeextrusion (cf. Definition 3.1), namely:( ν x ) P | Q (cid:22) ( ν x )( P | Q ) and ( ν x )( P | Q ) (cid:22) ( ν x ) P | Q which hold if x is not free in Q . Let us start with ( ν x ) P | Q (cid:22) ( ν x )( P | Q ) and let usconsider first the left-hand side process in this relation: the last applied rule is our typingrule for parallel composition (Rule ( T π -Par n )), which ensures that processes ( ν x ) P and Q share at most n ≥ x cannot be one of those shared names, because x isnot free in Q . Therefore, when typing the composition of P and Q (as required to type( ν x )( P | Q )) the same value of n suffices. Hence, the degree of sharing is preserved whenrestructuring ( ν x ) P | Q into ( ν x )( P | Q ). Now, let us move to ( ν x )( P | Q ) (cid:22) ( ν x ) P | Q and consider the left-hand side process inthis relation: here the last applied rule is Rule ( T π - Res ), which checks reliability for x , againnot free in Q . Thus, typing ( ν x )( P | Q ) and ( ν x ) P | Q requires the same degree of sharing.Besides Lemma 3.11, the proof of type preservation in [Kob06] relies on other auxiliaryresults (such as substitution), which we do not recall here. To state the type preservationresult, we need the following auxiliary definition: Definition 3.12 (Context Reduction) . We write Γ → Γ (cid:48) when one of the following hold:(1) Γ = Γ , x : chan ( (cid:101) τ ; U ) and Γ (cid:48) = Γ , x : chan ( (cid:101) τ ; U (cid:48) ) with U → U (cid:48) (cf. Definition 3.7), forsome Γ , x , (cid:101) τ , U and U (cid:48) .(2) Γ = Γ , x : (cid:104) l i : τ i (cid:105) i ∈ I and Γ (cid:48) = Γ , x : τ j , with j ∈ I , for some Γ and x .The above definition extends that in [Kob06] with Item (2), which is required forcharacterizing reductions of the case construct. (Item (1) is as in [Kob06].)We now state type preservation. Here again, the only difference between the statementgiven below and that in [Kob06] (Theorem 1) is the annotation n , the degree of sharing: Theorem 3.3 (Type Preservation) . If Γ (cid:96) n ≺ P and P → Q , then Γ (cid:48) (cid:96) n ≺ Q for some Γ (cid:48) suchthat Γ (cid:48) = Γ or Γ → Γ (cid:48) .The proof of this theorem is by induction on the derivation P → Q , following closelythe proof in [Kob06]. An additional case is needed due to the reduction rule of the caseconstruct (Rule ( R π - Case )): case l j v of { l i x i (cid:46) P i } i ∈ I → P j [ v / x j ] ( j ∈ I )As a result of this reduction, we have Γ → Γ (cid:48) because of Definition 3.12(2).Let us now comment on why the degree of sharing n is preserved in Theorem 3.3. Thetyping contexts (Γ and Γ (cid:48) in the theorem above) are essential in determining the degreeof sharing of a process (cf. Rule ( T π -Par n )). Definition 3.12 ensures that if Γ → Γ (cid:48) then dom (Γ) = dom (Γ (cid:48) ). If the domains are the same, then intersection of domains required inRule ( T π -Par n ) remains the same. Consequently, the degree of sharing n is preserved underreduction; this is why in the above statement we have Γ (cid:48) (cid:96) n ≺ Q .The following important result extends Theorem 2 in [Kob06] with the case constructand an annotation based on the degree of sharing: Theorem 3.4 (Deadlock Freedom) . If ∅ (cid:96) n ≺ P and one of the following holds • P (cid:22) ( ν (cid:101) x )( x (cid:104) (cid:101) v (cid:105) .Q | Q ) • P (cid:22) ( ν (cid:101) x )( x ( (cid:101) z ) .Q | Q ) • P (cid:22) ( ν (cid:101) x )( case l j v of { l i x i (cid:46) P i } i ∈ I | Q )then P → R , for some process R .In [Kob06], the proof of this theorem relies on a notion of normal form in which inputand output prefixes act as guards for if-expressions and let-expressions (not present in oursyntax); our case construct can be easily accommodated in such normal forms. The proofin [Kob06] also uses: (i) an extension of (cid:22) for replicated processes, (ii) mechanisms foruniquely identifying bound variables, and (iii) an ordering on processes. In our case, we donot need (i) as we do not have replicated processes, and can re-use (ii) and (iii) as they are.With these elements, the proof argument proceeds as in [Kob06]. We finally have: Corollary 3.13. If ∅ (cid:96) n ≺ P then P is deadlock-free, in the sense of Definition 3.2. OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 17 (cid:74) (cid:75) f u (cid:44) (cid:74) ( ν xy ) P (cid:75) f u (cid:44) ( ν c ) (cid:74) P (cid:75) f, { x,y (cid:55)→ c } u (cid:74) P | Q (cid:75) f u (cid:44) (cid:74) P (cid:75) f u | (cid:74) Q (cid:75) f u (cid:74) x (cid:104) v (cid:105) .P (cid:75) f u (cid:44) ( ν c ) f x (cid:104) f v , c (cid:105) . (cid:74) P (cid:75) f, { x (cid:55)→ c } u (cid:74) x ( y ) .P (cid:75) f u (cid:44) f x ( y, c ) . (cid:74) P (cid:75) f, { x (cid:55)→ c } u (cid:74) x (cid:47) l j .P (cid:75) f u (cid:44) ( ν c ) f x (cid:104) l j c (cid:105) . (cid:74) P (cid:75) f, { x (cid:55)→ c } u (cid:74) x (cid:46) { l i : P i } i ∈ I (cid:75) f u (cid:44) f x ( y ) . case y of { l i c (cid:46) (cid:74) P i (cid:75) f, { x (cid:55)→ c } u } i ∈ I Figure 7: Encoding of session π -calculus processes into polyadic π -calculus, under a renamingfunction f on variables/channels.It is worth noticing how both Theorem 3.2 and Theorem 3.4 have similar formulations:both properties state that processes can always reduce if they are well-typed (under the emptytyping context) and have an appropriate structure (cf., condition live ( P ) in Theorem 3.2and condition P (cid:22) ( ν (cid:101) x )( x ( (cid:101) z ) .Q | R ) or P (cid:22) ( ν (cid:101) x )( x (cid:104) (cid:101) v (cid:105) .Q | R ) in Theorem 3.4).3.2.5. Encodings of Processes and Types.
To relate classes of (typed) processes obtained bythe different type systems given so far, we use encodings. To rewrite a session typed processinto a usage typed process, we follow a continuation-passing style: this allows us to mimicthe sequential structure of a session by sending its continuation as a payload over a channel.This encoding of processes is denoted (cid:74) · (cid:75) f u , where f is a mapping from channels to freshnames (see Figure 7); this encoding was suggested in [Kob07] and developed in [DGS12].We also need to formally relate session types to usage types and linear logic propositions.To this end, we have encodings of types (cid:74) · (cid:75) f u and (cid:74) · (cid:75) f l , both given in Figure 8. The encoding (cid:74) · (cid:75) f l simply follows the essence of the linear logic interpretation. The encoding (cid:74) · (cid:75) f u is actuallyparametric into a pair of values, which is used to generate a usage type with obligationsand capabilities that follow the sequencing structure of the given session type. Notice thatthis parameter does not affect the obligations/capabilities associated to communicationobjects. At the beginning of the translation, this pair is simply (0 , S is defined by (cid:74) S (cid:75) (0 , u .We now extend these encodings from types to typing contexts: Definition 3.14.
With a slight abuse of notation, we write (cid:74) · (cid:75) f u to denote the encoding ofsession type contexts Γ into usage typing contexts that is inductively defined as follows: (cid:74) ∅ (cid:75) f u (cid:44) ∅ (cid:74) Γ , x : T (cid:75) f u (cid:44) (cid:74) Γ (cid:75) f u , f x : (cid:74) T (cid:75) f u Similarly, the encoding (cid:74) · (cid:75) f l of session type contexts Γ into linear logic typing contexts isdefined as (cid:74) ∅ (cid:75) f l (cid:44) ∅ (cid:74) Γ , x : T (cid:75) f l (cid:44) (cid:74) Γ (cid:75) f l , x : (cid:74) T (cid:75) f l The following result connects our encodings of types and the notion of duality:
Lemma 3.15.
Let
T, S be session types. Then, the following hold: (i) T = S if and only if (cid:74) T (cid:75) f l = (cid:74) S (cid:75) f l ; (ii) T = S if and only if (cid:74) T (cid:75) f u = (cid:74) S (cid:75) f u . (cid:74) end (cid:75) ( o,κ ) u = chan ( − ; ) (cid:74) ? T.S (cid:75) ( o,κ ) u = chan ( (cid:74) T (cid:75) (0 , u , (cid:74) S (cid:75) ( κ +1 ,o +1) u ; ? oκ ) (cid:74) ! T.S (cid:75) ( o,κ ) u = chan ( (cid:74) T (cid:75) (0 , u , (cid:74) S (cid:75) ( κ +1 ,o +1) u ; ! oκ ) (cid:74) & { l i : S i } i ∈ I (cid:75) ( o,κ ) u = chan ( (cid:104) l i : (cid:74) S i (cid:75) ( κ +1 ,o +1) u (cid:105) i ∈ I ; ? oκ ) (cid:74) ⊕{ l i : S i } i ∈ I (cid:75) ( o,κ ) u = chan ( (cid:104) l i : (cid:74) S i (cid:75) ( κ +1 ,o +1) u (cid:105) i ∈ I ; ! oκ ) (cid:74) end (cid:75) f l = • (cid:74) ? T.S (cid:75) f l = (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l (cid:74) ! T.S (cid:75) f l = (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l (cid:74) & { l i : S i } i ∈ I (cid:75) f l = & (cid:8) l i : (cid:74) S i (cid:75) f l (cid:9) i ∈ I (cid:74) ⊕{ l i : S i } i ∈ I (cid:75) f l = ⊕ (cid:8) l i : (cid:74) S i (cid:75) f l (cid:9) i ∈ I Figure 8: Encoding session types into usage types (top) and into linear logic types (bottom).
Proof.
The proof is by induction on the duality relation of session types.3.2.6.
On Deadlock Freedom by Encoding.
The next results relate deadlock freedom, typingand the encodings in [DGS12], thus formalising the indirect approach to deadlock-freedom.
Proposition 3.16. If P be a deadlock-free session process then (cid:74) P (cid:75) f u is a deadlock-free π -process. Proof.
Follows by the encoding of terms given in Figure 7, Definition 2.3 and Definition 3.2.Next we recall an important result relating deadlock freedom and typing, by follow-ing [CDM14].
Corollary 3.17.
Let (cid:96) ST P be a session process. If (cid:96) n ≺ (cid:74) P (cid:75) f u is deadlock-free then P isdeadlock-free.Up to here, we have introduced three type systems: § (cid:96) ST P ); § P (cid:96) LL ∆);and § (cid:96) n ≺ P , with n ≥ A Hierarchy of Deadlock-Free Session Typed Processes
The Classes L and K . To formally define the classes L and K , we require someauxiliary definitions. The following auxiliary translation addresses minor syntactic differencesbetween session typed processes (cf. §
2) and the processes typable in the linear logicinterpretation of session types (cf. § OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 19
Definition 4.1.
Let P be a session process. The auxiliary translation (cid:74) · (cid:75) a from the sessionprocesses (cf. §
2) into the linear logic processes (cf. § (cid:74) x (cid:104) y (cid:105) .P (cid:75) a (cid:44) x ( z ) . ([ z ↔ y ] | (cid:74) P (cid:75) a ) (cid:74) ( ν xy ) P (cid:75) a (cid:44) ( ν w ) (cid:74) P (cid:75) a [ w / x ][ w / y ] w (cid:54)∈ fn ( P )and as an homomorphism for the other process constructs.Let (cid:74) · (cid:75) f l denote the encoding of session types into linear logic propositions in Figure 8(bottom). Recall that (cid:74) · (cid:75) f u stands for the encoding of processes and (cid:74) · (cid:75) f u for the encoding oftypes, given here in Figure 7 and Figure 8 (top), respectively. We may then formally definethe languages under comparison as follows: Definition 4.2 (Typed Languages) . The languages L and K n ( n ≥
0) are defined as follows: L (cid:44) (cid:110) P | ∃ Γ . (Γ (cid:96) ST P ∧ (cid:74) P (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l ) (cid:111) K n (cid:44) (cid:110) P | ∃ Γ , f. (Γ (cid:96) ST P ∧ (cid:74) Γ (cid:75) f u (cid:96) n ≺ (cid:74) P (cid:75) f u ) (cid:111) Both L and K n contain session π -calculus processes as defined in §
2. In words, processesin L are those session π -calculus processes that are typable in the system of § (cid:74) · (cid:75) a and the encoding on types (cid:74) · (cid:75) f l . Similarly, given n ≥
0, theset of typed processes K n contains all session π -calculus processes that are typable underKobayashi’s type systems with a degree of sharing up to n .Notice that L and K n contain both composable and uncomposable processes (cf. Defini-tion 2.1). As informally discussed in the Introduction, processes in L and K n satisfy the progress property, defined in [CD10] and further studied in [CDM14]. As a consequence: • Uncomposable processes in L (typable with ∆ = · ) are deadlock-free by following Theo-rem 3.2. Similarly, uncomposable processes in K n (typable with Γ = ∅ ) are deadlock-freeby the indirect approach formalised by Theorem 3.4 and Definition 3.2 and Corollary 3.17. • Composable processes in L (typable with ∆ (cid:54) = · ) and K n (typable with Γ (cid:54) = ∅ ) may bestuck, because they lack communicating counterparts as described by their (non-empty)typing context. These missing counterparts will be formalized as a catalyzer [CD10] thatallows a process to further reduce, thereby “unstucking it”.Although we are interested in the (sub)class of processes that satisfy deadlock freedom, wehave defined L and K n more generally as processes satisfying progress; this simplifies thedefinition and presentation of our technical contributions.4.2. Main Results.
Our first observation is that there are processes in K but not in K : Lemma 4.3. K ⊂ K . Proof. K contains (deadlock-free) session processes not in K . A representative example is: P (cid:44) ( ν a b )( ν a b )( a ( x ) . a (cid:104) x (cid:105) | b (cid:104) n (cid:105) . b ( z ))This process is not in K because it involves the composition of two parallel processes whichshare two sessions. As such, it is typable in (cid:96) n ≺ (with n ≥
2) but not in (cid:96) ≺ . This result generalizes easily to define a hierarchy of deadlock-free, session processes:
Theorem 4.1.
For all n ≥
1, we have that K n ⊂ K n +1 . Proof.
Immediate by considering one of the following processes, which generalize process P in the proof of Lemma 4.3: P n +1 (cid:44) ( ν a b )( ν a b ) ... ( ν a n +1 b n +1 )( a ( x ) .a (cid:104) x (cid:105) ... a n +1 (cid:104) y (cid:105) | b (cid:104) n (cid:105) .b ( z ) ... b n +1 ( z )) Q n +1 (cid:44) ( ν a b )( ν a b ) ... ( ν a n +1 b n +1 )( a ( x ) .a (cid:104) x (cid:105) ... a n +1 ( y ) | b (cid:104) n (cid:105) .b ( z ) ... b n +1 (cid:104) n (cid:105) )To distinguish K n +1 from K n , we consider P n +1 if n + 1 is even and Q n +1 otherwise.One main result of this paper is that L and K coincide. Before stating this result, wemake the following observations. The typing rules for processes in L do not directly allow freeoutput. However, free output is representable (and typable) by linear logic types by meansof the transformation in Definition 4.1. Thus, considered processes are not syntacticallyequal. In L there is cooperating composition (enabled by Rule ( T- cut ) in Figure 5); typableoccurrences of restriction are only allowed via this cooperation. Independent compositioncan only be enabled by Rule ( T- mix ).The following property is key in our developments: it connects our encodings of (dual)session types into usage types with reliability (Definition 3.8), a central notion to the typesystem for deadlock-freedom in Figure 6. Recall that, unlike usage types, there is no parallelcomposition operator at the level of session types. In the following proposition, we use thefollowing extension of the reliability predicate (cf. Definition 3.8) from usages to channeltypes: rel ( chan ( (cid:101) T ; U )) = rel ( U ). Proposition 4.4.
Let T be a session type, and let (cid:74) · (cid:75) ( o,κ ) u be the encoding of session typesinto usage types given in Figure 8. Then rel ( (cid:74) T (cid:75) ( i,j ) u | (cid:74) T (cid:75) ( i,j ) u ) holds, with 0 ≤ i ≤ j . Proof.
The proof proceeds by induction on the structure of T , using Lemma 3.15 (encodingsof types preserve session type duality). • T = end . Then (cid:74) T (cid:75) ( i,j ) u | (cid:74) T (cid:75) ( i,j ) u = chan ( − ; ) | chan ( − ; ) = chan ( − ; | ) and thethesis follows easily. • T = ! T .T for some T , T . By definition of duality, T = ? T .T . Then, (cid:74) T (cid:75) ( i,j ) u | (cid:74) T (cid:75) ( i,j ) u = chan ( (cid:74) T (cid:75) (0 , u , (cid:74) T (cid:75) ( j +1 ,i +1) u ; ! ij ) | chan ( (cid:74) T (cid:75) (0 , u , (cid:74) T (cid:75) ( j +1 ,i +1) u ; ? ji )= chan ( (cid:74) T (cid:75) (0 , u , (cid:74) T (cid:75) ( j +1 ,i +1) u ; ? ij | ! ij )and so we must establish rel (? ij | ! ij ). By Definition 3.8, this entails i ≤ j , which correspondsto our assumption. Thus, rel ( (cid:74) T (cid:75) ( i,j ) u | (cid:74) T (cid:75) ( i,j ) u ) trivially holds. • T = ? T .T , for some T , T : similar to the previous case. • T = & { l i : S i } i ∈ I , for some S i . By definition of duality, T = ⊕{ l i : S i } i ∈ I . Then, (cid:74) T (cid:75) ( i,j ) u | (cid:74) T (cid:75) ( i,j ) u = chan ( (cid:104) l i : (cid:74) S i (cid:75) ( j +1 ,i +1) u (cid:105) i ∈ I ; ? ij ) | chan ( (cid:104) l i : (cid:74) S i (cid:75) ( j +1 ,i +1) u (cid:105) i ∈ I ; ! ij )= chan ( (cid:104) l i : (cid:74) S i (cid:75) ( j +1 ,i +1) u (cid:105) i ∈ I ; ? ij | ! ij )and the thesis holds just as in case T = ? T .T . • T = ⊕{ l i : S i } i ∈ I , for some S i and i ∈ I : similar to the previous case. OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 21
We then have the following main result:
Theorem 4.2. L = K . Proof (Sketch).
We divide the proof into two lemmas: (i) If P ∈ L then P ∈ K and (ii) If P ∈ K then P ∈ L . Both lemmas are proven by structural induction on P ; see § A.1(Page 36) for details.Therefore, we have the following corollary, which attests that the class of deadlock-freesession processes induced by linear logic interpretations of session types (cf. § § Corollary 4.5.
L ⊂ K n , n > P (cf. Lemma 4.3) are not in L is informallydiscussed in [CPT16, § π -calculus processes in L and K n , we now move on to explore how to rewrite processes in K n into L processes, in atype-preserving manner. 5. Rewriting K n into L The hierarchy of deadlock-free session processes established by Theorem 4.1 is subtle inthe following sense: if P ∈ K k +1 but P (cid:54)∈ K k (with k ≥
1) then we know that at least onesub-process of P must become more independent (concurrent) in order to be typable underthe lesser degree of sharing k . We illustrate this insight by means of an example: Example 5.1 (Idea of the Rewriting) . Recall process P in Lemma 4.3: P (cid:44) ( ν a b )( ν a b )( a ( x ) . a (cid:104) x (cid:105) | b (cid:104) n (cid:105) . b ( z )) We have that P ∈ K . Consider now the following variant of P , in which the left sub-processhas been kept unchanged, but the right sub-process has been modified to increase concurrency: P (cid:48) (cid:44) ( ν a b )(( ν a b )( a ( x ) . a (cid:104) x (cid:105) | b (cid:104) n (cid:105) . ) | b ( z ) . ) Indeed, by replacing b (cid:104) n (cid:105) . b ( z ) with b (cid:104) n (cid:105) . ) | b ( z ) . , we have that P (cid:48) ∈ K . Here we propose a rewriting procedure that converts any typable session process intoa process in L / K . The rewriting procedure, given in § characteristic processes and catalyzers , which we introduce next.5.1. Characteristic Processes and Catalyzers.
We need some preliminary notions. A characteristic process of a session type T represents the smallest process in L inhabiting it. Definition 5.1 (Characteristic Processes of a Session Type) . Given a name x , the set of characteristic processes of session type T , denoted (cid:104)| T |(cid:105) x , is inductively defined as follows: (cid:104)| end |(cid:105) x (cid:44) { }(cid:104)| ? T (cid:48) .S |(cid:105) x (cid:44) (cid:8) x ( y ) . ( P | Q ) | P ∈ (cid:104)| T (cid:48) |(cid:105) y ∧ Q ∈ (cid:104)| S |(cid:105) x (cid:9) (cid:104)| ! T (cid:48) .S |(cid:105) x (cid:44) (cid:8) x ( y ) . ( P | Q ) | P ∈ (cid:104)| T (cid:48) |(cid:105) y ∧ Q ∈ (cid:104)| S |(cid:105) x (cid:9) (cid:104)| & { l i : S i } i ∈ I |(cid:105) x (cid:44) (cid:8) x (cid:46) { l i : P i } i ∈ I | ∀ i ∈ I. P i ∈ (cid:104)| S i |(cid:105) x (cid:9) (cid:104)| ⊕ { l i : S i } i ∈ I |(cid:105) x (cid:44) (cid:91) i ∈ I (cid:8) x (cid:47) l i .P i | P i ∈ (cid:104)| S i |(cid:105) x (cid:9) The previous definition extends to typing contexts by composing in parallel independentcharacteristic processes, one for each of the session types declared in the context. Thisreflects that sessions in a context declare independent structures of communication.
Definition 5.2 (Characteristic Processes of a Session Typing Context) . Given a contextΓ = w : T , . . . , w n : T n , we shall write (cid:104)| Γ |(cid:105) to stand for the set { ( P | · · · | P n ) | P i ∈ (cid:104)| T i |(cid:105) w i } .Characteristic processes are well-typed in the system of § Lemma 5.3.
Let T be a session type and Γ be a session context.(1) For all P ∈ (cid:104)| T |(cid:105) x , we have P (cid:96) LL x : (cid:74) T (cid:75) f l .(2) For all P ∈ (cid:104)| Γ |(cid:105) , we have P (cid:96) LL (cid:74) Γ (cid:75) f l . Proof.
The proof of Part 1 is by induction on the structure of T . The proof of Part 2 is byinduction on the size of Γ, using Part 1. See § B.1 (Page 42) for details.Let us use [ · ] to denote a hole and C [ · ] , C (cid:48) [ · ] , . . . to denote process contexts (i.e., aprocess with a hole). Building upon characteristic processes, a catalyzer for a typing contextis a process context that implements the behaviors it declares. Definition 5.4 (Catalyzers of a Session Typing Context) . Given a session typing contextΓ, we define its set of associated catalyzers , noted C Γ , inductively as follows: C Γ (cid:44) (cid:40)(cid:8) [ · ] (cid:9) if Γ = ∅ (cid:8) ( ν x )( C [ · ] | P ) | C [ · ] ∈ C Γ (cid:48) ∧ P ∈ (cid:104)| T |(cid:105) x (cid:9) if Γ = Γ (cid:48) , x : T Given a context Γ = x : T , . . . , x n : T n , let us write Γ to denote the context x : T , . . . , x n : T n , i.e., the context obtained by “dualising” all the types in Γ. The following statementformalizes the complementarity, in terms of session behaviors, between a well-typed processin L and its associated catalyzers: Lemma 5.5 (Catalyzers Preserve Typing) . Let P (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:48) (cid:75) f l and C [ · ] ∈ C Γ . Then C [ P ] (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l . Proof.
