BB. Luttik and F. D. Valencia (Eds.): 18th International Workshop onExpressiveness in Concurrency (EXPRESS 2011)EPTCS 64, 2011, pp. 59–73, doi:10.4204/EPTCS.64.5 c (cid:13)
U. Dal Lago & P. Di GiamberardinoThis work is licensed under theCreative Commons Attribution License.
Soft Session Types
Ugo Dal Lago
Universit`a di BolognaINRIA Sophia Antipolis [email protected]
Paolo Di Giamberardino
Laboratoire d’Informatiquede Paris Nord [email protected]
We show how systems of session types can enforce interactions to be bounded for all typable pro-cesses. The type system we propose is based on Lafont’s soft linear logic and is strongly inspiredby recent works about session types as intuitionistic linear logic formulas. Our main result is theexistence, for every typable process, of a polynomial bound on the length of any reduction sequencestarting from it and on the size of any of its reducts.
Session types are one of the most successful paradigms around which communication can be disciplinedin a concurrent or object-based environment. They can come in many different flavors, depending on theunderlying programming language and on the degree of flexibility they allow when defining the structureof sessions. As an example, systems of session types for multi-party interaction have been recentlyintroduced [9], while a form of higher-order session has been shown to be definable [12]. Recursivetypes, on the other hand, have been part of the standard toolset of session type theories since theirinception [8].The key property induced by systems of session types is the following: if two (or more) processescan be typed with “dual” session types, then they can interact with each other without “going wrong”, i.e.avoiding situations where one party needs some data with a certain type and the other(s) offer somethingof a different, incompatible type. Sometimes, one would like to go beyond that and design a type systemwhich guarantees stronger properties, including quantitative ones. An example of a property that wefind particularly interesting is the following: suppose that two processes P and Q interact by creatinga session having type A through which they communicate. Is this interaction guaranteed to be finite?How long would it last? Moreover, P and Q could be forced to interact with other processes in orderto be able to offer A . The question could then become: can the global amount of interaction be keptunder control? In other words, one could be interested in proving the interaction induced by sessions tobe bounded . This problem has been almost neglected by the research community in the area of sessiontypes, although it is the manifesto of the so-called implicit computational complexity (ICC), where oneaims at giving machine-free characterizations of complexity classes based on programming languagesand logical systems.Linear logic ( LL in the following) has been introduced twenty-five years ago by Jean-Yves Girard [7].One of its greatest merits has been to allow a finer analysis of the computational content of both intu-itionistic and classical logic. In turn, this is possible by distinguishing multiplicative as well as additiveconnectives, by an involutive notion of negation, and by giving a new status to structural rules allowingthem to be applicable only to modal formulas. One of the many consequences of this new, refined wayof looking at proof theory has been the introduction of natural characterizations of complexity classesby fragments of linear logic. This is possible because linear logic somehow “isolates” complexity inthe modal fragment of the logic (which is solely responsible for the hyperexponential complexity of cut0 SoftSession Typeselimination in, say intuitionistic logic), which can then be restricted so as to get exactly the expressivepower needed to capture small complexity classes. One of the simplest and most elegant of those systemsis Lafont’s soft linear logic ( SLL in the following), which has been shown to correspond to polynomialtime in the realm of classical [10], quantum [6] and higher-order concurrent computation [5].Recently, Caires and Pfenning [1] have shown how a system of session types can be built aroundintuitionistic linear logic, by introducing p DILL , a type system for the p -calculus where types and rulesare derived from the ones of intuitionistic linear logic. In their system, multiplicative connectives like ⊗ and ⊸ allow to model sequentiality in sessions, while the additive connectives & and ⊕ model externaland internal choice, respectively. The modal connective !, on the other hand, allows to model a server oftype ! A which can offer the functionality expressed by A multiple times.In this paper, we study a restriction of p DILL , called p DSLL , which can be thought of as being derivedfrom p DILL in the same way as
SLL is obtained from LL . In other words, the operator ! behaves in p DSLL in the same way as in
SLL . The main result we prove about p DSLL is precisely about bounded interaction:whenever P can be typed in p DSLL and P → n Q , then both n and | Q | (the size of the process Q , to bedefined later) are polynomially related to | P | . This ensures an abstract but quite strong form of boundedinteraction. Another, perhaps more “interactive” formulation of the same result is the following: if P and Q interact via a channel of type A , then the “complexity” of this interaction is bounded by a polynomialon | P | + | Q | , whose degree only depends on A .We see this paper as the first successful attempt to bring techniques from implicit computationalcomplexity into the realm of session types. Although proving bounded interaction has been technicallynontrivial, due to the peculiarities of the p -calculus, we think the main contribution of this work lies inshowing that bounded termination can be enforced by a natural adaptation of known systems of sessiontypes. An extended version with more details is available [4]. p DILL , an Informal Account
In this section, we will outline the main properties of p DILL , a session type system recently introducedby Caires and Pfenning [1, 2]. For more information, please consult the two cited papers.In p DILL , session types are nothing more than formulas of (propositional) intuitionistic linear logicwithout atoms but with (multiplicative) constants: A :: = | A ⊗ A | A ⊸ A | A ⊕ A | A & A | ! A . These types are assigned to channels (names) by a formal system deriving judgments in the form G ; D ⊢ P :: x : A , where G and D are contexts assigning types to channels, and P is a process of the name-passing p calculus. The judgment above can be read as follows: the process P acts on the channel x according tothe session type A whenever composed with processes behaving according to G and D (each on a specificchannel). Informally, the various constructions on session types can be explained as follows: • is the type of an empty session channel. A process offering to communicate via a session channeltyped this way simply synchronizes with another process through it without exchanging anything.This is meant to be an abstraction for all ground session types, e.g. natural numbers, lists, etc. Inlinear logic, this is the unit for ⊗ ..DalLago &P.DiGiamberardino 61 • A ⊗ B is the type of a session channel x through which a message carrying another channel with type A is sent. After performing this action, the underlying process behaves according to B on the same channel x . • A ⊸ B is the adjoint to A ⊗ B : on a channel with this type, a process communicate by first performingan input and receiving a channel with type A , then acting according to B , again on x . • A ⊕ B is the type of a channel on which a process either sends a special message inl and performsaccording to A or sends a special message inr and performs according to B . • The type A & B can be assigned to a channel x on which the underlying process offers the possibilityof choosing between proceeding according to A or to B , both on x . So, in a sense, & models externalchoice. • Finally, the type ! A is attributed to a channel x only if a process can be replicated by receiving achannel y through x , then behaving on y according to A .The assignments in G and D are of two different natures: • An assignment of a type A to a channel x in D signals the need by P of a process offering a session oftype A on the channel x ; for this reason, D is called the linear context ; • An assignment of a type A to a channel x in G , on the other hand, represents the need by P of a processoffering a session of type ! A on the channel x ; thus, G is the exponential context .Typing rules p DILL are very similar to the ones of
DILL , itself one of the many possible formulations oflinear logic as a sequent calculus. In particular, there are two cut rules, each corresponding to a differentportion of the context: G ; D ⊢ P :: x : A G ; D , x : A ⊢ Q :: T G ; D , D ⊢ ( n x )( P | Q ) :: T G ; /0 ⊢ P :: y : A G , x : A ; D ⊢ Q :: T G ; D ⊢ ( n x )( ! x ( y ) . P | Q ) :: T Please observe how cutting a process P against an assumption in the exponential context requires to“wrap” P inside a replicated input: this allows to turn P into a server .In order to illustrate the intuitions above, we now give an example. Suppose that a process P modelsa service which acts on x as follows: it receives two natural numbers, to be interpreted as the number andsecret code of a credit card and, if they correspond to a valid account, returns an MP3 file and a receiptcode to the client. Otherwise, the session terminates. To do so, P needs to interact with another service(e.g. a banking service) Q through a channel y . The banking service, among others, provides a way toverify whether a given number and code correspond to a valid credit card. In p DILL , the process P wouldreceive the type /0; y : ( N ⊸ ⊕ ) & A ⊢ P :: x : N ⊸ N ⊸ ( S ⊗ N ) ⊕ , where N and S are pseudo-types for natural numbers and MP3s, respectively. A is the type of all theother functionalities Q provides. As an example, P could be the following process: x ( nm ) . x ( cd ) . y . inl ; ( n nm ) y h nm i . ( n cd ) y h cd i . y . case ( x . inl ; ( n mp ) x h mp i . ( n rp ) x h rp i , x . inr ; 0 ) Observe how the credit card number and secret code forwarded to Q are not the ones sent by the client:the flow of information happening inside a process is abstracted away in p DILL . Similarly, one can writea process Q and assign it a type as follows: /0; /0 ⊢ Q :: y : ( N ⊸ ⊕ ) & A . Putting the two derivationstogether, we obtain /0; /0 ⊢ ( n x )( P | Q ) :: x : N ⊸ N ⊸ ( S ⊗ N ) ⊕ .Let us now make an observation which will probably be appreciated by the reader familiar withlinear logic. The processes P and Q can be typed in p DILL without the use of any exponential rule, nor2 SoftSession Typesof cut. What allows to type the parallel composition ( n x )( P | Q ) , on the other hand, is precisely the cutrule. The interaction between P and Q corresponds to the elimination of that cut. Since there isn’t anyexponential around, this process must be finite, since the size of the underlying process shrinks at everysingle reduction step. From a process-algebraic point of view, on the other hand, the finiteness of theinteraction is an immediate consequence of the absence of any replication in P and Q .The banking service Q can only serve one single session and would vanish at the end of it. To makeit into a persistent server offering the same kind of session to possibly many different clients, Q must beput into a replication, obtaining R = ! z ( y ) . Q . In R , the channel z can be given type ! (( N ⊸ ⊕ ) & A ) in the empty context. The process P should be somehow adapted to be able to interact with R : beforeperforming the two outputs on y , it’s necessary to “spawn” R by performing an output on z and