Follows from Definition 5.4, which defines C [ · ] as a composition of characteristicprocesses, and Lemma 5.3 (Part 1), which ensures the appropriate type for each of them. OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 23
Rewriting Session Processes into L . Our rewriting procedure transforms a session-typed process into a set of L processes. Unsurprisingly, a delicate point in this rewriting isthe treatment of parallel composition. Roughly speaking, given a well-typed session process P | P , our procedure produces two sets of processes: the first one collects processes ofthe form Q | G , where Q composes the rewriting of P within an appropriate catalyzerand G is a characteristic process that implements all sessions declared in the typing of P . Similarly, the second set collects processes of the form G | Q , where Q composesthe rewriting of P within an appropriate catalyzer and G is a characteristic process thatimplements all sessions declared in the typing for P . This way, by rewriting one sub-processand replacing the other with parallel representatives ( G and G ), the rewritten processes aremore independent, and the circular dependencies—the heart of deadlocked processes—aresystematically ruled out.We require some auxiliary notations. Notation 5.6 (Bound Names) . Concerning bound names and their session types: • We annotate bound names with their session types: we write ( ν x y : T ) · · · ( ν x n y n : T n ) P and x ( y : T ) .P , for some session types T, T , . . . , T n . • We sometimes write Γ , (cid:93) x : T (cid:96) ST P as shorthand notation for Γ , x : T , . . . , x n : T n (cid:96) ST P .Similarly, we write ( ν (cid:101) x (cid:101) y : (cid:101) T ) P to abbreviate ( ν x y : T ) · · · ( ν x n y n : T n ) P .Using these notations for bound names, we introduce the following notation for well-typedparallel processes, in which “hidden” sessions are explicitly denoted by brackets: Notation 5.7 (Hidden/Bracketed Sessions) . We shall writeΓ , [ (cid:93) x : S ] (cid:63) Γ , [ (cid:93) y : T ] (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P )whenever Γ , Γ (cid:96) ST ( ν x y ) · · · ( ν x n y n )( P | P ) holds with Γ , x : S , . . . , x n : S n (cid:96) ST P ,Γ , y : T , . . . , y n : T n (cid:96) ST P , and S i = T i , for all i ∈ { , . . . , n } .We are now ready to give the first rewriting procedure from session processes into L : Definition 5.8 (Rewriting into L ) . Let P be such that Γ (cid:96) ST P and P ∈ K n . The set of L processes (cid:76) Γ (cid:96) ST P (cid:77) is defined in Figure 9.Our procedure operates on typing judgments: a well-typed session process is rewrittenusing the information declared in its typing context. Although the procedure could bedefined for arbitrary session processes (even deadlocked ones), membership in K n plays arole in operational correspondence (see below). We discuss the different cases in Figure 9: • The process is rewritten into the singleton set { } provided that the associated typingcontext Γ contains only completed sessions (recall that Γ un stands for un (Γ)). • The rewriting of output- and input-prefixed processes is self-explanatory; in the formercase, we rewrite the free output available in K n by exploiting a forwarding process in L (cf.Definition 4.1). The rewriting of selection and branching processes also follows expectedlines. • The last case of the definition handles processes in parallel, possibly with restrictedsessions; we use Notation 5.7 to make such sessions explicit. As hinted at above, therewriting of a parallel process ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ) in K n results into two different sets of L processes: the first set contains processes of the form C [ Q ] | G , where, intuitively: • Q belongs to the set that results from rewriting sub-process P with an appropriatetyping judgment, which includes (cid:93) x : S . (cid:76) Γ un (cid:96) ST (cid:77) (cid:44) (cid:8) (cid:9) (cid:76) Γ , x : ! T.S, v : T (cid:96) ST x (cid:104) v (cid:105) .P (cid:48) (cid:77) (cid:44) (cid:8) x ( z ) . ([ v ↔ z ] | Q ) | Q ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:48) (cid:77) (cid:9) (cid:76) Γ , Γ , x : ! T.S (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P ) (cid:77) (cid:44) (cid:8) x ( y ) . ( Q | Q ) | Q ∈ (cid:76) Γ , z : T (cid:96) ST P (cid:77) ∧ Q ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:77) (cid:9) (cid:76) Γ , x : ? T.S (cid:96) ST x ( y : T ) .P (cid:48) (cid:77) (cid:44) (cid:8) x ( y ) .Q | Q ∈ (cid:76) Γ , x : S, y : T (cid:96) ST P (cid:48) (cid:77) (cid:9) (cid:76) Γ , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .P (cid:48) (cid:77) (cid:44) (cid:8) x (cid:47) l j .Q | Q ∈ (cid:76) Γ , x : S j (cid:96) ST P (cid:48) (cid:77) (cid:9) (cid:76) Γ , x : & { l i : S i } i ∈ I (cid:96) ST x (cid:46) { l i : P i } i ∈ I (cid:77) (cid:44) (cid:8) x (cid:46) { l i : Q i } i ∈ I | Q i ∈ (cid:76) Γ , x : S i (cid:96) ST P i (cid:77) (cid:9) (cid:76) Γ , [ (cid:93) x : S ] (cid:63) Γ , [ (cid:93) y : T ] (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ) (cid:77) (cid:44) (cid:8) C [ Q ] | G | Q ∈ (cid:76) Γ , (cid:93) x : S (cid:96) ST P (cid:77) , C ∈ C (cid:93) x : T , G ∈ (cid:104)| Γ |(cid:105) (cid:9) ∪ (cid:8) G | C [ Q ] | Q ∈ (cid:76) Γ , (cid:93) y : T (cid:96) ST P (cid:77) , C ∈ C (cid:93) y : S , G ∈ (cid:104)| Γ |(cid:105) (cid:9) Figure 9: Rewriting procedure (cid:76) · (cid:77) . • C belongs to the set of catalyzers that implement the context (cid:93) x : T , i.e., the dualbehaviors of the sessions implemented by P (cf. Definition 5.4). This step thus removesthe double restriction operator. • G belongs to the set of characteristic processes for Γ , which describes the sessionsimplemented by P (cf. Definition 5.2).The explanation for the processes in the second set, which are of the form G | C [ Q ],is completely dual. As we will see, processes C [ Q ] | G (and G | C [ Q ]) preserve byconstruction the typing of ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ): process C [ Q ] (resp. C [ Q ]) is typablewith context Γ (resp. Γ ); process G (resp. G ) is typable with context Γ (resp. Γ ) —see Theorem 5.1 below.We illustrate the rewriting procedure by means of an example. Example 5.2 (Rewriting (cid:76) · (cid:77) at work) . Consider again the process P used in Lemma 4.3.Let T (cid:44) ! end . end and S (cid:44) ? end . end . Clearly, S = T . We have the following derivation. ( T-In ) a : S, a : T (cid:96) ST a ( x ) . a (cid:104) x (cid:105) . b : T, b : S, n : end (cid:96) ST b (cid:104) n (cid:105) . b ( z ) . ( T-Out ) a : T, b : S, a : S, b : T, n : end (cid:96) ST a ( x ) . a (cid:104) x (cid:105) . | b (cid:104) n (cid:105) . b ( z ) . ( T-Par ) a : ? end . end , b : ! end . end , n : end (cid:96) ST ( ν a b )( a ( x ) . a (cid:104) x (cid:105) . | b (cid:104) n (cid:105) . b ( z ) . ) ( T-Res ) n : end (cid:96) ST ( ν a b )( ν a b )( a ( x ) . a (cid:104) x (cid:105) . | b (cid:104) n (cid:105) . b ( z ) . ) ( T-Res ) OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 25
Before detailing the set (cid:76) n : end (cid:96) ST P (cid:77) , we spell out the main ingredients required: (cid:76) a : S, a : T (cid:96) ST a ( x ) . a (cid:104) x (cid:105) . (cid:77) = { a ( x ) .a ( z ) . ([ x ↔ z ] | ) } (cid:76) b : T, b : S, n : end (cid:96) ST b (cid:104) n (cid:105) . b ( z ) . (cid:77) = { b ( u ) . ([ n ↔ u ] | b ( z ) . ) }(cid:104)| T |(cid:105) x = { x ( z ) . ( | ) }(cid:104)| S |(cid:105) x = { x ( z ) . ( | ) }C a : T,a : S = { ( ν a )( R | ( ν a )( R | [ · ])) | R ∈ (cid:104)| S |(cid:105) a , R ∈ (cid:104)| T |(cid:105) a } = { ( ν a )( a ( z ) . ( | ) | ( ν a )( a ( z ) . ( | ) | [ · ])) }C b : S,b : T = { ( ν b )( Q | ( ν b )( Q | [ · ])) | Q ∈ (cid:104)| T |(cid:105) b , Q ∈ (cid:104)| S |(cid:105) b } = { ( ν b )( b ( z ) . ( | ) | ( ν b )( b ( z ) . ( | ) | [ · ])) } Exploiting Notation 5.7, judgement unit : end (cid:96) ST P can be written as [ a : S, a : T ] (cid:63) n : end , [ b : T, b : S ] (cid:96) ST ( ν a b )( ν a b )( a ( x ) . a (cid:104) x (cid:105) . | b (cid:104) n (cid:105) . b ( z ) . ) We may now define the rewriting of P into L : (cid:76) [ a : S, a : T ] (cid:63) n : end , [ b : T, b : S ] (cid:96) ST ( ν a b )( ν a b )( a ( x ) . a (cid:104) x (cid:105) . | b (cid:104) n (cid:105) . b ( z ) . ) (cid:77) = (cid:8) C [ Q ] | (cid:104)| n : end |(cid:105) n | C ∈ C a : T,a : S , Q ∈ (cid:76) a : S, a : T (cid:96) ST a ( x ) . a (cid:104) x (cid:105) . (cid:77) (cid:9) ∪ (cid:8) C [ Q ] | C ∈ C b : S,b : T , Q ∈ (cid:76) b : T, b : S, n : end (cid:96) ST b (cid:104) n (cid:105) . b ( z ) . (cid:77) (cid:9) = (cid:8) ( ν a )( a ( z ) . ( | ) | ( ν a )( a ( z ) . ( | ) | a ( x ) .a ( z ) . ([ x ↔ z ] | ))) | (cid:104)| n : end |(cid:105) n , ( ν b )( b ( z ) . ( | ) | ( ν b )( b ( z ) . ( | ) | b ( u ) . ([ n ↔ u ] | b ( z ) . ))) (cid:9) Above, P has two parallel components and so set (cid:76) n : end (cid:96) ST P (cid:77) has two elements,representing the two different possibilities for “dividing” the sequential structure of P intomore parallel processes. Rewriting and Typing.
We present two important results about our rewriting procedure.First, it is type preserving, up to the translation of types given in Figure 8 (bottom):
Theorem 5.1 (Rewriting (cid:76) · (cid:77) is Type Preserving) . Let Γ (cid:96) ST P . Then, for all Q ∈ (cid:76) Γ (cid:96) ST P (cid:77) ,we have that Q (cid:96) LL (cid:74) Γ (cid:75) f l . Proof.
By induction on the derivation Γ (cid:96) ST P . See § B.2 (Page 43) for details.Theorem 5.1 is meaningful, for it says that the session type “interface” of a process (i.e.,the set of sessions it implements) is not modified by the rewriting procedure. That is, (cid:76) · (cid:77) modifies the process structure by closely following the session typing discipline.5.2.2. Rewriting and Reduction.
We start with a useful notation:
Notation 5.9.
Let us write Γ (cid:96) ST P , P whenever both Γ (cid:96) ST P and Γ (cid:96) ST P hold.Similarly, let us write P , P (cid:96) LL Γ, whenever both P (cid:96) LL Γ and P (cid:96) LL Γ hold.Before showing how our rewriting procedure satisfies an operational correspondenceresult (cf. Theorem 5.2), we present an example to illustrate the need for a useful auxiliarydefinition, which will allow us to relate processes typable under the same typing context butfeaturing a different parallel structure (cf. Definition 5.10).
Example 5.3 (The Parallel Structure of Typable Processes) . Let P (cid:96) LL ∆ where P (cid:44) ( ν x )( x (cid:104) v (cid:105) .P | x ( z ) .P ) and ∆ = ∆ , ∆ , v : T . Consider the following reduction from P ,obtained using the rules in Figure 4: ( ν x )( x (cid:104) v (cid:105) .P (cid:124) (cid:123)(cid:122) (cid:125) ∆ , v : T | x ( z ) .P (cid:124) (cid:123)(cid:122) (cid:125) ∆ ) → ( ν x )( P (cid:124)(cid:123)(cid:122)(cid:125) ∆ | P [ v / z ] (cid:124) (cid:123)(cid:122) (cid:125) ∆ , v : T ) (cid:44) Q Here we are using a free output process, namely x (cid:104) v (cid:105) .P , as a shortcut for x ( z ) . ([ v ↔ z ] | P ) ;recall that this process is typable using Rules ( T- id ) and ( T- ⊗ ) in Figure 5. Observe thatname z is free with scope P ; for typing to hold, it must be the case that z : T in P .By Theorem 3.1, Q (cid:96) LL ∆ , ∆ , v : T . Let us consider the typing of P and Q in relationto their parallel structure. We can notice that even though the typing context ∆ remains thesame under reduction, the “parallel decomposition” changes after reduction, as highlighted bythe under brackets. In particular, the type assignment v : T , at first related to the left-handside component in P , “jumps” after reduction to the right-hand side component in Q . Thisphenomenon is due to value passing: after reduction, a substitution occurs in the continuationprocess P , where v might be used in different ways. For instance, v could occur within asequential position within P or at top-level in one of its parallel sub-processes.Now, consider process Q (cid:48) , which contains sub-processes P and P from Q but has adifferent form of parallelism: Q (cid:48) (cid:44) ( ν x )( P (cid:124)(cid:123)(cid:122)(cid:125) ∆ | ( ν z )( P | P z ) (cid:124) (cid:123)(cid:122) (cid:125) ∆ | P v (cid:124)(cid:123)(cid:122)(cid:125) v : T ) Here, P z and P v are characteristic processes implementing T along z and v , respectively.Clearly, Q (cid:48) (cid:96) LL ∆ , ∆ , v : T , just as Q , but its parallel structure is different: in Q (cid:48) we havetwo separate sub-processes in parallel, one typed according to ∆ , the other according to v : T . In ( ν z )( P | P z ) , process P z provides one of the counterparts for P ; this interactionis hidden by restriction ( ν z ) and so the resulting typing context is ∆ . By using P v , the typeinterface of Q (cid:48) is exactly as that of Q ; by using it in parallel position, their parallel structurewill be different whenever z occurs in P in a sequential position. We are interested in capturing the parallelization relation between processes such as Q and Q (cid:48) in Example 5.3, because it serves to explain how rewritten processes behave underreduction. This relation is formalised in Definition 5.10 below: Definition 5.10 (Parallelization Relation) . Let P and Q be processes such that P, Q (cid:96) LL Γ.We write P (cid:43) Q if and only if there exist processes P , P , Q , Q and contexts Γ , Γ suchthat the following hold: P = P | P Q = Q | Q P , Q (cid:96) LL Γ P , Q (cid:96) LL Γ Γ = Γ , Γ This definition says that two processes P and Q , typed under Γ, are in the parallelizationrelation (cid:43) , if they can be decomposed into parallel sub-processes, which are typed underthe same decomposition of the typing context Γ. We then have that for processes Q and Q (cid:48) from Example 5.3, relation Q (cid:43) Q (cid:48) holds.The relation (cid:43) will appear in our operational correspondence result, given next. Below,let (cid:44) → denote structural congruence (cf § R-Fwd )(cf. § Theorem 5.2 (Operational Correspondence for (cid:76) · (cid:77) ) . Let P be such that Γ (cid:96) ST P for sometyping context Γ. Then, we have: OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 27 (1) If P → P (cid:48) , then for all Q ∈ (cid:76) Γ (cid:96) ST P (cid:77) there exists Q (cid:48) such that:(i) Q → (cid:44) → Q (cid:48) and (ii) either Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) or Q (cid:48) (cid:43) R such that R ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) .(2) If Q ∈ (cid:76) Γ (cid:96) ST P (cid:77) , such that P ∈ K n , and Q → (cid:44) → Q (cid:48) , then there exists P (cid:48) such that:(i) P → P (cid:48) and (ii) either Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) or Q (cid:48) (cid:43) R such that R ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) . Proof.
By induction on the length of the derivations P → P (cid:48) and Q → Q (cid:48) . See § B.3 fordetails.Part 1 of Theorem 5.2 certifies that our rewriting procedure tightly preserves the behaviorof the session process given as input. The parallelization relation (cid:43) (cf. Definition 5.10)arises only in one sub-case, which concerns value passing: process Q (cid:48) , obtained from therewritten process Q , may have a different parallel structure than R —just as Q and Q (cid:48) fromExample 5.3. Part 2 relates the behavior of a rewritten process with respect to that of thesession process given as input, with (cid:43) playing a role similar as in Part 1. Unlike Part 1,in Part 2 we require P to be in K n , i.e., P must be deadlock-free for the correspondenceto hold. Indeed, if P is not in K n then Q (its deadlock-free, rewritten variant) could havereductions not enabled in P due to deadlocks.6. Discussion: Rewriting K n into L Exploiting Value Dependencies
Process prefixes can induce causality relations not described by session types. One kind ofcausality relations are at the heart of deadlocked processes, in which session interleavings inprocess prefixes leads to circular dependencies between independent sessions (cf. Example 2.1).Another kind of causality relations are the value dependencies induced by value exchanges:they occur when a value received in one session is sent along a different one.
Example 6.1 (A Value Dependency) . Let P be the process P (cid:44) ( ν a b )( a (cid:104) n (cid:105) .a ( u ) .a (cid:104) u (cid:105) . | b ( v ) . ( b ( y ) .y ( x ) . | ( ν wz )( b (cid:104) w (cid:105) .z (cid:104) n (cid:105) . ))) Also, let U (cid:44) ? end . end . Consider the typing judgment for the leftmost parallel process a (cid:104) n (cid:105) .a ( u ) .a (cid:104) u (cid:105) . : a : ! end . end , a : ? U. end , a : ! U. end (cid:96) ST a (cid:104) n (cid:105) .a ( u ) . a (cid:104) u (cid:105) . Although the typing for a and a states that they are independent sessions, actually theyare causally related: the process forwards along a the value of type U received on a . Byconsidering the typing for Pa : ? U. end , a : ! U. end , b : ? U. end , b : ! U. end (cid:96) ST P we see that the forwarded value is w , which is delegated by the rightmost parallel process, ( ν wz )( b (cid:104) w (cid:105) .z (cid:104) n (cid:105) . ) . In the terminology of Boreale and Sangiorgi [BS98], value dependencies are both subject and object dependencies. In a (cid:104) n (cid:105) .a ( u ) .a (cid:104) u (cid:105) . there is a subject dependency: the inputon a enables the output on a ; there is also an object dependency: the name received on a is used as object in the output on a . Indeed, Boreale and Sangiorgi argue that in mostcases an object dependency is also a subject dependency.While intuitive, the rewriting procedure (cid:76) · (cid:77) does not preserve value dependencies: inrewriting a process with parallel components, a sub-process containing a value dependencycan be replaced by an equally typed process in which such a dependency is no longer present: Example 6.2 (Value Dependencies in (cid:76) · (cid:77) ) . Let process P and type U be as in Example 6.1.Consider the set of processes (cid:76) a : ? U. end , a : ! U. end , b : ! U. end , b : ? U. end (cid:96) ST P (cid:77) obtained using Definition 5.8. One process in this set is the following: Q = G | G | C b :? end . end (cid:2) b ( v ) . ( b ( y ) .y ( x ) . | ( ν wz )( b (cid:104) w (cid:105) .z (cid:104) n (cid:105) . )) (cid:3) where G ∈ (cid:104)| ? U. end |(cid:105) a and G ∈ (cid:104)| ! U. end |(cid:105) a . Since G and G are independently defined,the name received along a in G cannot be the same session sent along a in G . Thus, thevalue dependence between a and a in P , has disappeared in its rewriting as Q . To address this limitation of (cid:76) · (cid:77) , we have defined an optimized rewriting procedure thatpreserves value dependencies. Here we discuss the key elements of this optimization; the fulltechnical development is presented in Appendix C. The optimization is obtained as follows:(1) Detecting value dependencies requires gathering further information on how types areimplemented by process prefixes. To this end, we extend the type system of § annotated output and input session types, written ! n S.T and ? n S.T (with n ≥ S.T is associated to an output prefix at top-level. Also, we have typing judgmentsΓ (cid:5) Ψ (cid:96) ST P where the typing context Γ is as before and Ψ is a dependency context that describesall communication prefixes in P and their distance to top-level. Using Ψ, we formallydefine value dependencies as pairs: we write ( a n , b m ) to denote a value dependency ofan (output) prefix along session b on an (input) prefix along session a .(2) We exploit the value dependencies in Ψ to refine the definitions of characteristic processes(Definition 5.1) and catalyzer contexts (Definition 5.4) of a typing context Γ: • The set of characteristic processes of Γ that exploits Ψ is denoted (cid:104)| Γ |(cid:105) Ψ : it implementsvalue dependencies in Ψ using so-called bridging sessions that connect the characteristicprocesses of the two types involved in the dependency. • The set of catalyzer contexts of Γ handles value dependencies in Ψ by “isolating” themusing dedicated forwarder processes and characteristic processes.(3) Using these refined definitions, we define the optimized rewriting procedure (cid:76) · (cid:77) V . Maindifferences with respect to the procedure defined in Figure 9 appear in the rewriting ofparallel processes. As before, process ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ) is rewritten into processes of twoforms: C [ Q ] | G and G | C [ Q ], where Q (resp. Q ) stands for the rewriting of P (resp. P ). The difference is that the catalyzers C , C and the characteristic processes G , G are now obtained exploiting value dependencies (as explained in (2)). As (cid:76) · (cid:77) , theoptimized procedure (cid:76) · (cid:77) V satisfies type preservation and operational correspondence.The following example illustrates how (cid:76) · (cid:77) V improves over (cid:76) · (cid:77) . Example 6.3 (Revisiting Examples 6.1 and 6.2) . Let P be as in Example 6.1: P (cid:44) ( ν a b )( a (cid:104) n (cid:105) .a ( u ) .a (cid:104) u (cid:105) . | b ( v ) . ( b ( y ) .y ( x ) . | ( ν wz )( b (cid:104) w (cid:105) .z (cid:104) n (cid:105) . ))) In the extended type system, we have Γ (cid:5) Ψ (cid:96) ST P where Γ (cid:44) a : ? U. end , a : ! U. end , b : ? U. end , b : ! U. end Ψ (cid:44) (cid:104) a , n , (cid:105) , ( a , u, , (cid:104) a , u, (cid:105) , ( b , v, , ( b , y, , ( y, x, , (cid:104) b , w, (cid:105) , (cid:104) z, n , (cid:105) OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 29
Using Ψ , we can detect the value dependence ( a , a ) . Consider now Q (cid:48) , one particularprocess included in the set (cid:76) Γ (cid:5) Ψ (cid:96) ST P (cid:77) V : Q (cid:48) = ( ν c a a )( G (cid:48) a | G (cid:48) a ) | C b :? end . end (cid:2) b ( v ) . ( b ( y ) .y ( x ) . | ( ν wz )( b (cid:104) w (cid:105) .z (cid:104) n (cid:105) . )) (cid:3) where G (cid:48) a ∈ (cid:104)| ? U. end |(cid:105) a Ψ and G (cid:48) a ∈ (cid:104)| ! U. end |(cid:105) a Ψ are obtained using the refined definition ofcharacteristic processes. With the refined definition, we have that G (cid:48) a = a ( y ) .c a a ( w ) . ([ y ↔ w ] | ) G (cid:48) a = c a a ( y ) .a ( w ) . ([ y ↔ w ] | ) Thus, the characteristic processes of a type are still independently defined but now implementa bridging session c a a , which ensures that the name received along a in G (cid:48) a is the samename outputted along a in G (cid:48) a . The characteristic process of a typing context guaranteesthat bridging sessions are properly composed. This way, the value dependence between a and a , present in P , has been preserved in Q (cid:48) as a result of the refined rewriting. Although intuitive, the way in which (cid:76) · (cid:77) V improves over (cid:76) · (cid:77) is somewhat implicit, becausevalue dependencies are accounted for by the revised definitions of characteristic processes andcatalyzers as restricted (hidden) sessions. Therefore, the implemented value dependenciesin these definitions does not influence the observable behavior of the rewritten process.Formalizing the advantages of (cid:76) · (cid:77) V over (cid:76) · (cid:77) is a challenging question for future work, because itrequires devising new notions of observables for typed processes that “look inside” reductionsto ensure that values are forwarded appropriately between the two independent sessions.7. Discussion: The Case of Processes with Infinite Behavior
Our investigation has been motivated by the proliferation of type systems for ensuringsafety and liveness properties of mobile, concurrent processes. Different type systems enforcedifferent such properties, which include various forms of (dead)lock-freedom, termination,and confluence. In this work, our criteria have been twofold. On the one hand, we haveaimed at obtaining objective formal comparisons between well-established type systems,sticking to their original formulations as much as possible. On the other hand, we haveconcentrated on the intrinsic challenges of statically enforcing deadlock-freedom. We havefocused on finite processes—typed processes without constructs for expressing processes withinfinite behavior, such as replication or recursion. This focus was useful to be consistent withthese criteria; next we discuss some of the issues involved in going beyond finite processes.In the Curry-Howard correspondences for session types, sharing exponentials ! and ? atthe level of propositions/types can be interpreted as input-guarded replication ! x ( z ) .Q atthe level of proofs/processes. In the classical setting considered here, a channel typed with! A denotes a server able to offer an arbitrary number of copies (including zero) of a processwith behavior of type A upon request (an input); dually, a channel typed with ? A denotes a request to such a server (an output). This requires an additional cut rule for exponential(unrestricted) contexts (denoted Θ) as well as typing rules for realizing the sharing semanticsof ! A and ? A . Other rules are adjusted to account for Θ; for instance, the mix rule becomes: P (cid:96) LL ∆; Θ Q (cid:96) LL ∆ (cid:48) ; Θ P | Q (cid:96) LL ∆ , ∆ (cid:48) ; Θ The resulting logically justified reduction rule for replication is as follows:( ν x )( x ( y ) .P | ! x ( z ) .Q ) → ( ν x )(( ν y )( P | Q ) | ! x ( z ) .Q ) (7.1)The process before the reduction features one linear cut along session x ; after the reduction,the process contains two cuts: the cut on y is linear, whereas the one on x is exponential.Hence, this reduction preserves the degree of sharing.The formal definition of the typed languages L and K n (Definition 4.2) can be extendedto consider typed processes with replication, which is used in [CP10, CPT16] (in theinput-guarded variant described above) and in [Kob06] (where unguarded replication ! P is accounted for). Since the type system (cid:96) ST in [Vas12] admits rather expressive forms ofrecursion (that go well beyond the server-request interactions enabled by input-guardedreplication), the class of “full L ” processes would be a strict sub-class of session-typedprocesses. Still, characterizations given in terms of the degree of sharing are possible: thenotion is robust , in the sense that it does not depend on processes being finite. That said,its exact definition (and the connection between extended L and K n ) require adaptations,because there are processes in (full) L not representable in (full) K . Consider, for instance,processes typable with the mix rule above: if P and Q have m shared names in common (astracked by Θ), then P | Q should be representable by a process in K m .Now, considering processes with infinite behavior entails including termination propertiesinto the analysis of (dead)lock-freedom. Crucially, the full Curry-Howard interpretation forsession types, including exponentials as explained above, is known to be strongly normalizingand confluent [PCPT12, PCPT14, CP17]. Therefore, infinite behavior in full L concernsunboundedly many copies of finite, deterministic interactive behaviors. The fact that a singletype system simultaneously enforces deadlock-freedom, termination, and confluence sharplycontrasts to the situation for non-logical type systems: to our knowledge, only the hybridtype system in [KS10] simultaneously ensures these three properties (see below). Clearly,it would be unfair to compare processes that enjoy different properties, i.e., processes in L against well-typed processes in type systems that enforce some, but not all, of deadlock-freedom, termination, and confluence. By focusing on finite processes, we have found a fairground to objectively compare different type systems.The integration of non-logical type systems for (dead)lock-freedom, termination, andconfluence is far from trivial, and requires advanced mechanisms. Kobayashi and San-giorgi [KS10] targeted this goal by defining a parametric hybrid type system based on usages,which enforces the three properties through different methods (not necessarily type systems).As in [Kob02a], the syntax of usage types in [KS10] includes replicated usages ∗ U , i.e.,unboundedly many parallel copies of usage U . (The authors remark that the recursive usages µα.U from [Kob06] are also sound.) To enable fair comparisons against full L , Kobayashiand Sangiorgi’s type system should be restricted so that it allows only input-guarded repli-cated processes (cf. (7.1)) and simultaneously enforces (dead)lock-freedom, termination, andconfluence. Identifying the syntactic/semantic conditions that enable this restriction seemschallenging. Defining such a restricted variant of [KS10] would most likely mean developinga very different type system, therefore departing from the compact abstractions given byusage types. Hence, comparing such a different type system against the canonical languagefull L would also be unfair.We notice that Curry-Howard interpretations of session types have been extended withforms of (co)-recursive types, which extend (full) L by admitting as typable certain forms of(productive) infinite behavior—see the works by Toninho et al. [TCP14] and by Lindley and OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 31
Morris [LM16]. Indeed, the framework in [LM16] can be roughly seen as the extension of thelogic-based type system in § partial confluence , inherited from [KPT99]. Hence, it would seem thatthere is common ground for comparing the linear type system in [Pad14] and the logicallymotivated session type system in [LM16]. The actual feasibility of relating these differenttype systems remains unclear, and should be established in future work.8. Related Work
The analysis of deadlock-freedom in concurrency has a rather long, rich history; see,e.g., [AGN97] and references therein. Focusing on type-based approaches to deadlock-freedomof communicating processes, early works are by Kobayashi [Kob97] and by Abramsky etal. [AGN97]. The work in [AGN97] develops a semantic approach to deadlock-freedom forasynchronous communicating processes, building upon categorical foundations. The workin [Kob97] proposes a type system for the π -calculus that builds upon two key ideas: (i) theintroduction of usage of channels as types ( usage types ), and (ii) the classification of channelsinto reliable and unreliable (where reliable channels are ensured to have deadlock-free inter-actions). These ideas have proved rather influential; based on them, a number of extensionsand enhancements to type systems for deadlock-free, name passing processes have beenintroduced; the paper [Kob07] offers a unified presentation of these developments. Therecent paper [KL17], mentioned above, is the latest to build upon notions of usage typesand reliable channels for the type-based analysis of unbounded process networks.The introduction of type systems based on usage types coincided in time with theintroduction of (binary) session types as a type-based approach to ensure structured com-munications [THK94, HVK98]. In their original formulation, session types for the π -calculusensure communication safety and session fidelity, therefore ruling out some (but not all) ofthe causes of deadlocked behaviors in communicating processes. In session-based concurrency,deadlocks are due to circular dependencies inside a session, but are also found in subtleentanglements between different protocols/sessions. To our knowledge, the first work thataddressed progress/deadlock-freedom for session-typed processes is due to Dezani-Ciancagliniet al. [DdY08]. Subsequent works on type-based analyses for deadlock-freedom in structuredcommunications include [BCD +
08, CV09, CD10, CP10, Pad13, VV13, Pad14]. As discussed indetail in the paper, another approach to deadlock freedom is that based on linear logic undera Curry-Howard perspective [CP10, Wad12], where circular dependencies in processes areeliminated by design due to Rule (
T-cut ). While this paper was being prepared, Dardha andGay [DG18] developed a linear logic-based session type system by combining classical linearlogic with Kobayashi’s obligations/capabilities, simplified to priorities, to allow “good” cyclicprocesses. To this aim, the Rule (
T-cut ) is replaced by Rule (
T-cycle ). It is important tonotice however that none of the above works propose a formal comparison between differenttype systems for deadlock-freedom, as we achieve in this paper.