passing y to it. This way we obtain a process S such that/0; z :! (( N ⊸ ⊕ ) & A ) ⊢ S :: x : N ⊸ N ⊸ ( S ⊗ N ) ⊕ , and the composition ( n z )( S | R ) can be given the same type as ( n x )( P | Q ) . Of course, S could have usedthe channel z more than once, initiating different sessions. This is meant to model a situation in whichthe same client interacts with the same server by creating more than one session with the same type,itself done by performing more than one output on the same channel. Of course, servers can themselvesdepend on other servers. And these dependencies are naturally modeled by the exponential modality oflinear logic. In p DILL , the possibility of modeling persistent servers which in turn depend on other servers makes itpossible to type processes which exhibit a very complex and combinatorially heavy interactive behavior.Consider the following processes, the first one parameterized on any i ∈ N : dupser i . = ! x i ( y ) . ( n z ) x i + h z i . ( n w ) x i + h w i . ; dupclient . = ( n y ) x h y i . In p DILL , these processes can be typed as follows:/0; x i + :! ⊢ dupser i :: x i :! ;/0; x :! ⊢ dupclient :: z : . Then, for every n ∈ N one can type the parallel composition mulser n + . = ( n x . . . x n )( dupser n || . . . || dupser ) as follows /0; x n :! ⊢ mulser n :: x :! . Informally, mulser n is a persistent server which offers a session type on a channel x , provided a serverwith the same functionality is available on x n . The process mulser n is the parallel composition of n servers in the form dupser i , each spawning two different sessions provided by dupser i + on the samechannel x i + .The process mulser n cannot be further reduced. But notice that, once mulser n and dupclient are.DalLago &P.DiGiamberardino 63composed, the following exponential blowup is bound to happen: ( n x )( mulser n | dupclient ) ≡ ( n x . . . x n )( dupser n || . . . || dupser | dupclient ) → ( n x . . . x n )( dupser n || . . . || dupser | P ) → ( n x . . . x n )( dupser n || . . . || dupser | P | P ) → ( n x . . . x n )( dupser n || . . . || dupser | P || . . . || P | {z } ) → ∗ ( n x n )( dupser n | P n || . . . || P n | {z } n times ) → n . Here, for every i ∈ N the process P i is simply ( n y ) x i h y i . ( n z ) x i h z i . Notice that both the number or reduc-tion steps and the size of intermediate processes are exponential in n , while the size of the initial processis linear in n . This is a perfectly legal process in p DILL . Moreover the type ! of the channel x throughwhich dupclient and mulser n communicate does not contain any information about the “complexity” ofthe interaction: it is the same for every n .The deep reasons why this phenomenon can happen lie in the very general (and “generous”) rulesgoverning the behavior of the exponential modality ! in linear logic. It is this generality that allows theembedding of propositional intuitionistic logic into linear logic. Since the complexity of normalizationfor the former [13, 11] is nonelementary, the exponential blowup described above is not a surprise.It would be desirable, on the other hand, to be sure that the interaction caused by any process P is bounded: whenever P → n Q , then there’s a reasonably low upper bound to both n and | Q | . This isprecisely what we achieve by restricting p DILL into p DSLL . p DSLL : Syntax and Main Properties
In this section, the syntax of p DSLL will be introduced. Moreover, some basic operational properties willbe given. p DSLL is a type system for a fairly standard p -calculus, exactly the one on top of which p DILL is defined:
Definition 1 (Processes)
Given an infinite set of names or channels x , y , z , . . . , the set of processes isdefined as follows:P :: = | P | Q | ( n x ) P | x ( y ) . P | x h y i . P | ! x ( y ) . P | x . inl ; P | x . inr ; P | x . case ( P , Q ) The only non-standard constructs are the last three, which allow to define a choice mechanism: theprocess x . case ( P , Q ) can evolve as P or as Q after having received a signal in the form inl o inr through x . Processes sending such a signal through the channel x , then continuing like P are, respectively, x . inl ; P and x . inr ; P . The set of names occurring free in the process P (hereby denoted fn ( P ) ) is definedas usual. The same holds for the capture avoiding substitution of a name x for y in a process P (denoted P { x / y } ), and for a -equivalence between processes (denoted ≡ a ).Structural congruence is an equivalence relation identifying those processes which are syntacticallydifferent but can be considered equal for very simple structural reasons:4 SoftSession Types Definition 2 (Structural Congruence)
The relation ≡ , called structural congruence , is the least con-gruence on processes satisfying the following seven axioms:P ≡ Q whenever P ≡ a Q ; ( n x ) ≡ P | ≡ P ; ( n x )( n y ) P ≡ ( n y )( n x ) P ; P | Q ≡ Q | P ; (( n x ) P ) | Q ≡ ( n x )( P | Q ) whenever x / ∈ fn ( Q ) ; P | ( Q | R ) ≡ ( P | Q ) | R . Formal systems for reduction and labelled semantics can be defined in a standard way. We refer thereader to [1] for more details.A quantitative attribute of processes which is delicate to model in process algebras is their size : howcan we measure the size of a process? In particular, it is not straightforward to define a measure whichboth reflects the “number of symbols” in the process and is invariant under structural congruence (thisway facilitating all proofs). A good compromise is the following:
Definition 3 (Process Size)
The size | P | of a process P is defined by induction on the structure of P asfollows: | | = | x ( y ) . P | = | P | + | x . inl ; P | = | P | + | P | Q | = | P | + | Q | ; | x h y i . P | = | P | + | x . inr ; P | = | P | + | ( n x ) P | = | P | ; | ! x ( y ) . P | = | P | + | x . case ( P , Q ) | = | P | + | Q | + . According to the definition above, the empty process 0 has null size, while restriction does not increasethe size of the underlying process. This allows for a definition of size which remains invariant understructural congruence. The price to pay is the following: the “number of symbols” of a process P can bearbitrarily bigger than | P | (e.g. for every n ∈ N , | ( n x ) n P | = | P | ). However, we have the following: Lemma 1
For every P , Q, | P | = | Q | whenever P ≡ Q. Moreover, there is a polynomial p such that forevery P, there is Q with P ≡ Q and the number of symbols in Q is at most p ( | Q | ) . The language of types of p DSLL is exactly the same as the one of p DILL , and the interpretation of typeconstructs does not change (see Section 2 for some informal details). Typing judgments and typing rules,however, are significantly different, in particular, in the treatment of the exponential connective !.Typing judgments become syntactical expressions in the form G ; D ; Q ⊢ P :: x : A . First of all, observe how the context is divided into three chunks now: G and D have to be interpretedas exponential contexts, while Q is the usual linear context from p DILL . The necessity of having two exponential contexts is a consequence of the finer, less canonical exponential discipline of
SLL comparedto the one of LL . We use the following terminology: G is said to be the auxiliary context, while D is the multiplexor context.Typing rules are in Figure 1. The rules governing the typing constant , the multiplicatives ( ⊗ and ⊸ ) and the additives ( ⊕ and &) are exact analogues of the ones from p DILL . The only differences comefrom the presence of two exponential contexts: in binary multiplicative rules ( ⊗ R and ⊸ L ) the auxiliary.DalLago &P.DiGiamberardino 65 G ; D ; Q ⊢ P :: T G ; D ; Q , x : ⊢ P :: T L G ; D ; /0 ⊢ x : R G ; D ; Q , y : A , x : B ⊢ P :: T G ; D ; Q , x : A ⊗ B ⊢ x ( y ) . P :: T ⊗ L G ; D ; Q ⊢ P :: y : A G ; D ; Q ⊢ Q :: x : B G , G ; D ; Q , Q ⊢ ( n y ) x h y i . ( P | Q ) :: x : A ⊗ B ⊗ R G ; D ; Q , y : A ⊢ P :: T G ; D ; Q , x : B ⊢ Q :: T G , G ; D ; Q , Q , x : A ⊸ B ⊢ ( n y ) x h y i . ( P | Q ) :: T ⊸ L G ; D ; Q , y : A ⊢ P :: x : B G ; D ; Q ⊢ x ( y ) . P :: x : A ⊸ B ⊸ R G ; D ; Q , x : A ⊢ P :: T G ; D ; Q , x : B ⊢ P :: T G ; D ; x : A ⊕ B , Q ⊢ y . case ( P , Q ) :: T ⊕ L G ; D ; Q ⊢ P :: x : A G ; D ; Q ⊢ x . inl ; P :: x : A ⊕ B ⊕ R G ; D ; Q ⊢ P :: x : B G ; D ; Q ⊢ x . inr ; P :: x : A ⊕ B ⊕ R G ; D ; Q , x : A ⊢ P :: T G ; D ; Q , x : A & B ⊢ x . inl ; P :: T & L G ; D ; Q , x : B ⊢ P :: T G ; D ; Q , x : A & B ⊢ x . inr ; P :: T & L G ; D ; Q ⊢ P :: x : A G ; D ; Q ⊢ P :: x : B G ; D ; Q ⊢ y . case ( P , Q ) :: x : A & B & R G ; D , x : A ; Q , y : A ⊢ P :: T G ; D , x : A ; Q ⊢ ( n y ) x h y i . P :: T ♭ G ; D ; Q , y : A ⊢ P :: T G , x : A ; D ; Q ⊢ ( n y ) x h y i . P :: T ♭ ! G ; D , x : A ; Q ⊢ P :: T G ; D ; Q , x :! A ⊢ P :: T ! L G , x : A ; D ; Q ⊢ P :: T G ; D ; Q , x :! A ⊢ P :: T ! L ! G ; /0; /0 ⊢ Q :: y : A /0; D ; ! G ⊢ ! x ( y ) . Q :: x :! A ! R G ; D ; Q ⊢ P :: x : A G ; D ; Q , x : A ⊢ Q :: T G , G ; D ; Q , Q ⊢ ( n x )( P | Q ) :: T cut D ; /0; /0 ⊢ P :: y : A G ; D , x : A ; Q ⊢ Q :: T G ; D ; Q ⊢ ( n x )( ! x ( y ) . P | Q ) :: T cut G ; /0; /0 ⊢ P :: y : A G , x : A ; D ; Q ⊢ Q :: T G , G ; D ; Q ⊢ ( n x )( ! x ( y ) . P | Q ) :: T cut ! Figure 1: Typing rules for p DSLL .context is treated multiplicatively, while the multiplexor context is treated additively, as in p DILL . Now,consider the rules governing the exponential connective !, which are ♭ ! , ♭ , ! L ! , ! L and ! R : • The rules ♭ ! and ♭ both allow to spawn a server. This corresponds to turning an assumption x : A inthe linear context into one y : A in one of the exponential contexts; in ♭ , x : A could be already presentin the multiplexor context, while in ♭ ! this cannot happen; • The rules ! L ! and ! L lift an assumption in the exponential contexts to the linear context; this requireschanging its type from A to ! A ; • The rule ! R allows to turn an ordinary process into a server, by packaging it into a replicated inputand modifying its type. The reader familiar with linear logic and proof nets will recognize in the different treatment of the auxiliary and multiplexorcontexts, one of the basic principles of
SLL : contraction is forbidden on the auxiliary doors of exponential boxes . The channelnames contained in the auxiliary context correspond to the auxiliary doors of exponential boxes, so we treat them multiplica-tively. The contraction effect induced by the additive treatment of the channel names in the multiplexor context corresponds tothe multiplexing rule of SLL . three cut rules in the system, namely cut , cut ! and cut : • cut is the usual linear cut rule, i.e. the natural generalization of the one from p DILL . • cut ! and cut allow to eliminate an assumption in one of the the two exponential contexts. In bothcases, the process which allows to do that must be typable with empty linear and multiplexor contexts. Let us now reconsider the example processes introduced in Section 3. The basic building block overwhich everything is built was the process dupser i = ! x i ( y ) . ( n z ) x i + h z i . ( n w ) x i + h w i . . We claim that forevery i , the process dupser i is not typable in p DSLL . To understand why, observe that the only way totype a replicated input like dupser i is by the typing rule ! R , and that its premise requires the body ofthe replicated input to be typable with empty linear and multiplexor contexts. A quick inspection on thetyping rules reveals that every name in the auxiliary context occurs (free) exactly once in the underlyingprocess (provided we count two occurrences in the branches of a case as just a single occurrence).However, the name x i + appears twice in the body of dupser i .A slight variation on the example above, on the other hand, can be typed in p DSLL , but this requireschanging its type. See [4] for more details.