Building upon a relationship first suggested by Kobayashi in [Kob07], the work ofDardha et al. [DGS12, Dar14, DGS17] offered a formal relationship between usage types andsession types. Such a relationship made it possible to use type-based analysis techniques forusage types in the analysis of session-typed process specifications; this insight was formalizedby Carbone et at. [CDM14]. The effectiveness of the approach in [CDM14] is supported byinformal comparisons with respect to different type systems for deadlock-freedom (includingthose in [DdY08] and [CD10]) using processes typable in one framework but not in another.Loosely related to our work (in particular to the rewriting procedures in § §
6) isprevious work on deadlock-resolution in the π -calculus by Giunti and Ravara [GR13] and onunlocking blocked processes by Francalanza et al. [FGR15]. The approach in [GR13] relieson a typing algorithm that detects a particular class of deadlocks (so-called self-holdingdeadlocks), but instead of rejecting the code, fixes it by looking into the session types andproducing new safe code that obeys the protocols and is deadlock-free. Building upon [GR13],the work in [FGR15] investigates methods for resolving circular-wait deadlocks across parallelcompositions, with a focus on finite CCS processes.9. Concluding Remarks
We have presented a formal comparison of fundamentally distinct type systems for deadlock-free, session typed processes. To the best of our knowledge, ours is the first work to establishprecise relationships of this kind. Indeed, prior comparisons between type systems fordeadlock freedom are informal, given in terms of representative examples typable in onetype system but not in some other.An immediate difficulty in giving a unified account of different typed frameworks fordeadlock freedom is the variety of process languages, type structures, and typing rules thatdefine each framework. Indeed, our comparisons involve: the framework of session processesput forward by Vasconcelos [Vas12]; the interpretation of linear logic propositions as sessiontypes by Caires [Cai14]; the π -calculus with usage types defined by Kobayashi in [Kob02a].Finding some common ground for comparing these three frameworks is not trivial—severaltranslations/transformations were required in our developments to account for numeroussyntactic differences. We made an effort to follow the exact definitions in each framework.Overall, we believe that we managed to concentrate on essential semantic features of twosalient classes of deadlock-free session processes, here noted L and K .Our main contribution is identifying the degree of sharing as a subtle, important issue thatunderlies both session typing and deadlock freedom. We propose a simple characterizationof the degree of sharing: in essence, it arises via an explicit premise for the typing rule forparallel composition in the type system in [Kob02a]. The degree of sharing is shown toeffectively induce a strict hierarchy of deadlock-free session processes in K , as resulting fromthe approach of [DGS12]. We showed that the most elementary (and non-trivial) memberof this hierarchy precisely corresponds to L , the canonical class of session typed processes,known to date. Furthermore, by exhibiting an intuitive rewriting procedure of processesin K into processes in L , we demonstrated that the degree of sharing is a subtle criterionfor distinguishing deadlock-free processes. As such, even if our technical developments aretechnically simple, in our view they substantially clarify our understanding of type systemsfor liveness properties (such as deadlock freedom) in the context of π -calculus processes.In future work, we would like to obtain semantic characterizations of the degree ofsharing, in the form of, e.g., preorders on typed processes that distinguish when one process OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 33 “is more parallel” than another. Also, we plan to explore whether the rewriting proceduresgiven in § § deadlock resolution procedure, in the spiritof [GR13, FGR15]. Acknowledgments
We would like to thank the anonymous reviewers for their useful suggestions, which led tosubstantial improvements. We are also grateful to Lu´ıs Caires and Simon J. Gay for theirvaluable comments and suggestions on prior versions of this manuscript. This work waspartially supported by the EU COST Action IC1201 (Behavioural Types for Reliable Large-Scale Software Systems). Dardha is supported by the UK EPSRC project EP/K034413/1(From Data Types to Session Types: A Basis for Concurrency and Distribution). P´erez isalso affiliated to CWI, Amsterdam and to the NOVA Laboratory for Computer Science andInformatics, Universidade Nova de Lisboa, Portugal.
References [AGN97] Samson Abramsky, Simon J. Gay, and Rajagopal Nagarajan. A type-theoretic approach to deadlock-freedom of asynchronous systems. In Mart´ın Abadi and Takayasu Ito, editors,
Theoretical Aspectsof Computer Software, Third International Symposium, TACS ’97, Sendai, Japan, September23-26, 1997, Proceedings , volume 1281 of
Lecture Notes in Computer Science , pages 295–320.Springer, 1997.[BCD +
08] Lorenzo Bettini, Mario Coppo, Loris D’Antoni, Marco De Luca, Mariangiola Dezani-Ciancaglini,and Nobuko Yoshida. Global progress in dynamically interleaved multiparty sessions. In
CONCUR ,pages 418–433, 2008.[BS98] Michele Boreale and Davide Sangiorgi. A fully abstract semantics for causality in the \ pi-calculus. Acta Inf. , 35(5):353–400, 1998.[Cai14] Lu´ıs Caires. Types and logic, concurrency and non-determinism. In
Essays for the Luca CardelliFest - Microsoft Research Technical Report MSR-TR-2014-104, September 2014.[CD10] Marco Carbone and Søren Debois. A graphical approach to progress for structured communicationin web services. In
ICE 2010, Amsterdam, The Netherlands, 10th of June 2010. , volume 38 of
EPTCS , pages 13–27, 2010.[CDM14] Marco Carbone, Ornela Dardha, and Fabrizio Montesi. Progress as compositional lock-freedom.In
Coordination Models and Languages - 16th IFIP WG 6.1 International Conference, COOR-DINATION 2014, Held as Part of the 9th International Federated Conferences on DistributedComputing Techniques, DisCoTec , volume 8459 of
LNCS , pages 49–64. Springer, 2014.[CP10] Lu´ıs Caires and Frank Pfenning. Session types as intuitionistic linear propositions. In
CONCUR2010 , volume 6269 of
LNCS , pages 222–236. Springer, 2010.[CP17] Lu´ıs Caires and Jorge A. P´erez. Linearity, control effects, and behavioral types. In HongseokYang, editor,
Programming Languages and Systems - 26th European Symposium on Programming,ESOP 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software,ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings , volume 10201 of
Lecture Notes inComputer Science , pages 229–259. Springer, 2017.[CPT16] Lu´ıs Caires, Frank Pfenning, and Bernardo Toninho. Linear logic propositions as session types.
Mathematical Structures in Computer Science , 26(3):367–423, 2016.[CV09] Lu´ıs Caires and Hugo Torres Vieira. Conversation types. In
ESOP’09 , volume 5502 of
LNCS ,pages 285–300, Heidelberg, Germany, 2009. Springer-Verlag.[Dar14] Ornela Dardha. Recursive session types revisited. In
Proceedings Third Workshop on BehaviouralTypes, BEAT 2014, Rome, Italy, 1st September 2014. , volume 162 of
EPTCS , pages 27–34, 2014.[Dar16] Ornela Dardha.
Type Systems for Distributed Programs: Components and Sessions , volume 7 of
Atlantis Studies in Computing . Springer / Atlantis Press, 2016. [DdY08] Mariangiola Dezani-Ciancaglini, Ugo de’Liguoro, and Nobuko Yoshida. On progress for structuredcommunications. In
Trustworthy Global Computing , volume 4912 of
LNCS , pages 257–275. Springer,2008.[DG18] Ornela Dardha and Simon J. Gay. A new linear logic for deadlock-free session-typed processes. In
Foundations of Software Science and Computation Structures - 21st International Conference,FOSSACS 2018, Held as Part of the European Joint Conferences on Theory and Practice ofSoftware, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings , volume 10803 of
LNCS , pages 91–109. Springer, 2018.[DGS12] Ornela Dardha, Elena Giachino, and Davide Sangiorgi. Session types revisited. In
PPDP’12 , pages139–150. ACM, 2012.[DGS17] Ornela Dardha, Elena Giachino, and Davide Sangiorgi. Session types revisited.
Inf. Comput. ,256:253–286, 2017.[DP15] Ornela Dardha and Jorge A. P´erez. Comparing deadlock-free session typed processes. In
Combined22th International Workshop on Expressiveness in Concurrency and 12th Workshop on StructuralOperational Semantics, and 12th Workshop on Structural Operational Semantics, EXPRESS/SOS ,volume 190 of
EPTCS , pages 1–15, 2015.[FGR15] Adrian Francalanza, Marco Giunti, and Ant´onio Ravara. Unlocking blocked communicatingprocesses. In Maurice H. ter Beek and Alberto Lluch-Lafuente, editors,
Proceedings 11th Interna-tional Workshop on Automated Specification and Verification of Web Systems, WWV 2015, Oslo,Norway, 23rd June 2015. , volume 188 of
EPTCS , pages 23–32, 2015.[GKL14] Elena Giachino, Naoki Kobayashi, and Cosimo Laneve. Deadlock analysis of unbounded processnetworks. In
CONCUR , pages 63–77, 2014.[GR13] Marco Giunti and Ant´onio Ravara. Towards static deadlock resolution in the -calculus. In
TGC ,pages 136–155, 2013.[Hon93] Kohei Honda. Types for dyadic interaction. In the 4th International Conference on ConcurrencyTheory, CONCUR , volume 715 of
LNCS , pages 509–523. Springer, 1993.[HVK98] Kohei Honda, Vasco Thudichum Vasconcelos, and Makoto Kubo. Language primitives and typediscipline for structured communication-based programming. In
ESOP’98 , volume 1381 of
LNCS ,pages 122–138. Springer, 1998.[IK04] Atsushi Igarashi and Naoki Kobayashi. A generic type system for the pi-calculus.
Theor. Comput.Sci. , 311(1-3):121–163, 2004.[KL17] Naoki Kobayashi and Cosimo Laneve. Deadlock analysis of unbounded process networks.
Inf.Comput. , 252:48–70, 2017.[Kob97] Naoki Kobayashi. A partially deadlock-free typed process calculus. In
Proceedings, 12th AnnualIEEE Symposium on Logic in Computer Science, Warsaw, Poland, June 29 - July 2, 1997 , pages128–139. IEEE Computer Society, 1997.[Kob02a] Naoki Kobayashi. A type system for lock-free processes.
Inf. Comput. , 177(2):122–159, 2002.[Kob02b] Naoki Kobayashi. Type systems for concurrent programs. In
Formal Methods at the Crossroads:From Panacea to Foundational Support—Papers from the 10th Anniversary Colloquium of UNU/I-IST, the International Institute for Software Technology of the United Nations University , volume2757 of
LNCS , pages 439–453. Springer, 2002.[Kob06] Naoki Kobayashi. A new type system for deadlock-free processes. In
CONCUR 2006 , volume 4137of
LNCS , pages 233–247. Springer, 2006. Full version available at .[Kob07] Naoki Kobayashi. Type systems for concurrent programs. Extended version of [Kob02b], TohokuUniversity. , 2007.[KPT96] Naoki Kobayashi, Benjamin C. Pierce, and David N. Turner. Linearity and the pi-calculus. In
POPL , pages 358–371, 1996.[KPT99] Naoki Kobayashi, Benjamin C. Pierce, and David N. Turner. Linearity and the pi-calculus.
ACMTrans. Program. Lang. Syst. , 21(5):914–947, 1999.[KS10] Naoki Kobayashi and Davide Sangiorgi. A hybrid type system for lock-freedom of mobile processes.
ACM Trans. Program. Lang. Syst. , 32(5), 2010.[LM16] Sam Lindley and J. Garrett Morris. Talking bananas: structural recursion for session types.In Jacques Garrigue, Gabriele Keller, and Eijiro Sumii, editors,
Proceedings of the 21st ACM
OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 35
SIGPLAN International Conference on Functional Programming, ICFP 2016, Nara, Japan,September 18-22, 2016 , pages 434–447. ACM, 2016.[Mil91] Robin Milner. The Polyadic pi-Calculus: A Tutorial. Technical report, Logic and Algebra ofSpecification, 1991.[MPW92] Robin Milner, Joachim Parrow, and David Walker. A calculus of mobile processes, I.
Inf. Comput. ,100(1):1–40, 1992.[Pad13] Luca Padovani. From lock freedom to progress using session types. In
Proceedings of PLACES2013, Rome, Italy, 23rd March 2013. , volume 137 of
EPTCS , pages 3–19, 2013.[Pad14] Luca Padovani. Deadlock and Lock Freedom in the Linear π -Calculus. In CSL-LICS , pages72:1–72:10. ACM, 2014.[PCPT12] Jorge A. P´erez, Lu´ıs Caires, Frank Pfenning, and Bernardo Toninho. Linear logical relations forsession-based concurrency. In
ESOP’12 , pages 539–558, 2012.[PCPT14] Jorge A. P´erez, Lu´ıs Caires, Frank Pfenning, and Bernardo Toninho. Linear logical relations andobservational equivalences for session-based concurrency.
Inf. Comput. , 239:254–302, 2014.[Pie02] Benjamin C. Pierce.
Types and programming languages . MIT Press, MA, USA, 2002.[San02] Davide Sangiorgi. Types, or: Where’s the difference between CCS and pi? In Lubos Brim, PetrJancar, Mojm´ır Kret´ınsk´y, and Anton´ın Kucera, editors,
CONCUR 2002 - Concurrency Theory,13th International Conference, Brno, Czech Republic, August 20-23, 2002, Proceedings , volume2421 of
Lecture Notes in Computer Science , pages 76–97. Springer, 2002.[SW01] Davide Sangiorgi and David Walker.
The π -calculus: a Theory of Mobile Processes . CambridgeUniversity Press, 2001.[TCP14] Bernardo Toninho, Lu´ıs Caires, and Frank Pfenning. Corecursion and non-divergence in session-typed processes. In TGC 2014 , volume 8902 of
LNCS , pages 159–175. Springer, 2014.[THK94] Kaku Takeuchi, Kohei Honda, and Makoto Kubo. An interaction-based language and its typingsystem. In
PARLE’94 , pages 398–413, 1994.[Vas12] Vasco T. Vasconcelos. Fundamentals of session types.
Inf. Comput. , 217:52–70, 2012.[VV13] Hugo Torres Vieira and Vasco Thudichum Vasconcelos. Typing progress in communication-centredsystems. In
COORDINATION , volume 7890 of
LNCS , pages 236–250. Springer, 2013.[Wad12] Philip Wadler. Propositions as sessions. In
ICFP’12 , pages 273–286, 2012.[Yos96] Nobuko Yoshida. Graph types for monadic mobile processes. In
FSTTCS’96 , volume 1180 of
LNCS , pages 371–386. Springer, 1996.
Appendix A. Omitted Proofs for § A.1.
Proof of Theorem 4.2 (Page 21).
We divide the proof into the following twolemmas: Lemma A.1 (see below) and Lemma A.3 (Page 40).
Lemma A.1. If P ∈ L then P ∈ K . Proof.
By structural induction on P . By Definition 4.2, we have that L = (cid:8) P | ∃ Γ . (Γ (cid:96) ST P ∧ (cid:74) P (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l ) (cid:9) K = (cid:8) P | ∃ Γ , f. (Γ (cid:96) ST P ∧ (cid:74) Γ (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f u ) (cid:9) where (cid:74) · (cid:75) a is given in Definition 4.1 and concerns only output processes and processes withrestriction. Following the process syntax in Figure 2, there are seven cases to consider:(1) P = : Then, by assumption we have: (cid:96) LL x : • and x : end (cid:96) ST , for some x . Observethat by Theorem 2.1 the latter judgment can be written simply as ∅ (cid:96) ST . We must thenshow that (cid:74) ∅ (cid:75) f u (cid:96) ≺ (cid:74) (cid:75) f u . By Definition 3.14 and Figure 7, this is the same as showingthat ∅ (cid:96) ≺ . The thesis then follows immediately from Rule ( T π -Nil ) in Figure 6.(2) P = x ( y ) .P (cid:48) : Then, by assumption and Definition 3.14, 4.1, and 4.2, we haveΓ , x : ? T.S (cid:96) ST x ( y ) .P (cid:48) (A.1) x ( y ) . (cid:74) P (cid:48) (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l for some session context Γ and session types S, T . Then, by inversion on typing judgementon (A.1) we have: Γ , x : S, y : T (cid:96) ST P (cid:48) Γ , x : ? T.S (cid:96) ST x ( y ) .P (cid:48) (A.2)By Definition 3.14 and 4.2 and by Figure 7, we then must show: f x : chan ( (cid:74) T (cid:75) f u , (cid:74) S (cid:75) f u ; ? κ ) ; ≺ (cid:74) Γ (cid:75) f u (cid:96) ≺ f x ( y, c ) . (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u By induction hypothesis on the premise of (A.2) we have: (cid:74) Γ (cid:75) f (cid:48) , f (cid:48) x : (cid:74) S (cid:75) f u , f (cid:48) y : (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:48) (cid:75) f (cid:48) Let f = f (cid:48) \ { x (cid:55)→ c, y (cid:55)→ y } . We can then use f to rewrite the above judgement, asfollows: (cid:74) Γ (cid:75) f u , c : (cid:74) S (cid:75) f u , y : (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u (A.3)Then, the thesis follows from (A.3) after applying Rule ( T π -In ) in Figure 6.(3) P = x (cid:104) y (cid:105) .P (cid:48) : Then, by assumption and Definition 3.14, Definition 4.1, and Definition 4.2,we have: Γ , x : ! T.S, y : T (cid:96) ST x (cid:104) y (cid:105) .P (cid:48) (A.4) x ( z ) . ([ z ↔ y ] | (cid:74) P (cid:48) (cid:75) a ) (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , y : (cid:74) T (cid:75) f l for some context Γ and session types S, T . By inversion on typing judgement on (A.4)we have: Γ , x : S (cid:96) ST P (cid:48) Γ , x : ! T.S, y : T (cid:96) ST x (cid:104) y (cid:105) .P (cid:48) (A.5)By Definition 4.2 and Figure 7, we must show: f x : chan ( (cid:74) T (cid:75) f u , (cid:74) S (cid:75) f u ; ! κ ) ; ≺ (cid:0) y : (cid:74) T (cid:75) f u | (cid:74) Γ (cid:75) f u (cid:1) (cid:96) ≺ ( ν c ) f x (cid:104) y, c (cid:105) . (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 37
By induction hypothesis on the premise of (A.5) we have: (cid:74) Γ (cid:75) f (cid:48) , f (cid:48) x : (cid:74) S (cid:75) f u (cid:96) ≺ (cid:74) P (cid:48) (cid:75) f (cid:48) Let f = f (cid:48) \ { x (cid:55)→ c } . We can then rewrite the above judgement in terms of f as follows: (cid:74) Γ (cid:75) f u , c : (cid:74) S (cid:75) f u (cid:96) ≺ (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u (A.6)By applying Rule ( T π - Var ) we can derive both y : (cid:74) T (cid:75) f u (cid:96) ≺ y : (cid:74) T (cid:75) f u ( ∗ ) and c : (cid:74) S (cid:75) f u (cid:96) ≺ c : (cid:74) S (cid:75) f u ( ∗∗ )Finally, by applying Rule ( T π - Out ) on ( ∗ ), ( ∗∗ ), and the induction hypothesis in (A.6)we have: y : (cid:74) T (cid:75) f u (cid:96) ≺ y : (cid:74) T (cid:75) f u c : (cid:74) S (cid:75) f u (cid:96) ≺ c : (cid:74) S (cid:75) f u (cid:74) Γ (cid:75) f u , c : (cid:74) S (cid:75) f u (cid:96) ≺ (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u f x : chan ( (cid:74) T (cid:75) f u , (cid:74) S (cid:75) f u ; ! κ ) ; ≺ (cid:0) y : (cid:74) T (cid:75) f u | c : (cid:74) S (cid:75) f u | (cid:74) Γ (cid:75) f u , c : (cid:74) S (cid:75) f u (cid:1) (cid:96) ≺ f x (cid:104) y, c (cid:105) . (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u (A.7)We can rewrite the (second part of the) typing context above as y : (cid:74) T (cid:75) f u , (cid:74) Γ (cid:75) f u , c : ( (cid:74) S (cid:75) f u | (cid:74) S (cid:75) f u ) (A.8)and by Proposition 4.4 we have rel ( (cid:74) S (cid:75) f u | (cid:74) S (cid:75) f u ). Since the ‘ ; ≺ ’ operation is appliedto (A.8), the obligations are increased by the same number for (cid:74) S (cid:75) f u and (cid:74) S (cid:75) f u . Letthese new types be U = ↑ t (cid:74) S (cid:75) f u and U = ↑ t (cid:74) S (cid:75) f u , where t is the number used by the‘ ; ≺ ’ operation applied to (A.8). Then, rel ( U | U ). By applying Rule ( T π - Res ) on theconclusion of (A.7) with the rewriting in (A.8) we have: f x : chan ( (cid:74) T (cid:75) f u , (cid:74) S (cid:75) f u ; ! κ ) ; ≺ (cid:0) y : (cid:74) T (cid:75) f u , (cid:74) Γ (cid:75) f u , c : ( (cid:74) S (cid:75) f u | (cid:74) S (cid:75) f u ) (cid:1) (cid:96) ≺ f x (cid:104) y, c (cid:105) . (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u rel ( (cid:74) S (cid:75) f u | (cid:74) S (cid:75) f u ) f x : ! κ [ (cid:74) T (cid:75) f u , (cid:74) S (cid:75) f u ] ; ≺ (cid:0) y : (cid:74) T (cid:75) f u | (cid:74) Γ (cid:75) f u (cid:1) (cid:96) ≺ ( ν c ) f x (cid:104) y, c (cid:105) . (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u which concludes this case.