A basic property most type systems for functional languages satisfy is subject reduction: typing is pre-served along reduction. For processes, this is often true for internal reduction: if P → Q and ⊢ P : A , then ⊢ Q : A . In this section, a subject reduction result for p DSLL will be given and some ideas on the underly-ing proof will be described. Some concepts outlined here will become necessary ingredients in the proofof bounded interaction, to be done in Section 5 below. Subject reduction is proved by closely followingthe path traced by Caires and Pfenning; as a consequence, we proceed quite quickly, concentrating ourattention on the differences with their proof.When proving subject reduction, one constantly work with type derivations. This is particularly truehere, where (internal) reduction corresponds to the cut-elimination process. A linear notation for proofsin the form of proof terms can be easily defined, allowing for more compact descriptions. As an example,a proof in the form p : G ; D ; Q ⊢ P :: x : A r : G ; D ; Q , x : A ⊢ Q :: T G , G ; D ; Q , Q ⊢ ( n x )( P | Q ) :: T cut corresponds to the proof term cut ( D , x . E ) , where D is the proof term for p and E is the proof term for r . If D is a proof term corresponding to a type derivation for the process P , we write b D = P . From nowon, proof terms will often take the place of processes: G ; D ; Q ⊢ D :: T stands for the existence of a typederivation D with conclusion G ; D ; Q ⊢ b D :: T . A proof term D is said to be normal if it does not containany instances of cut rules.Subject reduction will be proved by showing that if P is typable by a type derivation D and P → Q ,then a type derivation E for Q exists. Actually, E can be obtained by manipulating D using techniquesderived from cut-elimination. Noticeably, not every cut-elimination rule is necessary to prove subjectreduction. In other words, we are in presence of a weak correspondence between proof terms and pro-cesses, and remain far from a genuine Curry-Howard correspondence.Those manipulations of proof-terms which are necessary to prove subject reduction can be classifiedas follows:.DalLago &P.DiGiamberardino 67 • First of all, a binary relation = ⇒ on proof terms called computational reduction can be defined. Atthe logical level, this corresponds to proper cut-elimination steps, i.e. those cut-elimination stepsin which two rules introducing the same connective interact. At the process level, computationalreduction correspond to internal reduction. = ⇒ is not symmetric. • A binary relation on proof terms called shift reduction , distinct from = ⇒ must be introduced. Atthe process level, it corresponds to structural congruence. As = ⇒ , is not a symmetric relation. • Finally, an equivalence relation ≡ on proof terms called proof equivalence is necessary. At the logicallevel, this corresponds to the so-called commuting conversions, while at the process level, the inducedprocesses are either structurally congruent or strongly bisimilar.The reflexive and transitive closure of is denoted with ֒ → , i.e. ֒ → = ( ) ∗ . There isnot enough space here to give the rules defining = ⇒ , and ≡ . Let us give only some relevantexamples: • Let us consider the proof term D = cut (( ⊗ R ( F , G )) , x . ⊗ L ( x , y . x . H )) which corresponds to the ⊗ -case of cut elimination. By a computational reduction rule, D = ⇒ E = cut ( F , y . cut ( G , x . H )) . Fromthe process side, b D = ( n x )((( n y ) x h y i . ( b F | b G )) | x ( y ) . b H ) and b E = ( n x )( n y )(( b F | b G ) | b H ) , where b E is theprocess obtained from b D by internal passing the channel y through the channel x . • Let D = cut ( ! R ( F , x , . . . , x n ) , x . ! L ! ( x . G )) be the proof obtained by composing a proof F (whose lastrule is ! R ) with a proof G (whose last rule is ! L ! ) through a cut rule. A shift reduction rule tells us that D E = ! L ! ( x . ! L ! ( x . . . . ! L ! ( x n . cut ! ( F , y . G )) . . . )) , which corresponds to the opening of a box in SLL . The shift reduction does not have a corresponding reduction step at process level, since b D ≡ b E ;nevertheless, it is defined as an asymmetric relation, for technical reasons connected to the proof ofbounded interaction. • Let D = cut ( F , x . cut ( G , y . H )) . A defining rule for proof equivalence ≡ , states that in D the cut rulecan be permuted over the cut rule, by duplicating F ; namely D ≡ E = cut ( cut ( F , x . G ) , y . cut ( F , x . H )) .This is possible because the channel x belongs to the multiplexor contexts of both G , H , such con-texts being treated additively. At the process level, b D = ( n x )(( ! x ( y ) . b F ) | ( n y )( b G | b H )) , while b E =( n y )((( n x )( ! x ( y ) . b F ) | b G )) | (( n x )( ! x ( y ) . b F ) | b H ))) , b D and b E being strongly bisimilar.Before proceeding to Subject Reduction, we give the following two lemmas, concerning structural prop-erties of the type system: Lemma 2 (Weakening lemma) If G ; D ; Q ⊢ D :: T and whenever D ⊆ F , it holds that G ; F ; Q ⊢ D :: T .
Proof.
By a simple induction on the structure of D . ✷ Lemma 3 (Lifting lemma) If G ; D ; Q ⊢ D :: T then there exists an E such that /0; G , D ; Q ⊢ E :: T where b E = b D . We denote E by D ⇓ . Proof.
Again, a simple induction on the structure of the proof term D . ✷ Finally:
Theorem 1 (Subject Reduction)
Let G ; D ; Q ⊢ D :: T . Suppose that b D = P → Q. Then there is E suchthat b E = Q, D ֒ → = ⇒ ֒ → E and F ; Y ; Q ⊢ E :: T , where G , D = F , Y . Let us give a sketch of the proof of Theorem 1. We reason by induction on the structure of D . Since b D = P → Q the only possible last rules of D can be: L , ! L ! , ! L , , a linear cut ( cut ) or an exponential cut( cut ! or cut ). In all the other cases, the underlying process can only perform a visible action, as can beeasily verified by inspecting the rules from Figure 1. With this observation in mind, let us inspect theoperational semantics derivation proving that P → Q . At some point we will find two subprocesses of P ,8 SoftSession Typescall them R and S , which communicate, causing an internal reduction. We here claim that this can onlyhappen in presence of a cut, and only the communication between R and S must occur along the channelinvolved in the cut. Now, it’s only a matter of showing that the just described situation can be “resolved”preserving types. And this can be done by way of several lemmas, like the following: Lemma 4
Assume that:1. G ; D ; Q ⊢ D :: x : A ⊗ B with b D = P ( n y ) x h y i −−−−→ Q;2. G ; D ; Q , x : A ⊗ B ⊢ E :: z : C with b E = R x ( y ) −−→ S.Then:1. cut ( D , x . E ) ֒ → = ⇒ ֒ → F for some F ;2. G , G ; D ; Q , Q ⊢ F :: z : C, where b F ≡ ( n x )( Q | S ) . The other lemmas can be found in [4]. By the way, this proof technique is very similar to the oneintroduced by Caires and Pfenning [1].
In this section, we prove the main result of this paper, namely some polynomial bounds on the lengthof internal reduction sequences and on the size of intermediate results for processes typable in p DILL .In other words, interaction will be shown to be bounded. The simplest formulation of this result is thefollowing:
Theorem 2
For every type A, there is a polynomial p A such that whenever /0; /0; x : A ⊢ D :: y : and /0; /0; /0 ⊢ E :: x : A where D and E are normal and ( n x )( b D | b E ) → n P, it holds that n , | P | ≤ p A ( | b D | + | b E | ) Intuitively, what Theorem 2 says is that the complexity of the interaction between two processes typablewithout cuts and communicating through a channel with session type A is polynomial in their sizes,where the specific polynomial involved only depends on A itself. In other words, the complexity of theinteraction is not only bounded, but can be somehow “read off” from the types of the communicatingparties.How does the proof of Theorem 2 look like? Conceptually, it can be thought of as being structuredinto four steps:1. First of all, a natural number W ( D ) is attributed to any proof term D . W ( D ) is said to be the weight of D .2. Secondly, the weight of any proof term is shown to strictly decrease along computational reduction,not to increase along shifting reduction and to stay the same for equivalent proof terms.3. Thirdly, W ( D ) is shown to be bounded by a polynomial on | b D | , where the exponent only dependson the nesting depth of boxes of D , denoted B ( D ) .4. Finally, the box depth B ( D ) of any proof term D is shown to be “readable” from its type interface.This is exactly what we are going to do in the rest of this section. Please observe how points 1–3 aboveallow to prove the following stronger result, from which Theorem 2 easily follows, given point 4: Proposition 1
For every n ∈ N , there is a polynomial p n such that for every process P with G ; D ; Q ⊢ P :: T , if P → m Q, then m , | Q | ≤ p B ( P ) ( | P | ) . Some concepts have to be given before we can embark in the proof of Proposition 1. First of all, weneed to define what the box-depth of a process is. Simply, given a process P , its box-depth B ( P ) is the.DalLago &P.DiGiamberardino 69nesting-level of replications in P . As an example, the box-depth of ! x ( y ) . ! z ( w ) . ( n x ) y ( z ) is 0. Analogously, the box-depth of a proof term D is simply B ( b D ) .Now, suppose that G ; D ; Q ⊢ D :: T and that x : A belongs to either G or D , i.e. that x is an “exponential”channel in D . A key parameter is the virtual number of occurrences of x in D , which is denoted as FO ( x , D ) . This parameter, as its name suggests, is not simply the number of literal occurrences of x in D ,but takes into account possible duplications derived from cuts. So, for example, FO ( w , cut ! ( D , x . E )) = FO ( x , E ) · FO ( w , D ) + FO ( w , E ) , while FO ( w , ⊗ R ( D , E )) is merely FO ( w , D ) + FO ( w , E ) . Obviously, FO ( w , ♭ ! ( x , w . D )) = FO ( w , ♭ ( x , w . D )) = L ! or ! L . From that moment on, it can only be treated as a linear channel. As a consequence, itmakes sense to define the duplicability factor of a proof term D , written D ( D ) , simply as the maximumof FO ( x , D ) over all instances of the rules ! L ! or ! L in D , where x is the involved channel. For example, D ( ! L ! ( x . D )) = max { D ( D ) , FO ( y , D ) } and D ( ⊸ L ( x , D , y . E )) = max { D ( D ) , D ( E ) } .It’s now possible to give the definition of W ( D ) , namely the weight of the proof term D . Beforedoing that, however, it is necessary to give a parameterized notion of weight, denoted W n ( D ) . Intuitively, W n ( D ) is defined similarly to | b D | . However, every input and output action in b D can possibly count formore than one: • Everything inside D in ! R ( x , . . . , x n , D ) counts for n ; • Everything inside D in either cut ! ( D , x . E ) or cut ( D , x . E ) counts for FO ( x , E ) .For example, W n ( cut ( D , x . E )) = FO ( x , E ) · W n ( D ) + W n ( E ) , while W n ( & L ( x , y . D )) = + W n ( D ) .Now, W ( D ) is simply W D ( D ) ( D ) . The concepts we have just introduced are more precisely definedin [4]. The crucial ingredient for proving polynomial bounds are a series of results about how the weight D evolves when D is put in relation with another proof term E by way of either = ⇒ , or ≡ . Whenevera proof term D computationally reduces to E , the underlying weight is guaranteed to strictly decrease: Proposition 2 If G ; D ; Q ⊢ D :: T and D = ⇒ E , then F ; Y ; Q ⊢ E :: T (where G , D = F , Y ), D ( E ) ≤ D ( D ) and W ( E ) < W ( D ) . Proof.
By induction on the proof that D = ⇒ E . Some interesting cases: • Suppose that D = cut ( ⊸ R ( y . F ) , x . ⊸ L ( x , G , x . H )) = ⇒ cut ( cut ( G , y . F ) , x . H ) = E . Then, D ( D ) = max { D ( F ) , D ( G ) , D ( H ) } = D ( E ) ; W ( D ) = W D ( D ) ( D ) = + W D ( D ) ( F ) + W D ( D ) ( G ) + W D ( D ) ( H ) > + W D ( E ) ( F ) + W D ( E ) ( G ) + W D ( E ) ( H ) = W D ( E ) ( E ) = W ( E ) . • Suppose that D = cut ( & R ( F , G ) , x . & L ( x , y . H )) = ⇒ cut ( F , x . H ) = E . Then, D ( D ) = max { D ( F ) , D ( G ) , D ( H ) } = D ( E ) ; W ( D ) = W D ( D ) ( D ) = + W D ( D ) ( F ) + W D ( D ) ( G ) + W D ( D ) ( H ) > + W D ( E ) ( F ) + W D ( E ) ( G ) + W D ( E ) ( H ) = W D ( E ) ( E ) = W ( E ) . This terminology is derived from linear logic, where proofs obtained by the promotion rule are usually called boxes • Suppose that D = cut ! ( F , x .♭ ! ( x , y . G )) = ⇒ cut ( F ⇓ , y . cut ( F , x . G ⇓ )) = E . Then, D ( D ) = max { D ( F ⇓ ) , D ( G ⇓ ) } = max { D ( F ) , D ( F ) , D ( G ) } = D ( E ) ; W ( D ) = W D ( D ) ( D ) = FO ( x , ♭ ! ( x , y . G )) · W D ( D ) ( F ⇓ ) + W D ( D ) ( ♭ ! ( x , y . G ))= W D ( D ) ( F ) + W D ( D ) ( ♭ ! ( x , y . G )) = W D ( D ) ( F ) + + W D ( D ) ( G ) ≥ W D ( E ) ( F ) + + W D ( E ) ( G ) > W D ( E ) ( F ) + W D ( E ) ( G ) = W D ( E ) ( F ) + · W D ( E ) ( F ) + W D ( E ) ( G )= W D ( E ) ( F ) + FO ( x , G ) · W D ( E ) ( F ) + W D ( E ) ( G )= W D ( E ) ( E ) = W ( E ) . • Suppose that D = cut ( F , x .♭ ( x , y . G )) = ⇒ cut ( F ⇓ , y . cut ( F , x . G )) = E . Then we can proceed exactly as in the previous case.This concludes the proof. ✷ Shift reduction, on the other hand, is not guaranteed to induce a strict decrease on the underlying weightwhich, however, cannot increase:
Proposition 3 If G ; D ; Q ⊢ D :: T and D E , then G ; D ; Q ⊢ E :: T , D ( E ) ≤ D ( D ) and W ( E ) ≤ W ( D ) . Proof.