(4) P = x (cid:46) { l i : P i } i ∈ I . Then, by assumption and Definition 3.14, 4.1, and 4.2, we have:Γ , x : & { l i : T i } i ∈ I (cid:96) ST x (cid:46) { l i : P i } i ∈ I (A.9) x (cid:46) { l i : P i } i ∈ I (cid:96) LL (cid:74) Γ (cid:75) f l , x :& { l i : (cid:74) T i (cid:75) f l } i ∈ I for some context Γ and session types T i for i ∈ I . By inversion on the typing judgementgiven in (A.9) we have: Γ , x : T i (cid:96) ST P i ∀ i ∈ I Γ , x : & { l i : T i } i ∈ I (cid:96) ST x (cid:46) { l i : P i } i ∈ I (A.10)By Definition 3.14 and 4.2, and by Figure 7, we must show: f x : chan ( (cid:104) l i : (cid:74) T i (cid:75) f u (cid:105) i ∈ I ; ? κ ) ; ≺ (cid:74) Γ (cid:75) f u (cid:96) ≺ f x ( y ) . case y of { l i c (cid:46) (cid:74) P i (cid:75) f, { x (cid:55)→ c } u } i ∈ I By induction hypothesis on the premise of (A.10) we have: (cid:74) Γ (cid:75) f (cid:48) , f (cid:48) x : (cid:74) T i (cid:75) f u (cid:96) ≺ (cid:74) P i (cid:75) f (cid:48) ∀ i ∈ I Let f = f (cid:48) \ { x (cid:55)→ c } . We can then rewrite the above judgement as follows: (cid:74) Γ (cid:75) f u , c : (cid:74) T i (cid:75) f u (cid:96) ≺ (cid:74) P i (cid:75) f, { x (cid:55)→ c } u ∀ i ∈ I (A.11) By applying Rule ( T π - Var ) to obtain y : (cid:104) l i : (cid:74) T i (cid:75) f u (cid:105) i ∈ I , and in order ( T π - Case ) and ( T π -Inp ) (cf. Figure 6) we conclude: f x : chan ( (cid:104) l i : (cid:74) T i (cid:75) f u (cid:105) i ∈ I ; ? κ ) ; ≺ (cid:74) Γ (cid:75) f u (cid:96) ≺ f x ( y ) . case y of { l i c (cid:46) (cid:74) P i (cid:75) f, { x (cid:55)→ c } u } i ∈ I (5) P = x (cid:47) l j .P j . Then, by assumption and Definitions 3.14, 4.1, and 4.2, we have:Γ , x : ⊕{ l i : T i } i ∈ I (cid:96) ST x (cid:47) l j .P j (A.12) x (cid:47) l j . (cid:74) P j (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : ⊕ { l i : (cid:74) T i (cid:75) f l } i ∈ I for some context Γ and session types T i , for i ∈ I . By inversion on typing judgementon (A.26) we have: Γ , x : T j (cid:96) ST P j ∃ j ∈ I Γ , x : ⊕{ l i : T i } i ∈ I (cid:96) ST x (cid:47) l j .P j (A.13)By Definition 4.2 and Figure 7, we must show: f x : chan ( (cid:104) l i : (cid:74) T i (cid:75) f u (cid:105) i ∈ I ; ! κ ) ; ≺ (cid:74) Γ (cid:75) f u (cid:96) ≺ ( ν c ) f x (cid:104) l j c (cid:105) . (cid:74) P j (cid:75) f, { x (cid:55)→ c } u By induction hypothesis on the premise of (A.13) we have: (cid:74) Γ (cid:75) f (cid:48) , f (cid:48) x : (cid:74) T j (cid:75) f u (cid:96) ≺ (cid:74) P j (cid:75) f (cid:48) Let f = f (cid:48) \ { x (cid:55)→ c } . We can then rewrite the above judgement as follows: (cid:74) Γ (cid:75) f u , c : (cid:74) T j (cid:75) f u (cid:96) ≺ (cid:74) P j (cid:75) f, { x (cid:55)→ c } u (A.14)By applying Rules ( T π - Var ) and ( T π - LVal ) we obtain c : (cid:74) T j (cid:75) f u (cid:96) ≺ l j c : (cid:104) l i : (cid:74) T i (cid:75) f u (cid:105) i ∈ I (A.15)By applying Rules ( T π - Out ) (cf. Figure 6) on (A.14) and (A.15) we have c : (cid:74) T j (cid:75) f u (cid:96) ≺ l j c : (cid:104) l i : (cid:74) T i (cid:75) f u (cid:105) i ∈ I (cid:74) Γ (cid:75) f u , c : (cid:74) T j (cid:75) f u (cid:96) ≺ (cid:74) P j (cid:75) f, { x (cid:55)→ c } u f x : chan ( (cid:104) l i : (cid:74) T i (cid:75) f u (cid:105) i ∈ I ; ! κ ) ; ≺ (cid:0) c : (cid:74) T j (cid:75) f u | (cid:74) Γ (cid:75) f u , c : (cid:74) T j (cid:75) f u (cid:1) (cid:96) ≺ f x (cid:104) l j c (cid:105) . (cid:74) P j (cid:75) f, { x (cid:55)→ c } u Last, by applying Rule ( T π - Res ) on the conclusion above we have f x : chan ( (cid:104) l i : (cid:74) T i (cid:75) f u (cid:105) i ∈ I ; ! κ ) ; ≺ (cid:0) c : (cid:74) T j (cid:75) f u | (cid:74) Γ (cid:75) f u , c : (cid:74) T j (cid:75) f u (cid:1) (cid:96) ≺ f x (cid:104) l j c (cid:105) . (cid:74) P j (cid:75) f, { x (cid:55)→ c } u f x : chan ( (cid:104) l i : (cid:74) T i (cid:75) f u (cid:105) i ∈ I ; ! κ ) ; ≺ (cid:74) Γ (cid:75) f u (cid:96) ≺ ( ν c ) f x (cid:104) l j c (cid:105) . (cid:74) P j (cid:75) f, { x (cid:55)→ c } u which concludes this case.(6) P = ( ν xy )( P | P ): Then, by assumption and Definition 3.14, 4.1 and 4.2, we have:Γ , Γ (cid:96) ST ( ν xy )( P | P ) (A.16)( ν w )( (cid:74) P (cid:75) a [ w / x ] | (cid:74) P (cid:75) a [ w / y ]) (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l for some typing contexts Γ , Γ . By inversion on the typing judgements given in (A.16)we have the following derivation, for some session type T :Γ , x : T (cid:96) ST P Γ , y : T (cid:96) ST P Γ , x : T, Γ , y : T (cid:96) ST P | P Γ , Γ (cid:96) ST ( ν xy )( P | P ) (A.17)Notice that since P ∈ L , then channel endpoints x and y (or the single name w in L )form the only shared channel between processes P and P . This implies that Γ and OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 39 Γ are disjoint. Hence, Γ , Γ is well defined. By Definition 4.2 and Figure 7, we mustshow: (cid:74) Γ (cid:75) f u , (cid:74) Γ (cid:75) f u (cid:96) ≺ ( ν w )( (cid:74) P (cid:75) f, { x (cid:55)→ w } u | (cid:74) P (cid:75) f, { y (cid:55)→ w } )By applying induction hypothesis on the premises of (A.17), we have: (cid:74) Γ (cid:75) f (cid:48) , f (cid:48) x : (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f (cid:48) and (cid:74) Γ (cid:75) f (cid:48) , f (cid:48) y : (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f (cid:48) Let f = f (cid:48) \ { x, y (cid:55)→ w } , hence we have f (cid:48) x = f (cid:48) y = w . We can now rewrite the abovejudgements in terms of f as follows: (cid:74) Γ (cid:75) f u , w : (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f, { x (cid:55)→ w } u and (cid:74) Γ (cid:75) f u , w : (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f, { y (cid:55)→ w } (A.18)By applying Rule ( T π - Par ) (cf. Figure 6) on (A.18) we have the following derivation: (cid:74) Γ (cid:75) f u , w : (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f, { x (cid:55)→ w } u (cid:74) Γ (cid:75) f u , w : (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f, { y (cid:55)→ w } (cid:74) Γ (cid:75) f u , (cid:74) Γ (cid:75) f u , w : (cid:74) T (cid:75) f u | (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f, { x (cid:55)→ w } u | (cid:74) P (cid:75) f, { y (cid:55)→ w } Since the only channel that P and P share is w , then n = 1 and it is sufficient towrite the composition of typing contexts (cid:74) Γ (cid:75) f u and (cid:74) Γ (cid:75) f u with ‘,’ instead of parallelcomposition. Still, we write | in the composition of the types for channel w , namely (cid:74) T (cid:75) f u | (cid:74) T (cid:75) f u , as it gives a clearer presentation for the next step of applying Proposition 4.4.By applying Rule ( T π - Res ) and by using Proposition 4.4 we have the followingderivation, which concludes the case: (cid:74) Γ (cid:75) f u , (cid:74) Γ (cid:75) f u , w : (cid:74) T (cid:75) f u | (cid:74) T (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f, { x (cid:55)→ w } u | (cid:74) P (cid:75) f, { y (cid:55)→ w } rel ( (cid:74) T (cid:75) f u | (cid:74) T (cid:75) f u ) (cid:74) Γ (cid:75) f u , (cid:74) Γ (cid:75) f u (cid:96) ≺ ( ν w )( (cid:74) P (cid:75) f, { x (cid:55)→ w } u | (cid:74) P (cid:75) f, { y (cid:55)→ w } )(7) P = P | P : This case is similar to the previous one. By assumption we haveΓ , Γ (cid:96) ST P | P (A.19) (cid:74) P (cid:75) a | (cid:74) P (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l and inversion on typing on (A.19) we infer:Γ (cid:96) ST P Γ (cid:96) ST P Γ , Γ (cid:96) ST P | P (A.20)By Definition 4.2 and Figure 7, we must show: (cid:74) Γ (cid:75) f u , (cid:74) Γ (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f u | (cid:74) P (cid:75) f u By applying induction hypothesis on the premises of (A.20), we have: (cid:74) Γ (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f u and (cid:74) Γ (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f u The thesis proceeds by applying Rule ( T π -Par ) (cf. Figure 6).Notice that since P and P do not share any channel, also their encodings do notshare any channel. Hence, the minimum n used for the derivation can be 0, which isthen subsumed by n = 1, as the condition in the Rule ( T π -Par ) (cf. Figure 6) requires | dom (Γ ) ∩ dom (Γ ) | ≤ n . Lemma A.2 (Substitution Lemma for CP) . If P (cid:96) LL Γ , x : T and v / ∈ fn ( P ), then P [ v/x ] (cid:96) LL Γ , v : T . Lemma A.3. If P ∈ K then P ∈ L . Proof.
By structural induction on P . Recall that by Definition 4.2, we have that L = (cid:8) P | ∃ Γ . (Γ (cid:96) ST P ∧ (cid:74) P (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l ) (cid:9) K = (cid:8) P | ∃ Γ , f. (Γ (cid:96) ST P ∧ (cid:74) Γ (cid:75) f u (cid:96) ≺ (cid:74) P (cid:75) f u ) (cid:9) Following the syntax of processes in Figure 2, there are seven cases to consider:(1) P = : Then, by assumption, Figure 7 and Definition 4.2, we have both x : end (cid:96) ST and (cid:74) x : end (cid:75) f u (cid:96) ≺ (cid:74) (cid:75) f u , for some x and any renaming function f . The thesis follows byusing Axiom ( T- ) in Figure 5, and the encodings in Figure 7 and Figure 8, which ensure (cid:96) LL x : • .(2) P = x ( y ) .P (cid:48) : Then, by assumption, Figure 7 and Definition 4.2, we haveΓ , x : ? T.S (cid:96) ST x ( y ) .P (cid:48) (A.21) (cid:74) Γ (cid:75) f u , f x : chan ( (cid:74) T (cid:75) f u , (cid:74) S (cid:75) f u ; ? κ ) (cid:96) ≺ f x ( y, c ) . (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u for some context Γ, session types S, T and renaming function f . By inversion on typingjudgement on (A.21) we have: Γ , x : S, y : T (cid:96) ST P (cid:48) Γ , x : ? T.S (cid:96) ST x ( y ) .P (cid:48) (A.22)We must show: x ( y ) . (cid:74) P (cid:48) (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l By induction hypothesis on the premise of (A.22) we have: (cid:74) P (cid:48) (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S (cid:75) f l , y : (cid:74) T (cid:75) f l (A.23)and the thesis follows easily from (A.23), using Rule (T- (cid:79) ) (cf. Figure 5).(3) P = x (cid:104) y (cid:105) .P (cid:48) : Then, by assumption, Figure 7 and Definition 4.2, we haveΓ , x : ! T.S, y : T (cid:96) ST x (cid:104) y (cid:105) .P (cid:48) (A.24) (cid:74) Γ (cid:75) f u , f x : chan ( (cid:74) T (cid:75) f u , (cid:74) S (cid:75) f u ; ! κ ) (cid:96) ≺ ( ν c ) f x (cid:104) y, c (cid:105) . (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u for some typing context Γ, session types S, T and renaming function f . By inversion ontyping judgement on (A.28) we have:Γ , x : S (cid:96) ST P (cid:48) Γ , x : ! T.S, y : T (cid:96) ST x (cid:104) y (cid:105) .P (cid:48) (A.25)By induction hypothesis on the premise of (A.25) we have: (cid:74) P (cid:48) (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S (cid:75) f l and then we can conclude using Rule ( T- ⊗ ) in Figure 5: (cid:74) P (cid:48) (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S (cid:75) f l [ y ↔ z ] (cid:96) LL y : (cid:74) T (cid:75) f l , z : (cid:74) T (cid:75) f l x ( z ) . ([ z ↔ y ] | (cid:74) P (cid:48) (cid:75) a ) (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , y : (cid:74) T (cid:75) f l where [ y ↔ z ] (cid:96) LL y : (cid:74) T (cid:75) f l , z : (cid:74) T (cid:75) f l follows from Rule ( T- id ). OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 41 (4) P = x (cid:47) l j .P (cid:48) : Then, by assumption, Figure 7 and Definition 4.2, we haveΓ , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .P (cid:48) (A.26) (cid:74) Γ (cid:75) f u , f x : chan ( (cid:104) l i : (cid:74) S i (cid:75) f u (cid:105) i ∈ I ; ! κ ) (cid:96) ≺ ( ν c ) f x (cid:104) l j c (cid:105) . (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ c } u for some typing context Γ, session types S i for i ∈ I and renaming function f . Byinversion on typing judgement on (A.26) we have:Γ , x : S j (cid:96) ST P (cid:48) ∃ j ∈ I Γ , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .P (cid:48) (A.27)By induction hypothesis on the premise of (A.27) we have: (cid:74) P (cid:48) (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S j (cid:75) f l and then we can conclude by using Rule ( T- ⊕ ) in Figure 5: (cid:74) P (cid:48) (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S j (cid:75) f l j ∈ Ix (cid:47) l j . (cid:74) P (cid:48) (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : ⊕ { l i : (cid:74) S i (cid:75) f l } i ∈ I (5) P = x (cid:46) { l i : P (cid:48) i } i ∈ I : Similar to the previous case.(6) P = ( ν xy ) P (cid:48) : Then, by assumption, Figure 7 and Definition 4.2, we have:Γ (cid:96) ST ( ν xy ) P (cid:48) (A.28) (cid:74) Γ (cid:75) f u (cid:96) ≺ ( ν w ) (cid:74) P (cid:48) (cid:75) f, { x,y (cid:55)→ w } u (A.29)for some contexts Γ. By (A.29) we can observe the following: • Let w : chan ( (cid:101) T ; U ), then rel ( U ). • Since rel ( U ), then it must be the case that U = U | U , which in turn implies that (cid:74) P (cid:48) (cid:75) f, { x,y (cid:55)→ w } u = (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ w } u | (cid:74) P (cid:48) (cid:75) f, { y (cid:55)→ w } . • Since n = 1 in (cid:96) ≺ , then (cid:74) P (cid:48) (cid:75) f, { x (cid:55)→ w } u and (cid:74) P (cid:48) (cid:75) f, { y (cid:55)→ w } share at most one channel. Butwe know more at this stage, that they share exactly w .By inversion on the encoding and renaming function f , and on the typing judgementon (A.28) we have: Γ , x : S (cid:96) ST P Γ , y : S (cid:96) ST P Γ , x : S, Γ , y : S (cid:96) ST P | P Γ , Γ (cid:96) ST ( ν xy )( P | P ) (A.30)for some session type S and Γ = Γ , Γ . By applying the induction hypothesis on thepremises of (A.30), we have both (cid:74) P (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S (cid:75) f l and (cid:74) P (cid:75) a (cid:96) LL (cid:74) Γ (cid:75) f l , y : (cid:74) S (cid:75) f l By Lemma A.2 we obtain: (cid:74) P (cid:75) a [ w / x ] (cid:96) LL (cid:74) Γ (cid:75) f l , w : (cid:74) S (cid:75) f l and (cid:74) P (cid:75) a [ w / y ] (cid:96) LL (cid:74) Γ (cid:75) f l , w : (cid:74) S (cid:75) f l We then conclude by using Lemma 3.15 and Rule (T cut ) (cf. Figure 5): (cid:74) P (cid:75) a [ w / x ] (cid:96) LL (cid:74) Γ (cid:75) f l , w : (cid:74) S (cid:75) f l (cid:74) P (cid:75) a [ w / y ] (cid:96) LL (cid:74) Γ (cid:75) f l , w : (cid:74) S (cid:75) f l ( ν w )( (cid:74) P (cid:75) a [ w / x ] | (cid:74) P (cid:75) a [ w / y ]) (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l (7) P = P | P : similar to the previous case, noticing that since there is no restrictionto bind two endpoints together, this case boils down to having n = 0. Then, we useRule ( T- mix ) (rather than Rule ( T cut )) to type the composition of P and P (cf. Figure 5). Appendix B. Omitted Proofs for § B.1.
Proof of Lemma 5.3.
We repeat the statement in Page 22:
Lemma 5.3.
Let T be a session type and Γ be a session context.(1) For all P ∈ (cid:104)| T |(cid:105) x , we have P (cid:96) LL x : (cid:74) T (cid:75) f l .(2) For all P ∈ (cid:104)| Γ |(cid:105) , we have P (cid:96) LL (cid:74) Γ (cid:75) f l . Proof.
We consider both parts separately.
Part 1.
The proof proceeds by induction on the structure of T . Thus, there are five casesto consider:(1) Case T = end . Then, by Definition 5.1, we have (cid:104)| end |(cid:105) x = (cid:8) (cid:9) . We conclude by thefact that (cid:74) end (cid:75) f l = • (cf. Figure 8) and by Rule ( T- ) (cf. Figure 5).(2) Case T = ? T.S . Then, by Definition 5.1, P is of the form x ( y ) . ( P | P ), with P ∈ (cid:104)| T |(cid:105) y and P ∈ (cid:104)| S |(cid:105) x . By applying the induction hypothesis twice, on T and S , we obtain: P (cid:96) LL y : (cid:74) T (cid:75) f l P (cid:96) LL x : (cid:74) S (cid:75) f l Now, by applying Rules ( T- mix ) and ( T- (cid:79) ) (cf. Figure 5) we have P (cid:96) LL y : (cid:74) T (cid:75) f l P (cid:96) LL x : (cid:74) S (cid:75) f l P | P (cid:96) LL y : (cid:74) T (cid:75) f l , x : (cid:74) S (cid:75) f l x ( y ) . ( P | P ) (cid:96) LL x : (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l By encoding of types in Figure 8, we have (cid:74) ? T.S (cid:75) f l = (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l , which concludes thiscase.(3) Case T = ! T.S . Then, by Definition 5.1, P is of the form x ( y ) . ( P | P ), with P ∈ (cid:104)| T |(cid:105) y and P ∈ (cid:104)| S |(cid:105) x . By applying the induction hypothesis twice, on T and S , we obtain P (cid:96) LL y : (cid:74) T (cid:75) f l P (cid:96) LL x : (cid:74) S (cid:75) f l Now, by applying Rule ( T- ⊗ ) (cf. Figure 5) we have P (cid:96) LL y : (cid:74) T (cid:75) f l Q (cid:96) LL x : (cid:74) S (cid:75) f l x ( y ) . ( P | Q ) (cid:96) LL x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l By encoding of types in Figure 8, we have (cid:74) ! T.S (cid:75) f l = (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l which concludes thiscase. OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 43 (4) Case T = & { l i : S i } i ∈ I . Then, by Definition 5.1, P is of the form x (cid:46) { l i : P i } i ∈ I , with P i ∈ (cid:104)| S i |(cid:105) x , for all i ∈ I . By induction hypothesis on those S i , we obtain P i (cid:96) LL x : (cid:74) S i (cid:75) f l ,for all i ∈ I . Then, by Rule ( T & ) (cf. Figure 5) we have: P i (cid:96) LL x : (cid:74) S i (cid:75) f l ∀ i ∈ Ix (cid:46) { l i : P i } i ∈ I (cid:96) LL x : & { l i : (cid:74) S i (cid:75) f l } i ∈ I By encoding of types in Figure 8, (cid:74) & { l i : S i } i ∈ I (cid:75) f l = & { l i : (cid:74) S i (cid:75) f l } i ∈ I , which concludesthis case.(5) Case T = ⊕{ l i : S i } i ∈ I . Then, by Definition 5.1, P is of the form x (cid:47) l j .P j , with P j ∈ (cid:104)| S j |(cid:105) x and j ∈ I . By induction hypothesis on S j , we obtain P j (cid:96) LL x : (cid:74) S j (cid:75) f l . Then,by Rule ( T ⊕ ) (cf. Figure 5) we have P j (cid:96) LL x : (cid:74) S j (cid:75) f l x (cid:47) l j .P j (cid:96) LL x : ⊕ { l i : (cid:74) S i (cid:75) f l } i ∈ I By encoding of types in Figure 8, we have (cid:74) ⊕{ l i : S i } i ∈ I (cid:75) f l = ⊕{ l i : (cid:74) S i (cid:75) f l } i ∈ I , whichconcludes this case. Part 2.
Given Γ = w : T , . . . , w n : T n , the proof is by induction on n , the size of Γ. Thebase case is when n = 1: then, by Part 1, (cid:104)| Γ |(cid:105) = (cid:104)| T |(cid:105) w , and the thesis follows immediately.The inductive step ( n >
1) proceeds by using the inductive hypothesis and Rule ( T- mix ).Let Γ = Γ (cid:48) , w n : T n . Then, by inductive hypothesis, P i ∈ (cid:104)| Γ (cid:48) |(cid:105) implies P i (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l . Recallthat (cid:74) Γ (cid:48) (cid:75) f l = w : (cid:74) T (cid:75) f l , . . . , w n − : (cid:74) T n − (cid:75) f l by Definition 3.14. Also, by Part 1, P (cid:48) ∈ (cid:104)| T n |(cid:105) w n implies P (cid:48) (cid:96) LL w n : (cid:74) T n (cid:75) f l . Since by Definition 5.2, P i | P (cid:48) ∈ (cid:104)| Γ |(cid:105) , the thesis follows bycomposing P i and P (cid:48) using Rule ( T- mix ): P i (cid:96) LL w : (cid:74) T (cid:75) f l , · · · , w n − : (cid:74) T n − (cid:75) f l P (cid:48) (cid:96) LL w n : (cid:74) T n (cid:75) f l P i | P (cid:48) (cid:96) LL w : (cid:74) T (cid:75) f l , · · · , w n : (cid:74) T n (cid:75) f l This concludes the proof.B.2.
Proof of Theorem 5.1.
We repeat the statement in Page 25:
Theorem 5.1. (Rewriting (cid:76) · (cid:77) is Type Preserving) Let Γ (cid:96) ST P . Then, for all Q ∈ (cid:76) Γ (cid:96) ST P (cid:77) ,we have that Q (cid:96) LL (cid:74) Γ (cid:75) f l . Proof.
The proof proceeds by cases on the judgement Γ (cid:96) ST P used in the rewriting proceduregiven in Definition 5.8, and by inversion on the last typing rule applied (given in Figure 3).There are seven cases to consider:(1) Γ (cid:96) ST . Then, by inversion the last rule applied is ( T-Nil ), with un (Γ). By Definition 5.8we have (cid:76) Γ (cid:96) ST (cid:77) = { } . By applying Rule ( T- ) (cf. Figure 5) we have: (cid:96) LL x : • ( T- ) The thesis follows immediately by the encoding of types (cid:74) · (cid:75) f l in Figure 8 and Defini-tion 3.14, which ensure that (cid:74) x : end (cid:75) f l = x : (cid:74) end (cid:75) f l = x : • . (2) Γ (cid:48) , x : ! T.S, v : T (cid:96) ST x (cid:104) v (cid:105) .P (cid:48) , where Γ = Γ (cid:48) , x : ! T.S, v : T and P = x (cid:104) v (cid:105) .P (cid:48) . By inversionthe last rule applied is ( T-Out ): Γ (cid:48) , x : S (cid:96) ST P (cid:48) Γ (cid:48) , x : ! T.S, v : T (cid:96) ST x (cid:104) v (cid:105) .P (cid:48) ( T-Out ) By Definition 5.8, (cid:76) Γ (cid:48) , x : ! T.S, v : T (cid:96) ST x (cid:104) v (cid:105) .P (cid:48) (cid:77) = { x ( z ) . (cid:0) [ v ↔ z ] | Q (cid:1) | Q ∈ (cid:76) Γ (cid:48) , x : S (cid:96) ST P (cid:48) (cid:77) } By Rule ( T- id ) and by Lemma 3.15 we have:[ v ↔ z ] (cid:96) LL v : (cid:74) T (cid:75) f l , z : (cid:74) T (cid:75) f l ( T- id ) (B.1)By induction hypothesis, for all Q ∈ (cid:76) Γ (cid:48) , x : S (cid:96) ST P (cid:48) (cid:77) we have that Q (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S (cid:75) f l .Let Q (cid:48) be a process in this set. By applying Rule ( T- ⊗ ) on Q (cid:48) and on (B.1) we have[ v ↔ z ] (cid:96) LL v : (cid:74) T (cid:75) f l , z : (cid:74) T (cid:75) f l Q (cid:48) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S (cid:75) f l x ( z ) . (cid:0) [ v ↔ z ] | Q (cid:48) (cid:1) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , v : (cid:74) T (cid:75) f l ( T- ⊗ ) By encoding of types (cid:74) · (cid:75) f l in Figure 8 we have (cid:74) ! T.S (cid:75) f l = (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , and by Defini-tion 3.14, we have (cid:74) Γ (cid:48) , x : ! T.S, v : T (cid:75) f l = (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , v : (cid:74) T (cid:75) f l , which concludesthis case.(3) Γ , Γ , x : ! T.S (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P ), where Γ = Γ , Γ , x : ! T.S . By inversion, thisjudgement is derived by a sequence of applications of rules, the last rule applied is(
T-Res ), and before that (
T-Out ) and (
T-Par ) as follows:Γ , z : T (cid:96) ST P Γ , x : S (cid:96) ST P Γ , z : T , Γ , x : S (cid:96) ST P | P ( T-Par ) Γ , Γ , x : ! T.S, y : T, z : T (cid:96) ST x (cid:104) y (cid:105) . ( P | P ) ( T-Out ) Γ , Γ , x : ! T.S (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P ) ( T-Res ) By Definition 5.8, we have (cid:76) Γ , Γ , x : ! T.S (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P ) (cid:77) = (cid:8) x ( z ) . ( Q | Q ) | Q ∈ (cid:76) Γ , z : T (cid:96) ST P (cid:77) ∧ Q ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:77) (cid:9) By induction hypothesis, for all processes Q ∈ (cid:76) Γ , z : T (cid:96) ST P (cid:77) we have Q (cid:96) LL (cid:74) Γ (cid:75) f l , z : (cid:74) T (cid:75) f l and Q ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:77) we have Q (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S (cid:75) f l Let Q (cid:48) and Q (cid:48) be processes in the first and second set, respectively. By applyingRule ( T- ⊗ ) on Q (cid:48) and Q (cid:48) we have: Q (cid:48) (cid:96) LL (cid:74) Γ (cid:75) f l , z : (cid:74) T (cid:75) f l Q (cid:48) (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S (cid:75) f l x ( z ) . (cid:0) Q (cid:48) | Q (cid:48) (cid:1) (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l ( T- ⊗ ) By the encoding of types (cid:74) · (cid:75) f l in Figure 8 we have (cid:74) ! T.S (cid:75) f l = (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , and byDefinition 3.14, we have (cid:74) Γ , Γ , x : ! T.S (cid:75) f l = (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , whichconcludes this case. OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 45 (4) Γ (cid:48) , x : ?
T.S (cid:96) ST x ( y : T ) .P (cid:48) , where Γ = Γ (cid:48) , x : ? T.S . By inversion, the last typing ruleapplied is (
T-In ): Γ (cid:48) , x : S, y : T (cid:96) ST P (cid:48) Γ (cid:48) , x : ? T.S (cid:96) ST x ( y : T ) .P (cid:48) ( T-In ) By Definition 5.8 we have (cid:76) Γ (cid:48) , x : ? T.S (cid:96) ST x ( y : T ) .P (cid:48) (cid:77) = { x ( y ) .Q | Q ∈ (cid:76) Γ (cid:48) , x : S, y : T (cid:96) ST P (cid:48) (cid:77) } By induction hypothesis, Q ∈ (cid:76) Γ (cid:48) , x : S, y : T (cid:96) ST P (cid:48) (cid:77) implies Q (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S (cid:75) f l , y : (cid:74) T (cid:75) f l . Let Q (cid:48) be a process in this set. By applying Rule ( T- (cid:79) ) on Q (cid:48) : Q (cid:48) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S (cid:75) f l , y : (cid:74) T (cid:75) f l x ( y ) .Q (cid:48) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l ( T- (cid:79) ) where by the encoding of types (cid:74) · (cid:75) f l in Figure 8 we have (cid:74) ? T.S (cid:75) f l = (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l , and byDefinition 3.14, we have (cid:74) Γ (cid:48) , x : ? T.S (cid:75) f l = (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l , which concludes thiscase.(5) Γ (cid:48) , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .P (cid:48) , where Γ = Γ (cid:48) , x : ⊕{ l i : S i } i ∈ I . By inversion, the lasttyping rule applied is ( T-Sel ):Γ (cid:48) , x : S j (cid:96) ST P (cid:48) j ∈ I Γ (cid:48) , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .P (cid:48) ( T-Sel ) By Definition 5.8 we have (cid:76) Γ (cid:48) , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .P (cid:48) (cid:77) = { x (cid:47) l j .Q | Q ∈ (cid:76) Γ (cid:48) , x : S j (cid:96) ST P (cid:48) (cid:77) } By induction hypothesis, for all Q ∈ (cid:76) Γ (cid:48) , x : S j (cid:96) ST P (cid:48) (cid:77) we have Q (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S j (cid:75) f l .Let Q (cid:48) be a process in this set. By applying Rule ( T- ⊕ ) on Q (cid:48) we have: Q (cid:48) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S j (cid:75) f l j ∈ Ix (cid:47) l j .Q (cid:48) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : ⊕{ l i : (cid:74) S i (cid:75) f l } i ∈ I ( T- ⊕ ) By the encoding of types (cid:74) · (cid:75) f l in Figure 8, and Definition 3.14, we have (cid:74) Γ (cid:48) , x : ⊕{ l i : S i } i ∈ I (cid:75) f l = (cid:74) Γ (cid:48) (cid:75) f l , x : ⊕{ l i : (cid:74) S i (cid:75) f l } i ∈ I which concludes this case.(6) Γ (cid:48) , x : & { l i : S i } i ∈ I (cid:96) ST x (cid:46) { l i : P i } i ∈ I , where Γ = Γ (cid:48) , x : & { l i : S i } i ∈ I . By inversion, thelast typing rule applied is ( T-Bra ):Γ (cid:48) , x : S i (cid:96) ST P i ∀ i ∈ I Γ (cid:48) , x : & { l i : S i } i ∈ I (cid:96) ST x (cid:46) { l i : P i } i ∈ I ( T-Bra ) By Definition 5.8 we have that (cid:76) Γ (cid:48) , x : & { l i : S i } i ∈ I (cid:96) ST x (cid:46) { l i : P i } i ∈ I (cid:77) = { x (cid:46) { l i : Q } i ∈ I | Q ∈ (cid:76) Γ (cid:48) , x : S i (cid:96) ST P i (cid:77) } By induction hypothesis, Q i ∈ (cid:76) Γ (cid:48) , x : S i (cid:96) ST P i (cid:77) implies Q i (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S i (cid:75) f l , for all i ∈ I . Let Q (cid:48) i be a process in the corresponding set, for all i ∈ I . By applying Rule ( T- & )on each of Q (cid:48) i we have: Q (cid:48) i (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S i (cid:75) f l x (cid:46) { l i : Q (cid:48) i } i ∈ I (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : & { l i : (cid:74) S i (cid:75) f l } i ∈ I ( T- & ) By the encoding of types (cid:74) · (cid:75) f l in Figure 8 we have (cid:74) & { l i : S i } i ∈ I (cid:75) f l = & { l i : (cid:74) S i (cid:75) f l } i ∈ I ,and by Definition 3.14, we have (cid:74) Γ (cid:48) , x : & { l i : S i } i ∈ I (cid:75) f l = (cid:74) Γ (cid:48) (cid:75) f l , x : & { l i : (cid:74) S i (cid:75) f l } i ∈ I ,which concludes this case.(7) Γ , [ (cid:93) x : S ] , Γ , [ (cid:93) y : T ] (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ), where by inversion we have Γ , (cid:93) x : S (cid:96) ST P and Γ , (cid:93) y : T (cid:96) ST P , and the last typing rule applied is ( T-Res ), and before that Rule (
T-Par ) is used, as follows:Γ , (cid:93) x : S (cid:96) ST P (1) Γ , (cid:93) y : T (cid:96) ST P (2)Γ , Γ , (cid:93) x : S, (cid:93) y : T (cid:96) ST P | P ( T-Par ) Γ , [ (cid:93) x : S ] , Γ , [ (cid:93) y : T ] (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ) ( T-Res ) Notice that since restriction is the only means of creating dual session channel endpoints(co-variables) and the only restricted names in P are (cid:102) xy , it then follows that Γ ∩ Γ = ∅ .Hence, by the definition of the ‘ , ’ operator we have that Γ , Γ = Γ , Γ .By Definition 5.8, we have that (cid:76) Γ , [ (cid:93) x : S ] , Γ , [ (cid:93) y : T ] (cid:96) ST ( ν (cid:102) xy : (cid:101) S )( P | P ) (cid:77) is thefollowing set of processes: (cid:8) C [ Q ] | G | C ∈ C (cid:93) x : T , Q ∈ (cid:76) Γ , (cid:93) x : S (cid:96) ST P (cid:77) , G ∈ (cid:104)| Γ |(cid:105) (cid:9) (B.2) ∪ (cid:8) G | C [ Q ] | C ∈ C (cid:93) y : S , Q ∈ (cid:76) Γ , (cid:93) y : T (cid:96) ST P (cid:77) , G ∈ (cid:104)| Γ |(cid:105) (cid:9) (B.3)We start by inspecting the set of processes in (B.2). By induction hypothesis on theleft-hand side premise of Rule ( T-Par ), marked (1), we have:for all processes Q ∈ (cid:76) Γ , (cid:93) x : S (cid:96) ST P (cid:77) we have that Q (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:94) x : (cid:74) S (cid:75) f l Let Q (cid:48) be an arbitrary process in this set. By Lemma 5.5 we have that C [ Q (cid:48) ] (cid:96) LL (cid:74) Γ (cid:75) f l .By Lemma 5.3(b) since G ∈ (cid:104)| Γ |(cid:105) , we have that G (cid:96) LL (cid:74) Γ (cid:75) f l . Since Γ and Γ aredisjoint, by Rule ( T- mix ) we have the following derivation, which concludes the inspectionof (B.2): C [ Q (cid:48) ] (cid:96) LL (cid:74) Γ (cid:75) f l G (cid:96) LL (cid:74) Γ (cid:75) f l C [ Q (cid:48) ] | G (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l ( T- mix ) We inspect now the the set of processes in (B.3). By induction hypothesis on theright-hand side premise of Rule (
T-Par ), marked (2), we have:for all processes R ∈ (cid:76) Γ , (cid:93) y : T (cid:96) ST R (cid:77) we have that R (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:94) y : (cid:74) T (cid:75) f l Let R (cid:48) be an arbitrary process in this set. By Lemma 5.5, C [ R (cid:48) ] (cid:96) LL (cid:74) Γ (cid:75) f l . ByLemma 5.3(b) since G ∈ (cid:104)| Γ |(cid:105) , we have G (cid:96) LL (cid:74) Γ (cid:75) f l . Since Γ and Γ are disjoint, byRule ( T- mix ) we have the following derivation: C [ R (cid:48) ] (cid:96) LL (cid:74) Γ (cid:75) f l G (cid:96) LL (cid:74) Γ (cid:75) f l C [ R (cid:48) ] | G (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l ( T- mix ) We thus conclude that every process belonging to the set in (B.2) or (B.3) is typedunder the typing context (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l , concluding this case (and the proof). OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 47
B.3.
Proof of Theorem 5.2 (Page 26).
We repeat Definition 5.10 (cf. Page 26):
Definition B.1.
Let
P, Q be processes such that
P, Q (cid:96) LL Γ. We write P (cid:43) Q if and onlyif there exist P , P , Q , Q and Γ , Γ such that the following hold: P = P | P Q = Q | Q P , Q (cid:96) LL Γ P , Q (cid:96) LL Γ Γ = Γ , Γ Lemma B.2 (Substitution Lemma for Sessions [Vas12]) . If Γ (cid:96) ST v : T and Γ , x : T (cid:96) ST P and Γ = Γ , Γ , then Γ (cid:96) ST P [ v/x ]. Lemma B.3 (Substitution Lemma for Rewriting (cid:76) · (cid:77) ) . If P ∈ (cid:76) Γ , x : T (cid:96) ST Q (cid:77) and v / ∈ fn ( P, Q ), then P [ v / x ] ∈ (cid:76) Γ , v : T (cid:96) ST Q [ v/x ] (cid:77) . Proof.
Immediate from Definition 5.8 and Lemma B.2.
Proposition B.4 (Composing Characteristic Processes) . Let Γ and T be a typing contextand a type, respectively. • If P ∈ (cid:104)| Γ |(cid:105) and P ∈ (cid:104)| T |(cid:105) x then P | P ∈ (cid:104)| Γ , x : T |(cid:105) . • If Q ∈ (cid:104)| Γ , x : T |(cid:105) then there are Q , Q such that Q = Q | Q with Q ∈ (cid:104)| Γ |(cid:105) and Q ∈ (cid:104)| T |(cid:105) x . Proof.
Immediate from Definition 5.2.We repeat the statement of the operational correspondence given in Page 26:
Theorem 5.2. (Operational Correspondence for (cid:76) · (cid:77) ) Let P be such that Γ (cid:96) ST P for sometyping context Γ. Then, we have:(1) If P → P (cid:48) , then for all Q ∈ (cid:76) Γ (cid:96) ST P (cid:77) there exists Q (cid:48) such that:(i) Q → (cid:44) → Q (cid:48) and (ii) either Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) or Q (cid:48) (cid:43) R such that R ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) .(2) If Q ∈ (cid:76) Γ (cid:96) ST P (cid:77) , such that P ∈ K n , and Q → (cid:44) → Q (cid:48) , then there exists P (cid:48) such that:(i) P → P (cid:48) and (ii) either Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) or Q (cid:48) (cid:43) R such that R ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) . Proof.
We consider both parts separately.
Part 1.
The proof is by induction on the height of the derivation P → P (cid:48) (cf. Figure 2).There are two main cases to consider, which are reductions inferred using Rules ( R-Com ) and(
R-Case ); there are also cases corresponding to Rules (
R-Par ), (
R-Res ), and (
R-Str ), which arestraightforward via the induction hypothesis. For convenience, below we annotate boundnames with their types: this way, e.g., ( ν xy : S ) means that x : S and y : S .(1) Case ( R-Com ): Then we have: P (cid:44) ( ν xy : S (cid:48) )( x (cid:104) v (cid:105) .P | y ( t : T ) .P ) → ( ν xy : S (cid:48)(cid:48) )( P | P [ v/t ]) (cid:44) P (cid:48) Since Γ (cid:96) ST P , then by inversion we get S (cid:48) = ! T.S for some session types
S, T . Then, S (cid:48)(cid:48) = S . Again by inversion we have the following derivation: ( T-Out ) Γ , x : S (cid:96) ST P Γ , v : T, x : !
T.S (cid:96) ST x (cid:104) v (cid:105) .P Γ , y : S, t : T (cid:96) ST P Γ , y : ? T.S (cid:96) ST y ( t : T ) .P ( T-Inp ) Γ , v : T, x : !
T.S, Γ , y : ? T.S (cid:96) ST x (cid:104) v (cid:105) .P | y ( t : T ) .P ( T-Par ) (Γ , v : T ) , Γ (cid:96) ST ( ν xy : S (cid:48) )( x (cid:104) v (cid:105) .P | y ( t : T ) .P ) ( T-Res ) By Definition 5.8, the rewriting of P is as follows: (cid:76) Γ (cid:96) ST P (cid:77) = (cid:76) (Γ , v : T ) , Γ (cid:96) ST ( ν xy : ! T.S )( x (cid:104) v (cid:105) .P | y ( t : T ) .P ) (cid:77) = (cid:8) C [ Q ] | G | C ∈ C x :? T.S , Q ∈ (cid:76) Γ , x : ! T.S, v : T (cid:96) ST x (cid:104) v (cid:105) .P (cid:77) , G ∈ (cid:104)| Γ |(cid:105) (cid:9) ∪ (cid:8) G | C [ Q ] | C ∈ C y :! T.S , Q ∈ (cid:76) Γ , y : ? T.S (cid:96) ST y ( t : T ) .P (cid:77) , G ∈ (cid:104)| Γ , v : T |(cid:105) (cid:9) = A ∪ A where: A = (cid:8) G | ( ν x ) (cid:0) x ( w ) . (cid:0) [ v ↔ w ] | P ∗ (cid:1) | P x (cid:1) | P ∗ ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:77) , P x ∈ (cid:104)| ? T.S |(cid:105) x , G ∈ (cid:104)| Γ |(cid:105) (cid:9) (B.4) A = (cid:8) G | ( ν y ) (cid:0) y ( t ) .P ∗ | P y (cid:1) | P ∗ ∈ (cid:76) Γ , y : S, t : T (cid:96) ST P (cid:77) , P y ∈ (cid:104)| ! T.S |(cid:105) y , G ∈ (cid:104)| Γ , v : T |(cid:105) (cid:9) (B.5)Before spelling out the rewriting of P (cid:48) , we record some considerations. By Theorem 5.1,the rewriting preserves types: Q ∈ (cid:76) Γ (cid:96) ST P (cid:77) implies Q (cid:96) LL (cid:74) Γ (cid:75) f l . Since P → P (cid:48) ,Theorem 2.3 ensures Γ (cid:96) ST P (cid:48) . Again, by Theorem 5.1, O ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) implies O (cid:96) LL (cid:74) Γ (cid:75) f l . Also, since Γ , y : S, t : T (cid:96) ST P , then by Lemma B.2 we have Γ , y : S, v : T (cid:96) ST P [ v / t ] and by well-typedness v / ∈ fn ( P ). By Definition 5.8, the rewriting of P (cid:48) isas follows: (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) = (cid:76) Γ , (Γ , v : T ) (cid:96) ST ( ν xy : S )( P | P [ v / t ]) (cid:77) = (cid:8) C (cid:48) [ Q ] | G (cid:48) | C (cid:48) ∈ C x : S , Q ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:77) , G (cid:48) ∈ (cid:104)| Γ , v : T |(cid:105) (cid:9) ∪ (cid:8) G (cid:48) | C (cid:48) [ Q ] | C (cid:48) ∈ C y : S , Q ∈ (cid:76) Γ , y : S, v : T (cid:96) ST P [ v / t ] (cid:77) , G (cid:48) ∈ (cid:104)| Γ |(cid:105) (cid:9) = B ∪ B where: B = (cid:8) G (cid:48) | ( ν x ) (cid:0) Q | P (cid:48) x (cid:1) | P (cid:48) x ∈ (cid:104)| S |(cid:105) x , Q ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:77) , G (cid:48) ∈ (cid:104)| Γ , v : T |(cid:105) (cid:9) (B.6) B = (cid:8) G (cid:48) | ( ν y ) (cid:0) Q | P (cid:48) y (cid:1) | P (cid:48) y ∈ (cid:104)| S |(cid:105) y , Q ∈ (cid:76) Γ , y : S, v : T (cid:96) ST P [ v / t ] (cid:77) , G (cid:48) ∈ (cid:104)| Γ |(cid:105) (cid:9) (B.7)We now show that every process in (cid:76) Γ (cid:96) ST P (cid:77) reduces into a process in (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) .We address two sub-cases:(i) We show that every process in A (cf. Equation (B.4)) reduces to a process in B (cf. Equation (B.6));(ii) Similarly, we show that every process in A (cf. Equation (B.5)) reduces to aprocess in B (cf. Equation (B.7)). Sub-case (i) . Let Q = G | ( ν x ) (cid:0) x ( w ) . (cid:0) [ v ↔ w ] | P ∗ (cid:1) | P x (cid:1) be an arbitrary process in A , with P x ∈ (cid:104)| ? T.S |(cid:105) x . By Definition 5.1: (cid:104)| ? T.S |(cid:105) x = (cid:8) x ( t ) . ( Q t | Q x ) | Q t ∈ (cid:104)| T |(cid:105) t ∧ Q x ∈ (cid:104)| S |(cid:105) x (cid:9) OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 49
We may then let P x = x ( t ) . ( Q t | Q x ) where Q t ∈ (cid:104)| T |(cid:105) t and Q x ∈ (cid:104)| S |(cid:105) x . Consideringthis, and by applying Rules ( R-ChCom ) and (
R-Fwd ) (cf. Figure 4) we have: Q = G | ( ν x ) (cid:0) x ( w ) . (cid:0) [ v ↔ w ] | P ∗ (cid:1) | P x (cid:1) = G | ( ν x ) (cid:0) x ( w ) . (cid:0) [ v ↔ w ] | P ∗ (cid:1) | x ( t ) . ( Q t | Q x ) (cid:1) → G | ( ν x ) (cid:0) ( ν w ) (cid:0) [ v ↔ w ] | P ∗ | Q w | Q x (cid:1)(cid:1) (cid:44) → G | Q v | ( ν x ) (cid:0) P ∗ | Q x (cid:1) (cid:44) Q (cid:48) (Recall that (cid:44) → is structural congruence extended with a reduction by Rule ( R-Fwd ).)We shall show that Q (cid:48) ∈ B . Let us consider/recall the provenance of its differentcomponents:(a) G ∈ (cid:104)| Γ |(cid:105) (b) Since Q v stands for Q t [ w/t ][ v/w ], we have Q v ∈ (cid:104)| T |(cid:105) v .(c) P ∗ ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:77) .(d) Q x ∈ (cid:104)| S |(cid:105) x By Proposition B.4, Items (a) and (b) above entail:(e) G | Q v ∈ (cid:104)| Γ , v : T |(cid:105) In turn, by considering Items (c), (d), and (e), together with Equation (B.6), it isimmediate to see that Q (cid:48) ∈ B . Therefore, Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) , as desired. Sub-case (ii).
Let Q = G | ( ν y ) (cid:0) y ( t ) .P ∗ | P y (cid:1) be an arbitrary process in A . Since P y ∈ (cid:104)| ! T.S |(cid:105) y , by Definition 5.1 we have P y = y ( k ) . ( Q k | Q y ), where Q k ∈ (cid:104)| T |(cid:105) k and Q y ∈ (cid:104)| S |(cid:105) y . Considering this, and by applying Rule ( R-ChCom ) (cf. Figure 4), we have: Q = G | ( ν y ) (cid:0) y ( t ) .P ∗ | P y (cid:1) = G | ( ν y ) (cid:0) y ( t ) .P ∗ | y ( k ) . ( Q k | Q y ) (cid:1) → G | ( ν y ) (cid:0) ( ν k )( P ∗ [ k/t ] | Q k ) | Q y (cid:1) (cid:44) Q (cid:48)(cid:48) We shall show that Q (cid:48)(cid:48) (cid:43) R , for some R ∈ B . Let us consider/recall the provenance ofits different components:(a) G ∈ (cid:104)| Γ , v : T |(cid:105) (b) By Lemma B.3, P ∗ [ k/t ] ∈ (cid:76) Γ , y : S, k : T (cid:96) ST P [ k / t ] (cid:77) .(c) Q k ∈ (cid:104)| T |(cid:105) k (d) Q y ∈ (cid:104)| S |(cid:105) y Furthermore, we can infer:(e) From (a) and Proposition B.4, there must exist G ∗ and G v such that G = G ∗ | G v , G ∗ ∈ (cid:104)| Γ |(cid:105) , and G v ∈ (cid:104)| T |(cid:105) v .(f) By combining (b), (c) and (d), together with Proposition B.4, we have that( ν y ) (cid:0) ( ν k )( P ∗ [ k/t ] | Q k ) | Q y (cid:1) ∈ (cid:104)| Γ |(cid:105) .Given this, we can rewrite Q (cid:48)(cid:48) as follows: Q (cid:48)(cid:48) = G ∗ | G v | ( ν y ) (cid:0) ( ν k )( P ∗ [ k/t ] | Q k ) | Q y (cid:1) (B.8)We now consider an arbitrary R ∈ B . By Equation (B.7), we have that R (cid:44) G (cid:48) | ( ν y ) (cid:0) Q | P (cid:48) y (cid:1) (B.9)with(a (cid:48) ) G (cid:48) ∈ (cid:104)| Γ |(cid:105) (b (cid:48) ) Q ∈ (cid:76) Γ , y : S, v : T (cid:96) ST P [ v / t ] (cid:77) (c (cid:48) ) P (cid:48) y ∈ (cid:104)| S |(cid:105) y By Lemma 5.3 and (c (cid:48) ), we can infer: P (cid:48) y (cid:96) LL y : (cid:74) S (cid:75) f l ; and by Theorem 5.1 and (b (cid:48) ), wecan infer: Q (cid:96) LL (cid:74) Γ , y : S, v : T (cid:75) f l . Finally, we have:(d (cid:48) ) ( ν y ) (cid:0) Q | P (cid:48) y (cid:1) (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) v : T (cid:75) f l We now compare Q (cid:48)(cid:48) and R (as in Equation (B.8) and Equation (B.9), respectively). ByLemma 5.3 and (e) and (f) above, it is easy to see that Q (cid:48)(cid:48) , R (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l , (cid:74) v : T (cid:75) f l .Then, by Definition 5.10, we have that Q (cid:48)(cid:48) (cid:43) R . Therefore, there is an R such that Q (cid:48)(cid:48) (cid:43) R , with R ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) , as desired. This concludes the analysis for Case ( R-Com ).(2) Case (
R-Case ): P (cid:44) ( ν xy : S (cid:48) )( x (cid:47) l j .Q | y (cid:46) { l i : R i } i ∈ I ) → ( ν xy : S (cid:48)(cid:48) )( Q | R j ) (cid:44) P (cid:48) Since Γ (cid:96) ST P , then by inversion S (cid:48) = ⊕{ l i : S i } i ∈ I for some S i , with i ∈ I . Forsimplicity, let us write T i to denote the dual of any S i . As a result of the reduction, wehave S (cid:48)(cid:48) = S j for some j ∈ I . Again by inversion we have the following derivation: ( T-Sel ) Γ , x : S j (cid:96) ST Q ∃ j ∈ I Γ , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .Q ( T-Brch ) Γ , y : T i (cid:96) ST R i ∀ i ∈ I Γ , y : & { l i : T i } i ∈ I (cid:96) ST y (cid:46) { l i : R i } i ∈ I (Γ , x : ⊕{ l i : S i } i ∈ I ) , (Γ , y : & { l i : T i } i ∈ I ) (cid:96) ST x (cid:47) l j .Q | y (cid:46) { l i : R i } i ∈ I ( T-Par ) Γ , Γ (cid:96) ST ( ν xy : S (cid:48) )( x (cid:47) l j .Q | y (cid:46) { l i : R i } i ∈ I ) ( T-Res ) By Definition 5.8 the rewriting of P is as follows: (cid:76) Γ (cid:96) ST P (cid:77) = (cid:76) Γ (cid:96) ST ( ν xy : S (cid:48) )( x (cid:47) l j .Q | y (cid:46) { l i : R i } i ∈ I ) (cid:77) = (cid:8) C [ Q ] | G | C ∈ C x :& { l i : T i } i ∈ I , Q ∈ (cid:76) Γ , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .Q (cid:77) , G ∈ (cid:104)| Γ |(cid:105) (cid:9) ∪ (cid:8) G | C [ Q ] | C ∈ C y : ⊕{ l i : S i } i ∈ I , Q ∈ (cid:76) Γ , y : & { l i : T i } i ∈ I (cid:96) ST y (cid:46) { l i : R i } i ∈ I (cid:77) , G ∈ (cid:104)| Γ |(cid:105) (cid:9) = A ∪ A where: A = (cid:8) G | ( ν x ) (cid:0) x (cid:47) l j .Q ∗ | P x (cid:1) | Q ∗ ∈ (cid:76) Γ , x : S j (cid:96) ST Q (cid:77) , P x ∈ (cid:104)| & { l i : T i } i ∈ I |(cid:105) x , G ∈ (cid:104)| Γ |(cid:105) (cid:9) (B.10) A = (cid:8) G | ( ν y ) (cid:0) y (cid:46) { l i : R ∗ i } i ∈ I | P y (cid:1) | R ∗ i ∈ (cid:76) Γ , y : T i (cid:96) ST R i (cid:77) , P y ∈ (cid:104)| ⊕ { l i : S i } i ∈ I |(cid:105) y , G ∈ (cid:104)| Γ |(cid:105) (cid:9) (B.11)Before spelling out the rewriting of P (cid:48) , we record some considerations. By Theorem 5.1, M ∈ (cid:76) Γ (cid:96) ST P (cid:77) implies M (cid:96) LL (cid:74) Γ (cid:75) f l . Since P → P (cid:48) , then by Theorem 2.3 we haveΓ (cid:96) ST P (cid:48) . Again, by Theorem 5.1, O ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) implies O (cid:96) LL (cid:74) Γ (cid:75) f l . By Definition 5.8the encoding of P (cid:48) is as follows: (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) = (cid:76) Γ (cid:96) ST ( ν xy : S j )( Q | R j ) (cid:77) = (cid:8) G (cid:48) | C (cid:48) (cid:0) Q ∗ (cid:1) | C (cid:48) ∈ C x : T j , Q ∗ ∈ (cid:76) Γ , x : S j (cid:96) ST Q (cid:77) , G (cid:48) ∈ (cid:104)| Γ |(cid:105) (cid:9) ∪{ G (cid:48) | C (cid:48) (cid:0) R ∗ j (cid:1) | C (cid:48) ∈ C y : S j , R ∗ j ∈ (cid:76) Γ , y : T j (cid:96) ST R j (cid:77) , G (cid:48) ∈ (cid:104)| Γ |(cid:105) = B ∪ B where: B = (cid:8) G (cid:48) | ( ν x )( Q ∗ | P (cid:48) x ) | Q ∗ ∈ (cid:76) Γ , x : S j (cid:96) ST Q (cid:77) , P (cid:48) x ∈ (cid:104)| T j |(cid:105) x , G (cid:48) ∈ (cid:104)| Γ |(cid:105) (cid:9) (B.12) B = { G (cid:48) | ( ν y )( R ∗ j | P (cid:48) y ) | R ∗ j ∈ (cid:76) Γ , y : T j (cid:96) ST R j (cid:77) , P (cid:48) y ∈ (cid:104)| S j |(cid:105) y , G (cid:48) ∈ (cid:104)| Γ |(cid:105)} (B.13)We now show that every process in (cid:76) Γ (cid:96) ST P (cid:77) reduces into a process in (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) .We address two sub-cases:(i) We show that every process in A (cf. Equation (B.10)) reduces to a process in B (cf. Equation (B.12));(ii) Similarly, we show that every process in A (cf. Equation (B.11)) reduces to aprocess in B (cf. Equation (B.13)). Sub-case (i) . Let Q = G | ( ν x ) (cid:0) x (cid:47) l j .Q ∗ | P x (cid:1) be an arbitrary process in A , with Q ∗ ∈ (cid:76) Γ , x : S j (cid:96) ST Q (cid:77) and P x ∈ (cid:104)| & { l i : T i } i ∈ I |(cid:105) x . By Definition 5.1, we may then let P x = x (cid:46) { l i : P i } i ∈ I , such that P i ∈ (cid:104)| T i |(cid:105) x , for all i ∈ I . By applying Rule ( R-ChCase )(cf. Figure 4), we have: Q (cid:44) G | ( ν x ) (cid:0) x (cid:47) l j .Q ∗ | P x (cid:1) → G | ( ν x ) (cid:0) Q ∗ | P j (cid:1) (cid:44) Q (cid:48) We shall show that Q (cid:48) ∈ B . Let us consider/recall the provenance of its differentcomponents:(a) G ∈ (cid:104)| Γ |(cid:105) (b) Q ∗ ∈ (cid:76) Γ , x : S j (cid:96) ST Q (cid:77) .(c) P j ∈ (cid:104)| T j |(cid:105) x .By considering Items (a) – (c), together with Equation (B.12), it is immediate to seethat Q (cid:48) ∈ B . Therefore, Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) , as desired. Sub-case (ii).