By induction on the proof that D E . Some interesting cases: • Suppose that D = cut ( ! R ( x , . . . , x n , F ) , x . ! L ! ( x . G )) ! L ! ( x . ! L ! ( x . . . . ! L ! ( x n . cut ! ( F , y . G )))) = E . Then, D ( D ) = max { D ( F ) , D ( G ) } = D ( E ) W ( D ) = W D ( D ) ( D ) = D ( D ) · W D ( D ) ( F ) + W D ( D ) ( G ) ≥ FO ( y , G ) · W D ( D ) ( F ) + W D ( D ) ( G )= FO ( y , G ) · W D ( E ) ( F ) + W D ( E ) ( G ) = W D ( E ) ( E ) = W ( E ) . • Suppose that D = cut ( ! R ( x , . . . , x n , F ) , x . ! L ( x . G )) ! L ( x . ! L ( x . . . . ! L ( x n . cut ( F , y . G )))) = E . Then we can proceed as in the previous case.This concludes the proof. ✷ Finally, equivalence leaves the weight unchanged:
Proposition 4 If G ; D ; Q ⊢ D :: T and D ≡ E , then G ; D ; Q ⊢ E :: T , D ( E ) = D ( D ) and W ( E ) = W ( D ) . Proof.
By induction on the proof that D ≡ E . Some interesting cases: • Suppose that D = cut ( F , x . cut ( G x , y . H y )) ≡ cut ( cut ( F , x . G x ) , y . H y ) = E . Then: D ( D ) = max { D ( F ) , D ( G x ) , D ( H y ) } = D ( E ) W ( D ) = W D ( D ) ( D ) = W D ( D ) ( F ) + W D ( D ) ( G x ) + W D ( D ) ( H y )= W D ( E ) ( F ) + W D ( E ) ( G x ) + W D ( E ) ( H y ) = W D ( E ) ( E ) = W ( E ) . .DalLago &P.DiGiamberardino 71 • Suppose that D = cut ( F , x . cut ( G , y . H xy )) ≡ cut ( G , x . cut ( F , y . H xy )) = E . Then we can proceed as in the previous case. • Suppose that D = cut ( F , x . cut ! ( G , y . H xy )) ≡ cut ! ( G , y . cut ( F , x . H xy )) = E . Then, since FO ( y , F ) = D ( D ) = max { D ( F ) , D ( G ) , D ( H xy ) } = D ( E ) W ( D ) = W D ( D ) ( D ) = W D ( D ) ( F ) + FO ( y , H xy ) · W D ( D ) ( G ) + W D ( D ) ( H xy )= W D ( D ) ( F ) + FO ( y , cut ( F , x . H xy )) · W D ( D ) ( G ) + W D ( D ) ( H xy )= W D ( E ) ( F ) + FO ( y , cut ( F , x . H xy )) · W D ( E ) ( G ) + W D ( E ) ( H xy )= W D ( E ) ( E ) = W ( E ) . • Suppose that D = cut ( F , x . cut ( G x , y . H xy )) ≡ cut ( cut ( F , x . G x ) , y . cut ( F , x . H xy )) = E . Then, D ( D ) = max { D ( F ) , D ( G x ) , D ( H xy ) } = D ( E ) W ( D ) = FO ( x , cut ( G x , y . H xy )) · W D ( D ) ( F ) + W D ( D ) ( G x ) + W D ( D ) ( H xy )= ( FO ( x , G x ) + FO ( x , H xy )) · W D ( D ) ( F ) + W D ( D ) ( G x ) + W D ( D ) ( H xy )= ( FO ( x , G x ) · W D ( D ) ( F ) + FO ( x , H xy )) · W D ( D ) ( F ) + W D ( D ) ( G x ) + W D ( D ) ( H xy )= W D ( D ) ( cut ( F , x . G x )) + W D ( D ) ( cut ( F , x . H xy ))= W D ( D ) ( E ) = W D ( E ) ( E ) = W ( E ) . This concludes the proof. ✷ Now, consider again the subject reduction theorem (Theorem 1): what it guarantees is that whenever P → Q and b D = P , there is E with b E = Q and D ֒ → = ⇒ ֒ → E . In view of the three propositions we havejust stated and proved, it’s clear that W ( D ) > E . Altogether, this implies that W ( D ) is an upper boundon the number or internal reduction steps b D can perform. But is W ( D ) itself bounded? What kind of bounds can we expect to prove for W ( D ) ? More specifically, how related are W ( D ) and | b D | ? Lemma 5
Suppose G ; D ; Q ⊢ D :: T . Then D ( D ) ≤ | D | . Proof.
An easy induction on the structure of a type derivation p for G ; D ; Q ⊢ D :: T . ✷ Lemma 6 If G ; D ; Q ⊢ D :: T , then for every n ≥ D ( D ) , W n ( D ) ≤ | b D | · n B ( b D )+ . Proof.