Let Q = G | ( ν y ) (cid:0) y (cid:46) { l i : R ∗ i } i ∈ I | P y (cid:1) be an arbitrary process in A ,with R ∗ i ∈ (cid:76) Γ , y : T i (cid:96) ST R i (cid:77) and P y ∈ (cid:104)| ⊕ { l i : S i } i ∈ I |(cid:105) y . By Definition 5.1, P y is one ofthe processes in the union (cid:83) i ∈ I (cid:8) y (cid:47) l i .P i | P i ∈ (cid:104)| S i |(cid:105) y (cid:9) . We then choose P y = y (cid:47) l j .P j such that j ∈ I and P j ∈ (cid:104)| S j |(cid:105) y . By applying Rule ( R-ChCase ) (cf. Figure 4), we have: Q (cid:44) G | ( ν y ) (cid:0) y (cid:46) { l i : R ∗ i } i ∈ I | y (cid:47) l j .P j (cid:1) → G | ( ν y ) (cid:0) R ∗ j | P j (cid:1) (cid:44) Q (cid:48)(cid:48) We shall show that Q (cid:48)(cid:48) ∈ B . Let us consider/recall the provenance of its differentcomponents:(a) G ∈ (cid:104)| Γ |(cid:105) (b) R ∗ j ∈ (cid:76) Γ , y : T j (cid:96) ST R j (cid:77) .(c) P j ∈ (cid:104)| S j |(cid:105) y .By considering Items (a) – (c), together with Equation (B.13), it is immediate to seethat Q (cid:48)(cid:48) ∈ B . Therefore, Q (cid:48)(cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) , as desired. This concludes the analysis forCase ( R-Case ) (and for Part 1).
Part 2.
Let P ∈ K n and Q ∈ (cid:76) Γ (cid:96) ST P (cid:77) . Suppose that Q → (cid:44) → Q (cid:48) ; we now show that (i) thereis a P (cid:48) such that P → P (cid:48) and (ii) Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) or Q (cid:48) (cid:43) R , for some R ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) .We first argue for (i), i.e., the existence of a reduction P → P (cid:48) . Notice that for thereduction(s) Q → (cid:44) → Q (cid:48) to occur, there must exist two complementary prefixes occurring attop level in Q . By Definition 5.8 and, crucially, by the assumption P ∈ K n , the same two prefixes occur at top-level also in P and can reduce; indeed, without the assumption P ∈ K n ,it could be that P cannot reduce due to a deadlock. Hence, P can mimic the reduction from Q , up to structural congruence: P → P (cid:48) . It then suffices to prove the theorem for M ≡ P ,in which the two prefixes involved occur in contiguous positions and can reduce.To address (ii), we now relate P (cid:48) and Q (cid:48) by considering two main cases for the reductionoriginating from Q (cf. Figure 4): (1) it corresponds to an input-output communicationvia Rule ( R-ChCom ); and (2) it corresponds to a selection-branching interaction via Rule (
R-ChCase ). (The third case, corresponding to Rule (
R-ChRes ), is straightforward using theinduction hypothesis.) We detail these two cases; the analysis largely mirrors the one givenin Part 1:(1) Case M = E (cid:2) ( ν xy : S (cid:48) )( x (cid:104) v (cid:105) .P | y ( t : T ) .P ) (cid:3) → E (cid:2) ( ν xy : S )( P | P [ v/t ]) (cid:3) (cid:44) P (cid:48) .Since Γ (cid:96) ST P , by Theorem 2.2 Γ (cid:96) ST M . By inversion, S (cid:48) = ! T.S for some S . Then,again by inversion Γ = (Γ , v : T ) , Γ . By Definition 5.8, (cid:76) Γ (cid:96) ST M (cid:77) = A ∪ A , where: A = (cid:8) F (cid:2) G | ( ν x ) (cid:0) x ( w ) . (cid:0) [ v ↔ w ] | P ∗ (cid:1) | P x (cid:1) | P ∗ ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:77) , P x ∈ (cid:104)| ? T.S |(cid:105) x , G ∈ (cid:104)| Γ |(cid:105) (cid:3)(cid:9) A = (cid:8) H (cid:2) G | ( ν y ) (cid:0) y ( t ) .P ∗ | P y (cid:1) | P ∗ ∈ (cid:76) Γ , y : S, t : T (cid:96) ST P (cid:77) , P y ∈ (cid:104)| ! T.S |(cid:105) y , G ∈ (cid:104)| Γ , v : T |(cid:105) (cid:3)(cid:9) Also by Definition 5.8, we have that (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) = B ∪ B , where: B = (cid:8) F (cid:2) G (cid:48) | ( ν x ) (cid:0) Q | P (cid:48) x (cid:1) | P (cid:48) x ∈ (cid:104)| S |(cid:105) x , Q ∈ (cid:76) Γ , x : S (cid:96) ST P (cid:77) , G (cid:48) ∈ (cid:104)| Γ , v : T |(cid:105) (cid:3)(cid:9) B = (cid:8) H (cid:2) G (cid:48) | ( ν y ) (cid:0) Q | P (cid:48) y (cid:1) | P (cid:48) y ∈ (cid:104)| S |(cid:105) y , Q ∈ (cid:76) Γ , y : S, v : T (cid:96) ST P [ v / t ] (cid:77) , G (cid:48) ∈ (cid:104)| Γ |(cid:105) (cid:3)(cid:9) We now address two sub-cases:(i) We show that every process Q in A reduces to a process Q (cid:48) in B ;(ii) Similarly, we show that every process Q in A reduces to a process Q (cid:48) in B . Sub-case (i) . Let Q = F (cid:2) G | ( ν x ) (cid:0) x ( w ) . (cid:0) [ v ↔ w ] | P ∗ (cid:1) | P x (cid:1)(cid:3) be an arbitrary processin A , with P x ∈ (cid:104)| ? T.S |(cid:105) x . By Definition 5.1 we have that (cid:104)| ? T.S |(cid:105) x = (cid:8) x ( t ) . ( Q t | Q x ) | Q t ∈ (cid:104)| T |(cid:105) t ∧ Q x ∈ (cid:104)| S |(cid:105) x (cid:9) We may then let P x = x ( t ) . ( Q t | Q x ) where Q t ∈ (cid:104)| T |(cid:105) t and Q x ∈ (cid:104)| S |(cid:105) x . By applyingRules ( R-ChCom ) and (
R-Fwd ) (cf. Figure 4) we have: Q (cid:44) F (cid:2) G | ( ν x ) (cid:0) x ( w ) . (cid:0) [ v ↔ w ] | P ∗ (cid:1) | P x (cid:1)(cid:3) = F (cid:2) G | ( ν x ) (cid:0) x ( w ) . (cid:0) [ v ↔ w ] | P ∗ (cid:1) | x ( t ) . ( Q t | Q x ) (cid:1)(cid:3) → F (cid:2) G | ( ν x ) (cid:0) ( ν w ) (cid:0) [ v ↔ w ] | P ∗ | Q w | Q x (cid:1)(cid:1)(cid:3) (cid:44) → F (cid:2) G | Q v | ( ν x ) (cid:0) P ∗ | Q x (cid:1)(cid:3) (cid:44) Q (cid:48) It is then easy to see that Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) . Sub-case (ii) . Let Q = H (cid:2) G | ( ν y ) (cid:0) y ( t ) .P ∗ | P y (cid:1)(cid:3) be an arbitrary process in A .By Definition 5.1, since P y ∈ (cid:104)| ! T.S |(cid:105) y , we may then let P y = y ( k ) . ( Q k | Q y ) where Q k ∈ (cid:104)| T |(cid:105) k and Q y ∈ (cid:104)| S |(cid:105) y . By applying Rule ( R-ChCom ) (cf. Figure 4), we have: Q (cid:44) H (cid:2) G | ( ν y ) (cid:0) y ( t ) .P ∗ | P y (cid:1)(cid:3) = H (cid:2) G | ( ν y ) (cid:0) y ( t ) .P ∗ | y ( k ) . ( Q k | Q y ) (cid:1)(cid:3) → H (cid:2) G | ( ν y ) (cid:0) ( ν k )( P ∗ [ k/t ] | Q k ) | Q y (cid:1)(cid:3) (cid:44) Q (cid:48) OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 53
By Lemma B.3, P ∗ [ k/t ] ∈ (cid:76) Γ , y : S, k : T (cid:96) ST P [ k / t ] (cid:77) . Also, by Proposition B.4 we canrewrite G as G = G ∗ | G v , such that G ∗ ∈ (cid:74) Γ (cid:75) f l and G v ∈ (cid:74) v : T (cid:75) f l . Then, we canrewrite Q (cid:48) as follows: Q (cid:48) = H (cid:2) G ∗ | G v | ( ν y ) (cid:0) ( ν k )( P ∗ [ k/t ] | Q k ) | Q y (cid:1)(cid:3) It is then easy to see that Q (cid:48) (cid:43) R , with R ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) , as wanted.(2) Case M = E (cid:2) ( ν xy : S (cid:48) )( x (cid:47) l j .Q | y (cid:46) { l i : R i } i ∈ I ) (cid:3) → E (cid:2) ( ν xy : S (cid:48)(cid:48) )( Q | R j ) (cid:3) (cid:44) P (cid:48) .Since Γ (cid:96) ST P , by Theorem 2.2 also Γ (cid:96) ST M . By inversion let S (cid:48) = ⊕{ l i : S i } i ∈ I forsome session types S i ( i ∈ I ). By Definition 5.8, (cid:76) Γ (cid:96) ST M (cid:77) = A ∪ A , where: A = (cid:8) F (cid:2) G | ( ν x ) (cid:0) x (cid:47) l j .Q ∗ | P x (cid:1) | Q ∗ ∈ (cid:76) Γ , x : S j (cid:96) ST Q (cid:77) , P x ∈ (cid:104)| & { l i : T i } i ∈ I |(cid:105) x , G ∈ (cid:104)| Γ |(cid:105) (cid:3)(cid:9) A = (cid:8) H (cid:2) G | ( ν y ) (cid:0) y (cid:46) { l i : R ∗ i } i ∈ I | P y (cid:1) | R ∗ i ∈ (cid:76) Γ , y : T i (cid:96) ST R i (cid:77) , P y ∈ (cid:104)| ⊕ { l i : S i } i ∈ I |(cid:105) y , G ∈ (cid:104)| Γ |(cid:105) (cid:3)(cid:9) Also, by Definition 5.8, we have that (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) = B ∪ B , where: B = (cid:8) F (cid:2) G (cid:48) | ( ν x )( Q ∗ | P (cid:48) x ) | Q ∗ ∈ (cid:76) Γ , x : S j (cid:96) ST Q (cid:77) , P (cid:48) x ∈ (cid:104)| T j |(cid:105) x , G (cid:48) ∈ (cid:104)| Γ |(cid:105) (cid:3)(cid:9) B = (cid:8) H (cid:2) G (cid:48) | ( ν y )( R ∗ j | P (cid:48) y ) | R ∗ j ∈ (cid:76) Γ , y : T j (cid:96) ST R j (cid:77) , P (cid:48) y ∈ (cid:104)| S j |(cid:105) y , G (cid:48) ∈ (cid:104)| Γ |(cid:105) (cid:3)(cid:9) As before, we now address two sub-cases:(i) We show that every process Q in A reduces to a process Q (cid:48) in B ;(ii) Similarly, we show that every process Q in A reduces to a process Q (cid:48) in B . Sub-case (i) . Let Q = F (cid:2) G | ( ν x ) (cid:0) x (cid:47) l j .Q ∗ | P x (cid:1)(cid:3) be an arbitrary process in A . ByDefinition 5.1, since P x ∈ (cid:104)| & { l i : T i } i ∈ I |(cid:105) x , then P x = x (cid:46) { l i : P i } i ∈ I with P i ∈ (cid:104)| T i |(cid:105) x ,for all i ∈ I . By applying Rule ( R-ChCase ) (cf. Figure 4), and letting j ∈ I we have: Q (cid:44) F (cid:2) G | ( ν x ) (cid:0) x (cid:47) l j .Q ∗ | P x (cid:1)(cid:3) → F (cid:2) G | ( ν x ) (cid:0) Q ∗ | P j (cid:1)(cid:3) (cid:44) Q (cid:48) It is then easy to see that Q (cid:48) ∈ B , and therefore Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) , as desired. Sub-case (ii) . Let Q = H (cid:2) G | ( ν y ) (cid:0) y (cid:46) { l i : R ∗ i } i ∈ I | y (cid:47) l j .P j (cid:1)(cid:3) be an arbitrary processin A , with R ∗ i ∈ (cid:76) Γ , y : T i (cid:96) ST R i (cid:77) . By Definition 5.1, since P y ∈ (cid:104)| ⊕ { l i : S i } i ∈ I |(cid:105) y = (cid:83) i ∈ I (cid:8) y (cid:47) l i .P i | P i ∈ (cid:104)| S i |(cid:105) y (cid:9) , it means that P y is one of the processes in the union.We may then choose P y = y (cid:47) l j .P j such that j ∈ I and P j ∈ (cid:104)| S j |(cid:105) y . By applyingRule ( R-ChCase ) (cf. Figure 4) we have: Q (cid:44) H (cid:2) G | ( ν y ) (cid:0) y (cid:46) { l i : R ∗ i } i ∈ I | y (cid:47) l j .P j (cid:1)(cid:3) → H (cid:2) G | ( ν y ) (cid:0) R ∗ j | P j (cid:1)(cid:3) (cid:44) Q (cid:48) Since P j ∈ (cid:104)| S j |(cid:105) y and P (cid:48) y ∈ (cid:104)| S j |(cid:105) y , it is then easy to see that Q (cid:48) ∈ B , and therefore Q (cid:48) ∈ (cid:76) Γ (cid:96) ST P (cid:48) (cid:77) , as desired. This concludes the analysis for this case (and for Part 2). un (Γ)Γ (cid:5) ∅ (cid:96) ST ( T-NilD ) Γ (cid:5) Ψ (cid:96) ST P Γ (cid:5) Φ (cid:96) ST Q Γ , Γ (cid:5) Ψ , Φ (cid:96) ST P | Q ( T-ParD )( T-InD ) Γ , x : S, y : T (cid:5) Ψ (cid:96) ST P Γ + , x : ? T.S + (cid:5) Ψ + , ( x, y, (cid:96) ST x ( y ) .P ( T-OutD ) Γ , x : S (cid:5) Ψ (cid:96) ST P Γ + , x : ! T.S + , y : T (cid:5) Ψ + , (cid:104) x, y, (cid:105) (cid:96) ST x (cid:104) y (cid:105) .P ( T-BrchD ) Γ , x : S i (cid:5) Ψ (cid:96) ST P i ∀ i ∈ I Γ + , x : & { l i : S i } i ∈ I (cid:5) Ψ (cid:96) ST x (cid:46) { l i : P i } i ∈ I ( T-SelD ) Γ , x : S j (cid:5) Ψ (cid:96) ST P ∃ j ∈ I Γ + , x : ⊕{ l i : S i } i ∈ I (cid:5) Ψ (cid:96) ST x (cid:47) l j .P ( T-ResD ) Γ , x : T, y : T (cid:5) Ψ (cid:96) ST P Ψ (cid:16) x,y Ψ ↓ x , Ψ ↓ y , Ψ (cid:48) Γ (cid:5) Ψ (cid:48) (cid:96) ST ( ν xy ) P Figure 10: Typing rules for the π - calculus with session types with value dependency tracking. Appendix C. Details on the Second Rewriting Procedure ( § C.1.
A Session Type System for Value Dependencies.
We define an extension of thesession type system in §
2, in which typing judgments are of the formΓ (cid:5) Ψ (cid:96) ST P where the typing context Γ is as before and the new dependency context Ψ contains triples( a, x, n ) and (cid:104) a, x, n (cid:105) , with n ≥
0: while the first triple denotes an input of object x alongsubject a , the latter denotes output prefixes. As a result, the dependency context Ψ describesall communication prefixes in P and their distance to top-level. Indeed, the n in ( a, x, n )and (cid:104) a, x, n (cid:105) helps us to track the position of the process prefix in relation to its sessiontype, and to describe several value dependencies along a certain name. To this end, weconsider annotated output and input session types, written ! n S.T and ? n S.T (with n ≥ , Φ , . . . to denote dependency contexts; we sometimes writeΨ( (cid:101) x ) to make explicit that Ψ concerns names in the sequence (cid:101) x (and similarly for Γ( (cid:101) x )).Figure 10 gives the typing rules required for supporting Ψ and annotated session types;they make use of the following auxiliary notions. Definition C.1.
Given an annotated session type S and contexts Ψ and Γ, operations S + and Ψ + and Γ + increment annotations in types and in triples:(! n S.T ) + (cid:44) ! n +1 S.T + (Ψ , ( a, x, n )) + (cid:44) Ψ + , ( a, x, n + 1)(? n S.T ) + (cid:44) ? n +1 S.T + (Ψ , (cid:104) a, x, n (cid:105) ) + (cid:44) Ψ + , (cid:104) a, x, n + 1 (cid:105) & { l i : S i } i ∈ I + (cid:44) & { l i : S + i } i ∈ I (Γ , x : T ) + (cid:44) Γ + , x : T + ⊕{ l i : S i } i ∈ I + (cid:44) ⊕{ l i : S + i } i ∈ I ( · ) + (cid:44) · end + (cid:44) end OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 55
We discuss the new typing rules for sessions with value dependencies, given in Figure 10.The most interesting cases are (
T-InD ) and (
T-OutD ), which record communication subjectsand objects as they occur in the input and output processes, respectively. The numberannotation tracks the “distance” from top-level, which in the case of top-level input oroutput is simply 0. The annotations related to the continuation process P are incremented,as captured by S + and Ψ + (cf. Definition C.1). Rule ( T-ParD ) simply combines the prefixinformation in the two parallel sub-processes.To formalize Rule (
T-ResD ), we need a couple of auxiliary definitions. We write Ψ ↓ x to denote the result of “projecting” Ψ onto name x , giving the set containing all tuples inwhich x appears free, namely as input subject, output subject or output object. Formally: Definition C.2 (Projection of Ψ) . Let Ψ be a context, and x a name.Ψ ↓ x (cid:44) { ( x, w, n ) ∈ Ψ ∨ (cid:104) x, w, n (cid:105) ∈ Ψ ∨ (cid:104) w, x, n (cid:105) ∈ Ψ , for some name w and n ≥ } With this notion, we now define the decomposition of context Ψ under names x and y : Definition C.3 (Decomposition of Ψ) . Let Ψ be a context, and x and y names. The decomposition of Ψ under x and y is defined as follows:Ψ (cid:16) x,y Ψ ↓ x , Ψ ↓ y , Ψ (cid:48) such that Ψ (cid:48) = (Ψ \ Ψ ↓ x ) ∪ (Ψ \ Ψ ↓ y ).Rule ( T-ResD ) decomposes Ψ using Definition C.3: context Ψ, used to type process P , isdecomposed under names x and y ; the remaining context Ψ (cid:48) is used to type process ( ν xy ) P .Thus, intuitively, since Ψ is used to track free names in P , then triples where x and y occurfree must be removed from Ψ in order to type ( ν xy ) P . Remaining rules are self-explanatory.It is immediate to see that main results for the type system in § Example C.1 (The Extended Type System at Work) . Using the rules in Figure 10, wehave the following typing derivation for process a (cid:104) n (cid:105) .b ( u ) .c (cid:104) u (cid:105) . (similar to sub-process a (cid:104) n (cid:105) .a ( u ) .a (cid:104) u (cid:105) . from Example 6.1): a : end , b : end , c : end (cid:5) ∅ (cid:96) ST ( T-NilD ) a : end , b : end , c : ! U. end , u : U (cid:5) (cid:104) c, u, (cid:105) (cid:96) ST c (cid:104) u (cid:105) . ( T-OutD ) a : end , b : ? U. end , c : ! U. end (cid:5) ( b, u, , (cid:104) c, u, (cid:105) (cid:96) ST b ( u ) .c (cid:104) u (cid:105) . ( T-InD ) a : ! end . end , b : ? U. end , c : ! U. end (cid:124) (cid:123)(cid:122) (cid:125) Γ (cid:5) (cid:104) a, n , (cid:105) , ( b, u, , (cid:104) c, u, (cid:105) (cid:124) (cid:123)(cid:122) (cid:125) Ψ (cid:96) ST a (cid:104) n (cid:105) .b ( u ) .c (cid:104) u (cid:105) . ( T-OutD ) where U (cid:44) ? end . end . Using Ψ , the dependency between sessions c and b can be read as:“the output on c , which is two prefixes away from top-level, depends on the value received on b , which is one prefix away”. C.2.
Value Dependencies.
Given a typed process Γ (cid:5) Ψ (cid:96) ST P , we now define the valuedependencies induced by prefixes in P , but not captured by Γ: Definition C.4 (Set of Value Dependencies) . Let P be a process such that Γ (cid:5) Ψ (cid:96) ST P .The value dependencies of P are given by the set (cid:76) Ψ (cid:77) , which is defined as (cid:76) Ψ (cid:77) (cid:44) (cid:8) ( x n , z m ) | ∃ y. ( x, y, n ) ∈ Ψ ∧ (cid:104) z, y, m (cid:105) ∈ Ψ (cid:9) We sometimes write ( x n , z m ) : S when the dependency involves a value of type S . We write dom (Ψ) to stand for the set { x | ( x n , z m ) ∈ (cid:76) Ψ (cid:77) ∨ ( z m , x n ) ∈ (cid:76) Ψ (cid:77) } .Thus, the pair ( a n , b m ) denotes a value dependency of an (output) prefix along session b on an (input) prefix along session a . Example C.2.
Consider process Γ (cid:5) Ψ (cid:96) ST a (cid:104) n (cid:105) .b ( u ) .c (cid:104) u (cid:105) . from Example C.1. We can nowtrack the value dependency between c and b , because (cid:76) Ψ (cid:77) = { ( b , c ) } . Similarly, sub-process a (cid:104) n (cid:105) .a ( u ) .a (cid:104) u (cid:105) . from Example 6.1 has a value dependency ( a , a ) . We now develop some auxiliary definitions, which are required to define characteristicprocesses and catalyzers that exploit value dependencies.We may interpret (cid:76) Ψ (cid:77) as a binary relation on typing assignments in Γ, in which each( w nj , w mk ) ∈ (cid:76) Ψ (cid:77) , with Γ( w j ) = T j and Γ( w k ) = T k , defines a pair ( w j : T j , w k : T k ). In turn,this relation can be seen as a directed graph, with edges w j : T j → w k : T k . In the following,we shall consider only typed processes whose associated (cid:76) Ψ (cid:77) : • is simple, i.e., for any x, z, S there is at most one dependency ( x n , z m ) : S ∈ (cid:76) Ψ (cid:77) . • determines a tree-like structure, without cycles, on Γ.While considering simple (cid:76) Ψ (cid:77) simplifies some definitions, considering tree-like structures(rather than arbitrary relations) is necessary to ensure that the characteristic processesobtained from Γ and Ψ are typable in L ; see Lemma C.8 and Lemma C.12 below.A tree-like interpretation of Γ via (cid:76) Ψ (cid:77) does not necessarily define a fully connectedstructure. For instance, Γ can have assignments not involved in any value dependency.Actually, (cid:76) Ψ (cid:77) defines a forest (a set of trees). This is formalized in the definition below,where the index i relates w i : T i (a type assignment) and T i (its corresponding tree): Definition C.5 (Forest of a Context) . Let Γ = w : T , . . . , w n : T n be a typing context and Ψits associated dependency context. The forest of Γ (under Ψ ) is defined as F Ψ (Γ) = { T j } j ∈ J ,where each T j is interpreted as a tree with root w j : T j ∈ Γ. Each dependency ( w nj , w mk ) ∈ (cid:76) Ψ (cid:77) (if any) defines a relation between parent T j and child T k , which is a tree inductively definedwith root w k : T k . We write child ( T j ) to denote the set of offspring of T j .We illustrate the above notions by means of examples. Example C.3 (No Dependencies) . If Γ = w : T , . . . , w n : T n and (cid:76) Ψ (cid:77) = ∅ then the forestof Γ will have as many trees as there are assignments in it, i.e., F Ψ (Γ) = { T , . . . , T n } ,with child ( T i ) = ∅ , for all T i . Example C.4 (A Simple Tree) . Let Γ and Ψ be such that Γ = x : ? S. end , x : ! S. ? T . ? T . end , x : ! T . end , x : ! T . end (cid:76) Ψ (cid:77) = { ( x , x ) : S, ( x , x ) : T , ( x , x ) : T } where we have omitted annotations. Note that (cid:76) Ψ (cid:77) is simple and induces a tree-like structure.Indeed we have: child ( T ) = { T } , child ( T ) = { T , T } , child ( T ) = child ( T ) = ∅ , andso the forest F Ψ (Γ) contains a single tree with two levels, with root x : T .As a non-example of a simple, tree-like structure, consider: Γ (cid:48) = x : ? S. ! T. end , x : ! S. ? T. end (cid:76) Ψ (cid:48) (cid:77) = { ( x , x ) : S, ( x , x ) : T } Clearly, (cid:76) Ψ (cid:48) (cid:77) induces a graph-like structure, with a simple cycle, on Γ (cid:48) . OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 57
We now move on to exploit both the value dependencies (cid:76) Ψ (cid:77) and the (annotated) contextΓ to refine the definitions of characteristic processes (Definition 5.1) and catalyzer contexts(Definition 5.4).C.3. Characteristic Processes Refined with Value Dependencies.
To refine thedefinition of characteristic processes, the key idea is simple: given a dependency ( a n , b m )between two sessions a : ? n T.S and b : ! m T.S , rather than implementing two isolatedcharacteristic processes for the two sessions, we use a so-called bridging session (denoted c ab ) to implement the dependency between the characteristic processes. To this end, we firstrevisit Definition 5.1, as follows: Definition C.6 (Characteristic Processes of a Session Type, with Value Dependencies) . Let Ψ be a dependency context. Given a name x , the set of characteristic processes of the(annotated) session type T under Ψ, denoted (cid:104)| T |(cid:105) x Ψ , is inductively defined as follows: (cid:104)| ? n T (cid:48) .S |(cid:105) x Ψ (cid:44) (cid:40)(cid:8) x ( y ) .c xz ( w ) . ([ y ↔ w ] | Q ) | Q ∈ (cid:104)| S |(cid:105) x Ψ (cid:9) if ( x n , z m ) ∈ (cid:76) Ψ (cid:77) (cid:8) x ( y ) . ( P | Q ) | P ∈ (cid:104)| T (cid:48) |(cid:105) y Ψ ∧ Q ∈ (cid:104)| S |(cid:105) x Ψ (cid:9) otherwise (cid:104)| ! n T (cid:48) .S |(cid:105) x Ψ (cid:44) (cid:40)(cid:8) c zx ( y ) .x ( w ) . ([ y ↔ w ] | Q ) | Q ∈ (cid:104)| S |(cid:105) x Ψ (cid:9) if ( z m , x n ) ∈ (cid:76) Ψ (cid:77) (cid:8) x ( y ) . ( P | Q ) | P ∈ (cid:104)| T (cid:48) |(cid:105) y Ψ ∧ Q ∈ (cid:104)| S |(cid:105) x Ψ (cid:9) otherwise (cid:104)| & { l i : S i } i ∈ I |(cid:105) x Ψ (cid:44) (cid:8) x (cid:46) { l i : P i } i ∈ I | ∀ i ∈ I. P i ∈ (cid:104)| S i |(cid:105) x Ψ (cid:9) (cid:104)| ⊕ { l i : S i } i ∈ I |(cid:105) x Ψ (cid:44) (cid:91) i ∈ I (cid:8) x (cid:47) l i .P i | P i ∈ (cid:104)| S i |(cid:105) x Ψ (cid:9) (cid:104)| end |(cid:105) x Ψ (cid:44) { } Changes with respect to Definition 5.1 are in the cases of input and output types, whichnow implement an additional session if, according to (cid:76) Ψ (cid:77) , the respective sessions are involvedin a value dependency. Indeed, the definition of (cid:104)| ? n T.S |(cid:105) x Ψ forwards the value received on x along a channel c xz whenever sessions along x and z are related via a value dependency.Accordingly, the first action in the definition of (cid:104)| ! n T.S |(cid:105) x Ψ is an input along c xz : the receivedvalue will be emitted along x , thus completing the intended forwarding.Using this refined definition of characteristic processes, we may now revisit the definitionof the characteristic processes of a typing context (Definition 5.2). In order to ensuretype preservation (cf. Lemma C.8 below), the main difference is the need for outermostrestrictions that hide the behavior along the bridging sessions created in Definition C.6. Weuse the tree-like interpretation of Ψ (Definition C.5) to appropriately close these bridgingsessions: Definition C.7 (Characteristic Processes of a Typing Context, with Value Dependencies) . Assume Γ = w : T , . . . , w n : T n and Ψ. Recall that T i denotes the tree rooted by w i : T i ∈ Γ.(1) The set of processes N i is defined for each T i (with 1 ≤ i ≤ n ) as: (cid:40) (cid:104)| T i |(cid:105) w i Ψ if child ( T i ) = ∅{ ( ν (cid:93) c w i w j )( Q | (cid:81) j ∈{ ,...,m } Q j ) | Q ∈ (cid:104)| T i |(cid:105) w i Ψ ∧ Q j ∈ N j } if child ( T i ) = { T , . . . , T m } . (C.1)(2) Suppose that F Ψ (Γ) = { T , . . . , T k } , with 1 ≤ k ≤ n . The characteristic processes of Γis defined as the set (cid:104)| Γ |(cid:105) Ψ (cid:44) { P | · · · | P k | P i ∈ N i } with N i as in (1). Thus, the set of characteristic processes of Γ is built by exploiting the hierarchy oftype assignments defined by F Ψ (Γ). This is required, because we need to connect eachindividual characteristic process using the bridging sessions c w i w j . This definition is a strictgeneralization of Definition 5.2: with (cid:76) Ψ (cid:77) = ∅ , every set N i coincides with the set (cid:104)| T i |(cid:105) w i Ψ (cf.Definition C.6), which in turn coincides with (cid:104)| T i |(cid:105) w i (cf. Definition 5.1) if (cid:76) Ψ (cid:77) = ∅ .The following examples serve to illustrate this definition: Example C.5.
Consider Γ and Ψ as in Example C.1 for sub-process a (cid:104) n (cid:105) .a ( u ) .a (cid:104) u (cid:105) . : Γ (cid:44) a : ! end . end , a : ? U. end , a : ! U. end Ψ (cid:44) (cid:104) a , n , (cid:105) , ( a , u, , (cid:104) a , u, (cid:105) By Definition C.4, (cid:76) Ψ (cid:77) = { ( a , a ) } . Also, by Definition C.5, F Ψ (Γ ) = { T , T } , with child ( T ) = child ( T ) = ∅ and child ( T ) = { T } . Recalling that U (cid:44) ? end . end , we have: N = (cid:104)| ! end . end |(cid:105) a Ψ N = (cid:104)| ! U. end |(cid:105) a Ψ N = { ( ν c a a )( Q | Q ) | Q ∈ (cid:104)| ? U. end |(cid:105) a Ψ , Q ∈ N } Notice that by Definition C.6 processes in N are of the form c a a ( w ) .a ( v ) . ([ w ↔ v ] | Q (cid:48) ) with Q (cid:48) ∈ (cid:104)| end |(cid:105) a Ψ ! . Given these sets, we have (cid:104)| Γ |(cid:105) Ψ (cid:44) { P | P | P ∈ N , P ∈ N } . Example C.6.
Let Γ and Ψ be as in Example C.4. Expanding Definition C.7, we have: N = (cid:104)| ! T . end |(cid:105) x Ψ N = (cid:104)| ! T . end |(cid:105) x Ψ N = { ( ν c x x )(( ν c x x )( Q | Q ) | Q ) | Q ∈ (cid:104)| ! S. ? T . ? T . end |(cid:105) x Ψ , Q ∈ N , Q ∈ N } N = { ( ν c x x )( Q | Q ) | Q ∈ (cid:104)| ? S. end |(cid:105) x Ψ , Q ∈ N } Recall that by Definition C.6 all processes in N will implement an input on c x x . Similarly,all processes in N will implement an input on c x x . Then, processes in (cid:104)| T |(cid:105) x Ψ implementthe dependency by providing corresponding outputs. With these sets in place, and given that F Ψ (Γ) = { T } , we have that (cid:104)| Γ |(cid:105) Ψ (cid:44) { P | P ∈ N } . Characteristic processes with value dependencies are well-typed in the system of § Lemma C.8.
Let T , Γ, and Ψ be an annotated session type, a session typing context, anda dependency context, respectively.(1) For all P ∈ (cid:104)| T |(cid:105) x Ψ , we have P (cid:96) LL x : (cid:74) T (cid:75) f l , ∆, for some ∆ (possibly empty).(2) For all P ∈ (cid:104)| Γ |(cid:105) Ψ , we have P (cid:96) LL (cid:74) Γ (cid:75) f l . Proof.
We consider both parts separately, assuming (cid:76) Ψ (cid:77) (cid:54) = ∅ : the case (cid:76) Ψ (cid:77) = ∅ correspondsto Lemma 5.3. Part 1.
The proof is by induction on the structure of T . Thus, there are five cases toconsider. The most interesting cases are those for input and output session types with valuedependencies; by Definition C.6, the other cases (input/output without value dependencies,selection, branching) are as in the proof of Lemma 5.3 ( § B.1).(1) (cid:104)| end |(cid:105) x Ψ = (cid:8) (cid:9) . This case follows easily by the fact that (cid:74) end (cid:75) f l = • and by Rule ( T- ). OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 59 (2) (cid:104)| ? n T.S |(cid:105) x Ψ = (cid:8) x ( y ) .c xz ( w ) . ([ y ↔ w ] | Q ) | Q ∈ (cid:104)| S |(cid:105) x Ψ (cid:9) , if ( x n , z m ) ∈ (cid:76) Ψ (cid:77) .By induction hypothesis, Q (cid:96) LL Θ , x : (cid:74) S (cid:75) f l , for some context Θ. Here we distinguish thefollowing two sub-cases, depending on whether name c xz already occurs in Q .(a) c xz / ∈ dom (Θ). By Rules ( T- ⊗ ) and ( T- (cid:79) ) applied in sequence we have: ( T- id ) [ y ↔ w ] (cid:96) LL y : (cid:74) T (cid:75) f l , w : (cid:74) T (cid:75) f l Q (cid:96) LL x : (cid:74) S (cid:75) f l , Θ Q (cid:96) LL x : (cid:74) S (cid:75) f l , Θ , c xz : • ( ⊥ ) c xz ( w ) . ([ y ↔ w ] | Q ) (cid:96) LL y : (cid:74) T (cid:75) f l , x : (cid:74) S (cid:75) f l , Θ , c xz : (cid:74) T (cid:75) f l ⊗ • ( ⊗ ) x ( y ) .c xz ( w ) . ([ y ↔ w ] | Q ) (cid:96) LL Θ , x : (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l , c xz : (cid:74) T (cid:75) f l ⊗ • ( (cid:79) ) By encoding of types in Figure 8 (bottom), we have (cid:74) ? T.S (cid:75) f l = (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l . Hence,in this case ∆ = Θ , c xz : (cid:74) T (cid:75) f l ⊗ • .(b) ( c xz : (cid:74) U (cid:75) f l ) ∈ Θ. Let Θ = Θ (cid:48) , c xz : (cid:74) U (cid:75) f l . Then, we have the following derivation: ( T- id ) [ y ↔ w ] (cid:96) LL y : (cid:74) T (cid:75) f l , w : (cid:74) T (cid:75) f l Q (cid:96) LL x : (cid:74) S (cid:75) f l , Θ (cid:48) , c xz : (cid:74) U (cid:75) f l c xz ( w ) . ([ y ↔ w ] | Q ) (cid:96) LL y : (cid:74) T (cid:75) f l , x : (cid:74) S (cid:75) f l , Θ (cid:48) , c xz : (cid:74) T (cid:75) f l ⊗ (cid:74) U (cid:75) f l ( ⊗ ) x ( y ) .c xz ( w ) . ([ y ↔ w ] | Q ) (cid:96) LL Θ (cid:48) , x : (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l , c xz : (cid:74) T (cid:75) f l ⊗ (cid:74) U (cid:75) f l ( (cid:79) ) By encoding of types in Figure 8, we have (cid:74) ? T.S (cid:75) f l = (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:75) f l . Hence, in thiscase ∆ = Θ (cid:48) , c xz : (cid:74) T (cid:75) f l ⊗ (cid:74) U (cid:75) f l .(3) (cid:104)| ! n T.S |(cid:105) x Ψ = (cid:8) c zx ( y ) .x ( w ) . ([ y ↔ w ] | Q ) | Q ∈ (cid:104)| S |(cid:105) x Ψ (cid:9) if ( z m , x n ) ∈ (cid:76) Ψ (cid:77) .By induction hypothesis, Q (cid:96) LL x : (cid:74) S (cid:75) f l , Θ, for some typing Θ. Here we distinguish thefollowing two sub-cases, depending on whether name c xz already occurs in Q .(a) c xz / ∈ dom (Θ). By Rules ( T- ⊗ ) and ( T- (cid:79) ) applied in sequence we have: ( T- id ) [ y ↔ w ] (cid:96) LL y : (cid:74) T (cid:75) f l , w : (cid:74) T (cid:75) f l Q (cid:96) LL x : (cid:74) S (cid:75) f l , Θ Q (cid:96) LL x : (cid:74) S (cid:75) f l , Θ , c xz : • ( ⊥ ) x ( w ) . ([ y ↔ w ] | Q ) (cid:96) LL y : (cid:74) T (cid:75) f l , Θ , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , c xz : • ( ⊗ ) c zx ( y ) .x ( w ) . ([ y ↔ w ] | Q ) (cid:96) LL Θ , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , c xz : (cid:74) T (cid:75) f l (cid:79) • ( (cid:79) ) By encoding of types in Figure 8, we have (cid:74) ! T.S (cid:75) f l = (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l . Hence, in thiscase ∆ = Θ , c xz : (cid:74) T (cid:75) f l (cid:79) • .(b) ( c xz : (cid:74) U (cid:75) f l ) ∈ Θ. Let Θ = Θ (cid:48) , c xz : (cid:74) U (cid:75) f l . Then, we have the following derivation: ( T- id ) [ y ↔ w ] (cid:96) LL y : (cid:74) T (cid:75) f l , w : (cid:74) T (cid:75) f l Q (cid:96) LL x : (cid:74) S (cid:75) f l , Θ (cid:48) , c xz : (cid:74) U (cid:75) f l x ( w ) . ([ y ↔ w ] | Q ) (cid:96) LL y : (cid:74) T (cid:75) f l , Θ (cid:48) , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , c xz : (cid:74) U (cid:75) f l ( ⊗ ) c zx ( y ) .x ( w ) . ([ y ↔ w ] | Q ) (cid:96) LL Θ (cid:48) , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , c xz : (cid:74) T (cid:75) f l (cid:79) (cid:74) U (cid:75) f l ( (cid:79) ) By encoding of types in Figure 8, we have (cid:74) ! T.S (cid:75) f l = (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l . Hence, in thiscase ∆ = Θ (cid:48) , c xz : (cid:74) T (cid:75) f l (cid:79) (cid:74) U (cid:75) f l .(4) (cid:104)| & { l i : S i } i ∈ I |(cid:105) x Ψ = (cid:8) x (cid:46) { l i : P i } i ∈ I | ∀ i ∈ I. P i ∈ (cid:104)| S i |(cid:105) x Ψ (cid:9) . This case follows the samelines as the corresponding case in Lemma 5.3.(5) (cid:104)| ⊕ { l i : S i } i ∈ I |(cid:105) x Ψ = (cid:83) i ∈ I (cid:8) x (cid:47) l i .P i | P i ∈ (cid:104)| S i |(cid:105) x Ψ (cid:9) . This case also follows the same linesas the corresponding one in Lemma 5.3. Part 2.
By Definition C.7, every P ∈ (cid:104)| Γ |(cid:105) Ψ is of the form (cid:81) i ∈{ ,...,k } P i , with P i ∈ N i (cf. (C.1)). We first prove that for every P ∈ N i , we have P (cid:96) LL (cid:74) Γ i (cid:75) f l , ∆, where Γ i ⊆ Γand ∆ is possibly empty. Γ i contains w i : T i and assignments connected to w i : T i viadependencies. Recall that N i is defined for each w i : T i . We then proceed by induction on m , the height of T i (the tree associated to w i : T i ): • Base case, m = 0: Then, since T i does not have children, by definition of N i (cf. (C.1)),the sets N i and (cid:104)| T i |(cid:105) w i Ψ coincide. Hence, Lemma C.8(1) ensures that P (cid:96) LL w i : (cid:74) T i (cid:75) f l , forall P ∈ N i . • Inductive case, m >
0. Then, T i has m levels; by Definition C.7, every P m ∈ N i is of theform P m = ( ν (cid:93) c w i w j )( Q | (cid:89) j ∈{ ,...,l } Q j )where Q ∈ (cid:104)| T i |(cid:105) w i Ψ and Q j ∈ N j , for some T , . . . , T l ∈ child ( T i ). Thus, w i has adependency with each of w , . . . , w l , implemented along c w i w , . . . , c w i w l . In fact, byLemma C.8(1): Q (cid:96) LL w i : (cid:74) T i (cid:75) f l , ∆ where ∆ = c w i w : T , . . . , c w i w l : T l .We must prove that P m (cid:96) LL (cid:74) Γ i (cid:75) f l . Recall that processes Q , . . . , Q l are associatedto trees T , . . . , T l ; now, because child ( T i ) = { T , . . . , T l } , the height of these trees is strictly less than that of T i . Therefore, by IH we have Q j (cid:96) LL (cid:74) Γ j (cid:75) f l , ∆ j for each j ∈ { , . . . , l } , where ∆ j = c w i w j : S j , for some S j . By construction, S j is dual to T j . (There are no other assignments in ∆ j , because T j is a proper tree whose only visibleconnection is with its parent T i .) Also, (cid:74) Γ i (cid:75) f l = w i : (cid:74) T i (cid:75) f l ∪ (cid:83) j ∈{ ,...,l } (cid:74) Γ j (cid:75) f l . Therefore, P m can be typed by composing Q with each of Q , . . . , Q l , using l successive applicationsof Rule ( T- cut ):( ν c w i w l )( · · · ( ν c w i w )(( ν c w i w )( Q | Q ) | Q ) | · · · | Q l ) (cid:96) LL (cid:74) Γ i (cid:75) f l This proves that P i ∈ N i implies P i (cid:96) LL (cid:74) Γ i (cid:75) f l . The thesis, (cid:81) i ∈{ ,...,k } P i (cid:96) LL (cid:74) Γ (cid:75) f l , thenfollows easily by composing P , . . . , P k : since they are all typable under disjoint contexts( (cid:74) Γ (cid:75) f l , . . . , (cid:74) Γ k (cid:75) f l , respectively), it suffices to use Rule ( T- mix ).The main difference between Lemma C.8 (Part 1) and the corresponding result in § Catalyzers Refined with Value Dependencies.
To revise Definition 5.4, we usesome convenient notations:
Notation C.9.
We shall use the following notations: • Let y n denote the n -th occurrence of name y with respect to top-level. • Let α, α (cid:48) , . . . denote session prefixes of the form ? n S or ! n S . OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 61 • Given an annotated session type T , we use a context on types K to highlight a specificprefix α in T , i.e., we write T = K [ α ]. • Given an annotated session type T , we write T \ ( α , · · · , α k ) to denote the type obtainedfrom T by removing prefixes α , · · · , α k ( k ≥ Definition C.10 (Refined Characteristic Processes) . Let Γ = { x : T , . . . , x n : T n } and Ψbe a typing context and a dependency context, respectively.(1) Given Ψ and a name x i , we define the sets of types out Ψ ( x i ) = { S m | ( x nj , x mi ) : S ∈ (cid:76) Ψ (cid:77) } in Ψ ( x i ) = { T n | ( x ni , x mj ) : T ∈ (cid:76) Ψ (cid:77) } (2) We write (cid:81) i ∈{ ,...,n } Q i to denote the refined characteristic processes under Ψ where,each Q i satisfies: Q i ∈ (cid:104)| T i |(cid:105) x i Ψ If out Ψ ( x i ) = in Ψ ( x i ) = ∅ Q i ∈ (cid:104)| T i \ (? l T , · · · , ? l m T m ) |(cid:105) x i Ψ If out Ψ ( x i ) = ∅ ∧ in Ψ ( x i ) = { T l , . . . , T l m m } Q i ∈ (cid:104)| T i \ (! h S ) |(cid:105) x i Ψ If out Ψ ( x i ) = { S h } ∧ in Ψ ( x i ) = ∅ Q i ∈ (cid:104)| T i \ (! h S , ? l T , · · · , ? l m T m ) |(cid:105) x i Ψ If out Ψ ( x i ) = { S h } ∧ in Ψ ( x i ) = { T l , . . . , T l m m } Notice that because we assume (cid:76) Ψ (cid:77) is simple and tree-like, out Ψ ( x i ) is either empty ora singleton—a node of the tree is either the root or has exactly one parent. We illustrateDefinition C.10 with an example: Example C.7.
Considering Γ and (cid:76) Ψ (cid:77) as in Example C.4, we have: out Ψ ( x ) = ∅ in Ψ ( x ) = { S } out Ψ ( x ) = { S } in Ψ ( x ) = { T , T } out Ψ ( x ) = { T } in Ψ ( x ) = ∅ out Ψ ( x ) = { T } in Ψ ( x ) = ∅ Because all types in Γ are involved in value dependencies, Q i ∈ (cid:104)| end |(cid:105) x i Ψ , for all i ∈ { , . . . , } . We now finally ready to revise Definition 5.4:
Definition C.11 (Catalyzers, with Value Dependencies) . Consider typing contexts Γ , Γ (cid:48) and a simple dependency context Ψ. Suppose Γ = { x : T , . . . , x n : T n } and | (cid:76) Ψ (cid:77) | = k , with dom (Ψ) ⊆ dom (Γ). Assume that x i : T i ∈ Γ implies y i : T i ∈ Γ (cid:48) , for all x i ∈ dom (Ψ).The set of catalyzers of Γ , Ψ with respect to Γ (cid:48) , noted C ΨΓ | Γ (cid:48) , is defined as follows: { C [ · ] | C [ · ] = ( ν (cid:101) x )(( ν (cid:101) u )([ · ] σ · · · σ k | F | · · · | F k ) | Q | · · · | Q n ) } where, for the h -th element in (cid:76) Ψ (cid:77) , denoted ( x l i , x l j ) : S with x i : T i and x j : T j , we have: • σ h = [ u h / y in ][ u h / y jn ], where n and n are such that T i = K i [! n S ] and T j = K j [? n S ],respectively, for some type contexts K i , K j , and y i : T i , y j : T j ∈ Γ (cid:48) . • F h = u h ( y ) .u h ( w ) . ([ w ↔ y ] | ).In σ h and F h , name u h is fresh. Also, Q , . . . , Q n are refined under Ψ as in Definition C.10. Intuitively, the above definition isolates the value dependencies from the process in thehole by first creating a separate session u k using the substitution σ k ; the dependency is thenpreserved using the forwarder process F k . Isolating dependencies in this way modifies thesession types implemented by the process in the hole; to account for these modifications, weconsider characteristic processes based on shortened session types—session types in whichthe prefixes involved in a dependency have been removed (cf. Definition C.10).If there are no dependencies (i.e., if (cid:76) Ψ (cid:77) is empty) then we recover the definition from § σ h and F h , and the condition out Ψ ( x i ) = in Ψ ( x i ) = ∅ follows trivially, for all x i such that x i : T i ∈ Γ. Example C.8 (Definition C.11 at Work) . Consider process ( ν x y )( ν x y )( P | P ) ,where P and P are defined as: y : ! Int . ? Bool . end , y : ? Int . ? Bool . end (cid:124) (cid:123)(cid:122) (cid:125) Γ (cid:5) Ψ (cid:96) ST y (2) .y ( z ) .y ( x ) .y ( w ) . (cid:124) (cid:123)(cid:122) (cid:125) P x : T , x : T (cid:124) (cid:123)(cid:122) (cid:125) Γ (cid:5) Ψ (cid:96) ST x ( u ) .x ( true ) .x ( u ) .x ( f alse ) . (cid:124) (cid:123)(cid:122) (cid:125) P where T = ? Int . ! Bool . end and T : ! Int . ! Bool . end . P implements the dependency (cid:76) Ψ (cid:77) = { ( x , x ) : Int } : the received value by y ( x ) in P should be , not some arbitrary Int .We define context C [ · ] ∈ C Ψ ( y ,y )Γ ( y ,y ) | Γ to host the rewriting of P in L , denoted Q .We write Ψ ( y , y ) and Γ ( y , y ) to denote a name renaming on Ψ and Γ , needed forconsistency with the single restriction in L . Types in Γ , Γ are annotated with the positionsof their associated prefixes wrt the top-level. Here, relevant positions in P are 0 (for y )and 2 (for y ): these are the prefixes that interact with the dependency in P . Note thatthese positions in P are not stored in Γ , but in Γ . (In this simple example, the positionsfor x , x in P happen to coincide with those for y , y in P ; in the general case, they donot coincide.) Using Notation C.9, we have T = K [! Int ] and T = K [? Int ] , with typecontexts K = [ · ] . ? Bool . end , K = [ · ] . ? Bool . end . Thus, n = 0 , n = 2 and the requiredsubstitution is σ = [ u / y ][ u / y ] .We can now define C [ · ] by considering the value dependence from P as captured by Ψ .Expanding Definition C.11 we have: C [ · ] = ( ν x , x )(( ν u )([ · ] σ | F ) | Q | Q ) with Q , Q as in Definition C.10. As we will see, Definition C.14 rewrites P into Q : y : Int ⊗ Bool (cid:79) • , y : Int (cid:79)
Bool (cid:79) • (cid:96) LL y ( z ) . ([2 ↔ z ] | y ( z ) .y ( w ) .y ( x ) . ) We now illustrate how Q “fits into” C [ · ] . We first apply σ to Q : y : Bool (cid:79) • , y : Bool (cid:79) • , u : Int ⊗ Int (cid:79) • (cid:96) LL u ( z ) . ([2 ↔ z ] | y ( z ) .u ( w ) .y ( x ) . ) By renaming the two prefixes involved in the dependency, we have isolated it using a newsession u . The types for y , y have been shortened. The only forwarder needed is F : u ( y ) .u ( w ) . ([ w ↔ y ] | ) (cid:96) LL u : Int (cid:79)
Int ⊗ •
Clearly, Q σ and F can be composed with a cut: ( ν u )( Q σ | F ) (cid:96) LL y : ? Bool . end , y : ? Bool . end We close the sessions on y and y using R ∈ (cid:104)| ? Bool . end |(cid:105) y Ψ and R ∈ (cid:104)| ? Bool . end |(cid:105) y Ψ : C [ Q ] = ( ν y )(( ν y )(( ν u )([ Q ] σ | F ) | R ) | R ) OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 63
Hence, C [ · ] closes Q by preserving the dependency implemented by P . Using this new definition, we have the following lemma, which is the analog of Lemma 5.5(Page 22) extended with value dependencies:
Lemma C.12 (Catalyzers with Value Dependencies Preserve Typing) . Let P (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:48) (cid:75) f l ,such that Γ , Γ are typing contexts with Γ = Γ. Let Ψ be a simple dependency context suchthat dom (Ψ) ⊆ dom (Γ ). Assume that x i : T i ∈ Γ implies y i : T i ∈ Γ , for all x i ∈ dom (Ψ).Then, by letting C [ · ] ∈ C ΨΓ | Γ (as in Definition C.11), we have C [ P ] (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l . Proof (Sketch).