By induction on the structure of D . Some interesting cases:2 SoftSession Types • If D = cut ! ( D , x . E ) , then: W n ( cut ! ( D , x . E )) = FO ( x , E ) · ( W n ( D ) + ) + W n ( E ) ≤ FO ( x , E ) · ( | D | · n B ( D )+ + ) + | E | · n B ( E )+ ≤ n · | D | · n B ( D )+ + n + | E | · n B ( E )+ ≤ | D | · n B ( D )+ + n B ( E )+ + | E | · n B ( E )+ ≤ ( | D | + | E | + ) · n max { B ( D )+ , B ( E )+ } = | cut ! ( D , x . E ) | · n B ( cut ! ( D , x . E )) . • If D = ! R ( x , . . . , x n , E ) , then: W n ( ! R ( x , . . . , x n , E )) = n · ( W n ( E ) + ) ≤ n · | E | · n B ( E )+ + n ≤ | E | · n B ( E )+ + n B ( E )+ = ( + | E | ) · n B ( ! R ( x ,..., x n , E ))+ = | ! R ( x , . . . , x n , E ) | · n B ( ! R ( x ,..., x n , E ))+ . This concludes the proof. ✷ We now have almost all the necessary ingredients to obtain a proof of Proposition 1: the only missingtales are the bounds on the size of any reducts, since the polynomial bounds on the length of internalreductions are exactly the ones from Lemma 6. Observe, however, that the latter induces the former:
Lemma 7
Suppose that P → n Q. Then | Q | ≤ n · | P | . Proof.
By induction on n , enriching the statement as follows: whenever P → n Q , both | Q | ≤ n · | P | and | R | ≤ | P | for every subprocess R of Q in the form ! x ( y ) . S . ✷ Let us now consider Theorem 2: how can we deduce it from Proposition 1? Everything boils down toshow that for normal processes, the box-depth can be read off from their type. In the following lemma, B ( A ) and B ( G ) are the nesting depths of ! inside the type A and inside the types appearing in G (for everytype A and context G ). Lemma 8
Suppose that G ; D ; Q ⊢ D :: x : A and that D is normal. Then B ( b D ) = max { B ( G ) , B ( D ) , B ( Q ) , B ( A ) } . Proof.
An easy induction on D . ✷ In this paper, we introduced a variation on Caires and Pfenning’s p DILL , called p DSLL , being inspiredby Lafont’s soft linear logic. The key feature of p DSLL is the fact that the amount of interaction induced.DalLago &P.DiGiamberardino 73by allowing two processes to interact with each other is bounded by a polynomial whose degree can be“read off” from the type of the session channel through which they communicate.What we consider the main achievement of this paper is definitely not the proof of these polynomialbounds, which can be obtained by adapting the ones in [6] or in [5], although this anyway presents sometechnical difficulties due to the low-level nature of the p -calculus compared to the lambda calculus orto higher-order p -calculus. Instead, what we found very interesting is that the operational propertiesinduced by typability in p DSLL , bounded interaction in primis , are not only very interesting and useful inpractice, but different from the ones obtained in soft lambda calculi: in the latter, it’s the normalization time which is bounded, while here it’s the interaction time. Another aspect that we find interesting isthe following: it seems that the constraints on processes induced by the adoption of the more stringenttyping discipline p DSLL , as opposed to p DILL , are quite natural and do not rule out too many interestingexamples. In particular, the way sessions can be defined remains essentially untouched: what changes isthe way sessions can be offered, i.e. the discipline governing the offering of multiple sessions by servers.All the examples in [1] and the one from Section 2 are indeed typable in p DSLL .Topics for future work include the accommodation of recursive types into p DSLL . This could beeasier than expected, due to the robustness of light logics to the presence of recursive types [3].
References [1] Lu´ıs Caires & Frank Pfenning (2010):
Session Types as Intuitionistic Linear Propositions . In: CONCUR2010, LNCS 6269, Springer, pp. 222–236, doi: .[2] Lu´ıs Caires, Bernardo Toninho & Frank Pfenning (2011):
Dependent Session Types via Intuitionistic LinearType Theory . In: PPDP2011, ACM Press. To appear.[3] Ugo Dal Lago & Patrick Baillot (2006):
On light logics, uniform encodings and polynomial time . Mathemat-icalStructuresinComputerScience 16(4), pp. 713–733, doi: .[4] Ugo Dal Lago & Paolo Di Giamberardino:
Soft Session Types (Long Version) . Available at http://arxiv.org/abs/1107.4478 .[5] Ugo Dal Lago, Simone Martini & Davide Sangiorgi (2010):
Light Logics and Higher-Order Processes . In:EXPRESS’10, EPTCS 41, pp. 46–60, doi: .[6] Ugo Dal Lago, Andrea Masini & Margherita Zorzi (2010):
Quantum implicit computational complexity .Theor.Comput.Sci. 411(2), pp. 377–409, doi: .[7] Jean-Yves Girard (1987):
Linear Logic . Theor. Comput. Sci. 50, pp. 1–102, doi: .[8] Kohei Honda, Vasco Thudichum Vasconcelos & Makoto Kubo (1998):
Language Primitives and Type Dis-cipline for Structured Communication-Based Programming . In: ESOP, LNCS 1381, pp. 122–138, doi: .[9] Kohei Honda, Nobuko Yoshida & Marco Carbone (2008):
Multiparty asynchronous session types . In: POPL2008, ACM Press, pp. 273–284, doi: .[10] Yves Lafont (2004):
Soft linear logic and polynomial time . Theor. Comput. Sci. 318(1-2), pp. 163–180,doi: .[11] Harry G. Mairson (1992):
A Simple Proof of a Theorem of Statman . Theor.Comput.Sci.103(2), pp. 387–394,doi: .[12] Dimitris Mostrous & Nobuko Yoshida (2007):
Two Session Typing Systems for Higher-Order Mobile Pro-cesses . In: TLCA2007, LNCS 4583, pp. 321–335, doi: .[13] Richard Statman (1979):
The Typed lambda-Calculus is not Elementary Recursive . Theor. Comput. Sci. 9,pp. 73–81, doi:10.1016/0304-3975(79)90007-0