We proceed by induction on k , the size of Γ. • Case k = 1: Trivial, because no dependencies are possible and a single characteristicprocess suffices to close the single session in (cid:74) Γ (cid:75) f l and establish the thesis. • Case k = 2: There are two sub-cases, depending on whether the two assignments arerelated by a value dependency.(1) If there is no value dependency then two independent characteristic processes sufficeclose the two sessions in (cid:74) Γ (cid:75) f l and establish the thesis.(2) Suppose there is a dependency ( x l i , x l j ) : S , with x i : T i and x j : T j in Γ . Thisdependency should be implemented by any C ∈ C ΨΓ | Γ . By Definition C.11, any C [ · ]is of the form ( ν (cid:101) x )(( ν u )([ · ] σ | F ) | Q i | Q j )where σ is a substitution, F is a forwarder process, and Q i and Q j are characteristicprocesses defined shortened versions of T i and T j . Observe that out Ψ ( x i ) = ∅ , in Ψ ( x i ) = { S l } , out Ψ ( x j ) = { S l } , and in Ψ ( x j ) = ∅ .We must prove that C [ P ] (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l . We show this by successively incorporating allingredients in C . First, we spell out the typing for P : P (cid:96) LL x i : (cid:74) T i (cid:75) f l , x j : (cid:74) T j (cid:75) f l , (cid:74) Γ (cid:48) (cid:75) f l Then, applying the substitution, we have:
P σ (cid:96) LL (cid:74) Γ (cid:75) f l , x i : (cid:74) T (cid:48) i (cid:75) f l , x j : (cid:74) T (cid:48) j (cid:75) f l , (cid:74) Γ (cid:48) (cid:75) f l , u : S ⊗ S (cid:79) • where T (cid:48) i = T i \ (! l S ) and T (cid:48) j = T j \ (? l S ). We now compose with the forwarder F = u ( y ) .u ( w ) . ([ w ↔ y ] | ), which can be typed as F (cid:96) LL u : S (cid:79) S ⊗ • :( ν u )( P σ | F ) (cid:96) LL x i : (cid:74) T (cid:48) i (cid:75) f l , x j : (cid:74) T (cid:48) j (cid:75) f l , (cid:74) Γ (cid:48) (cid:75) f l At this point, we compose ( ν u )( P σ | F ) with the characteristic processes Q i ∈(cid:104)| T i \ (? l S ) |(cid:105) x i Ψ and Q j ∈ (cid:104)| T j \ (! l S ) |(cid:105) x i Ψ :( ν x )(( ν x )(( ν u )( P σ | F ) | Q i ) | Q j ) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l and so the thesis C [ P ] (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l holds. • Case k > C k [ P ] (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l holds, with C k [ · ] closingsessions Γ (cid:48) = x : T , . . . , x k : T k . We must show that C k +1 [ P ] (cid:96) LL (cid:74) Γ (cid:48) \ x k +1 : T k +1 (cid:75) f l holds, with C k +1 [ · ] closing sessions Γ (cid:48)(cid:48) = Γ (cid:48) , x k +1 : T k +1 .Considering x k +1 : T k +1 entails adding 0 ≤ n ≤ k additional value dependencies. Weproceed by induction on n . The base case n = 0 is straightforward: C k +1 [ · ] can be obtainedby composing C k [ · ] with the additional characteristic process Q k +1 ∈ (cid:104)| T k +1 |(cid:105) x k +1 Ψ , usingRule ( T- cut ). The inductive step ( n >
0) proceeds by observing that any context C k +1 [ · ] can be built out of C k [ · ]. Exact modifications depend on n : adding n new dependencies concern n + 1 characteristic processes in C k [ · ]. Therefore, C k +1 [ · ] modifies C k [ · ] by (i) adding n new σ i and F i ; (ii) adding a new Q k +1 ; (ii) modifying n processes among Q , . . . , Q k (already in C k [ · ]) to account for the fact that they need to be (further) shortened. Withthese modifications, the process C k +1 [ P ] is typable following the lines of case k = 2.C.5. Rewriting Session Processes into L Exploiting Value Dependencies.
We maynow give the revised rewriting procedure with value dependencies, denoted (cid:76) · (cid:77) V . We rely onNotation 5.6 as well as on the following extension of Notation 5.7, which annotates typejudgments with “discarded” portions of contexts: Notation C.13 (Hidden/Bracketed Sessions, Extended) . Consider the following notations: • We shall write: Γ , Γ , x : ! T.S (cid:5) Ψ , Φ [Ψ , Φ ] (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P )rather than Γ , Γ , x :! T.S (cid:5) Ψ , Φ (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P )assuming both Γ , z : T (cid:5) Ψ , Ψ (cid:96) ST P and Γ , x : S (cid:5) Φ , Φ (cid:96) ST P . • Similarly, we shall writeΓ [ (cid:93) x : S ] (cid:5) Ψ [Ψ ] (cid:63) Γ [ (cid:93) y : T ] (cid:5) Φ [Φ ] (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P )rather than Γ , Γ (cid:5) Ψ , Φ (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P )assuming Γ , (cid:93) x : S (cid:5) Ψ , Ψ (cid:96) ST P , and Γ , (cid:93) y : T (cid:5) Φ , Φ (cid:96) ST P , and S i = T i . Definition C.14 (Rewriting into L with Value Dependencies) . Let P be such that Γ (cid:5) Ψ (cid:96) ST P and P ∈ K n . The set of L processes (cid:76) Γ (cid:5) Ψ (cid:96) ST P (cid:77) V is defined inductively in Figure 11.The first six cases of Figure 11 extend those in (cid:76) · (cid:77) (Definition 5.8) with the dependencycontext Ψ and with annotated types, using Notation C.13 in the case of output.More prominent differences arise in the rewriting of ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ). The first line ofthe definition specifies how the rewriting leads to process of the form C [ Q ] | G , in whichthe right-hand side of the parallel is generated: • Process Q belongs to the set that results from rewriting sub-process P with an appropriatetyping judgment, which includes (cid:93) x : S . • C belongs to the set of catalyzers that implement the context (cid:93) x : T , i.e., the dual behaviorsof the sessions implemented by P . We use Definition C.11 to ensure that C preservesthe relevant value dependencies in P , denoted Φ . We write Φ ( (cid:101) x ) to specify that thedependencies refer to names in (cid:101) x (as required by Q ) rather than to names in (cid:101) y (as presentin P ). As before, this step removes the double restriction operator. • G belongs to the set of characteristic processes for Γ , which describes the sessionsimplemented by P . We use Definition C.7 to preserve the relevant value dependencies in P , denoted Φ . OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 65 (cid:76) Γ un (cid:5) ∅ (cid:96) ST (cid:77) V (cid:44) (cid:8) (cid:9) (cid:76) Γ , x : ! T.S, v : T (cid:5) Ψ , (cid:104) x, v, (cid:105) (cid:96) ST x (cid:104) v (cid:105) .P (cid:48) (cid:77) V (cid:44) (cid:8) x ( z ) . ([ v ↔ z ] | Q ) | Q ∈ (cid:76) Γ , x : S (cid:5) Ψ (cid:96) ST P (cid:48) (cid:77) V (cid:9) (cid:76) Γ , Γ , x : ! T.S (cid:5) Ψ , Φ [Ψ , Φ ] (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P ) (cid:77) V (cid:44) (cid:8) x ( y ) . ( Q | Q ) | Q ∈ (cid:76) Γ , z : T (cid:5) Ψ , Ψ (cid:96) ST P (cid:77) V ∧ Q ∈ (cid:76) Γ , x : S (cid:5) Φ , Φ (cid:96) ST P (cid:77) V (cid:9) (cid:76) Γ , x : ? T.S (cid:5) Ψ , ( x, y, (cid:96) ST x ( y : T ) .P (cid:48) (cid:77) V (cid:44) (cid:8) x ( y ) .Q | Q ∈ (cid:76) Γ , x : S, y : T (cid:5) Ψ (cid:96) ST P (cid:48) (cid:77) V (cid:9) (cid:76) Γ , x : ⊕{ l i : S i } i ∈ I (cid:96) ST x (cid:47) l j .P (cid:48) (cid:77) V (cid:44) (cid:8) x (cid:47) l j .Q | Q ∈ (cid:76) Γ , x : S j (cid:5) Ψ (cid:96) ST P (cid:48) (cid:77) V (cid:9) (cid:76) Γ , x : & { l i : S i } i ∈ I (cid:5) Ψ (cid:96) ST x (cid:46) { l i : P i } i ∈ I (cid:77) V (cid:44) (cid:8) x (cid:46) { l i : Q i } i ∈ I | Q i ∈ (cid:76) Γ , x : S i (cid:5) Ψ (cid:96) ST P i (cid:77) V (cid:9) (cid:76) Γ [ (cid:93) x : S ] (cid:5) Ψ [Ψ ( (cid:101) x )] (cid:63) Γ [ (cid:93) y : T ] (cid:5) Φ [Φ ( (cid:101) y )] (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ) (cid:77) V (cid:44) (cid:8) C [ Q ] | G | G ∈ (cid:104)| Γ |(cid:105) Φ , C ∈ C Φ ( (cid:101) x ) (cid:93) x : T | (cid:93) y : S , Q ∈ (cid:76) Γ , (cid:93) x : S (cid:5) Ψ , Ψ (cid:96) ST P (cid:77) V (cid:9) ∪ (cid:8) G | C [ Q ] | G ∈ (cid:104)| Γ |(cid:105) Ψ , C ∈ C Ψ ( (cid:101) y ) (cid:93) y : S | (cid:93) x : T , Q ∈ (cid:76) Γ , (cid:93) y : T (cid:5) Φ , Φ (cid:96) ST P (cid:77) V (cid:9) Figure 11: Rewriting procedure (cid:76) · (cid:77) V .Similarly, the second line of the definition specifies how rewriting leads to processes of theform G | C [ Q ]. Notice that G , C , and Q are obtained as before. Overall, we preservevalue dependencies both when generating the new portion of the parallel process (i.e., G and G ) but also when constructing the catalyzer contexts (i.e., C and C ) that close theportions of the given process that are rewritten by the procedure (i.e., Q and Q ).As a sanity check, we now state the analogues of Theorem 5.1 (type preservation) andTheorem 5.2 (operational correspondence) for the second rewriting procedure. We start bypresenting an auxiliary lemma. Lemma C.15.
Let S and Γ be respectively, an annotated session type and an annotatedtyping context, and let S + and Γ + be the corresponding type and context where theannotation is incremented according to Definition C.1. Then, (cid:74) S (cid:75) f l = (cid:74) S + (cid:75) f l and (cid:74) Γ (cid:75) f l = (cid:74) Γ + (cid:75) f l . Proof.
It follows immediately by the encoding given in Figure 8 and Definition C.1.
Theorem C.1 (Rewriting (cid:76) · (cid:77) V is Type Preserving) . Let Γ (cid:5) Ψ (cid:96) ST P . Then, for all Q ∈ (cid:76) Γ (cid:5) Ψ (cid:96) ST P (cid:77) V , we have that Q (cid:96) LL (cid:74) Γ (cid:75) f l . Proof.
The proof proceeds by cases on the judgement Γ (cid:5) Ψ (cid:96) ST P used in the rewritingprocedure (Definition C.14), and by inversion on the last typing rule applied (cf. Figure 10).There are seven cases to consider:(1) Γ (cid:5) ∅ (cid:96) ST . Then, by inversion the last typing rule applied is ( T-NilD ), with un (Γ). ByDefinition C.14 we have (cid:76) Γ un (cid:5) ∅ (cid:96) ST (cid:77) V = { } . Then, by applying Rule ( T- ) we obtain (cid:96) LL x : • ( T- ) The thesis follows immediately by encoding of types (cid:74) · (cid:75) f l given in Figure 8, and Defini-tion 3.14, which states that (cid:74) x : end (cid:75) f l = x : • . (2) Γ , x : ! T.S, v : T (cid:5) Ψ , (cid:104) x, v, (cid:105) (cid:96) ST x (cid:104) v (cid:105) .P (cid:48) , where by inversion and Rule ( T-OutD ) we haveΓ = Γ (cid:48) + , Ψ = Ψ (cid:48) + , (cid:104) x, v, (cid:105) , and S = S (cid:48) + as in the following derivation.Γ (cid:48) , x : S (cid:48) (cid:5) Ψ (cid:48) (cid:96) ST P (cid:48) Γ (cid:48) + , x : ! T.S (cid:48) + , v : T (cid:5) Ψ (cid:48) + , (cid:104) x, v, (cid:105) (cid:96) ST x (cid:104) v (cid:105) .P (cid:48) ( T-OutD ) By Definition C.14, (cid:76) Γ (cid:48) + , x : ! T.S (cid:48) + , v : T (cid:5) Ψ (cid:48) + , (cid:104) x, v, (cid:105) (cid:96) ST x (cid:104) v (cid:105) .P (cid:48) (cid:77) V = (cid:8) x ( z ) . ([ v ↔ z ] | Q ) | Q ∈ (cid:76) Γ (cid:48) , x : S (cid:48) (cid:5) Ψ (cid:48) (cid:96) ST P (cid:48) (cid:77) V (cid:9) By Rule ( T- id ) and by Lemma 3.15 we have[ v ↔ z ] (cid:96) LL v : (cid:74) T (cid:75) f l , z : (cid:74) T (cid:75) f l ( T- id ) (C.2)By induction hypothesis, Q ∈ (cid:76) Γ (cid:48) , x : S (cid:48) (cid:5) Ψ (cid:48) (cid:96) ST P (cid:48) (cid:77) V (cid:9) implies Q (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S (cid:48) (cid:75) f l .Let Q (cid:48) be an arbitrary process in this set. By applying Rule ( T- ⊗ ) on (C.2) and Q (cid:48) wehave: [ v ↔ z ] (cid:96) LL v : (cid:74) T (cid:75) f l , z : (cid:74) T (cid:75) f l Q (cid:48) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S (cid:48) (cid:75) f l x ( z ) . (cid:0) [ v ↔ z ] | Q (cid:48) (cid:1) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:48) (cid:75) f l , v : (cid:74) T (cid:75) f l ( T- ⊗ ) By the encoding of types (cid:74) · (cid:75) f l in Figure 8 we have that (cid:74) ! T.S (cid:48) (cid:75) f l = (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:48) (cid:75) f l , and byDefinition 3.14, we have (cid:74) Γ (cid:48) , x : ! T.S (cid:48) , v : T (cid:75) f l = (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:48) (cid:75) f l , v : (cid:74) T (cid:75) f l , and weconclude this case by applying Lemma C.15.(3) Γ , Γ , x : ! T.S (cid:5) Ψ , Φ [Ψ , Φ ] (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P ). By inversion, this judgementis derived by a sequence of rules: the last rule applied is ( T-ResD ), before that (
T-OutD )and (
T-ParD ). We have: Γ i = Γ (cid:48) + i , for i ∈ { , } ; Φ j = Φ (cid:48) + j , for j ∈ { , } ; Ψ k = Ψ (cid:48) + k , for k ∈ { , } ; S = S (cid:48) + .Γ (cid:48) , z : T (cid:5) Ψ (cid:48) , Ψ (cid:48) (cid:96) ST P Γ (cid:48) , x : S (cid:48) (cid:5) Φ (cid:48) , Φ (cid:48) (cid:96) ST P Γ (cid:48) , z : T , Γ (cid:48) , x : S (cid:48) (cid:5) Ψ (cid:48) , Ψ (cid:48) , Φ (cid:48) , Φ (cid:48) (cid:96) ST P | P ( T-ParD ) Γ (cid:48) +1 , Γ (cid:48) +2 , x : ! T.S (cid:48) + , y : T, z : T + (cid:5) Ψ (cid:48) +1 , Ψ (cid:48) +2 , Φ (cid:48) +1 , Φ (cid:48) +2 , (cid:104) x, y, (cid:105) (cid:96) ST x (cid:104) y (cid:105) . ( P | P ) ( T-OutD ) Γ , Γ , x : ! T.S (cid:5) Ψ , Φ [Ψ , Φ ] (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P ) ( T-ResD ) By Definition C.14, (cid:76) Γ , Γ , x : ! T.S (cid:5) Ψ , Φ [Ψ , Φ ] (cid:96) ST ( ν zy ) x (cid:104) y (cid:105) . ( P | P ) (cid:77) V = (cid:8) x ( y ) . ( Q | Q ) | Q ∈ (cid:76) Γ , z : T (cid:5) Ψ , Ψ (cid:96) ST P (cid:77) V ∧ Q ∈ (cid:76) Γ , x : S (cid:5) Φ , Φ (cid:96) ST P (cid:77) V (cid:9) By induction hypothesis, for all processes Q ∈ (cid:76) Γ , z : T (cid:5) Ψ , Ψ (cid:96) ST P (cid:77) V , we have Q (cid:96) LL (cid:74) Γ (cid:75) f l , z : (cid:74) T (cid:75) f l . Let Q (cid:48) be an arbitrary process in this set. Also, for all processes Q ∈ (cid:76) Γ , x : S (cid:5) Φ , Φ (cid:96) ST P (cid:77) V , we have Q (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S (cid:75) f l . Let Q (cid:48) be an arbitraryprocess in this set. By applying Rule ( T- ⊗ ) on Q (cid:48) and Q (cid:48) we have the followingderivation: Q (cid:48) (cid:96) LL (cid:74) Γ (cid:75) f l , z : (cid:74) T (cid:75) f l Q (cid:48) (cid:96) LL (cid:74) Γ (cid:75) f l , x : (cid:74) S (cid:75) f l x ( z ) . (cid:0) Q (cid:48) | Q (cid:48) (cid:1) (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l ( T- ⊗ ) By the encoding of types (cid:74) · (cid:75) f l in Figure 8, (cid:74) ! T.S (cid:75) f l = (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , and by Definition 3.14,we have (cid:74) Γ , Γ , x : ! T.S (cid:75) f l = (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l , x : (cid:74) T (cid:75) f l ⊗ (cid:74) S (cid:75) f l , and we concludethis case by applying Lemma C.15. OMPARING TYPE SYSTEMS FOR DEADLOCK-FREEDOM 67 (4) Γ , x : ? T.S (cid:5) Ψ , ( x, y, (cid:96) ST x ( y : T ) .P (cid:48) , where by inversion and Rule ( T-InD ) we haveΓ = Γ (cid:48) + , Ψ = Ψ (cid:48) + , ( x, y, S = S (cid:48) + as in the following derivation:Γ (cid:48) , x : S (cid:48) , y : T (cid:5) Ψ (cid:48) (cid:96) ST P (cid:48) Γ (cid:48) + , x : ? T.S (cid:48) + (cid:5) Ψ (cid:48) + , ( x, y, (cid:96) ST x ( y : T ) .P (cid:48) ( T-InD ) By Definition C.14, we have (cid:76) Γ (cid:48) + , x : ? T.S (cid:48) + (cid:5) Ψ (cid:48) + , ( x, y, (cid:96) ST x ( y : T ) .P (cid:48) (cid:77) V = (cid:8) x ( y : T ) .Q | Q ∈ (cid:76) Γ (cid:48) , x : S (cid:48) , y : T (cid:5) Ψ (cid:48) (cid:96) ST P (cid:48) (cid:77) V (cid:9) By induction hypothesis, Q ∈ (cid:76) Γ (cid:48) , x : S (cid:48) , y : T (cid:5) Ψ (cid:48) (cid:96) ST P (cid:48) (cid:77) implies Q (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S (cid:48) (cid:75) f l , y : (cid:74) T (cid:75) f l . Let Q (cid:48) be an arbitrary process in this set. By applying Rule ( T- (cid:79) ) on Q (cid:48) we have: Q (cid:48) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) S (cid:48) (cid:75) f l , y : (cid:74) T (cid:75) f l x ( y : T ) .Q (cid:48) (cid:96) LL (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:48) (cid:75) f l ( T- (cid:79) ) where by the encoding of types (cid:74) · (cid:75) f l in Figure 8 we have that (cid:74) ? T.S (cid:48) (cid:75) f l = (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:48) (cid:75) f l andby Definition 3.14, we have (cid:74) Γ (cid:48) , x : ? T.S (cid:48) (cid:75) f l = (cid:74) Γ (cid:48) (cid:75) f l , x : (cid:74) T (cid:75) f l (cid:79) (cid:74) S (cid:48) (cid:75) f l , and we concludethis case by applying Lemma C.15.(5) The cases for branching and selection follow the same lines as the corresponding ones inTheorem 5.1, whose proof is given in § B.2, hence we omit them.(6) Γ [ (cid:93) x : S ] (cid:5) Ψ [Ψ ( (cid:101) x )] (cid:63) Γ [ (cid:93) y : T ] (cid:5) Φ [Φ ( (cid:101) y )] (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ). Then, by inversionwe have following derivation:Γ , (cid:93) x : S (cid:5) Ψ , Ψ (cid:96) ST P Γ , (cid:93) y : T (cid:5) Φ , Φ (cid:96) ST P Γ , Γ , (cid:93) x : S, (cid:93) y : T (cid:5) Ψ , Ψ , Φ , Φ (cid:96) ST P | P ( T-ParD ) Γ [ (cid:93) x : S ] (cid:5) Ψ [Ψ ( (cid:101) x )] (cid:63) Γ [ (cid:93) y : T ] (cid:5) Φ [Φ ( (cid:101) y )] (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ) ( T-ResD ) such that (cid:101) T (cid:44) (cid:101) S .By Definition C.14, we have (cid:76) Γ [ (cid:93) x : S ] (cid:5) Ψ [Ψ ( (cid:101) x )] (cid:63) Γ [ (cid:93) y : T ] (cid:5) Φ [Φ ( (cid:101) y )] (cid:96) ST ( ν (cid:101) x (cid:101) y : (cid:101) S )( P | P ) (cid:77) V is the set of processes (cid:8) C [ Q ] | G | G ∈ (cid:104)| Γ |(cid:105) Φ , C ∈ C Φ ( (cid:101) x ) (cid:93) x : T | (cid:93) y : S , Q ∈ (cid:76) Γ , (cid:93) x : S (cid:5) Ψ , Ψ (cid:96) ST P (cid:77) V (cid:9) (C.3) ∪ (cid:8) G | C [ Q ] | G ∈ (cid:104)| Γ |(cid:105) Ψ , C ∈ C Ψ ( (cid:101) y ) (cid:93) y : S | (cid:93) x : T , Q ∈ (cid:76) Γ , (cid:93) y : T (cid:5) Φ , Φ (cid:96) ST P (cid:77) V (cid:9) (C.4)We start by inspecting the set given by (C.3). By induction hypothesis on the left-handside premise of Rule ( T-ParD ) we have: Q ∈ (cid:76) Γ , (cid:93) x : S (cid:5) Ψ , Ψ (cid:96) ST P (cid:77) implies Q (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:94) x : (cid:74) S (cid:75) f l Let Q (cid:48) be an arbitrary process in this set. By Lemma C.12 we have that C [ Q (cid:48) ] (cid:96) LL (cid:74) Γ (cid:75) f l .By Lemma C.8(b), since G ∈ (cid:104)| Γ |(cid:105) Φ , Φ , we have that G (cid:96) LL (cid:74) Γ (cid:75) f l . Since Γ and Γ are disjoint, by Rule ( T- mix ) we have the following derivation, which concludes this case: C [ Q (cid:48) ] (cid:96) LL (cid:74) Γ (cid:75) f l G (cid:96) LL (cid:74) Γ (cid:75) f l C [ Q (cid:48) ] | G (cid:96) LL (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l ( T- mix ) The proof for the set given by (C.4) follows the same line as the proof for (C.3), so weomit the details here. We thus conclude that every process belonging to the set in (C.3)or (C.4) is typed under the typing context (cid:74) Γ (cid:75) f l , (cid:74) Γ (cid:75) f l , concluding this case. Theorem C.2 (Operational Correspondence for (cid:76) · (cid:77) V ) . Let P be such that Γ (cid:5) Ψ (cid:96) ST P forsome Γ , Ψ. Then we have:(1) If P → P (cid:48) , then for all Q ∈ (cid:76) Γ (cid:5) Ψ (cid:96) ST P (cid:77) V there exists Q (cid:48) such that:(i) Q → (cid:44) → Q (cid:48) ; (ii) either Q (cid:48) ∈ (cid:76) Γ (cid:5) Ψ (cid:96) ST P (cid:48) (cid:77) V or Q (cid:48) (cid:43) R such that R ∈ (cid:76) Γ (cid:5) Ψ (cid:96) ST P (cid:48) (cid:77) V .(2) If Q ∈ (cid:76) Γ (cid:5) Ψ (cid:96) ST P (cid:77) V , such that P ∈ K n , and Q → (cid:44) → Q (cid:48) , then there exists P (cid:48) such that:(i) P → P (cid:48) , (ii) either Q (cid:48) ∈ (cid:76) Γ (cid:5) Ψ (cid:96) ST P (cid:48) (cid:77) V or Q (cid:48) (cid:43) R such that R ∈ (cid:76) Γ (cid:5) Ψ (cid:96) ST P (cid:48) (cid:77) V . Proof.
By induction on the length of the derivations ( P → P (cid:48) and Q → Q (cid:48) ), following thestructure of the corresponding proof for (cid:76) · (cid:77) (cf. Theorem 5.2 and § B.3).
This work is licensed under the Creative Commons Attribution-NoDerivs License. To viewa copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/http://creativecommons.org/licenses/by-nd/2.0/